public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { List<GrantedAuthority> newAuthorities = new ArrayList<>(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { GrantedAuthority extraAuthority = new SimpleGrantedAuthority( getRolePrefix() + attribute.getAttribute()); newAuthorities.add(extraAuthority); } } if (newAuthorities.size() == 0) { return null; } // Add existing authorities newAuthorities.addAll(authentication.getAuthorities()); return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(), newAuthorities, authentication.getClass()); }
public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { List<GrantedAuthority> newAuthorities = new ArrayList<>(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { GrantedAuthority extraAuthority = new SimpleGrantedAuthority( getRolePrefix() + attribute.getAttribute()); newAuthorities.add(extraAuthority); } } if (newAuthorities.size() == 0) { return null; } // Add existing authorities newAuthorities.addAll(authentication.getAuthorities()); return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(), newAuthorities, authentication.getClass()); }
@Test public void testToString() { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); assertThat(token.toString().lastIndexOf("Original Class: " + UsernamePasswordAuthenticationToken.class.getName().toString()) != -1).isTrue(); }
@Test public void testToStringNullOriginalAuthentication() { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), null); assertThat(token.toString().lastIndexOf("Original Class: null") != -1).isTrue(); } }
@Test public void testGetters() { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); assertThat("Test").isEqualTo(token.getPrincipal()); assertThat("Password").isEqualTo(token.getCredentials()); assertThat("my_password".hashCode()).isEqualTo(token.getKeyHash()); assertThat(UsernamePasswordAuthenticationToken.class).isEqualTo( token.getOriginalAuthentication()); }
@Test public void testAuthenticationSetting() { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); assertThat(token.isAuthenticated()).isTrue(); token.setAuthenticated(false); assertThat(!token.isAuthenticated()).isTrue(); }
@Test public void runAsReplacementIsCorrectlySet() throws Exception { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); String result = advisedTarget.makeUpperCase("hello"); assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true"); // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
@Test @SuppressWarnings("unchecked") public void invokeRunAsReplacementCleansAfterException() throws Throwable { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); when(joinPoint.proceed()).thenThrow(new RuntimeException()); try { interceptor.invoke(joinPoint); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); } }
@Test @SuppressWarnings("unchecked") public void invokeWithAspectJCallbackRunAsReplacementCleansAfterException() throws Exception { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); when(aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException()); try { interceptor.invoke(joinPoint, aspectJCallback); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
@Test public void runAsReplacementCleansAfterException() throws Exception { createTarget(true); when(realTarget.makeUpperCase(anyString())).thenThrow(new RuntimeException()); SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); try { advisedTarget.makeUpperCase("hello"); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
@Test public void testAuthenticationSuccess() { RunAsUserToken token = new RunAsUserToken("my_password", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider(); provider.setKey("my_password"); Authentication result = provider.authenticate(token); Assert.assertTrue("Should have returned RunAsUserToken", result instanceof RunAsUserToken); RunAsUserToken resultCast = (RunAsUserToken) result; assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode()); }
@Test(expected = BadCredentialsException.class) public void testAuthenticationFailDueToWrongKey() { RunAsUserToken token = new RunAsUserToken("wrong_key", "Test", "Password", AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"), UsernamePasswordAuthenticationToken.class); RunAsImplAuthenticationProvider provider = new RunAsImplAuthenticationProvider(); provider.setKey("hello_world"); provider.authenticate(token); }
public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { List<GrantedAuthority> newAuthorities = new ArrayList<GrantedAuthority>(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { GrantedAuthority extraAuthority = new SimpleGrantedAuthority(getRolePrefix() + attribute.getAttribute()); newAuthorities.add(extraAuthority); } } if (newAuthorities.size() == 0) { return null; } // Add existing authorities newAuthorities.addAll(authentication.getAuthorities()); return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(), newAuthorities, authentication.getClass()); }
public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { List<GrantedAuthority> newAuthorities = new ArrayList<>(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { GrantedAuthority extraAuthority = new SimpleGrantedAuthority( getRolePrefix() + attribute.getAttribute()); newAuthorities.add(extraAuthority); } } if (newAuthorities.size() == 0) { return null; } // Add existing authorities newAuthorities.addAll(authentication.getAuthorities()); return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(), newAuthorities, authentication.getClass()); }
@SuppressWarnings("unchecked") public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) { RunAsUserToken result = null; if (runAsUser == null) { List<GrantedAuthority> newAuthorities = new Vector<GrantedAuthority>(); for (ConfigAttribute attribute : attributes) { if (this.supports(attribute)) { String role = attribute.getAttribute().substring(attribute.getAttribute().lastIndexOf("RUN_AS_") + "RUN_AS_".length()); GrantedAuthorityImpl extraAuthority = new GrantedAuthorityImpl(getRolePrefix() + role); newAuthorities.add(extraAuthority); } } if (newAuthorities.size() == 0) { return null; } for (GrantedAuthority authority : authentication.getAuthorities()) { newAuthorities.add(authority); } result = new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(), newAuthorities, authentication .getClass()); } else { result = new RunAsUserToken(key, runAsUser.getUsername(), runAsUser.getPassword(), runAsUser.getAuthorities(), authentication.getClass()); runAsUser = null; } return result; }
public RunAsUserToken create( String key, UserDetails userDetails, Class<? extends Authentication> originalAuthentication) { userDetailsChecker.check(userDetails); return new RunAsUserToken( key, userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities(), originalAuthentication); } }