@Override public RequestPostProcessor beforeMockMvcCreated(ConfigurableMockMvcBuilder<?> builder, WebApplicationContext context) { return request -> { request.setUserPrincipal(mock(Principal.class)); return request; }; } }
request.setUserPrincipal(this.principal);
@Test public void handleWhenTokenHasNoScopesThenInsufficientScopeError() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Authentication token = new TestingOAuth2TokenAuthenticationToken(Collections.emptyMap()); request.setUserPrincipal(token); this.accessDeniedHandler.handle(request, response, null); assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", " + "error_description=\"The token provided has insufficient scope [] for this request\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""); }
@Test public void handleWhenNotOAuth2AuthenticatedThenStatus403() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Authentication authentication = new TestingAuthenticationToken("user", "pass"); request.setUserPrincipal(authentication); this.accessDeniedHandler.handle(request, response, null); assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer"); }
@Test public void handleWhenNotOAuth2AuthenticatedAndRealmSetThenStatus403AndAuthHeaderWithRealm() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Authentication authentication = new TestingAuthenticationToken("user", "pass"); request.setUserPrincipal(authentication); this.accessDeniedHandler.setRealmName("test"); this.accessDeniedHandler.handle(request, response, null); assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer realm=\"test\""); }
@Test public void handleWhenTokenHasBothScopeAndScpAttributesTheInsufficientErrorBasedOnScopeAttribute() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Map<String, Object> attributes = Maps.newHashMap("scp", Arrays.asList("message:read", "message:write")); Authentication token = new TestingOAuth2TokenAuthenticationToken(attributes); request.setUserPrincipal(token); attributes.put("scope", "missive:read missive:write"); this.accessDeniedHandler.handle(request, response, null); assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", " + "error_description=\"The token provided has insufficient scope [missive:read missive:write] for this request\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\", " + "scope=\"missive:read missive:write\""); }
@Test public void handleWhenTokenHasEmptyScpAttributeThenInsufficientScopeError() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Map<String, Object> attributes = Maps.newHashMap("scp", Collections.emptyList()); Authentication token = new TestingOAuth2TokenAuthenticationToken(attributes); request.setUserPrincipal(token); this.accessDeniedHandler.handle(request, response, null); assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", " + "error_description=\"The token provided has insufficient scope [] for this request\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""); }
@Test public void handleWhenTokenHasScpAttributeThenInsufficientScopeErrorWithScopes() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Map<String, Object> attributes = Maps.newHashMap("scp", Arrays.asList("message:read", "message:write")); Authentication token = new TestingOAuth2TokenAuthenticationToken(attributes); request.setUserPrincipal(token); this.accessDeniedHandler.handle(request, response, null); assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", " + "error_description=\"The token provided has insufficient scope [message:read message:write] for this request\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\", " + "scope=\"message:read message:write\""); }
@Test public void handleWhenTokenHasEmptyScopeAttributeThenInsufficientScopeError() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Map<String, Object> attributes = Maps.newHashMap("scope", ""); Authentication token = new TestingOAuth2TokenAuthenticationToken(attributes); request.setUserPrincipal(token); this.accessDeniedHandler.handle(request, response, null); assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", " + "error_description=\"The token provided has insufficient scope [] for this request\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\""); }
@Test public void handleWhenTokenHasScopeAttributeThenInsufficientScopeErrorWithScopes() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Map<String, Object> attributes = Maps.newHashMap("scope", "message:read message:write"); Authentication token = new TestingOAuth2TokenAuthenticationToken(attributes); request.setUserPrincipal(token); this.accessDeniedHandler.handle(request, response, null); assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer error=\"insufficient_scope\", " + "error_description=\"The token provided has insufficient scope [message:read message:write] for this request\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\", " + "scope=\"message:read message:write\""); }
@Test public void handleWhenTokenHasScopeAttributeAndRealmIsSetThenInsufficientScopeErrorWithScopesAndRealm() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); Map<String, Object> attributes = Maps.newHashMap("scope", "message:read message:write"); Authentication token = new TestingOAuth2TokenAuthenticationToken(attributes); request.setUserPrincipal(token); this.accessDeniedHandler.setRealmName("test"); this.accessDeniedHandler.handle(request, response, null); assertThat(response.getStatus()).isEqualTo(403); assertThat(response.getHeader("WWW-Authenticate")).isEqualTo("Bearer realm=\"test\", " + "error=\"insufficient_scope\", " + "error_description=\"The token provided has insufficient scope [message:read message:write] for this request\", " + "error_uri=\"https://tools.ietf.org/html/rfc6750#section-3.1\", " + "scope=\"message:read message:write\""); }
protected MockHttpServletRequest makeRequest(String body, String queryString) throws UnsupportedEncodingException { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setContextPath("/geoserver"); request.setRequestURI("/geoserver"); request.setQueryString(queryString != null ? queryString : ""); request.setRemoteAddr("127.0.0.1"); request.setServletPath("/geoserver"); request.setContentType("application/x-www-form-urlencoded"); request.setMethod("POST"); request.setContent(body.getBytes("UTF-8")); MockHttpSession session = new MockHttpSession(new MockServletContext()); request.setSession(session); request.setUserPrincipal(null); return request; }
request.setSession(session); request.setUserPrincipal(null);
request.setUserPrincipal(null);
protected static MockHttpServletRequest createRequest(final ServletContext context, final String requestType, final String urlPath, Map<String, String> parameterMap, final String username, final Collection<String> roles) { final MockHttpServletRequest request = new MockHttpServletRequestThatWorks(context, requestType, contextPath + urlPath); request.setContextPath(contextPath); request.setUserPrincipal(MockUserPrincipal.getInstance()); MockUserPrincipal.setName(username); if (username != null) { for (final String role : roles) { request.addUserRole(role); } } if (parameterMap != null) { for (Entry<String, String> eachEntry : parameterMap.entrySet()) { request.addParameter(eachEntry.getKey(), eachEntry.getValue()); } } return request; }
@Test public void afterCompletion_returnsIfNoUserIsPresent() { request.setUserPrincipal(null); subject.afterCompletion(request, response, new Object(), null); verify(userContextFactory, never()).createUserContext(null); }
@Test public void afterCompletion_populatesTheCEFLogObject() { final Authentication authentication = mock(Authentication.class); when(authentication.getName()).thenReturn("foo"); request.setUserPrincipal(authentication); request.setAuthType(CLIENT_CERT_AUTH); response.setStatus(200); subject.afterCompletion(request, response, new Object(), null); assertThat(auditRecord.getUsername(), is(equalTo("foo"))); assertThat(auditRecord.getHttpStatusCode(), is(equalTo(200))); assertThat(auditRecord.getResult(), is(equalTo("success"))); assertThat(auditRecord.getAuthMechanism(), is(equalTo(CLIENT_CERT_AUTH))); }
@Before public void setup() { userContextFactory = mock(UserContextFactory.class); userContext = mock(UserContext.class); auditRecord = new CEFAuditRecord(); subject = new AuditInterceptor( userContextFactory, auditRecord ); request = new MockHttpServletRequest(); response = new MockHttpServletResponse(); final Authentication authentication = mock(Authentication.class); request.setUserPrincipal(authentication); userContext = mock(UserContext.class); when(userContextFactory.createUserContext(any())).thenReturn(userContext); when(userContext.getActor()).thenReturn("user"); when(userContext.getAuthMethod()).thenReturn(CLIENT_CERT_AUTH); }
request.setUserPrincipal(this.principal);
request.setUserPrincipal(this.principal);