@Test public void testGetters() { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); assertThat("Test").isEqualTo(token.getPrincipal()); assertThat("Password").isEqualTo(token.getCredentials()); assertThat("my_password".hashCode()).isEqualTo(token.getKeyHash()); assertThat(UsernamePasswordAuthenticationToken.class).isEqualTo( token.getOriginalAuthentication()); }
@Test public void testAuthenticationSetting() { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); assertThat(token.isAuthenticated()).isTrue(); token.setAuthenticated(false); assertThat(!token.isAuthenticated()).isTrue(); }
@Test public void testToStringNullOriginalAuthentication() { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), null); assertThat(token.toString().lastIndexOf("Original Class: null") != -1).isTrue(); } }
public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { List<GrantedAuthority> newAuthorities = new ArrayList<>(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { GrantedAuthority extraAuthority = new SimpleGrantedAuthority( getRolePrefix() + attribute.getAttribute()); newAuthorities.add(extraAuthority); } } if (newAuthorities.size() == 0) { return null; } // Add existing authorities newAuthorities.addAll(authentication.getAuthorities()); return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(), newAuthorities, authentication.getClass()); }
@Test public void testAuthenticationSuccess() { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider(); provider.setKey("my_password"); Authentication result = provider.authenticate(token); Assert.assertTrue("Should have returned RunAsUserToken", result instanceof RunAsUserToken); RunAsUserToken resultCast = (RunAsUserToken) result; assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode()); }
public Authentication authenticate(Authentication authentication) throws AuthenticationException { RunAsUserToken token = (RunAsUserToken) authentication; if (token.getKeyHash() == key.hashCode()) { return authentication; } else { throw new BadCredentialsException(messages.getMessage( "RunAsImplAuthenticationProvider.incorrectKey", "The presented RunAsUserToken does not contain the expected key")); } }
public RunAsUserToken(String key, Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities, Class<? extends Authentication> originalAuthentication) { super(authorities); this.keyHash = key.hashCode(); this.principal = principal; this.credentials = credentials; this.originalAuthentication = originalAuthentication; setAuthenticated(true); }
private RunAsUserTokenDecorator( RunAsUserToken runAsUserToken, List<GrantedAuthority> authorities) { super( "dummyKey", runAsUserToken.getPrincipal(), runAsUserToken.getCredentials(), authorities, runAsUserToken.getOriginalAuthentication()); this.runAsUserTokenString = runAsUserToken; }
public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { List<GrantedAuthority> newAuthorities = new ArrayList<>(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { GrantedAuthority extraAuthority = new SimpleGrantedAuthority( getRolePrefix() + attribute.getAttribute()); newAuthorities.add(extraAuthority); } } if (newAuthorities.size() == 0) { return null; } // Add existing authorities newAuthorities.addAll(authentication.getAuthorities()); return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(), newAuthorities, authentication.getClass()); }
public Authentication authenticate(Authentication authentication) throws AuthenticationException { RunAsUserToken token = (RunAsUserToken) authentication; if (token.getKeyHash() == key.hashCode()) { return authentication; } else { throw new BadCredentialsException(messages.getMessage( "RunAsImplAuthenticationProvider.incorrectKey", "The presented RunAsUserToken does not contain the expected key")); } }
@Test public void testToString() { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); assertThat(token.toString().lastIndexOf("Original Class: " + UsernamePasswordAuthenticationToken.class.getName().toString()) != -1).isTrue(); }
public RunAsUserToken(String key, Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities, Class<? extends Authentication> originalAuthentication) { super(authorities); this.keyHash = key.hashCode(); this.principal = principal; this.credentials = credentials; this.originalAuthentication = originalAuthentication; setAuthenticated(true); }
@Test public void runAsReplacementIsCorrectlySet() throws Exception { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); String result = advisedTarget.makeUpperCase("hello"); assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true"); // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
@Test public void testReturnsAdditionalGrantedAuthorities() throws Exception { UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken( "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); RunAsManagerImpl runAs = new RunAsManagerImpl(); runAs.setKey("my_password"); Authentication result = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING")); if (!(result instanceof RunAsUserToken)) { fail("Should have returned a RunAsUserToken"); } assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal()); assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials()); Set<String> authorities = AuthorityUtils.authorityListToSet( result.getAuthorities()); assertThat(authorities.contains("ROLE_RUN_AS_SOMETHING")).isTrue(); assertThat(authorities.contains("ROLE_ONE")).isTrue(); assertThat(authorities.contains("ROLE_TWO")).isTrue(); RunAsUserToken resultCast = (RunAsUserToken) result; assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode()); }
public RunAsUserToken(String key, Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities, Class<? extends Authentication> originalAuthentication) { super(authorities); this.keyHash = key.hashCode(); this.principal = principal; this.credentials = credentials; this.originalAuthentication = originalAuthentication; setAuthenticated(true); }
@Test @SuppressWarnings("unchecked") public void invokeRunAsReplacementCleansAfterException() throws Throwable { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); when(joinPoint.proceed()).thenThrow(new RuntimeException()); try { interceptor.invoke(joinPoint); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); } }
@Test public void testRespectsRolePrefix() throws Exception { UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken( "Test", "Password", AuthorityUtils.createAuthorityList("ONE", "TWO")); RunAsManagerImpl runAs = new RunAsManagerImpl(); runAs.setKey("my_password"); runAs.setRolePrefix("FOOBAR_"); Authentication result = runAs.buildRunAs(inputToken, new Object(), SecurityConfig.createList("RUN_AS_SOMETHING")); assertThat(result instanceof RunAsUserToken).withFailMessage( "Should have returned a RunAsUserToken").isTrue(); assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal()); assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials()); Set<String> authorities = AuthorityUtils.authorityListToSet( result.getAuthorities()); assertThat(authorities.contains("FOOBAR_RUN_AS_SOMETHING")).isTrue(); assertThat(authorities.contains("ONE")).isTrue(); assertThat(authorities.contains("TWO")).isTrue(); RunAsUserToken resultCast = (RunAsUserToken) result; assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode()); }
public RunAsUserToken(String key, Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities, Class<? extends Authentication> originalAuthentication) { super(authorities); this.keyHash = key.hashCode(); this.principal = principal; this.credentials = credentials; this.originalAuthentication = originalAuthentication; setAuthenticated(true); }
@Test @SuppressWarnings("unchecked") public void invokeWithAspectJCallbackRunAsReplacementCleansAfterException() throws Exception { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); when(aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException()); try { interceptor.invoke(joinPoint, aspectJCallback); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
@Override public int getKeyHash() { return runAsUserTokenString.getKeyHash(); }