@Test // http@authentication-manager-ref public void configureWhenAuthenticationManagerProvidedThenVerifyUse() throws Exception { AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class); this.spring.register(AuthenticationManagerRefConfig.class).autowire(); this.mockMvc.perform(formLogin()); verify(AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER, times(1)).authenticate(any(Authentication.class)); }
@Test public void requestWhenCustomSessionAuthenticationStrategyProvidedThenCalled() throws Exception { this.spring.register(CustomSessionAuthenticationStrategyConfig.class).autowire(); this.mvc.perform(formLogin().user("user").password("password")); verify(CustomSessionAuthenticationStrategyConfig.customSessionAuthenticationStrategy) .onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); }
@Test public void authenticateWhenSpringSessionRememberMeEnabledThenCookieMaxAgeAndSessionExpirationSet() throws Exception { // @formatter:off MvcResult result = this.mockMvc .perform(formLogin()) .andReturn(); // @formatter:on Cookie cookie = result.getResponse().getCookie("SESSION"); assertThat(cookie.getMaxAge()).isEqualTo(Integer.MAX_VALUE); T session = this.sessions .findById(new String(Base64.getDecoder().decode(cookie.getValue()))); assertThat(session.getMaxInactiveInterval()) .isEqualTo(Duration.ofDays(30)); }
@Test public void authenticateWhenSpringSessionRememberMeEnabledThenCookieMaxAgeAndSessionExpirationSet() throws Exception { // @formatter:off MvcResult result = this.mockMvc .perform(formLogin()) .andReturn(); // @formatter:on Cookie cookie = result.getResponse().getCookie("SESSION"); assertThat(cookie.getMaxAge()).isEqualTo(Integer.MAX_VALUE); T session = this.sessions .findById(new String(Base64.getDecoder().decode(cookie.getValue()))); assertThat(session.getMaxInactiveInterval()) .isEqualTo(Duration.ofDays(30)); }
@Test public void requestCacheAsBean() throws Exception { this.spring.register(RequestCacheBeanConfig.class, AuthenticationTestConfiguration.class).autowire(); RequestCache requestCache = this.spring.getContext().getBean(RequestCache.class); this.mockMvc.perform(formLogin()) .andExpect(authenticated()); verify(requestCache).getRequest(any(), any()); }
@Test public void requestCache() throws Exception { this.spring.register(RequestCacheConfig.class, AuthenticationTestConfiguration.class).autowire(); RequestCacheConfig config = this.spring.getContext().getBean(RequestCacheConfig.class); this.mockMvc.perform(formLogin()) .andExpect(authenticated()); verify(config.requestCache).getRequest(any(), any()); }
@Test public void loadConfigWhenRequestAuthenticateThenAuthenticationEventPublished() throws Exception { this.spring.register(InMemoryAuthWithWebSecurityConfigurerAdapter.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(status().is3xxRedirection()); assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).isNotEmpty(); assertThat(InMemoryAuthWithWebSecurityConfigurerAdapter.EVENTS).hasSize(1); }
@Test public void authenticationMangerWhenEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception { this.spring.register(EraseCredentialsFalseConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNotNull())); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNotNull())); // no exception due to username being cleared out }
@Test // SEC-2533 public void authenticationManagerWhenGlobalAndEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception { this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNotNull())); }
@Test // http@create-session=ifRequired public void configureWhenSessionCreationPolicyIfRequiredThenSessionCreatedWhenRequiredOnRequest() throws Exception { this.spring.register(IfRequiredConfig.class).autowire(); MvcResult mvcResult = this.mockMvc.perform(get("/unsecure")).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNull(); mvcResult = this.mockMvc.perform(formLogin()).andReturn(); session = mvcResult.getRequest().getSession(false); assertThat(session).isNotNull(); assertThat(session.isNew()).isTrue(); }
@Test public void authenticationMangerWhenDefaultThenEraseCredentialsIsTrue() throws Exception { this.spring.register(EraseCredentialsTrueDefaultConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNull())); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNull())); // no exception due to username being cleared out }
@Test // http@security-context-repository-ref public void configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession() throws Exception { this.spring.register(SecurityContextRepoConfig.class).autowire(); MvcResult mvcResult = this.mockMvc.perform(formLogin()).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNull(); }
@Test public void passwordEncoderRefWhenAuthenticationManagerBuilderThenAuthenticationSuccess() throws Exception { this.spring.register(PasswordEncoderNoAuthManagerLoadsConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated()); }
@Test public void loadConfigWhenInMemoryConfigureProtectedThenPasswordUpgraded() throws Exception { this.spring.register(InMemoryConfigureProtectedConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(status().is3xxRedirection()); UserDetailsService uds = this.spring.getContext() .getBean(UserDetailsService.class); assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}"); }
@Test public void passwordEncoderRefWithJdbc() throws Exception { this.spring.register(PasswordEncoderWithJdbcConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated()); }
@Test public void loadConfigWhenInMemoryConfigureGlobalThenPasswordUpgraded() throws Exception { this.spring.register(InMemoryConfigureGlobalConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(status().is3xxRedirection()); UserDetailsService uds = this.spring.getContext() .getBean(UserDetailsService.class); assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}"); }
@Test public void passwordEncoderRefWithInMemory() throws Exception { this.spring.register(PasswordEncoderWithInMemoryConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated()); }
@Test public void passwordEncoderRefWithUserDetailsService() throws Exception { this.spring.register(PasswordEncoderWithUserDetailsServiceConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated()); }
@Test public void authenticationManagerWhenMultipleProvidersThenWorks() throws Exception { this.spring.register(MultiAuthenticationProvidersConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withUsername("user").withRoles("USER")); this.mockMvc.perform(formLogin().user("admin")) .andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN")); }
@Test public void jdbcUserService() throws Exception { this.spring.register(DataSourceConfig.class, JdbcUserServiceConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withUsername("user")); }