diff --git a/core/src/main/java/org/springframework/security/providers/siteminder/SiteminderAuthenticationProvider.java b/core/src/main/java/org/springframework/security/providers/siteminder/SiteminderAuthenticationProvider.java deleted file mode 100644 index 9b79ae6b3b..0000000000 --- a/core/src/main/java/org/springframework/security/providers/siteminder/SiteminderAuthenticationProvider.java +++ /dev/null @@ -1,107 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.siteminder; - -import org.springframework.security.AuthenticationException; -import org.springframework.security.AuthenticationServiceException; -import org.springframework.security.providers.AuthenticationProvider; -import org.springframework.security.providers.UsernamePasswordAuthenticationToken; -import org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider; -import org.springframework.security.userdetails.UserDetails; -import org.springframework.security.userdetails.UserDetailsService; -import org.springframework.security.userdetails.UserDetailsChecker; -import org.springframework.security.userdetails.checker.AccountStatusUserDetailsChecker; - -import org.springframework.dao.DataAccessException; -import org.springframework.util.Assert; - -/** - * An {@link AuthenticationProvider} implementation that retrieves user details from an {@link UserDetailsService}. - * - * @author Scott McCrory - * @version $Id$ - */ -public class SiteminderAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider { - - //~ Instance fields ================================================================================================ - - /** - * Our user details service (which does the real work of checking the user against a back-end user store). - */ - private UserDetailsService userDetailsService; - private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker(); - - //~ Methods ======================================================================================================== - - /** - * @see org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider#additionalAuthenticationChecks(org.springframework.security.userdetails.UserDetails, org.springframework.security.providers.UsernamePasswordAuthenticationToken) - */ - protected void additionalAuthenticationChecks(final UserDetails user, - final UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { - - // No need for password authentication checks - we only expect one identifying string - // from the HTTP Request header (as populated by Siteminder), but we do need to see if - // the user's account is OK to let them in. - - userDetailsChecker.check(user); - } - - /** - * @see org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider#doAfterPropertiesSet() - */ - protected void doAfterPropertiesSet() throws Exception { - Assert.notNull(this.userDetailsService, "A UserDetailsService must be set"); - } - - /** - * Return the user details service. - * @return The user details service. - */ - public UserDetailsService getUserDetailsService() { - return userDetailsService; - } - - /** - * @see org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.springframework.security.providers.UsernamePasswordAuthenticationToken) - */ - protected final UserDetails retrieveUser(final String username, - final UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { - - UserDetails loadedUser; - - try { - loadedUser = this.getUserDetailsService().loadUserByUsername(username); - } catch (DataAccessException repositoryProblem) { - throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem); - } - - if (loadedUser == null) { - throw new AuthenticationServiceException( - "UserDetailsService returned null, which is an interface contract violation"); - } - - return loadedUser; - } - - /** - * Sets the user details service. - * @param userDetailsService The user details service. - */ - public void setUserDetailsService(final UserDetailsService userDetailsService) { - this.userDetailsService = userDetailsService; - } - -} diff --git a/core/src/main/java/org/springframework/security/providers/siteminder/package.html b/core/src/main/java/org/springframework/security/providers/siteminder/package.html deleted file mode 100644 index 7457c82eed..0000000000 --- a/core/src/main/java/org/springframework/security/providers/siteminder/package.html +++ /dev/null @@ -1,5 +0,0 @@ - - -A Siteminder authentication provider. - - diff --git a/core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java b/core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java deleted file mode 100644 index 86d6f211c6..0000000000 --- a/core/src/main/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilter.java +++ /dev/null @@ -1,270 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.ui.webapp; - -import org.springframework.security.Authentication; -import org.springframework.security.AuthenticationException; - -import org.springframework.security.context.HttpSessionContextIntegrationFilter; -import org.springframework.security.context.SecurityContext; - -import org.springframework.security.providers.UsernamePasswordAuthenticationToken; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - - -/** - * Extends Spring Security's AuthenticationProcessingFilter to pick up CA/Netegrity Siteminder headers. - *

- * Also provides a backup form-based authentication and the ability set source key names. - *

- * Siteminder must present two headers to this filter, a username and password. You must set the - * header keys before this filter is used for authentication, otherwise Siteminder checks will be skipped. If the - * Siteminder check is unsuccessful (i.e. if the headers are not found), then the form parameters will be checked (see - * next paragraph). This allows applications to optionally function even when their Siteminder infrastructure is - * unavailable, as is often the case during development. - *

- * Login forms must present two parameters to this filter: a username and password. If not - * specified, the parameter names to use are contained in the static fields {@link #SPRING_SECURITY_FORM_USERNAME_KEY} - * and {@link #SPRING_SECURITY_FORM_PASSWORD_KEY}. - */ -public class SiteminderAuthenticationProcessingFilter extends AuthenticationProcessingFilter { - //~ Static fields/initializers ===================================================================================== - - /** Log instance for debugging */ - private static final Log logger = LogFactory.getLog(SiteminderAuthenticationProcessingFilter.class); - - //~ Instance fields ================================================================================================ - - /** Form password request key. */ - private String formPasswordParameterKey = null; - - /** Form username request key. */ - private String formUsernameParameterKey = null; - - /** Siteminder password header key. */ - private String siteminderPasswordHeaderKey = null; - - /** Siteminder username header key. */ - private String siteminderUsernameHeaderKey = null; - - //~ Constructors =================================================================================================== - - /** - * Basic constructor. - */ - public SiteminderAuthenticationProcessingFilter() { - super(); - } - - //~ Methods ======================================================================================================== - - /** - * - * @see org.springframework.security.ui.AbstractProcessingFilter#attemptAuthentication(javax.servlet.http.HttpServletRequest) - */ - public Authentication attemptAuthentication(HttpServletRequest request) - throws AuthenticationException { - String username = null; - String password = null; - - // Check the Siteminder headers for authentication info - if ((siteminderUsernameHeaderKey != null) && (siteminderUsernameHeaderKey.length() > 0) - && (siteminderPasswordHeaderKey != null) && (siteminderPasswordHeaderKey.length() > 0)) { - username = request.getHeader(siteminderUsernameHeaderKey); - password = request.getHeader(siteminderPasswordHeaderKey); - } - - // If the Siteminder authentication info wasn't available, then get it - // from the form parameters - if ((username == null) || (username.length() == 0) || (password == null) || (password.length() == 0)) { - if (logger.isDebugEnabled()) { - logger.debug("Siteminder headers not found for authentication, so trying to use form values"); - } - - if ((formUsernameParameterKey != null) && (formUsernameParameterKey.length() > 0)) { - username = request.getParameter(formUsernameParameterKey); - } else { - username = request.getParameter(SPRING_SECURITY_FORM_USERNAME_KEY); - } - - password = obtainPassword(request); - } - - // Convert username and password to upper case. This is normally not a - // good practice but we do it here because Siteminder gives us the username - // in lower case, while most backing systems store it in upper case. - if (username != null) { - username = username.toUpperCase(); - } else { - // If username is null, set to blank to avoid a NPE. - username = ""; - } - - if (password != null) { - password = password.toUpperCase(); - } else { - // If password is null, set to blank to avoid a NPE. - password = ""; - } - - UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); - - // Allow subclasses to set the "details" property - setDetails(request, authRequest); - - // Place the last username attempted into HttpSession for views - request.getSession().setAttribute(SPRING_SECURITY_LAST_USERNAME_KEY, username); - - return this.getAuthenticationManager().authenticate(authRequest); - } - - /** - * Returns the form password parameter key. - * - * @return The form password parameter key. - */ - public String getFormPasswordParameterKey() { - return formPasswordParameterKey; - } - - /** - * Returns the form username parameter key. - * - * @return The form username parameter key. - */ - public String getFormUsernameParameterKey() { - return formUsernameParameterKey; - } - - /** - * Returns the Siteminder password header key. - * - * @return The Siteminder password header key. - */ - public String getSiteminderPasswordHeaderKey() { - return siteminderPasswordHeaderKey; - } - - /** - * Returns the Siteminder username header key. - * - * @return The Siteminder username header key. - */ - public String getSiteminderUsernameHeaderKey() { - return siteminderUsernameHeaderKey; - } - - /** - * Overridden method to obtain different value depending on whether Siteminder or form validation is being - * performed. - * - * @param request so that request attributes can be retrieved - * - * @return the password that will be presented in the Authentication request token to the - * AuthenticationManager - */ - protected String obtainPassword(HttpServletRequest request) { - if ((formPasswordParameterKey != null) && (formPasswordParameterKey.length() > 0)) { - return request.getParameter(formPasswordParameterKey); - } else { - return request.getParameter(SPRING_SECURITY_FORM_PASSWORD_KEY); - } - } - - /** - * Overridden to perform authentication not only on j_security_check, but also on requests for the default - * target URL when the user isn't already authenticated.

Thank you Paul Garvey for providing a - * straightforward solution (and code) for this!

- * - * @see org.springframework.security.ui.AbstractProcessingFilter#requiresAuthentication(javax.servlet.http.HttpServletRequest, - * javax.servlet.http.HttpServletResponse) - */ - protected boolean requiresAuthentication(final HttpServletRequest request, final HttpServletResponse response) { - String uri = request.getRequestURI(); - int pathParamIndex = uri.indexOf(';'); - - if (pathParamIndex > 0) { - // strip everything after the first semi-colon - uri = uri.substring(0, pathParamIndex); - } - - //attempt authentication if j_secuity_check is present or if the getDefaultTargetUrl() - //is present and user is not already authenticated. - boolean bAuthenticated = false; - SecurityContext context = (SecurityContext) - request.getSession().getAttribute(HttpSessionContextIntegrationFilter.SPRING_SECURITY_CONTEXT_KEY); - - if (context != null) { - Authentication auth = context.getAuthentication(); - - if ((auth != null) && auth instanceof UsernamePasswordAuthenticationToken) { - UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) auth; - bAuthenticated = token.isAuthenticated(); - } - } - - // if true is returned then authentication will be attempted. - boolean bAttemptAuthentication = (uri.endsWith(request.getContextPath() + getFilterProcessesUrl())) - || ((getDefaultTargetUrl() != null) && uri.endsWith(getDefaultTargetUrl()) && !bAuthenticated); - - if (logger.isDebugEnabled()) { - logger.debug("Authentication attempted for the following URI ==> " + uri + " is " + bAttemptAuthentication); - } - - return bAttemptAuthentication; - } - - /** - * Sets the form password parameter key. - * - * @param key The form password parameter key. - */ - public void setFormPasswordParameterKey(final String key) { - this.formPasswordParameterKey = key; - } - - /** - * Sets the form username parameter key. - * - * @param key The form username parameter key. - */ - public void setFormUsernameParameterKey(final String key) { - this.formUsernameParameterKey = key; - } - - /** - * Sets the Siteminder password header key. - * - * @param key The Siteminder password header key. - */ - public void setSiteminderPasswordHeaderKey(final String key) { - this.siteminderPasswordHeaderKey = key; - } - - /** - * Sets the Siteminder username header key. - * - * @param key The Siteminder username header key. - */ - public void setSiteminderUsernameHeaderKey(final String key) { - this.siteminderUsernameHeaderKey = key; - } -} diff --git a/core/src/test/java/org/springframework/security/providers/siteminder/SiteminderAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/providers/siteminder/SiteminderAuthenticationProviderTests.java deleted file mode 100644 index de31c3338f..0000000000 --- a/core/src/test/java/org/springframework/security/providers/siteminder/SiteminderAuthenticationProviderTests.java +++ /dev/null @@ -1,404 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.providers.siteminder; - -import junit.framework.TestCase; - -import org.springframework.security.AccountExpiredException; -import org.springframework.security.Authentication; -import org.springframework.security.AuthenticationServiceException; -import org.springframework.security.BadCredentialsException; -import org.springframework.security.CredentialsExpiredException; -import org.springframework.security.DisabledException; -import org.springframework.security.GrantedAuthority; -import org.springframework.security.GrantedAuthorityImpl; -import org.springframework.security.LockedException; -import org.springframework.security.providers.TestingAuthenticationToken; -import org.springframework.security.providers.UsernamePasswordAuthenticationToken; -import org.springframework.security.providers.dao.MockUserCache; -import org.springframework.security.providers.dao.cache.EhCacheBasedUserCache; -import org.springframework.security.providers.dao.cache.NullUserCache; -import org.springframework.security.userdetails.User; -import org.springframework.security.userdetails.UserDetails; -import org.springframework.security.userdetails.UserDetailsService; -import org.springframework.security.userdetails.UsernameNotFoundException; -import org.springframework.dao.DataAccessException; -import org.springframework.dao.DataRetrievalFailureException; - -/** - * Tests {@link SiteminderAuthenticationProvider}. - * - * @author Ben Alex - * @version $Id$ - */ -public class SiteminderAuthenticationProviderTests extends TestCase { - //~ Methods ======================================================================================================== - - public void testAuthenticateFailsIfAccountExpired() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceUserPeterAccountExpired()); - provider.setUserCache(new MockUserCache()); - - try { - provider.authenticate(token); - fail("Should have thrown AccountExpiredException"); - } catch (AccountExpiredException expected) { - assertTrue(true); - } - } - - public void testAuthenticateFailsIfAccountLocked() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceUserPeterAccountLocked()); - provider.setUserCache(new MockUserCache()); - - try { - provider.authenticate(token); - fail("Should have thrown LockedException"); - } catch (LockedException expected) { - assertTrue(true); - } - } - - public void testAuthenticateFailsIfCredentialsExpired() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceUserPeterCredentialsExpired()); - provider.setUserCache(new MockUserCache()); - - try { - provider.authenticate(token); - fail("Should have thrown CredentialsExpiredException"); - } catch (CredentialsExpiredException expected) { - assertTrue(true); - } - - } - - public void testAuthenticateFailsIfUserDisabled() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("peter", "opal"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceUserPeter()); - provider.setUserCache(new MockUserCache()); - - try { - provider.authenticate(token); - fail("Should have thrown DisabledException"); - } catch (DisabledException expected) { - assertTrue(true); - } - } - - public void testAuthenticateFailsWhenUserDetailsServiceHasBackendFailure() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceSimulateBackendError()); - provider.setUserCache(new MockUserCache()); - - try { - provider.authenticate(token); - fail("Should have thrown AuthenticationServiceException"); - } catch (AuthenticationServiceException expected) { - assertTrue(true); - } - } - - public void testAuthenticateFailsWithEmptyUsername() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(null, "koala"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceUserrod()); - provider.setUserCache(new MockUserCache()); - - try { - provider.authenticate(token); - fail("Should have thrown BadCredentialsException"); - } catch (BadCredentialsException expected) { - assertTrue(true); - } - } - - public void testAuthenticateFailsWithInvalidUsernameAndHideUserNotFoundExceptionFalse() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setHideUserNotFoundExceptions(false); // we want UsernameNotFoundExceptions - provider.setUserDetailsService(new MockUserDetailsServiceUserrod()); - provider.setUserCache(new MockUserCache()); - - try { - provider.authenticate(token); - fail("Should have thrown UsernameNotFoundException"); - } catch (UsernameNotFoundException expected) { - assertTrue(true); - } - } - - public void testAuthenticateFailsWithInvalidUsernameAndHideUserNotFoundExceptionsWithDefaultOfTrue() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("INVALID_USER", "koala"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - assertTrue(provider.isHideUserNotFoundExceptions()); - provider.setUserDetailsService(new MockUserDetailsServiceUserrod()); - provider.setUserCache(new MockUserCache()); - - try { - provider.authenticate(token); - fail("Should have thrown BadCredentialsException"); - } catch (BadCredentialsException expected) { - assertTrue(true); - } - } - - public void testAuthenticateFailsWithMixedCaseUsernameIfDefaultChanged() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("RDd", "koala"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceUserrod()); - provider.setUserCache(new MockUserCache()); - - try { - provider.authenticate(token); - fail("Should have thrown BadCredentialsException"); - } catch (BadCredentialsException expected) { - assertTrue(true); - } - } - - public void testAuthenticates() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - token.setDetails("192.168.0.1"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceUserrod()); - provider.setUserCache(new MockUserCache()); - - Authentication result = provider.authenticate(token); - - if (!(result instanceof UsernamePasswordAuthenticationToken)) { - fail("Should have returned instance of UsernamePasswordAuthenticationToken"); - } - - UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result; - assertEquals(User.class, castResult.getPrincipal().getClass()); - assertEquals("koala", castResult.getCredentials()); - assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority()); - assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority()); - assertEquals("192.168.0.1", castResult.getDetails()); - } - - public void testAuthenticatesASecondTime() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceUserrod()); - provider.setUserCache(new MockUserCache()); - - Authentication result = provider.authenticate(token); - - if (!(result instanceof UsernamePasswordAuthenticationToken)) { - fail("Should have returned instance of UsernamePasswordAuthenticationToken"); - } - - // Now try to authenticate with the previous result (with its UserDetails) - Authentication result2 = provider.authenticate(result); - - if (!(result2 instanceof UsernamePasswordAuthenticationToken)) { - fail("Should have returned instance of UsernamePasswordAuthenticationToken"); - } - - assertEquals(result.getCredentials(), result2.getCredentials()); - } - - public void testAuthenticatesWithForcePrincipalAsString() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceUserrod()); - provider.setUserCache(new MockUserCache()); - provider.setForcePrincipalAsString(true); - - Authentication result = provider.authenticate(token); - - if (!(result instanceof UsernamePasswordAuthenticationToken)) { - fail("Should have returned instance of UsernamePasswordAuthenticationToken"); - } - - UsernamePasswordAuthenticationToken castResult = (UsernamePasswordAuthenticationToken) result; - assertEquals(String.class, castResult.getPrincipal().getClass()); - assertEquals("rod", castResult.getPrincipal()); - } - - public void testDetectsNullBeingReturnedFromUserDetailsService() { - UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("rod", "koala"); - - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceReturnsNull()); - - try { - provider.authenticate(token); - fail("Should have thrown AuthenticationServiceException"); - } catch (AuthenticationServiceException expected) { - assertEquals("UserDetailsService returned null, which is an interface contract violation", expected - .getMessage()); - } - } - - public void testGettersSetters() { - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - - provider.setUserCache(new EhCacheBasedUserCache()); - assertEquals(EhCacheBasedUserCache.class, provider.getUserCache().getClass()); - - assertFalse(provider.isForcePrincipalAsString()); - provider.setForcePrincipalAsString(true); - assertTrue(provider.isForcePrincipalAsString()); - } - - public void testStartupFailsIfNoUserDetailsService() throws Exception { - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - - try { - provider.afterPropertiesSet(); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } - } - - public void testStartupFailsIfNoUserCacheSet() throws Exception { - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - provider.setUserDetailsService(new MockUserDetailsServiceUserrod()); - assertEquals(NullUserCache.class, provider.getUserCache().getClass()); - provider.setUserCache(null); - - try { - provider.afterPropertiesSet(); - fail("Should have thrown IllegalArgumentException"); - } catch (IllegalArgumentException expected) { - assertTrue(true); - } - } - - public void testStartupSuccess() throws Exception { - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - UserDetailsService userDetailsService = new MockUserDetailsServiceUserrod(); - provider.setUserDetailsService(userDetailsService); - provider.setUserCache(new MockUserCache()); - assertEquals(userDetailsService, provider.getUserDetailsService()); - provider.afterPropertiesSet(); - assertTrue(true); - } - - public void testSupports() { - SiteminderAuthenticationProvider provider = new SiteminderAuthenticationProvider(); - assertTrue(provider.supports(UsernamePasswordAuthenticationToken.class)); - assertTrue(!provider.supports(TestingAuthenticationToken.class)); - } - - //~ Inner Classes ================================================================================================== - - private class MockUserDetailsServiceReturnsNull implements UserDetailsService { - public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { - return null; - } - } - - private class MockUserDetailsServiceSimulateBackendError implements UserDetailsService { - public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { - throw new DataRetrievalFailureException("This mock simulator is designed to fail"); - } - } - - private class MockUserDetailsServiceUserrod implements UserDetailsService { - private String password = "koala"; - - public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { - if ("rod".equals(username)) { - return new User("rod", password, true, true, true, true, new GrantedAuthority[] { - new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO") }); - } else { - throw new UsernameNotFoundException("Could not find: " + username); - } - } - - public void setPassword(String password) { - this.password = password; - } - } - - private class MockUserDetailsServiceUserrodWithSalt implements UserDetailsService { - public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { - if ("rod".equals(username)) { - return new User("rod", "koala{SYSTEM_SALT_VALUE}", true, true, true, true, new GrantedAuthority[] { - new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO") }); - } else { - throw new UsernameNotFoundException("Could not find: " + username); - } - } - } - - private class MockUserDetailsServiceUserPeter implements UserDetailsService { - public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { - if ("peter".equals(username)) { - return new User("peter", "opal", false, true, true, true, new GrantedAuthority[] { - new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO") }); - } else { - throw new UsernameNotFoundException("Could not find: " + username); - } - } - } - - private class MockUserDetailsServiceUserPeterAccountExpired implements UserDetailsService { - public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { - if ("peter".equals(username)) { - return new User("peter", "opal", true, false, true, true, new GrantedAuthority[] { - new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO") }); - } else { - throw new UsernameNotFoundException("Could not find: " + username); - } - } - } - - private class MockUserDetailsServiceUserPeterAccountLocked implements UserDetailsService { - public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { - if ("peter".equals(username)) { - return new User("peter", "opal", true, true, true, false, new GrantedAuthority[] { - new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO") }); - } else { - throw new UsernameNotFoundException("Could not find: " + username); - } - } - } - - private class MockUserDetailsServiceUserPeterCredentialsExpired implements UserDetailsService { - public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { - if ("peter".equals(username)) { - return new User("peter", "opal", true, true, false, true, new GrantedAuthority[] { - new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO") }); - } else { - throw new UsernameNotFoundException("Could not find: " + username); - } - } - } -} diff --git a/core/src/test/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilterTests.java b/core/src/test/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilterTests.java deleted file mode 100644 index c798572b56..0000000000 --- a/core/src/test/java/org/springframework/security/ui/webapp/SiteminderAuthenticationProcessingFilterTests.java +++ /dev/null @@ -1,184 +0,0 @@ -/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.ui.webapp; - -import junit.framework.TestCase; - -import org.springframework.security.Authentication; -import org.springframework.security.MockAuthenticationManager; -import org.springframework.security.ui.WebAuthenticationDetails; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; - -/** - * Tests SiteminderAuthenticationProcessingFilter. - * - * @author Ben Alex - * @author Scott McCrory - * @version $Id$ - */ -public class SiteminderAuthenticationProcessingFilterTests extends TestCase { - //~ Constructors =================================================================================================== - - /** - * Basic constructor. - */ - public SiteminderAuthenticationProcessingFilterTests() { - } - - /** - * Argument constructor. - * - * @param arg0 - */ - public SiteminderAuthenticationProcessingFilterTests(String arg0) { - super(arg0); - } - - //~ Methods ======================================================================================================== - - /** - * Tests the class' getters. - */ - public void testAccessors() { - SiteminderAuthenticationProcessingFilter filter = new SiteminderAuthenticationProcessingFilter(); - - filter.setFormUsernameParameterKey("usernameParamKey"); - assertEquals("usernameParamKey", filter.getFormUsernameParameterKey()); - - filter.setSiteminderUsernameHeaderKey("usernameHeaderKey"); - assertEquals("usernameHeaderKey", filter.getSiteminderUsernameHeaderKey()); - } - - /** - * Tests normal form processing. - * - * @throws Exception - */ - public void testFormNormalOperation() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); - request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod"); - request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala"); - - MockAuthenticationManager authMgr = new MockAuthenticationManager(true); - - SiteminderAuthenticationProcessingFilter filter = new SiteminderAuthenticationProcessingFilter(); - filter.setAuthenticationManager(authMgr); - filter.init(null); - - Authentication result = filter.attemptAuthentication(request); - assertTrue(result != null); - assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()); - } - - /** - * Tests form null password handling. - * - * @throws Exception - */ - public void testFormNullPasswordHandledGracefully() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); - request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_USERNAME_KEY, "rod"); - - MockAuthenticationManager authMgr = new MockAuthenticationManager(true); - - SiteminderAuthenticationProcessingFilter filter = new SiteminderAuthenticationProcessingFilter(); - filter.setAuthenticationManager(authMgr); - filter.init(null); - - Authentication result = filter.attemptAuthentication(request); - assertTrue(result != null); - } - - /** - * Tests form null username handling. - * - * @throws Exception - */ - public void testFormNullUsernameHandledGracefully() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); - request.addParameter(SiteminderAuthenticationProcessingFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala"); - - MockAuthenticationManager authMgr = new MockAuthenticationManager(true); - - SiteminderAuthenticationProcessingFilter filter = new SiteminderAuthenticationProcessingFilter(); - filter.setAuthenticationManager(authMgr); - filter.init(null); - - Authentication result = filter.attemptAuthentication(request); - assertTrue(result != null); - } - - /** - * Tests the overridden testRequiresAuthentication method. - * - * @throws Exception - */ - public void testRequiresAuthentication() throws Exception { - // Create a Siteminder-style request from an unauthenticated user for a strange URI - MockHttpServletRequest request = new MockHttpServletRequest(); - MockHttpServletResponse response = new MockHttpServletResponse(); - - request.addHeader("SM_USER", "A123456"); - - // Create the Siteminder filter, set a mock authentication manager to automatically grant access - SiteminderAuthenticationProcessingFilter filter = new SiteminderAuthenticationProcessingFilter(); - filter.setDefaultTargetUrl("/defaultTargetUri"); - - MockAuthenticationManager authMgrThatGrantsAccess = new MockAuthenticationManager(true); - filter.setAuthenticationManager(authMgrThatGrantsAccess); - - filter.setSiteminderUsernameHeaderKey("SM_USER"); - filter.init(null); - - // Requests for an unknown URL should NOT require (re)authentication - request.setRequestURI("http://an.unknown.url"); - - boolean requiresAuthentication = filter.requiresAuthentication(request, response); - assertFalse(requiresAuthentication); - - // Requests for the filter processing URI SHOULD require (re)authentication - request.setRequestURI(request.getContextPath() + "/j_spring_security_check"); - requiresAuthentication = filter.requiresAuthentication(request, response); - assertTrue(requiresAuthentication); - - // Requests for the default target URI SHOULD require (re)authentication - request.setRequestURI(request.getContextPath() + filter.getDefaultTargetUrl()); - requiresAuthentication = filter.requiresAuthentication(request, response); - assertTrue(requiresAuthentication); - } - - /** - * Tests normal Siteminder header processing. - * - * @throws Exception - */ - public void testSiteminderNormalOperation() throws Exception { - MockHttpServletRequest request = new MockHttpServletRequest(); - request.addHeader("SM_USER", "A123456"); - - MockAuthenticationManager authMgr = new MockAuthenticationManager(true); - - SiteminderAuthenticationProcessingFilter filter = new SiteminderAuthenticationProcessingFilter(); - filter.setAuthenticationManager(authMgr); - filter.setSiteminderUsernameHeaderKey("SM_USER"); - filter.init(null); - - Authentication result = filter.attemptAuthentication(request); - assertTrue(result != null); - assertEquals("127.0.0.1", ((WebAuthenticationDetails) result.getDetails()).getRemoteAddress()); - } -}