From 776b378a1d731442f2788b1b1c3f8d05a38d3cd0 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Wed, 7 Mar 2018 14:20:14 -0700 Subject: [PATCH] Authorities authenticate TestingAuthenticationToken In other extensions of `AbstractAuthenticationToken`, the constructors that include `authorities` call `setAuthenticated(true)`. This includes `PreAuthenticated`-, `UsernamePassword`-, and `RememberMeAuthenticationToken`. This change brings `TestingAuthenticationToken` in line with that convention. Note that this was done once already to one of the constructors (ee13be4) in `TestingAuthenticationToken` that takes an arity of `authorities`. It was not propagated to the constructor that takes a collection, which is what this commit remedies. Fixes: gh-5073 --- .../cas/web/CasAuthenticationFilterTests.java | 14 +++-- .../TestingAuthenticationToken.java | 6 +-- .../TestingAuthenticationTokenTests.java | 53 +++++++++++++++++++ 3 files changed, 62 insertions(+), 11 deletions(-) create mode 100644 core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java index 791852ea64..ee58a437c3 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java @@ -16,11 +16,6 @@ package org.springframework.security.cas.web; -import static org.assertj.core.api.Assertions.*; -import static org.mockito.Mockito.*; - -import javax.servlet.FilterChain; - import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage; import org.junit.After; import org.junit.Test; @@ -35,9 +30,13 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; - import org.springframework.security.web.authentication.AuthenticationSuccessHandler; +import javax.servlet.FilterChain; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.*; + /** * Tests {@link CasAuthenticationFilter}. * @@ -146,8 +145,7 @@ public class CasAuthenticationFilterTests { .createAuthorityList("ROLE_ANONYMOUS"))); assertThat(filter.requiresAuthentication(request, response)).isTrue(); SecurityContextHolder.getContext().setAuthentication( - new TestingAuthenticationToken("un", "principal", AuthorityUtils - .createAuthorityList("ROLE_ANONYMOUS"))); + new TestingAuthenticationToken("un", "principal")); assertThat(filter.requiresAuthentication(request, response)).isTrue(); SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken("un", "principal", "ROLE_ANONYMOUS")); diff --git a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java index 40cae09e6f..4d1494820c 100644 --- a/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java @@ -16,11 +16,11 @@ package org.springframework.security.authentication; -import java.util.List; - import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.AuthorityUtils; +import java.util.List; + /** * An {@link org.springframework.security.core.Authentication} implementation that is * designed for use whilst unit testing. @@ -49,7 +49,6 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken { public TestingAuthenticationToken(Object principal, Object credentials, String... authorities) { this(principal, credentials, AuthorityUtils.createAuthorityList(authorities)); - setAuthenticated(true); } public TestingAuthenticationToken(Object principal, Object credentials, @@ -57,6 +56,7 @@ public class TestingAuthenticationToken extends AbstractAuthenticationToken { super(authorities); this.principal = principal; this.credentials = credentials; + setAuthenticated(true); } // ~ Methods diff --git a/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java new file mode 100644 index 0000000000..ef19df49e3 --- /dev/null +++ b/core/src/test/java/org/springframework/security/authentication/TestingAuthenticationTokenTests.java @@ -0,0 +1,53 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.authentication; + +import org.junit.Test; +import org.springframework.security.core.authority.SimpleGrantedAuthority; + +import java.util.Arrays; + +import static org.assertj.core.api.Assertions.assertThat; + +/** + * @author Josh Cummings + */ +public class TestingAuthenticationTokenTests { + @Test + public void constructorWhenNoAuthoritiesThenUnauthenticated() { + TestingAuthenticationToken unauthenticated = + new TestingAuthenticationToken("principal", "credentials"); + + assertThat(unauthenticated.isAuthenticated()).isFalse(); + } + + @Test + public void constructorWhenArityAuthoritiesThenAuthenticated() { + TestingAuthenticationToken authenticated = + new TestingAuthenticationToken("principal", "credentials", "authority"); + + assertThat(authenticated.isAuthenticated()).isTrue(); + } + + @Test + public void constructorWhenCollectionAuthoritiesThenAuthenticated() { + TestingAuthenticationToken authenticated = + new TestingAuthenticationToken("principal", "credentials", + Arrays.asList(new SimpleGrantedAuthority("authority"))); + + assertThat(authenticated.isAuthenticated()).isTrue(); + } +}