Authorities authenticate TestingAuthenticationToken

In other extensions of `AbstractAuthenticationToken`, the constructors that include `authorities` call `setAuthenticated(true)`. This includes `PreAuthenticated`-, `UsernamePassword`-, and `RememberMeAuthenticationToken`. This change brings `TestingAuthenticationToken` in line with that convention. Note that this was done once already to one of the constructors (ee13be4) in `TestingAuthenticationToken` that takes an arity of `authorities`. It was not propagated to the constructor that takes a collection, which is what this commit remedies. Fixes: gh-5073
2018-03-07 14:20:14 -07:00 · 2018-03-07 14:20:14 -07:00 · 776b378a1d
parent d21338d212
commit 776b378a1d
3 changed files with 62 additions and 11 deletions
--- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
+++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@ -16,11 +16,6 @@

 package org.springframework.security.cas.web;

-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
-import javax.servlet.FilterChain;
-
 import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
 import org.junit.After;
 import org.junit.Test;
@ -35,9 +30,13 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
-
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

+import javax.servlet.FilterChain;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.*;
+
 /**
 * Tests {@link CasAuthenticationFilter}.
 *
@ -146,8 +145,7 @@ public class CasAuthenticationFilterTests {
 						.createAuthorityList("ROLE_ANONYMOUS")));
 		assertThat(filter.requiresAuthentication(request, response)).isTrue();
 		SecurityContextHolder.getContext().setAuthentication(
-				new TestingAuthenticationToken("un", "principal", AuthorityUtils
-						.createAuthorityList("ROLE_ANONYMOUS")));
+				new TestingAuthenticationToken("un", "principal"));
 		assertThat(filter.requiresAuthentication(request, response)).isTrue();
 		SecurityContextHolder.getContext().setAuthentication(
 				new TestingAuthenticationToken("un", "principal", "ROLE_ANONYMOUS"));
--- a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
@ -16,11 +16,11 @@

 package org.springframework.security.authentication;

-import java.util.List;
-
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;

+import java.util.List;
+
 /**
 * An {@link org.springframework.security.core.Authentication} implementation that is
 * designed for use whilst unit testing.
@ -49,7 +49,6 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken {
 	public TestingAuthenticationToken(Object principal, Object credentials,
 			String... authorities) {
 		this(principal, credentials, AuthorityUtils.createAuthorityList(authorities));
-		setAuthenticated(true);
 	}

 	public TestingAuthenticationToken(Object principal, Object credentials,
@ -57,6 +56,7 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken {
 		super(authorities);
 		this.principal = principal;
 		this.credentials = credentials;
+		setAuthenticated(true);
 	}

 	// ~ Methods
--- a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
+++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java
@ -0,0 +1,53 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.authentication;
+
+import org.junit.Test;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+
+import java.util.Arrays;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Josh Cummings
+ */
+public class TestingAuthenticationTokenTests {
+	@Test
+	public void constructorWhenNoAuthoritiesThenUnauthenticated() {
+		TestingAuthenticationToken unauthenticated =
+			new TestingAuthenticationToken("principal", "credentials");
+
+		assertThat(unauthenticated.isAuthenticated()).isFalse();
+	}
+
+	@Test
+	public void constructorWhenArityAuthoritiesThenAuthenticated() {
+		TestingAuthenticationToken authenticated =
+			new TestingAuthenticationToken("principal", "credentials", "authority");
+
+		assertThat(authenticated.isAuthenticated()).isTrue();
+	}
+
+	@Test
+	public void constructorWhenCollectionAuthoritiesThenAuthenticated() {
+		TestingAuthenticationToken authenticated =
+			new TestingAuthenticationToken("principal", "credentials",
+				Arrays.asList(new SimpleGrantedAuthority("authority")));
+
+		assertThat(authenticated.isAuthenticated()).isTrue();
+	}
+}