Add Spring Security jackson2

Issue gh-434
This commit is contained in:
Rob Winch
2016-09-12 14:03:49 -05:00
parent 8b97a32db2
commit 0e1d81f509
34 changed files with 1145 additions and 888 deletions

View File

@@ -1,134 +0,0 @@
package samples.mixins;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.SpringApplicationConfiguration;
import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
import org.springframework.data.redis.serializer.SerializationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import sample.Application;
import javax.servlet.http.Cookie;
import static org.assertj.core.api.Assertions.assertThat;
/**
* @author jitendra on 28/3/16.
*/
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(Application.class)
public class MixinsDeserilizeTest {
@Autowired
GenericJackson2JsonRedisSerializer redisSerializer;
@Test
public void defaultCsrfTokenMixin() {
String tokenJson = "{\"@class\": \"org.springframework.security.web.csrf.DefaultCsrfToken\", \"token\": \"123456\", \"parameterName\": \"_csrf\", \"headerName\": \"x-csrf-header\"}";
DefaultCsrfToken token = redisSerializer.deserialize(tokenJson.getBytes(), DefaultCsrfToken.class);
assertThat(token)
.hasFieldOrPropertyWithValue("token", "123456")
.hasFieldOrPropertyWithValue("parameterName", "_csrf")
.hasFieldOrPropertyWithValue("headerName", "x-csrf-header");
}
@Test
public void httpCookieTest() {
String httpCookie = "{\"@class\": \"javax.servlet.http.Cookie\", \"name\": \"SESSION\", \"value\": \"123456789\", \"maxAge\": 1000, \"path\": \"/\", \"secure\": true, \"version\": 0, \"httpOnly\": true}";
Cookie cookie = redisSerializer.deserialize(httpCookie.getBytes(), Cookie.class);
assertThat(cookie).hasFieldOrPropertyWithValue("name", "SESSION")
.hasFieldOrPropertyWithValue("value", "123456789")
.hasFieldOrPropertyWithValue("secure", true)
.hasFieldOrPropertyWithValue("comment", "")
.hasFieldOrPropertyWithValue("path", "/")
.hasFieldOrPropertyWithValue("maxAge", 1000)
.hasFieldOrPropertyWithValue("httpOnly", true);
}
@Test(expected = SerializationException.class)
public void simpleGrantedAuthorityWithoutTypeIdTest() {
String authorityJson = "{\"authority\": \"ROLE_USER\"}";
SimpleGrantedAuthority authority = redisSerializer.deserialize(authorityJson.getBytes(), SimpleGrantedAuthority.class);
assertThat(authority.getAuthority()).isEqualTo("ROLE_USER");
}
@Test
public void simpleGrantedAuthorityWithTypeIdTest() {
String authorityJson = "{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"role\": \"ROLE_USER\"}";
SimpleGrantedAuthority authority = redisSerializer.deserialize(authorityJson.getBytes(), SimpleGrantedAuthority.class);
assertThat(authority.getAuthority()).isEqualTo("ROLE_USER");
}
@Test
public void userTest() {
String userJson = "{\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"user\", \"password\": \"password\", \"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"role\": \"ROLE_USER\"}]], \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, \"enabled\": true}";
User user = redisSerializer.deserialize(userJson.getBytes(), User.class);
assertThat(user.getUsername()).isEqualTo("user");
assertThat(user.getPassword()).isEqualTo("password");
assertThat(user.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_USER"));
assertThat(user.isEnabled()).isEqualTo(true);
assertThat(user.isAccountNonExpired()).isEqualTo(true);
assertThat(user.isAccountNonLocked()).isEqualTo(true);
assertThat(user.isCredentialsNonExpired()).isEqualTo(true);
}
@Test
public void unauthenticatedUsernamePasswordAuthenticationTokenTest() {
String unauthenticatedTokenJson = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
"\"principal\": \"user\", \"credentials\": \"password\", \"details\": null, \"authorities\": [\"java.util.ArrayList\", []]," +
"\"authenticated\": false}";
UsernamePasswordAuthenticationToken token = redisSerializer.deserialize(unauthenticatedTokenJson.getBytes(), UsernamePasswordAuthenticationToken.class);
assertThat(token.getPrincipal()).isEqualTo("user");
assertThat(token.getCredentials()).isEqualTo("password");
assertThat(token.isAuthenticated()).isEqualTo(false);
assertThat(token.getAuthorities()).hasSize(0);
}
@Test
public void unauthenticatedUsernamePasswordAuthenticationTokenWithUserAsPrincipalTest() {
String unauthenticatedTokenJson = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
"\"principal\": {\"@class\": \"org.springframework.security.core.userdetails.User\", \"username\": \"user\", \"password\": \"password\", " +
"\"authorities\": [\"java.util.Collections$UnmodifiableSet\", [{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\"," +
" \"role\": \"ROLE_USER\"}]], \"accountNonExpired\": true, \"accountNonLocked\": true, \"credentialsNonExpired\": true, \"enabled\": true}, " +
"\"credentials\": \"password\", \"details\": null, \"authorities\": [\"java.util.ArrayList\", []], \"authenticated\": false}";
UsernamePasswordAuthenticationToken token = redisSerializer.deserialize(unauthenticatedTokenJson.getBytes(), UsernamePasswordAuthenticationToken.class);
assertThat(token.getPrincipal()).isInstanceOf(User.class);
User user = (User) token.getPrincipal();
assertThat(user.getUsername()).isEqualTo("user");
assertThat(user.getPassword()).isEqualTo("password");
assertThat(user.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_USER"));
assertThat(user.isEnabled()).isEqualTo(true);
assertThat(user.isAccountNonExpired()).isEqualTo(true);
assertThat(user.isAccountNonLocked()).isEqualTo(true);
assertThat(user.isCredentialsNonExpired()).isEqualTo(true);
}
@Test
public void authenticatedUsernamePasswordAuthenticationTokenTest() {
String unauthenticatedTokenJson = "{\"@class\": \"org.springframework.security.authentication.UsernamePasswordAuthenticationToken\"," +
"\"principal\": \"user\", \"credentials\": \"password\", \"details\": null, \"authorities\": [\"java.util.ArrayList\", " +
"[{\"@class\": \"org.springframework.security.core.authority.SimpleGrantedAuthority\", \"role\": \"ROLE_USER\"}]]," +
"\"authenticated\": true}";
UsernamePasswordAuthenticationToken authenticationToken = redisSerializer.deserialize(unauthenticatedTokenJson.getBytes(), UsernamePasswordAuthenticationToken.class);
assertThat(authenticationToken.getPrincipal()).isEqualTo("user");
assertThat(authenticationToken.getCredentials()).isEqualTo("password");
assertThat(authenticationToken.isAuthenticated()).isEqualTo(true);
assertThat(authenticationToken.getAuthorities()).hasSize(1);
assertThat(authenticationToken.getAuthorities()).contains(new SimpleGrantedAuthority("ROLE_USER"));
}
@Test
public void webAuthenticationDetailTest() {
String authenticationDetailJson = "{\"@class\": \"org.springframework.security.web.authentication.WebAuthenticationDetails\"," +
"\"remoteAddress\": \"http://localhost/login\", \"sessionId\": \"123456789\"}";
WebAuthenticationDetails details = redisSerializer.deserialize(authenticationDetailJson.getBytes(), WebAuthenticationDetails.class);
assertThat(details.getRemoteAddress()).isEqualTo("http://localhost/login");
assertThat(details.getSessionId()).isEqualTo("123456789");
}
}

View File

@@ -1,104 +0,0 @@
package samples.mixins;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.skyscreamer.jsonassert.JSONAssert;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.SpringApplicationConfiguration;
import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.csrf.DefaultCsrfToken;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import sample.Application;
import javax.servlet.http.Cookie;
import java.util.Arrays;
/**
* @author jitendra on 28/3/16.
*/
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(Application.class)
public class MixinsSerializeTest {
@Autowired
GenericJackson2JsonRedisSerializer springSessionDefaultRedisSerializer;
MockHttpServletRequest request;
@Before
public void setup() {
request = new MockHttpServletRequest("get", "/login");
request.setCookies(new Cookie("SESSION", "123456789"));
request.setRemoteAddr("http://localhost:8080/login");
request.setSession(new MockHttpSession(null, "123456789"));
}
@Test
public void testDefaultTypingIdJson() {
User user = new User("user", "password", Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")));
String expectedJsonString = "{'@class': 'org.springframework.security.core.userdetails.User', 'username': 'user', 'password': 'password', 'enabled': true, 'accountNonExpired': true, 'credentialsNonExpired': true, 'accountNonLocked': true, 'authorities': ['java.util.Collections$UnmodifiableSet', [{'@class': 'org.springframework.security.core.authority.SimpleGrantedAuthority', 'role': 'ROLE_USER'}]]}";
String serializedJson = new String(springSessionDefaultRedisSerializer.serialize(user));
JSONAssert.assertEquals(expectedJsonString, serializedJson, true);
}
@Test
public void persistFinalClass() {
SimpleGrantedAuthority authority = new SimpleGrantedAuthority("USER");
String expectedJson = "{'@class': 'org.springframework.security.core.authority.SimpleGrantedAuthority', 'role': 'USER'}";
String actualJson = new String(springSessionDefaultRedisSerializer.serialize(authority));
JSONAssert.assertEquals(expectedJson, actualJson, true);
}
@Test
public void testDefaultCsrfTokenMixin() {
DefaultCsrfToken token = new DefaultCsrfToken("CSRF_HEADER", "CSRF", "123456789");
String expectedJson = "{'@class': 'org.springframework.security.web.csrf.DefaultCsrfToken', 'token': '123456789', 'parameterName': 'CSRF', 'headerName': 'CSRF_HEADER'}";
String serializedString = new String(springSessionDefaultRedisSerializer.serialize(token));
JSONAssert.assertEquals(expectedJson, serializedString, true);
}
@Test
public void unauthenticatedUsernamePasswordAuthenticationTokenTest() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
String expectedJson = "{'@class': 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken', 'principal': 'user', 'credentials': 'password', 'authenticated': false, 'authorities': ['java.util.ArrayList', []], 'details': null}";
String actualJson = new String(springSessionDefaultRedisSerializer.serialize(token));
JSONAssert.assertEquals(expectedJson, actualJson, true);
}
@Test
public void authenticatedUsernamePasswordAuthenticationTokenTest() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password", Arrays.asList(new SimpleGrantedAuthority("USER")));
String expectedJson = "{'@class': 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken', 'principal': 'user', 'credentials': 'password', 'authenticated': true, 'authorities': ['java.util.ArrayList', [{'@class': 'org.springframework.security.core.authority.SimpleGrantedAuthority', 'role': 'USER'}]], 'details': null}";
String actualJson = new String(springSessionDefaultRedisSerializer.serialize(token));
JSONAssert.assertEquals(expectedJson, actualJson, true);
}
@Test
public void defaultSavedRequestTest() {
String savedRequestJson = "{ '@class': 'org.springframework.security.web.savedrequest.DefaultSavedRequest', 'serverPort': 80, 'servletPath': ''," +
"'serverName': 'localhost', 'scheme': 'http', 'requestURL': 'http://localhost/login', 'requestURI': '/login', 'queryString': null," +
"'pathInfo': null, 'method': 'get', 'contextPath': '', 'parameters': {'@class': 'java.util.TreeMap'}," +
"'headers': {'@class': 'java.util.TreeMap'}, 'locales': ['java.util.ArrayList', ['en']], 'cookies': ['java.util.ArrayList', " +
"[{'@class': 'org.springframework.security.web.savedrequest.SavedCookie', 'name': 'SESSION', 'value': '123456789', 'comment': null, domain: null, maxAge: -1, path: null, secure: false, version: 0}]]}";
DefaultSavedRequest savedRequest = new DefaultSavedRequest(request, new PortResolverImpl());
String actualJson = new String(springSessionDefaultRedisSerializer.serialize(savedRequest));
JSONAssert.assertEquals(savedRequestJson, actualJson, true);
}
@Test
public void webAuthenticationDetailsMixinTest() {
WebAuthenticationDetails details = new WebAuthenticationDetails(request);
String expectedJson = "{'@class': 'org.springframework.security.web.authentication.WebAuthenticationDetails', 'remoteAddress': 'http://localhost:8080/login', 'sessionId': '123456789'}";
String actualJson = new String(springSessionDefaultRedisSerializer.serialize(details));
JSONAssert.assertEquals(expectedJson, actualJson, true);
}
}