Tests added to bring X509ProcessingFilter up to full coverage.

2025-07-15 14:53:31 +00:00 · 2005-03-12 20:47:58 +00:00 · 2005-03-12 20:47:58 +00:00 · 0a4fc1731a
commit 0a4fc1731a
parent c3c5487b93
1 changed files with 140 additions and 51 deletions
--- a/core/src/test/java/org/acegisecurity/ui/x509/X509ProcessingFilterTests.java
+++ b/core/src/test/java/org/acegisecurity/ui/x509/X509ProcessingFilterTests.java
@ -2,28 +2,31 @@ package net.sf.acegisecurity.ui.x509;

 import junit.framework.TestCase;

-//import org.mortbay.http.*;
-//import org.mortbay.jetty.servlet.*;
-
-import java.net.URL;
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-
-import net.sf.acegisecurity.*;
 import net.sf.acegisecurity.context.security.SecureContext;
 import net.sf.acegisecurity.context.security.SecureContextUtils;
 import net.sf.acegisecurity.context.security.SecureContextImpl;
 import net.sf.acegisecurity.context.ContextHolder;
 import net.sf.acegisecurity.providers.x509.X509TestUtils;
-import net.sf.acegisecurity.ui.cas.CasProcessingFilter;
+import net.sf.acegisecurity.providers.x509.X509AuthenticationToken;
+import net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
+import net.sf.acegisecurity.MockHttpServletResponse;
+import net.sf.acegisecurity.MockHttpServletRequest;
+import net.sf.acegisecurity.MockHttpSession;
+import net.sf.acegisecurity.Authentication;
+import net.sf.acegisecurity.GrantedAuthority;
+import net.sf.acegisecurity.GrantedAuthorityImpl;
+import net.sf.acegisecurity.AuthenticationManager;
+import net.sf.acegisecurity.BadCredentialsException;
+import net.sf.acegisecurity.MockAuthenticationManager;
+import net.sf.acegisecurity.ui.AbstractProcessingFilter;
+import net.sf.acegisecurity.util.MockFilterChain;

 import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.ServletException;
+import java.security.cert.X509Certificate;

 /**
- * @author Luke
+ * @author Luke Taylor
 */
 public class X509ProcessingFilterTests extends TestCase {
    //~ Constructors ===========================================================
@ -46,15 +49,55 @@ public class X509ProcessingFilterTests extends TestCase {
        ContextHolder.setContext(null);
    }

+    public void testNeedsAuthenticationManager() throws Exception {
+        X509ProcessingFilter filter = new X509ProcessingFilter();
+
+        try {
+            filter.afterPropertiesSet();
+            fail("Expected IllegalArgumentException");
+        } catch (IllegalArgumentException failed) {
+            // ignored
+        }
+    }
+
+    public void testDoFilterWithNonHttpServletRequestDetected()
+        throws Exception {
+        X509ProcessingFilter filter = new X509ProcessingFilter();
+
+        try {
+            filter.doFilter(null, new MockHttpServletResponse(),
+                new MockFilterChain(false));
+            fail("Should have thrown ServletException");
+        } catch (ServletException expected) {
+            assertEquals("Can only process HttpServletRequest",
+                expected.getMessage());
+        }
+    }
+
+    public void testDoFilterWithNonHttpServletResponseDetected()
+        throws Exception {
+        X509ProcessingFilter filter = new X509ProcessingFilter();
+
+        try {
+            filter.doFilter(new MockHttpServletRequest(null, null), null,
+                new MockFilterChain(false));
+            fail("Should have thrown ServletException");
+        } catch (ServletException expected) {
+            assertEquals("Can only process HttpServletResponse",
+                expected.getMessage());
+        }
+    }
+
+
    public void testNormalOperation() throws Exception {
        MockHttpServletRequest request = new MockHttpServletRequest(null, new MockHttpSession());
        MockHttpServletResponse response = new MockHttpServletResponse();
-        FilterChain chain = new MockFilterChain();
+        FilterChain chain = new MockFilterChain(true);

        request.setAttribute("javax.servlet.request.X509Certificate",
                new X509Certificate[] {X509TestUtils.buildTestCertificate()});

-        MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
+        AuthenticationManager authMgr = new MockX509AuthenticationManager();

        ContextHolder.setContext(new SecureContextImpl());

@ -68,53 +111,99 @@ public class X509ProcessingFilterTests extends TestCase {
        filter.afterPropertiesSet();
        filter.init(null);
        filter.doFilter(request, response, chain);
+        filter.destroy();

        Authentication result = ctx.getAuthentication();

        assertNotNull(result);
    }

+    public void testFailedAuthentication() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest(null, new MockHttpSession());
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        FilterChain chain = new MockFilterChain(true);
+
+        request.setAttribute("javax.servlet.request.X509Certificate",
+                new X509Certificate[] {X509TestUtils.buildTestCertificate()});
+
+        AuthenticationManager authMgr = new MockAuthenticationManager(false);
+
+        ContextHolder.setContext(new SecureContextImpl());
+
+        SecureContext ctx = SecureContextUtils.getSecureContext();
+
+        ctx.setAuthentication(null);
+
+        X509ProcessingFilter filter = new X509ProcessingFilter();
+
+        filter.setAuthenticationManager(authMgr);
+        filter.afterPropertiesSet();
+        filter.init(null);
+        filter.doFilter(request, response, chain);
+        filter.destroy();
+
+        Authentication result = ctx.getAuthentication();
+
+        assertNull(result);
+    }
+
+    public void testWithNoCertificate() throws Exception {
+        MockHttpSession session = new MockHttpSession();
+        MockHttpServletRequest request = new MockHttpServletRequest(null, session);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        FilterChain chain = new MockFilterChain(true);
+
+        AuthenticationManager authMgr = new MockX509AuthenticationManager();
+        X509ProcessingFilter filter = new X509ProcessingFilter();
+
+        filter.setAuthenticationManager(authMgr);
+
+        ContextHolder.setContext(new SecureContextImpl());
+        filter.doFilter(request, response, chain);
+
+        SecureContext ctx = SecureContextUtils.getSecureContext();
+
+        assertNull("Authentication should be null", ctx.getAuthentication());
+        assertTrue("BadCredentialsException should have been thrown",
+                session.getAttribute(AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY) instanceof BadCredentialsException);
+    }
+
+
+    public void testWithExistingSecurityContext() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest(null, new MockHttpSession());
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        FilterChain chain = new MockFilterChain(true);
+
+        Authentication token = new AnonymousAuthenticationToken("dummy", "dummy",
+                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_A")});
+
+        ContextHolder.setContext(new SecureContextImpl());
+        SecureContext ctx = SecureContextUtils.getSecureContext();
+
+        ctx.setAuthentication(token);
+
+        X509ProcessingFilter filter = new X509ProcessingFilter();
+
+        filter.doFilter(request, response, chain);
+        assertEquals("Existing token should be unchanged", token, ctx.getAuthentication());
+    }
+
    //~ Inner Classes ==========================================================

-    private class MockFilterChain implements FilterChain {
-        public void doFilter(ServletRequest arg0, ServletResponse arg1)
-            throws IOException, ServletException {
-                // do nothing.
-        }
-    }
-//    public void testFilterIntegration() throws Exception {
-//
-//        // set up server.
-//        HttpServer server = new HttpServer();
-//        try {
-//            SunJsseListener listener = new SunJsseListener();
-//            listener.setNeedClientAuth(true);
-//            listener.setPort(9443);
-////            listener.setKeystore();
-//
-//            server.addListener(listener);
-//
-//            // map servlet.
-//            HttpContext context = server.getContext("/");
-//
-////            ServletHandler handler = new ServletHandler();
-////            handler.addServlet("MyServlet", "/myServlet", MyServlet.class.getName());
-////            context.addHandler(handler);
-//
-//            // start server.
-//            server.start();
-//
-//            // test client code against url.
-//            URL url = new URL("http://localhost:" + 9443 + "/myServlet");
-//
-//
-//
-//        }
-//        finally {
-//          server.stop();
-//        }
-//    }
+    private static class MockX509AuthenticationManager implements AuthenticationManager {

+        public Authentication authenticate(Authentication a) {
+            if(!(a instanceof X509AuthenticationToken)) {
+                TestCase.fail("Needed an X509Authentication token but found " + a);
+            }
+
+            if(a.getCredentials() == null) {
+                throw new BadCredentialsException("Mock authentication manager rejecting null certificate");
+            }
+
+            return a;
+        }
+    }


 }