mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-31 09:12:14 +00:00
Removed web dependency on core-tests
This commit is contained in:
Luke Taylor
parent
57e508ba2c
commit
5b543f83ec
@ -14,10 +14,6 @@
|
||||
*/
|
||||
package org.springframework.security.access.vote;
|
||||
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
@ -29,32 +25,12 @@ import java.util.Vector;
|
||||
* @version $Id$
|
||||
*/
|
||||
public class SampleServiceImpl implements SampleService {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
Logger logger = Logger.getLogger(SampleServiceImpl.class);
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
public void doSomethingOnThis(SampleBlockOfData block1, SampleBlockOfData block2) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("You made it! Your context is " + SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Block1 is " + block1);
|
||||
}
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Block2 is " + block2);
|
||||
}
|
||||
}
|
||||
|
||||
public List<SampleBlockOfData> getTheSampleData() {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(SecurityContextHolder.getContext().getAuthentication().getName()
|
||||
+ " is requesting some sample data.");
|
||||
}
|
||||
|
||||
List<SampleBlockOfData> dataList = new Vector<SampleBlockOfData>();
|
||||
SampleBlockOfData block;
|
||||
|
||||
|
||||
@ -8,8 +8,6 @@ import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.log4j.Level;
|
||||
import org.apache.log4j.Logger;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.GrantedAuthorityImpl;
|
||||
@ -23,11 +21,6 @@ import org.springframework.security.core.authority.mapping.MapBasedAttributes2Gr
|
||||
@SuppressWarnings("unchecked")
|
||||
public class MapBasedAttributes2GrantedAuthoritiesMapperTest {
|
||||
|
||||
protected void setUp() throws Exception {
|
||||
// Set Log4j loglevel to debug to include all logstatements in tests
|
||||
Logger.getRootLogger().setLevel(Level.DEBUG);
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testAfterPropertiesSetNoMap() throws Exception {
|
||||
MapBasedAttributes2GrantedAuthoritiesMapper mapper = new MapBasedAttributes2GrantedAuthoritiesMapper();
|
||||
|
||||
@ -1,48 +0,0 @@
|
||||
package org.springframework.security.matcher;
|
||||
|
||||
import org.hamcrest.Description;
|
||||
import org.hamcrest.Factory;
|
||||
import org.hamcrest.Matcher;
|
||||
import org.hamcrest.TypeSafeMatcher;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
public class AuthenticationMatcher extends TypeSafeMatcher<Authentication> {
|
||||
private String username;
|
||||
private String password;
|
||||
|
||||
@Override
|
||||
public boolean matchesSafely(Authentication auth) {
|
||||
if (!username.equals(auth.getName())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (password != null && !password.equals(auth.getCredentials())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public void describeTo(Description d) {
|
||||
d.appendText("an authentication object with username = '" + username + "'");
|
||||
if (password != null) {
|
||||
d.appendText(", password = '" + password + "'");
|
||||
}
|
||||
}
|
||||
|
||||
@Factory
|
||||
public static Matcher<Authentication> anAuthenticationWithUsername(String name) {
|
||||
AuthenticationMatcher matcher = new AuthenticationMatcher();
|
||||
matcher.username = name;
|
||||
return matcher;
|
||||
}
|
||||
|
||||
@Factory
|
||||
public static Matcher<Authentication> anAuthenticationWithUsernameAndPassword(String name, String password) {
|
||||
AuthenticationMatcher matcher = new AuthenticationMatcher();
|
||||
matcher.username = name;
|
||||
matcher.password = password;
|
||||
return matcher;
|
||||
|
||||
}
|
||||
}
|
||||
@ -15,13 +15,6 @@
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.security</groupId>
|
||||
<artifactId>spring-security-core</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<classifier>tests</classifier>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>org.springframework.web</artifactId>
|
||||
|
||||
@ -15,6 +15,8 @@
|
||||
|
||||
package org.springframework.security.web.authentication;
|
||||
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Properties;
|
||||
|
||||
@ -33,8 +35,8 @@ import junit.framework.TestCase;
|
||||
import org.springframework.mock.web.MockFilterConfig;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.authentication.AccountExpiredException;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -74,7 +76,7 @@ public class AbstractProcessingFilterTests extends TestCase {
|
||||
}
|
||||
|
||||
private void executeFilterInContainerSimulator(FilterConfig filterConfig, Filter filter, ServletRequest request,
|
||||
ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
|
||||
ServletResponse response, FilterChain filterChain) throws ServletException, IOException {
|
||||
filter.init(filterConfig);
|
||||
filter.doFilter(request, response, filterChain);
|
||||
filter.destroy();
|
||||
@ -190,7 +192,7 @@ public class AbstractProcessingFilterTests extends TestCase {
|
||||
|
||||
public void testGettersSetters() throws Exception {
|
||||
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
filter.setFilterProcessesUrl("/p");
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
@ -239,7 +241,7 @@ public class AbstractProcessingFilterTests extends TestCase {
|
||||
filter.setFilterProcessesUrl("/j_mock_post");
|
||||
filter.setAuthenticationSuccessHandler(successHandler);
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
// Test
|
||||
@ -269,7 +271,7 @@ public class AbstractProcessingFilterTests extends TestCase {
|
||||
public void testStartupDetectsInvalidFilterProcessesUrl() throws Exception {
|
||||
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
filter.setAuthenticationSuccessHandler(successHandler);
|
||||
filter.setFilterProcessesUrl(null);
|
||||
|
||||
|
||||
@ -15,17 +15,23 @@
|
||||
|
||||
package org.springframework.security.web.authentication;
|
||||
|
||||
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
||||
import org.mockito.stubbing.Answer;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.authentication.AuthenticationProcessingFilter;
|
||||
|
||||
|
||||
/**
|
||||
@ -45,7 +51,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||
|
||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||
assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl());
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
filter.init(null);
|
||||
|
||||
Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
|
||||
@ -61,10 +67,8 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||
request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
|
||||
|
||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||
|
||||
Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
|
||||
assertTrue(result != null);
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
assertNotNull(filter.attemptAuthentication(request, new MockHttpServletResponse()));
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -73,16 +77,14 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||
request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
|
||||
|
||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||
|
||||
Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
|
||||
assertTrue(result != null);
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
assertNotNull(filter.attemptAuthentication(request, new MockHttpServletResponse()));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUsingDifferentParameterNamesWorksAsExpected() throws ServletException {
|
||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
filter.setUsernameParameter("x");
|
||||
filter.setPasswordParameter("y");
|
||||
|
||||
@ -91,7 +93,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||
request.addParameter("y", "koala");
|
||||
|
||||
Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
|
||||
assertTrue(result != null);
|
||||
assertNotNull(result);
|
||||
assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress());
|
||||
}
|
||||
|
||||
@ -102,7 +104,7 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||
request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
|
||||
|
||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
|
||||
Authentication result = filter.attemptAuthentication(request, new MockHttpServletResponse());
|
||||
assertEquals("rod", result.getName());
|
||||
@ -113,7 +115,9 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("POST", "/");
|
||||
request.addParameter(AuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod");
|
||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(false));
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
|
||||
filter.setAuthenticationManager(am);
|
||||
|
||||
try {
|
||||
filter.attemptAuthentication(request, new MockHttpServletResponse());
|
||||
@ -135,10 +139,22 @@ public class AuthenticationProcessingFilterTests extends TestCase {
|
||||
|
||||
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
|
||||
filter.setAllowSessionCreation(false);
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(true));
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
|
||||
filter.attemptAuthentication(request, new MockHttpServletResponse());
|
||||
|
||||
assertNull(request.getSession(false));
|
||||
}
|
||||
|
||||
private AuthenticationManager createAuthenticationManager() {
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer<Authentication>() {
|
||||
public Authentication answer(InvocationOnMock invocation) throws Throwable {
|
||||
return (Authentication) invocation.getArguments()[0];
|
||||
}
|
||||
});
|
||||
|
||||
return am;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
package org.springframework.security.web.authentication.preauth;
|
||||
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@ -10,10 +11,10 @@ import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
|
||||
|
||||
public class AbstractPreAuthenticatedProcessingFilterTests {
|
||||
private AbstractPreAuthenticatedProcessingFilter filter;
|
||||
@ -38,7 +39,9 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
|
||||
|
||||
@Test
|
||||
public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exception {
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(false));
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
|
||||
filter.setAuthenticationManager(am);
|
||||
filter.afterPropertiesSet();
|
||||
filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
@ -47,8 +50,10 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
|
||||
/* SEC-881 */
|
||||
@Test(expected=BadCredentialsException.class)
|
||||
public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse() throws Exception {
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
|
||||
filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(false));
|
||||
filter.setAuthenticationManager(am);
|
||||
filter.afterPropertiesSet();
|
||||
filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
|
||||
@ -1,23 +1,33 @@
|
||||
package org.springframework.security.web.authentication.preauth;
|
||||
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.web.FilterChainOrder;
|
||||
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
||||
import org.mockito.stubbing.Answer;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.FilterChainOrder;
|
||||
|
||||
public class PreAuthenticatedProcessingFilterTests extends TestCase {
|
||||
protected void setUp() throws Exception {
|
||||
public class PreAuthenticatedProcessingFilterTests {
|
||||
@After
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testAfterPropertiesSet() {
|
||||
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
|
||||
try {
|
||||
@ -29,29 +39,43 @@ public class PreAuthenticatedProcessingFilterTests extends TestCase {
|
||||
}
|
||||
}
|
||||
|
||||
public final void testDoFilterAuthenticated() throws Exception {
|
||||
@Test
|
||||
public void testDoFilterAuthenticated() throws Exception {
|
||||
testDoFilter(true);
|
||||
}
|
||||
|
||||
public final void testDoFilterUnauthenticated() throws Exception {
|
||||
@Test
|
||||
public void testDoFilterUnauthenticated() throws Exception {
|
||||
testDoFilter(false);
|
||||
}
|
||||
|
||||
private final void testDoFilter(boolean grantAccess) throws Exception {
|
||||
|
||||
private void testDoFilter(boolean grantAccess) throws Exception {
|
||||
MockHttpServletRequest req = new MockHttpServletRequest();
|
||||
MockHttpServletResponse res = new MockHttpServletResponse();
|
||||
getFilter(grantAccess).doFilter(req,res,new MockFilterChain());
|
||||
assertEquals(grantAccess,null!= SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
private static final ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception {
|
||||
|
||||
private static ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception {
|
||||
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(grantAccess));
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
|
||||
if (!grantAccess) {
|
||||
when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
|
||||
} else {
|
||||
when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer<Authentication>() {
|
||||
public Authentication answer(InvocationOnMock invocation) throws Throwable {
|
||||
return (Authentication) invocation.getArguments()[0];
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
filter.setAuthenticationManager(am);
|
||||
filter.afterPropertiesSet();
|
||||
return filter;
|
||||
}
|
||||
|
||||
private static final class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
|
||||
|
||||
private static class ConcretePreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
|
||||
protected Object getPreAuthenticatedPrincipal(HttpServletRequest httpRequest) {
|
||||
return "testPrincipal";
|
||||
}
|
||||
|
||||
@ -1,14 +1,19 @@
|
||||
package org.springframework.security.web.authentication.preauth.header;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
||||
import org.mockito.stubbing.Answer;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;
|
||||
import org.springframework.security.web.authentication.preauth.RequestHeaderPreAuthenticatedProcessingFilter;
|
||||
@ -44,7 +49,7 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
@ -59,7 +64,7 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
filter.setPrincipalRequestHeader("myUsernameHeader");
|
||||
|
||||
filter.doFilter(request, response, chain);
|
||||
@ -73,7 +78,7 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain();
|
||||
RequestHeaderPreAuthenticatedProcessingFilter filter = new RequestHeaderPreAuthenticatedProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
filter.setCredentialsRequestHeader("myCredentialsHeader");
|
||||
request.addHeader("SM_USER", "cat");
|
||||
request.addHeader("myCredentialsHeader", "catspassword");
|
||||
@ -83,4 +88,14 @@ public class RequestHeaderPreAuthenticatedProcessingFilterTests {
|
||||
assertEquals("catspassword", SecurityContextHolder.getContext().getAuthentication().getCredentials());
|
||||
}
|
||||
|
||||
private AuthenticationManager createAuthenticationManager() {
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer<Authentication>() {
|
||||
public Authentication answer(InvocationOnMock invocation) throws Throwable {
|
||||
return (Authentication) invocation.getArguments()[0];
|
||||
}
|
||||
});
|
||||
|
||||
return am;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,35 +1,34 @@
|
||||
package org.springframework.security.web.authentication.rememberme;
|
||||
|
||||
import org.springframework.security.TestDataSource;
|
||||
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
|
||||
import org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken;
|
||||
import org.springframework.jdbc.core.JdbcTemplate;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import static org.junit.Assert.*;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.sql.Timestamp;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.jdbc.core.JdbcTemplate;
|
||||
import org.springframework.jdbc.datasource.SingleConnectionDataSource;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public class JdbcTokenRepositoryImplTests {
|
||||
private static TestDataSource dataSource;
|
||||
private static SingleConnectionDataSource dataSource;
|
||||
private JdbcTokenRepositoryImpl repo;
|
||||
private JdbcTemplate template;
|
||||
|
||||
@BeforeClass
|
||||
public static void createDataSource() {
|
||||
dataSource = new TestDataSource("tokenrepotest");
|
||||
dataSource = new SingleConnectionDataSource("jdbc:hsqldb:mem:tokenrepotest", "sa", "", true);
|
||||
dataSource.setDriverClassName("org.hsqldb.jdbcDriver");
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
||||
@ -15,6 +15,9 @@
|
||||
|
||||
package org.springframework.security.web.authentication.rememberme;
|
||||
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
@ -28,19 +31,18 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockApplicationEventPublisher;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.MockFilterConfig;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.NullRememberMeServices;
|
||||
import org.springframework.security.web.authentication.RememberMeServices;
|
||||
import org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter;
|
||||
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
||||
|
||||
|
||||
/**
|
||||
@ -74,11 +76,10 @@ public class RememberMeProcessingFilterTests extends TestCase {
|
||||
|
||||
public void testDetectsAuthenticationManagerProperty() throws Exception {
|
||||
RememberMeProcessingFilter filter = new RememberMeProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
filter.setRememberMeServices(new NullRememberMeServices());
|
||||
|
||||
filter.afterPropertiesSet();
|
||||
assertTrue(true);
|
||||
|
||||
filter.setAuthenticationManager(null);
|
||||
|
||||
@ -92,7 +93,7 @@ public class RememberMeProcessingFilterTests extends TestCase {
|
||||
|
||||
public void testDetectsRememberMeServicesProperty() throws Exception {
|
||||
RememberMeProcessingFilter filter = new RememberMeProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
|
||||
// check default is NullRememberMeServices
|
||||
// assertEquals(NullRememberMeServices.class, filter.getRememberMeServices().getClass());
|
||||
@ -119,7 +120,7 @@ public class RememberMeProcessingFilterTests extends TestCase {
|
||||
|
||||
// Setup our filter correctly
|
||||
RememberMeProcessingFilter filter = new RememberMeProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
filter.setRememberMeServices(new MockRememberMeServices(remembered));
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
@ -136,7 +137,9 @@ public class RememberMeProcessingFilterTests extends TestCase {
|
||||
public void testOperationWhenNoAuthenticationInContextHolder() throws Exception {
|
||||
|
||||
RememberMeProcessingFilter filter = new RememberMeProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(remembered)).thenReturn(remembered);
|
||||
filter.setAuthenticationManager(am);
|
||||
filter.setRememberMeServices(new MockRememberMeServices(remembered));
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
@ -149,7 +152,7 @@ public class RememberMeProcessingFilterTests extends TestCase {
|
||||
assertEquals(remembered, SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
public void testOnunsuccessfulLoginIsCalledWhenProviderRejectsAuth() throws Exception {
|
||||
public void testOnUnsuccessfulLoginIsCalledWhenProviderRejectsAuth() throws Exception {
|
||||
final Authentication failedAuth = new TestingAuthenticationToken("failed", "");
|
||||
|
||||
RememberMeProcessingFilter filter = new RememberMeProcessingFilter() {
|
||||
@ -158,9 +161,11 @@ public class RememberMeProcessingFilterTests extends TestCase {
|
||||
SecurityContextHolder.getContext().setAuthentication(failedAuth);
|
||||
}
|
||||
};
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager(false));
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
|
||||
filter.setAuthenticationManager(am);
|
||||
filter.setRememberMeServices(new MockRememberMeServices(remembered));
|
||||
filter.setApplicationEventPublisher(new MockApplicationEventPublisher());
|
||||
filter.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
@ -15,13 +15,10 @@
|
||||
|
||||
package org.springframework.security.web.authentication.www;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.springframework.security.matcher.AuthenticationMatcher.anAuthenticationWithUsernameAndPassword;
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.AdditionalMatchers.not;
|
||||
import static org.mockito.Matchers.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@ -29,11 +26,9 @@ import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.jmock.Expectations;
|
||||
import org.jmock.Mockery;
|
||||
import org.jmock.integration.junit4.JUnit4Mockery;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
@ -41,7 +36,6 @@ import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.MockAuthenticationEntryPoint;
|
||||
import org.springframework.security.MockAuthenticationManager;
|
||||
import org.springframework.security.MockFilterConfig;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
@ -49,8 +43,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
||||
import org.springframework.security.web.authentication.www.BasicProcessingFilterEntryPoint;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetails;
|
||||
|
||||
|
||||
/**
|
||||
@ -63,7 +56,8 @@ public class BasicProcessingFilterTests {
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private BasicProcessingFilter filter;
|
||||
private Mockery jmock = new JUnit4Mockery();
|
||||
private AuthenticationManager manager;
|
||||
// private Mockery jmock = new JUnit4Mockery();
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
|
||||
@ -72,32 +66,26 @@ public class BasicProcessingFilterTests {
|
||||
filter.init(new MockFilterConfig());
|
||||
|
||||
final MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
Mockery jmockContext = new JUnit4Mockery();
|
||||
|
||||
final FilterChain chain = jmockContext.mock(FilterChain.class);
|
||||
jmockContext.checking(new Expectations() {{
|
||||
exactly(expectChainToProceed ? 1 : 0).of(chain).doFilter(request, response);
|
||||
}});
|
||||
|
||||
FilterChain chain = mock(FilterChain.class);
|
||||
filter.doFilter(request, response, chain);
|
||||
filter.destroy();
|
||||
jmockContext.assertIsSatisfied();
|
||||
|
||||
verify(chain, expectChainToProceed ? times(1) : never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
|
||||
return response;
|
||||
}
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
SecurityContextHolder.clearContext();
|
||||
|
||||
final AuthenticationManager manager = jmock.mock(AuthenticationManager.class);
|
||||
final Authentication rod =
|
||||
UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "koala");
|
||||
rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
|
||||
Authentication rod =
|
||||
new UsernamePasswordAuthenticationToken("rod", "koala", AuthorityUtils.createAuthorityList("ROLE_1"));
|
||||
jmock.checking(new Expectations() {{
|
||||
allowing(manager).authenticate(with(anAuthenticationWithUsernameAndPassword("rod", "koala")));
|
||||
will(returnValue(rod));
|
||||
allowing(manager).authenticate(with(any(Authentication.class)));
|
||||
will(throwException(new BadCredentialsException("")));
|
||||
}});
|
||||
|
||||
manager = mock(AuthenticationManager.class);
|
||||
when(manager.authenticate(rodRequest)).thenReturn(rod);
|
||||
when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
|
||||
|
||||
filter = new BasicProcessingFilter();
|
||||
filter.setAuthenticationManager(manager);
|
||||
@ -124,7 +112,7 @@ public class BasicProcessingFilterTests {
|
||||
@Test
|
||||
public void testGettersSetters() {
|
||||
BasicProcessingFilter filter = new BasicProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
filter.setAuthenticationManager(manager);
|
||||
assertTrue(filter.getAuthenticationManager() != null);
|
||||
|
||||
filter.setAuthenticationEntryPoint(new MockAuthenticationEntryPoint("sx"));
|
||||
@ -153,7 +141,7 @@ public class BasicProcessingFilterTests {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
|
||||
request.setServletPath("/some_file.html");
|
||||
request.setSession(new MockHttpSession());
|
||||
// request.setSession(new MockHttpSession());
|
||||
|
||||
// Test
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
@ -177,16 +165,11 @@ public class BasicProcessingFilterTests {
|
||||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
@Test
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception {
|
||||
try {
|
||||
BasicProcessingFilter filter = new BasicProcessingFilter();
|
||||
filter.setAuthenticationManager(new MockAuthenticationManager());
|
||||
filter.afterPropertiesSet();
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertEquals("An AuthenticationEntryPoint is required", expected.getMessage());
|
||||
}
|
||||
BasicProcessingFilter filter = new BasicProcessingFilter();
|
||||
filter.setAuthenticationManager(manager);
|
||||
filter.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
@ -203,7 +186,6 @@ public class BasicProcessingFilterTests {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
|
||||
request.setServletPath("/some_file.html");
|
||||
request.setSession(new MockHttpSession());
|
||||
|
||||
// Test
|
||||
executeFilterInContainerSimulator(filter, request, true);
|
||||
@ -217,7 +199,6 @@ public class BasicProcessingFilterTests {
|
||||
request = new MockHttpServletRequest();
|
||||
request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(token.getBytes())));
|
||||
request.setServletPath("/some_file.html");
|
||||
request.setSession(new MockHttpSession());
|
||||
|
||||
// Test - the filter chain will not be invoked, as we get a 403 forbidden response
|
||||
MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false);
|
||||
|
||||
@ -25,20 +25,19 @@ import org.jmock.integration.junit4.JUnit4Mockery;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockApplicationEventPublisher;
|
||||
import org.springframework.security.access.AccessDecisionManager;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.SecurityConfig;
|
||||
import org.springframework.security.access.event.AuthorizedEvent;
|
||||
import org.springframework.security.access.intercept.RunAsManager;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.FilterInvocation;
|
||||
import org.springframework.security.web.intercept.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.intercept.FilterSecurityInterceptor;
|
||||
|
||||
|
||||
/**
|
||||
@ -54,6 +53,7 @@ public class FilterSecurityInterceptorTests {
|
||||
private FilterInvocationSecurityMetadataSource ods;
|
||||
private RunAsManager ram;
|
||||
private FilterSecurityInterceptor interceptor;
|
||||
private ApplicationEventPublisher publisher;
|
||||
|
||||
|
||||
//~ Methods ========================================================================================================
|
||||
@ -65,11 +65,12 @@ public class FilterSecurityInterceptorTests {
|
||||
ods = jmock.mock(FilterInvocationSecurityMetadataSource.class);
|
||||
adm = jmock.mock(AccessDecisionManager.class);
|
||||
ram = jmock.mock(RunAsManager.class);
|
||||
publisher = jmock.mock(ApplicationEventPublisher.class);
|
||||
interceptor.setAuthenticationManager(am);
|
||||
interceptor.setSecurityMetadataSource(ods);
|
||||
interceptor.setAccessDecisionManager(adm);
|
||||
interceptor.setRunAsManager(ram);
|
||||
interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
|
||||
interceptor.setApplicationEventPublisher(publisher);
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@ -121,6 +122,7 @@ public class FilterSecurityInterceptorTests {
|
||||
oneOf(adm).decide(token, fi, attributes);
|
||||
// Setup our expectation that the filter chain will be invoked, as access is granted
|
||||
oneOf(chain).doFilter(request, response);
|
||||
oneOf(publisher).publishEvent(with(aNonNull(AuthorizedEvent.class)));
|
||||
}});
|
||||
|
||||
interceptor.invoke(fi);
|
||||
|
||||
@ -24,7 +24,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.MockApplicationEventPublisher;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
import org.springframework.security.access.AccessDecisionManager;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.intercept.RunAsManager;
|
||||
@ -58,7 +58,7 @@ public class WebInvocationPrivilegeEvaluatorTests {
|
||||
interceptor.setSecurityMetadataSource(ods);
|
||||
interceptor.setAccessDecisionManager(adm);
|
||||
interceptor.setRunAsManager(ram);
|
||||
interceptor.setApplicationEventPublisher(new MockApplicationEventPublisher(true));
|
||||
interceptor.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user