@Test public void testRequiresAuthenticationProxyRequest() { CasAuthenticationFilter filter = new CasAuthenticationFilter(); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setServletPath("/pgtCallback"); assertThat(filter.requiresAuthentication(request, response)).isFalse(); filter.setProxyReceptorUrl(request.getServletPath()); assertThat(filter.requiresAuthentication(request, response)).isFalse(); filter.setProxyGrantingTicketStorage(mock(ProxyGrantingTicketStorage.class)); assertThat(filter.requiresAuthentication(request, response)).isTrue(); request.setServletPath("/other"); assertThat(filter.requiresAuthentication(request, response)).isFalse(); }
@Test public void testRequiresAuthenticationAuthAll() { ServiceProperties properties = new ServiceProperties(); properties.setAuthenticateAllArtifacts(true); String url = "/login/cas"; CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setFilterProcessesUrl(url); filter.setServiceProperties(properties); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setServletPath(url); assertThat(filter.requiresAuthentication(request, response)).isTrue(); request.setServletPath("/other"); assertThat(filter.requiresAuthentication(request, response)).isFalse(); request.setParameter(properties.getArtifactParameter(), "value"); assertThat(filter.requiresAuthentication(request, response)).isTrue(); SecurityContextHolder.getContext().setAuthentication( new AnonymousAuthenticationToken("key", "principal", AuthorityUtils .createAuthorityList("ROLE_ANONYMOUS"))); assertThat(filter.requiresAuthentication(request, response)).isTrue(); SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken("un", "principal")); assertThat(filter.requiresAuthentication(request, response)).isTrue(); SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken("un", "principal", "ROLE_ANONYMOUS")); assertThat(filter.requiresAuthentication(request, response)).isFalse(); }
@Test public void testRequiresAuthenticationFilterProcessUrl() { String url = "/login/cas"; CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setFilterProcessesUrl(url); MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletResponse response = new MockHttpServletResponse(); request.setServletPath(url); assertThat(filter.requiresAuthentication(request, response)).isTrue(); }
@Test public void testNormalOperation() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); request.setServletPath("/login/cas"); request.addParameter("ticket", "ST-0-ER94xMJmn6pha35CQRoZ"); CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setAuthenticationManager(new AuthenticationManager() { public Authentication authenticate(Authentication a) { return a; } }); assertThat(filter.requiresAuthentication(request, new MockHttpServletResponse())).isTrue(); Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse()); assertThat(result != null).isTrue(); }
@Override protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) { boolean requiresAuthentication = isSecurityEnabled() && super.requiresAuthentication(request, response); return requiresAuthentication; }