public TestingAuthenticationToken(Object principal, Object credentials, List<GrantedAuthority> authorities) { super(authorities); this.principal = principal; this.credentials = credentials; setAuthenticated(true); }
public TestingAuthenticationToken(Object principal, Object credentials, List<GrantedAuthority> authorities) { super(authorities); this.principal = principal; this.credentials = credentials; setAuthenticated(true); }
private Authentication createAuthenticatedPrincipal() { TestingAuthenticationToken authentication = new TestingAuthenticationToken(this.principalName, "password"); authentication.setAuthenticated(true); return authentication; }
private Authentication createAuthenticatedPrincipal() { TestingAuthenticationToken authentication = new TestingAuthenticationToken(this.principalName, "password"); authentication.setAuthenticated(true); return authentication; }
@Before public void setup() { authority = new SimpleGrantedAuthority("ROLE_AUTH"); TestingAuthenticationToken authentication = new TestingAuthenticationToken("foo", "bar", Arrays.asList(authority)); authentication.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(authentication); }
@Test public void callSucceedsIfAccessDecisionManagerGrantsAccess() throws Exception { token.setAuthenticated(true); interceptor.setPublishAuthorizationSuccess(true); SecurityContextHolder.getContext().setAuthentication(token); mdsReturnsUserRole(); String result = advisedTarget.makeLowerCase("HELLO"); // Note we check the isAuthenticated remained true in following line assertThat(result).isEqualTo("hello org.springframework.security.authentication.TestingAuthenticationToken true"); verify(eventPublisher).publishEvent(any(AuthorizedEvent.class)); }
@Test public void afterInvocationManagerIsNotInvokedIfExceptionIsRaised() throws Throwable { token.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(token); AfterInvocationManager aim = mock(AfterInvocationManager.class); interceptor.setAfterInvocationManager(aim); when(aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException()); try { interceptor.invoke(joinPoint, aspectJCallback); fail("Expected exception"); } catch (RuntimeException expected) { } verifyZeroInteractions(aim); }
@Test public void afterInvocationManagerIsNotInvokedIfExceptionIsRaised() throws Throwable { MethodInvocation mi = mock(MethodInvocation.class); token.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(token); mdsReturnsUserRole(); AfterInvocationManager aim = mock(AfterInvocationManager.class); interceptor.setAfterInvocationManager(aim); when(mi.proceed()).thenThrow(new Throwable()); try { interceptor.invoke(mi); fail("Expected exception"); } catch (Throwable expected) { } verifyZeroInteractions(aim); }
@Test public void runAsReplacementIsCorrectlySet() throws Exception { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); String result = advisedTarget.makeUpperCase("hello"); assertThat(result).isEqualTo("HELLO org.springframework.security.access.intercept.RunAsUserToken true"); // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
@Test(expected = AccessDeniedException.class) public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() { loadContext(); TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMEOTHERROLE"); token.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(token); target.someAdminMethod(); }
@Test @SuppressWarnings("unchecked") public void invokeRunAsReplacementCleansAfterException() throws Throwable { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); when(joinPoint.proceed()).thenThrow(new RuntimeException()); try { interceptor.invoke(joinPoint); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); } }
@Test @SuppressWarnings("unchecked") public void invokeWithAspectJCallbackRunAsReplacementCleansAfterException() throws Exception { SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); when(aspectJCallback.proceedWithObject()).thenThrow(new RuntimeException()); try { interceptor.invoke(joinPoint, aspectJCallback); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
@Test public void runAsReplacementCleansAfterException() throws Exception { createTarget(true); when(realTarget.makeUpperCase(anyString())).thenThrow(new RuntimeException()); SecurityContext ctx = SecurityContextHolder.getContext(); ctx.setAuthentication(token); token.setAuthenticated(true); final RunAsManager runAs = mock(RunAsManager.class); final RunAsUserToken runAsToken = new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class); interceptor.setRunAsManager(runAs); mdsReturnsUserRole(); when(runAs.buildRunAs(eq(token), any(MethodInvocation.class), any(List.class))) .thenReturn(runAsToken); try { advisedTarget.makeUpperCase("hello"); fail("Expected Exception"); } catch (RuntimeException success) { } // Check we've changed back assertThat(SecurityContextHolder.getContext()).isSameAs(ctx); assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token); }
@Before public void setup() { this.registration1 = TestClientRegistrations.clientRegistration().build(); this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1); this.authorizedClientService = new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository); this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(this.authorizedClientService); this.authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository(); this.authenticationManager = mock(AuthenticationManager.class); this.filter = spy(new OAuth2AuthorizationCodeGrantFilter( this.clientRegistrationRepository, this.authorizedClientRepository, this.authenticationManager)); this.filter.setAuthorizationRequestRepository(this.authorizationRequestRepository); TestingAuthenticationToken authentication = new TestingAuthenticationToken(this.principalName1, "password"); authentication.setAuthenticated(true); SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(authentication); SecurityContextHolder.setContext(securityContext); }
public TestingAuthenticationToken(Object principal, Object credentials, List<GrantedAuthority> authorities) { super(authorities); this.principal = principal; this.credentials = credentials; setAuthenticated(true); }
public TestingAuthenticationToken(Object principal, Object credentials, String... authorities) { this(principal, credentials, AuthorityUtils.createAuthorityList(authorities)); setAuthenticated(true); }
/** * Provide the mock user information to be used * * @param withMockOAuth2Token * @return */ private Authentication getAuthentication(WithMockOAuth2Token withMockOAuth2Token) { List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList(withMockOAuth2Token.authorities()); User userPrincipal = new User(withMockOAuth2Token.userName(), withMockOAuth2Token.password(), true, true, true, true, authorities); HashMap<String, String> details = new HashMap<String, String>(); details.put("user_name", withMockOAuth2Token.userName()); details.put("email", "anilallewar@yahoo.co.in"); details.put("name", "Anil Allewar"); TestingAuthenticationToken token = new TestingAuthenticationToken(userPrincipal, null, authorities); token.setAuthenticated(true); token.setDetails(details); return token; }
@Test public void testAdminRole() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); TestingAuthenticationToken auth = new TestingAuthenticationToken( "admin", "geoserver", (List) Arrays.asList(GeoServerRole.ADMIN_ROLE)); auth.setAuthenticated(true); assertTrue(secMgr.checkAuthenticationForAdminRole(auth)); }
@Test public void testMasterPasswordDumpNotAuthorized() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); File f = File.createTempFile("masterpw", "info"); try { assertFalse(secMgr.dumpMasterPassword(Files.asResource(f))); TestingAuthenticationToken auth = new TestingAuthenticationToken( "admin", "geoserver", (List) Arrays.asList(GeoServerRole.ADMIN_ROLE)); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); assertFalse(secMgr.dumpMasterPassword(Files.asResource(f))); } finally { f.delete(); } }
@Test public void testMasterPasswordDump() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); File f = File.createTempFile("masterpw", "info"); f.delete(); try { assertFalse(secMgr.dumpMasterPassword(Files.asResource(f))); TestingAuthenticationToken auth = new TestingAuthenticationToken( "admin", "geoserver", (List) Arrays.asList(GeoServerRole.ADMIN_ROLE)); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); assertTrue(secMgr.dumpMasterPassword(Files.asResource(f))); dumpPWInfoFile(f); assertTrue(masterPWInfoFileContains(f, new String(secMgr.getMasterPassword()))); } finally { f.delete(); } }