NamespaceAuthenticationManagerTests groovy->java

Issue: gh-4939
2018-02-02 16:42:08 -06:00 · 2018-02-02 16:42:08 -06:00 · 959f689e4e
parent e1a8d250de
commit 959f689e4e
2 changed files with 106 additions and 112 deletions
--- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.groovy
@ -1,112 +0,0 @@
 /*
 * Copyright 2002-2013 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.config.annotation.authentication
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
 import org.springframework.security.config.annotation.BaseSpringSpec
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.userdetails.PasswordEncodedUser
 /**
 *
 * @author Rob Winch
 *
 */
 class NamespaceAuthenticationManagerTests extends BaseSpringSpec {
 	def "authentication-manager@erase-credentials=true (default)"() {
 		when:
 			loadConfig(EraseCredentialsTrueDefaultConfig)
 			Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user","password"))
 		then:
 			auth.principal.password == null
 			auth.credentials == null
 		when: "authenticate the same user"
 			auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user","password"))
 		then: "successfully authenticate again"
 			noExceptionThrown()
 	}
 	@EnableWebSecurity
 	static class EraseCredentialsTrueDefaultConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user())
 		}
 		// Only necessary to have access to verify the AuthenticationManager
 		@Bean
 		@Override
 		public AuthenticationManager authenticationManagerBean()
 				throws Exception {
 			return super.authenticationManagerBean();
 		}
 	}
 	def "authentication-manager@erase-credentials=false"() {
 		when:
 			loadConfig(EraseCredentialsFalseConfig)
 			Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user","password"))
 		then:
 			auth.credentials == "password"
 			auth.principal.password
 	}
 	@EnableWebSecurity
 	static class EraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 			auth
 				.eraseCredentials(false)
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user())
 		}
 		// Only necessary to have access to verify the AuthenticationManager
 		@Bean
 		@Override
 		public AuthenticationManager authenticationManagerBean()
 				throws Exception {
 			return super.authenticationManagerBean();
 		}
 	}
 	def "SEC-2533: global authentication-manager@erase-credentials=false"() {
 		when:
 			loadConfig(GlobalEraseCredentialsFalseConfig)
 			Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user","password"))
 		then:
 			auth.credentials == "password"
 			auth.principal.password
 	}
 	@EnableWebSecurity
 	static class GlobalEraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth
 				.eraseCredentials(false)
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user())
 		}
 	}
 }
--- a/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.java
@ -0,0 +1,106 @@
 /*
 * Copyright 2002-2018 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.config.annotation.authentication;
 import org.junit.Rule;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.test.web.servlet.MockMvc;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 /**
 * @author Rob Winch
 */
 public class NamespaceAuthenticationManagerTests {
 	@Rule
 	public final SpringTestRule spring = new SpringTestRule();
 	@Autowired
 	private MockMvc mockMvc;
 	@Test
 	public void authenticationMangerWhenDefaultThenEraseCredentialsIsTrue() throws Exception {
 		this.spring.register(EraseCredentialsTrueDefaultConfig.class).autowire();
 		this.mockMvc.perform(formLogin())
 			.andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNull()));
 		this.mockMvc.perform(formLogin())
 			.andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNull()));
 		// no exception due to username being cleared out
 	}
 	@EnableWebSecurity
 	static class EraseCredentialsTrueDefaultConfig extends WebSecurityConfigurerAdapter {
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth
 				.inMemoryAuthentication()
 					.withUser(PasswordEncodedUser.user());
 		}
 	}
 	@Test
 	public void authenticationMangerWhenEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
 		this.spring.register(EraseCredentialsFalseConfig.class).autowire();
 		this.mockMvc.perform(formLogin())
 			.andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNotNull()));
 		this.mockMvc.perform(formLogin())
 			.andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNotNull()));
 		// no exception due to username being cleared out
 	}
 	@EnableWebSecurity
 	static class EraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
 		@Override
 		public void configure(AuthenticationManagerBuilder auth) throws Exception {
 			auth
 				.eraseCredentials(false)
 				.inMemoryAuthentication()
 				.withUser(PasswordEncodedUser.user());
 		}
 	}
 	@Test
 	// SEC-2533
 	public void authenticationManagerWhenGlobalAndEraseCredentialsIsFalseThenCredentialsNotNull() throws Exception {
 		this.spring.register(GlobalEraseCredentialsFalseConfig.class).autowire();
 		this.mockMvc.perform(formLogin())
 			.andExpect(authenticated().withAuthentication(a-> assertThat(a.getCredentials()).isNotNull()));
 	}
 	@EnableWebSecurity
 	static class GlobalEraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
 		@Autowired
 		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 			auth
 				.eraseCredentials(false)
 				.inMemoryAuthentication()
 				.withUser(PasswordEncodedUser.user());
 		}
 	}
 }