@Test public void configureWhenAddFilterCasAuthenticationFilterThenFilterAdded() throws Exception { CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER = spy(new CasAuthenticationFilter()); this.spring.register(CasAuthenticationFilterConfig.class).autowire(); this.mockMvc.perform(get("/")); verify(CasAuthenticationFilterConfig.CAS_AUTHENTICATION_FILTER).doFilter( any(ServletRequest.class), any(ServletResponse.class), any(FilterChain.class)); }
@Test public void testRequiresAuthenticationProxyRequest() { CasAuthenticationFilter filter = new CasAuthenticationFilter(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setServletPath("/pgtCallback"); assertThat(filter.requiresAuthentication(request, response)).isFalse(); filter.setProxyReceptorUrl(request.getServletPath()); assertThat(filter.requiresAuthentication(request, response)).isFalse(); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); assertThat(filter.requiresAuthentication(request, response)).isTrue(); request.setServletPath("/other"); assertThat(filter.requiresAuthentication(request, response)).isFalse(); }
@Test public void testGettersSetters() { CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); filter.setProxyReceptorUrl("/someurl"); filter.setServiceProperties(new ServiceProperties()); }
@Test public void testRequiresAuthenticationFilterProcessUrl() { String url = "/login/cas"; CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setFilterProcessesUrl(url); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setServletPath(url); assertThat(filter.requiresAuthentication(request, response)).isTrue(); }
@Test public void testChainNotInvokedForProxyReceptor() throws Exception { CasAuthenticationFilter filter = new CasAuthenticationFilter(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain chain = mock(FilterChain.class); request.setServletPath("/pgtCallback"); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); filter.setProxyReceptorUrl(request.getServletPath()); filter.doFilter(request, response, chain); verifyZeroInteractions(chain); } }
@Test public void testNormalOperation() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/login/cas"); request.addParameter("ticket", "ST-0-ER94xMJmn6pha35CQRoZ"); CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setAuthenticationManager(new AuthenticationManager() { public Authentication authenticate(Authentication a) { return a; } }); assertThat(filter.requiresAuthentication(request, new MockHttpServletResponse())).isTrue(); Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result != null).isTrue(); }
@Test public void testRequiresAuthenticationAuthAll() { ServiceProperties properties = new ServiceProperties(); properties.setAuthenticateAllArtifacts(true); String url = "/login/cas"; CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setFilterProcessesUrl(url); filter.setServiceProperties(properties); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setServletPath(url); assertThat(filter.requiresAuthentication(request, response)).isTrue(); request.setServletPath("/other"); assertThat(filter.requiresAuthentication(request, response)).isFalse(); request.setParameter(properties.getArtifactParameter(), "value"); assertThat(filter.requiresAuthentication(request, response)).isTrue(); SecurityContextHolder.getContext().setAuthentication( new AnonymousAuthenticationToken("key", "principal", AuthorityUtils .createAuthorityList("ROLE_ANONYMOUS"))); assertThat(filter.requiresAuthentication(request, response)).isTrue(); SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken("un", "principal")); assertThat(filter.requiresAuthentication(request, response)).isTrue(); SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken("un", "principal", "ROLE_ANONYMOUS")); assertThat(filter.requiresAuthentication(request, response)).isFalse(); }
FilterChain chain = mock(FilterChain.class); CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setServiceProperties(serviceProperties); filter.setAuthenticationSuccessHandler(successHandler);
@Test(expected = AuthenticationException.class) public void testNullServiceTicketHandledGracefully() throws Exception { CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setAuthenticationManager(new AuthenticationManager() { public Authentication authenticate(Authentication a) { throw new BadCredentialsException("Rejected"); } }); filter.attemptAuthentication(new MockHttpServletRequest(), new MockHttpServletResponse()); }
@Test public void testAuthenticateProxyUrl() throws Exception { CasAuthenticationFilter filter = new CasAuthenticationFilter(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setServletPath("/pgtCallback"); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); filter.setProxyReceptorUrl(request.getServletPath()); assertThat(filter.attemptAuthentication(request, response)).isNull(); }
@Bean public CasAuthenticationFilter casAuthenticationFilter() throws Exception { CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter(); casAuthenticationFilter.setAuthenticationManager(authenticationManager()); casAuthenticationFilter.setSessionAuthenticationStrategy(sessionStrategy()); return casAuthenticationFilter; }
@Override protected AbstractAuthenticationProcessingFilter getAuthenticationFilter() { CasAuthenticationFilter casFilter = new CasAuthenticationFilter(); casFilter.setAuthenticationManager(createAuthenticationManager()); casFilter.setAuthenticationFailureHandler(createAjaxFailureHandler()); casFilter.setAuthenticationSuccessHandler(createAjaxSuccessHandler()); return casFilter; }
@Override public void init(HttpSecurity http) throws Exception { CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setAuthenticationManager(authenticationManager()); filter.setRequiresAuthenticationRequestMatcher(getAuthenticationRequestMatcher()); filter.setServiceProperties(serviceProperties); filterConfigurer.configure(filter); SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter(); singleSignOutFilterConfigurer.configure(singleSignOutFilter); if (securityProperties.isRequireSsl()) { http.requiresChannel().anyRequest().requiresSecure(); } if (!securityProperties.isEnableCsrf()) { http.csrf().disable(); } SpringBootWebSecurityConfiguration.configureHeaders(http.headers(), securityProperties.getHeaders()); http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint) .and() .addFilterBefore(singleSignOutFilter, CsrfFilter.class) .addFilter(filter); if (securityProperties.getBasic().isEnabled()) { BasicAuthenticationFilter basicAuthFilter = new BasicAuthenticationFilter( http.getSharedObject(ApplicationContext.class).getBean(AuthenticationManager.class)); http.addFilterBefore(basicAuthFilter, CasAuthenticationFilter.class); } }
casLogoutUrl); final CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter(); casAuthenticationFilter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler); casAuthenticationFilter.setAuthenticationSuccessHandler(savedRequestAwareAuthenticationSuccessHandler);