mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-10-21 17:58:48 +00:00
Move FACTOR_ constants to FactorGrantedAuthority
Previously GrantedAuthorities had an implicit package tangle because it was located in ~.core and FactorGrantedAuthority is in ~.core.authority and FactorGrantedAuthority's authority property was implicitly expected to be constants found in `GrantedAuthorities`. This commit moves the constants to the FactorGrantedAuthority which resolves this tangle. It wasn't initially done because FactorGrantedAuthority did not exist at that time. Closes gh-18030
This commit is contained in:
Rob Winch
parent
e290c98e97
commit
d18431a78d
@ -38,7 +38,6 @@ import org.springframework.security.authentication.BadCredentialsException;
|
|||||||
import org.springframework.security.cas.ServiceProperties;
|
import org.springframework.security.cas.ServiceProperties;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
@ -70,7 +69,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
|
|||||||
|
|
||||||
private static final Log logger = LogFactory.getLog(CasAuthenticationProvider.class);
|
private static final Log logger = LogFactory.getLog(CasAuthenticationProvider.class);
|
||||||
|
|
||||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_CAS_AUTHORITY;
|
private static final String AUTHORITY = FactorGrantedAuthority.CAS_AUTHORITY;
|
||||||
|
|
||||||
@SuppressWarnings("NullAway.Init")
|
@SuppressWarnings("NullAway.Init")
|
||||||
private AuthenticationUserDetailsService<CasAssertionAuthenticationToken> authenticationUserDetailsService;
|
private AuthenticationUserDetailsService<CasAssertionAuthenticationToken> authenticationUserDetailsService;
|
||||||
|
|||||||
@ -33,8 +33,8 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
|
|||||||
import org.springframework.security.cas.ServiceProperties;
|
import org.springframework.security.cas.ServiceProperties;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
@ -361,7 +361,7 @@ public class CasAuthenticationProviderTests {
|
|||||||
CasServiceTicketAuthenticationToken token = CasServiceTicketAuthenticationToken.stateful("ST-123");
|
CasServiceTicketAuthenticationToken token = CasServiceTicketAuthenticationToken.stateful("ST-123");
|
||||||
token.setDetails("details");
|
token.setDetails("details");
|
||||||
Authentication result = cap.authenticate(token);
|
Authentication result = cap.authenticate(token);
|
||||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_CAS_AUTHORITY);
|
SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.CAS_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
private class MockAuthoritiesPopulator implements AuthenticationUserDetailsService {
|
private class MockAuthoritiesPopulator implements AuthenticationUserDetailsService {
|
||||||
|
|||||||
@ -21,7 +21,7 @@ import org.springframework.security.config.Customizer;
|
|||||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
import org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler;
|
import org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler;
|
||||||
import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler;
|
import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler;
|
||||||
@ -237,7 +237,7 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
|
|||||||
AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint();
|
AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint();
|
||||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||||
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.addEntryPointFor(entryPoint, requestMatcher),
|
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.addEntryPointFor(entryPoint, requestMatcher),
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -28,7 +28,7 @@ import org.springframework.security.authentication.AuthenticationManager;
|
|||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
|
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
|
||||||
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
||||||
@ -196,8 +196,7 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>>
|
|||||||
AuthenticationEntryPoint entryPoint = postProcess(this.authenticationEntryPoint);
|
AuthenticationEntryPoint entryPoint = postProcess(this.authenticationEntryPoint);
|
||||||
exceptionHandling.defaultAuthenticationEntryPointFor(entryPoint, preferredMatcher);
|
exceptionHandling.defaultAuthenticationEntryPointFor(entryPoint, preferredMatcher);
|
||||||
exceptionHandling.defaultDeniedHandlerForMissingAuthority(
|
exceptionHandling.defaultDeniedHandlerForMissingAuthority(
|
||||||
(ep) -> ep.addEntryPointFor(entryPoint, preferredMatcher),
|
(ep) -> ep.addEntryPointFor(entryPoint, preferredMatcher), FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void registerDefaultLogoutSuccessHandler(B http, RequestMatcher preferredMatcher) {
|
private void registerDefaultLogoutSuccessHandler(B http, RequestMatcher preferredMatcher) {
|
||||||
|
|||||||
@ -26,7 +26,7 @@ import org.springframework.context.ApplicationContext;
|
|||||||
import org.springframework.http.converter.HttpMessageConverter;
|
import org.springframework.http.converter.HttpMessageConverter;
|
||||||
import org.springframework.security.authentication.ProviderManager;
|
import org.springframework.security.authentication.ProviderManager;
|
||||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
import org.springframework.security.web.access.intercept.AuthorizationFilter;
|
import org.springframework.security.web.access.intercept.AuthorizationFilter;
|
||||||
@ -159,7 +159,7 @@ public class WebAuthnConfigurer<H extends HttpSecurityBuilder<H>>
|
|||||||
if (exceptions != null) {
|
if (exceptions != null) {
|
||||||
AuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/login");
|
AuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/login");
|
||||||
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(entryPoint),
|
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(entryPoint),
|
||||||
GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY);
|
FactorGrantedAuthority.WEBAUTHN_AUTHORITY);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -25,8 +25,8 @@ import org.springframework.security.config.Customizer;
|
|||||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
|
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
@ -180,14 +180,14 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>>
|
|||||||
PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
|
PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
|
||||||
authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http));
|
authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http));
|
||||||
authenticationProvider.setGrantedAuthoritySupplier(
|
authenticationProvider.setGrantedAuthoritySupplier(
|
||||||
() -> AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_X509_AUTHORITY));
|
() -> AuthorityUtils.createAuthorityList(FactorGrantedAuthority.X509_AUTHORITY));
|
||||||
http.authenticationProvider(authenticationProvider)
|
http.authenticationProvider(authenticationProvider)
|
||||||
.setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint());
|
.setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint());
|
||||||
ExceptionHandlingConfigurer<H> exceptions = http.getConfigurer(ExceptionHandlingConfigurer.class);
|
ExceptionHandlingConfigurer<H> exceptions = http.getConfigurer(ExceptionHandlingConfigurer.class);
|
||||||
if (exceptions != null) {
|
if (exceptions != null) {
|
||||||
AuthenticationEntryPoint forbidden = new Http403ForbiddenEntryPoint();
|
AuthenticationEntryPoint forbidden = new Http403ForbiddenEntryPoint();
|
||||||
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(forbidden),
|
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(forbidden),
|
||||||
GrantedAuthorities.FACTOR_X509_AUTHORITY);
|
FactorGrantedAuthority.X509_AUTHORITY);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -45,7 +45,7 @@ import org.springframework.security.config.annotation.web.configurers.SessionMan
|
|||||||
import org.springframework.security.context.DelegatingApplicationListener;
|
import org.springframework.security.context.DelegatingApplicationListener;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||||
import org.springframework.security.core.session.AbstractSessionEvent;
|
import org.springframework.security.core.session.AbstractSessionEvent;
|
||||||
import org.springframework.security.core.session.SessionDestroyedEvent;
|
import org.springframework.security.core.session.SessionDestroyedEvent;
|
||||||
@ -568,7 +568,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||||
exceptions.defaultDeniedHandlerForMissingAuthority(
|
exceptions.defaultDeniedHandlerForMissingAuthority(
|
||||||
(ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher),
|
(ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher),
|
||||||
GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY);
|
FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY);
|
||||||
}
|
}
|
||||||
return loginEntryPoint;
|
return loginEntryPoint;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -39,7 +39,7 @@ import org.springframework.security.config.annotation.web.configurers.CsrfConfig
|
|||||||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||||
import org.springframework.security.oauth2.jwt.Jwt;
|
import org.springframework.security.oauth2.jwt.Jwt;
|
||||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||||
@ -357,7 +357,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
|
|||||||
exceptionHandling.defaultAuthenticationEntryPointFor(this.authenticationEntryPoint, preferredMatcher);
|
exceptionHandling.defaultAuthenticationEntryPointFor(this.authenticationEntryPoint, preferredMatcher);
|
||||||
exceptionHandling.defaultDeniedHandlerForMissingAuthority(
|
exceptionHandling.defaultDeniedHandlerForMissingAuthority(
|
||||||
(ep) -> ep.addEntryPointFor(this.authenticationEntryPoint, preferredMatcher),
|
(ep) -> ep.addEntryPointFor(this.authenticationEntryPoint, preferredMatcher),
|
||||||
GrantedAuthorities.FACTOR_BEARER_AUTHORITY);
|
FactorGrantedAuthority.BEARER_AUTHORITY);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -37,7 +37,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu
|
|||||||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
import org.springframework.security.web.authentication.AuthenticationConverter;
|
import org.springframework.security.web.authentication.AuthenticationConverter;
|
||||||
@ -142,7 +142,7 @@ public final class OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>
|
|||||||
AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint();
|
AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint();
|
||||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||||
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.addEntryPointFor(entryPoint, requestMatcher),
|
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.addEntryPointFor(entryPoint, requestMatcher),
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
FactorGrantedAuthority.OTT_AUTHORITY);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -35,7 +35,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
|
|||||||
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
|
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
|
||||||
import org.springframework.security.saml2.provider.service.authentication.OpenSaml5AuthenticationProvider;
|
import org.springframework.security.saml2.provider.service.authentication.OpenSaml5AuthenticationProvider;
|
||||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||||
@ -355,7 +355,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||||
exceptions.defaultDeniedHandlerForMissingAuthority(
|
exceptions.defaultDeniedHandlerForMissingAuthority(
|
||||||
(ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher),
|
(ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher),
|
||||||
GrantedAuthorities.FACTOR_SAML_RESPONSE_AUTHORITY);
|
FactorGrantedAuthority.SAML_RESPONSE_AUTHORITY);
|
||||||
}
|
}
|
||||||
return loginEntryPoint;
|
return loginEntryPoint;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -27,7 +27,7 @@ import org.springframework.security.access.AccessDeniedException;
|
|||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||||
import org.springframework.test.context.web.WebAppConfiguration;
|
import org.springframework.test.context.web.WebAppConfiguration;
|
||||||
@ -57,8 +57,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
|
|||||||
Service service;
|
Service service;
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(
|
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY })
|
||||||
authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY })
|
|
||||||
void webWhenAuthorized() throws Exception {
|
void webWhenAuthorized() throws Exception {
|
||||||
this.mvc.perform(get("/")).andExpect(status().isOk());
|
this.mvc.perform(get("/")).andExpect(status().isOk());
|
||||||
}
|
}
|
||||||
@ -70,8 +69,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(
|
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY })
|
||||||
authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY })
|
|
||||||
void methodWhenAuthorized() throws Exception {
|
void methodWhenAuthorized() throws Exception {
|
||||||
Assertions.assertThatNoException().isThrownBy(() -> this.service.authenticated());
|
Assertions.assertThatNoException().isThrownBy(() -> this.service.authenticated());
|
||||||
}
|
}
|
||||||
@ -87,7 +85,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
|
|||||||
@EnableMethodSecurity
|
@EnableMethodSecurity
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableGlobalMultiFactorAuthentication(
|
@EnableGlobalMultiFactorAuthentication(
|
||||||
authorities = { GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY })
|
authorities = { FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY })
|
||||||
static class Config {
|
static class Config {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|||||||
@ -40,7 +40,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||||||
import org.springframework.security.config.test.SpringTestContext;
|
import org.springframework.security.config.test.SpringTestContext;
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||||
import org.springframework.security.config.users.AuthenticationTestConfiguration;
|
import org.springframework.security.config.users.AuthenticationTestConfiguration;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.context.SecurityContextChangedListener;
|
import org.springframework.security.core.context.SecurityContextChangedListener;
|
||||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||||
@ -417,20 +417,20 @@ public class FormLoginConfigurerTests {
|
|||||||
.andExpect(status().is3xxRedirection())
|
.andExpect(status().is3xxRedirection())
|
||||||
.andExpect(redirectedUrl("/"));
|
.andExpect(redirectedUrl("/"));
|
||||||
user = PasswordEncodedUser.withUserDetails(user)
|
user = PasswordEncodedUser.withUserDetails(user)
|
||||||
.authorities("profile:read", GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
.authorities("profile:read", FactorGrantedAuthority.OTT_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
this.mockMvc.perform(get("/profile").with(user(user)))
|
this.mockMvc.perform(get("/profile").with(user(user)))
|
||||||
.andExpect(status().is3xxRedirection())
|
.andExpect(status().is3xxRedirection())
|
||||||
.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"));
|
.andExpect(redirectedUrl("http://localhost/login?factor.type=password&factor.reason=missing"));
|
||||||
user = PasswordEncodedUser.withUserDetails(user)
|
user = PasswordEncodedUser.withUserDetails(user)
|
||||||
.authorities("profile:read", GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
.authorities("profile:read", FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
this.mockMvc.perform(get("/profile").with(user(user)))
|
this.mockMvc.perform(get("/profile").with(user(user)))
|
||||||
.andExpect(status().is3xxRedirection())
|
.andExpect(status().is3xxRedirection())
|
||||||
.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"));
|
.andExpect(redirectedUrl("http://localhost/login?factor.type=ott&factor.reason=missing"));
|
||||||
user = PasswordEncodedUser.withUserDetails(user)
|
user = PasswordEncodedUser.withUserDetails(user)
|
||||||
.authorities("profile:read", GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
.authorities("profile:read", FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
FactorGrantedAuthority.OTT_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
this.mockMvc.perform(get("/profile").with(user(user))).andExpect(status().isNotFound());
|
this.mockMvc.perform(get("/profile").with(user(user))).andExpect(status().isNotFound());
|
||||||
}
|
}
|
||||||
@ -453,8 +453,8 @@ public class FormLoginConfigurerTests {
|
|||||||
.andExpect(status().is3xxRedirection())
|
.andExpect(status().is3xxRedirection())
|
||||||
.andExpect(redirectedUrl("/"));
|
.andExpect(redirectedUrl("/"));
|
||||||
UserDetails authorized = PasswordEncodedUser.withUsername("rod")
|
UserDetails authorized = PasswordEncodedUser.withUsername("rod")
|
||||||
.authorities("profile:read", GrantedAuthorities.FACTOR_X509_AUTHORITY,
|
.authorities("profile:read", FactorGrantedAuthority.X509_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
this.mockMvc.perform(get("/profile").with(user(authorized))).andExpect(status().isOk());
|
this.mockMvc.perform(get("/profile").with(user(authorized))).andExpect(status().isOk());
|
||||||
}
|
}
|
||||||
@ -821,8 +821,8 @@ public class FormLoginConfigurerTests {
|
|||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
AuthorizationManagerFactory<?> authz() {
|
AuthorizationManagerFactory<?> authz() {
|
||||||
return new AuthorizationManagerFactory<>(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
return new AuthorizationManagerFactory<>(FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
FactorGrantedAuthority.OTT_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -848,8 +848,8 @@ public class FormLoginConfigurerTests {
|
|||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
AuthorizationManagerFactory<?> authz() {
|
AuthorizationManagerFactory<?> authz() {
|
||||||
return new AuthorizationManagerFactory<>(GrantedAuthorities.FACTOR_X509_AUTHORITY,
|
return new AuthorizationManagerFactory<>(FactorGrantedAuthority.X509_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -36,7 +36,6 @@ import org.springframework.security.authentication.LockedException;
|
|||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
@ -100,7 +99,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
|
|||||||
|
|
||||||
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
|
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
|
||||||
|
|
||||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY;
|
private static final String AUTHORITY = FactorGrantedAuthority.PASSWORD_AUTHORITY;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Allows subclasses to perform any additional checks of a returned (or cached)
|
* Allows subclasses to perform any additional checks of a returned (or cached)
|
||||||
|
|||||||
@ -44,7 +44,6 @@ import org.springframework.security.authentication.jaas.event.JaasAuthentication
|
|||||||
import org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent;
|
import org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.context.SecurityContext;
|
import org.springframework.security.core.context.SecurityContext;
|
||||||
@ -122,7 +121,7 @@ import org.springframework.util.ObjectUtils;
|
|||||||
public abstract class AbstractJaasAuthenticationProvider implements AuthenticationProvider,
|
public abstract class AbstractJaasAuthenticationProvider implements AuthenticationProvider,
|
||||||
ApplicationEventPublisherAware, InitializingBean, ApplicationListener<SessionDestroyedEvent> {
|
ApplicationEventPublisherAware, InitializingBean, ApplicationListener<SessionDestroyedEvent> {
|
||||||
|
|
||||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY;
|
private static final String AUTHORITY = FactorGrantedAuthority.PASSWORD_AUTHORITY;
|
||||||
|
|
||||||
private ApplicationEventPublisher applicationEventPublisher = (event) -> {
|
private ApplicationEventPublisher applicationEventPublisher = (event) -> {
|
||||||
};
|
};
|
||||||
|
|||||||
@ -23,7 +23,6 @@ import org.springframework.security.authentication.AuthenticationProvider;
|
|||||||
import org.springframework.security.authentication.BadCredentialsException;
|
import org.springframework.security.authentication.BadCredentialsException;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
@ -41,7 +40,7 @@ import org.springframework.util.Assert;
|
|||||||
*/
|
*/
|
||||||
public final class OneTimeTokenAuthenticationProvider implements AuthenticationProvider {
|
public final class OneTimeTokenAuthenticationProvider implements AuthenticationProvider {
|
||||||
|
|
||||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_OTT_AUTHORITY;
|
private static final String AUTHORITY = FactorGrantedAuthority.OTT_AUTHORITY;
|
||||||
|
|
||||||
private final OneTimeTokenService oneTimeTokenService;
|
private final OneTimeTokenService oneTimeTokenService;
|
||||||
|
|
||||||
|
|||||||
@ -1,78 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* https://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package org.springframework.security.core;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constants for {@link GrantedAuthority}.
|
|
||||||
*
|
|
||||||
* @author Rob Winch
|
|
||||||
* @since 7.0
|
|
||||||
*/
|
|
||||||
public final class GrantedAuthorities {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that OAuth2
|
|
||||||
* Authorization Code was used to authenticate.
|
|
||||||
*/
|
|
||||||
public static final String FACTOR_AUTHORIZATION_CODE_AUTHORITY = "FACTOR_AUTHORIZATION_CODE";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that bearer
|
|
||||||
* authentication was used to authenticate.
|
|
||||||
*/
|
|
||||||
public static final String FACTOR_BEARER_AUTHORITY = "FACTOR_BEARER";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that CAS was
|
|
||||||
* used to authenticate.
|
|
||||||
*/
|
|
||||||
public static final String FACTOR_CAS_AUTHORITY = "FACTOR_CAS";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that one time
|
|
||||||
* token was used to authenticate.
|
|
||||||
*/
|
|
||||||
public static final String FACTOR_OTT_AUTHORITY = "FACTOR_OTT";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that a password
|
|
||||||
* was used to authenticate.
|
|
||||||
*/
|
|
||||||
public static final String FACTOR_PASSWORD_AUTHORITY = "FACTOR_PASSWORD";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that SAML was
|
|
||||||
* used to authenticate.
|
|
||||||
*/
|
|
||||||
public static final String FACTOR_SAML_RESPONSE_AUTHORITY = "FACTOR_SAML_RESPONSE";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that WebAuthn
|
|
||||||
* was used to authenticate.
|
|
||||||
*/
|
|
||||||
public static final String FACTOR_WEBAUTHN_AUTHORITY = "FACTOR_WEBAUTHN";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that X509 was
|
|
||||||
* used to authenticate.
|
|
||||||
*/
|
|
||||||
public static final String FACTOR_X509_AUTHORITY = "FACTOR_X509";
|
|
||||||
|
|
||||||
private GrantedAuthorities() {
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
@ -34,6 +34,54 @@ import org.springframework.util.Assert;
|
|||||||
*/
|
*/
|
||||||
public final class FactorGrantedAuthority implements GrantedAuthority {
|
public final class FactorGrantedAuthority implements GrantedAuthority {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The standard {@link GrantedAuthority#getAuthority()} that indicates that OAuth2
|
||||||
|
* Authorization Code was used to authenticate.
|
||||||
|
*/
|
||||||
|
public static final String AUTHORIZATION_CODE_AUTHORITY = "FACTOR_AUTHORIZATION_CODE";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The standard {@link GrantedAuthority#getAuthority()} that indicates that bearer
|
||||||
|
* authentication was used to authenticate.
|
||||||
|
*/
|
||||||
|
public static final String BEARER_AUTHORITY = "FACTOR_BEARER";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The standard {@link GrantedAuthority#getAuthority()} that indicates that CAS was
|
||||||
|
* used to authenticate.
|
||||||
|
*/
|
||||||
|
public static final String CAS_AUTHORITY = "FACTOR_CAS";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The standard {@link GrantedAuthority#getAuthority()} that indicates that one time
|
||||||
|
* token was used to authenticate.
|
||||||
|
*/
|
||||||
|
public static final String OTT_AUTHORITY = "FACTOR_OTT";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The standard {@link GrantedAuthority#getAuthority()} that indicates that a password
|
||||||
|
* was used to authenticate.
|
||||||
|
*/
|
||||||
|
public static final String PASSWORD_AUTHORITY = "FACTOR_PASSWORD";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The standard {@link GrantedAuthority#getAuthority()} that indicates that SAML was
|
||||||
|
* used to authenticate.
|
||||||
|
*/
|
||||||
|
public static final String SAML_RESPONSE_AUTHORITY = "FACTOR_SAML_RESPONSE";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The standard {@link GrantedAuthority#getAuthority()} that indicates that WebAuthn
|
||||||
|
* was used to authenticate.
|
||||||
|
*/
|
||||||
|
public static final String WEBAUTHN_AUTHORITY = "FACTOR_WEBAUTHN";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The standard {@link GrantedAuthority#getAuthority()} that indicates that X509 was
|
||||||
|
* used to authenticate.
|
||||||
|
*/
|
||||||
|
public static final String X509_AUTHORITY = "FACTOR_X509";
|
||||||
|
|
||||||
private static final long serialVersionUID = 1998010439847123984L;
|
private static final long serialVersionUID = 1998010439847123984L;
|
||||||
|
|
||||||
private final String authority;
|
private final String authority;
|
||||||
|
|||||||
@ -38,9 +38,9 @@ import org.springframework.security.authentication.password.CompromisedPasswordC
|
|||||||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
@ -512,7 +512,7 @@ public class DaoAuthenticationProviderTests {
|
|||||||
DaoAuthenticationProvider provider = new DaoAuthenticationProvider(withUsers(user));
|
DaoAuthenticationProvider provider = new DaoAuthenticationProvider(withUsers(user));
|
||||||
Authentication request = new UsernamePasswordAuthenticationToken("user", "password");
|
Authentication request = new UsernamePasswordAuthenticationToken("user", "password");
|
||||||
Authentication result = provider.authenticate(request);
|
Authentication result = provider.authenticate(request);
|
||||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
private UserDetailsService withUsers(UserDetails... users) {
|
private UserDetailsService withUsers(UserDetails... users) {
|
||||||
|
|||||||
@ -40,9 +40,9 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
|||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.context.SecurityContext;
|
import org.springframework.security.core.context.SecurityContext;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.security.core.session.SessionDestroyedEvent;
|
import org.springframework.security.core.session.SessionDestroyedEvent;
|
||||||
@ -242,7 +242,7 @@ public class JaasAuthenticationProviderTests {
|
|||||||
public void authenticateWhenSuccessThenIssuesFactor() {
|
public void authenticateWhenSuccessThenIssuesFactor() {
|
||||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
|
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
|
||||||
Authentication result = this.jaasProvider.authenticate(token);
|
Authentication result = this.jaasProvider.authenticate(token);
|
||||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static class MockLoginContext extends LoginContext {
|
private static class MockLoginContext extends LoginContext {
|
||||||
|
|||||||
@ -28,7 +28,7 @@ import org.mockito.junit.jupiter.MockitoExtension;
|
|||||||
import org.springframework.security.authentication.BadCredentialsException;
|
import org.springframework.security.authentication.BadCredentialsException;
|
||||||
import org.springframework.security.authentication.SecurityAssertions;
|
import org.springframework.security.authentication.SecurityAssertions;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||||
@ -109,7 +109,7 @@ public class OneTimeTokenAuthenticationProviderTests {
|
|||||||
OneTimeTokenAuthenticationToken token = new OneTimeTokenAuthenticationToken(TOKEN);
|
OneTimeTokenAuthenticationToken token = new OneTimeTokenAuthenticationToken(TOKEN);
|
||||||
|
|
||||||
Authentication authentication = this.provider.authenticate(token);
|
Authentication authentication = this.provider.authenticate(token);
|
||||||
SecurityAssertions.assertThat(authentication).hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
SecurityAssertions.assertThat(authentication).hasAuthority(FactorGrantedAuthority.OTT_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|||||||
@ -26,7 +26,6 @@ import org.junit.jupiter.api.Test;
|
|||||||
|
|
||||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
@ -43,11 +42,11 @@ class AllFactorsAuthorizationManagerTests {
|
|||||||
private static final Object DOES_NOT_MATTER = new Object();
|
private static final Object DOES_NOT_MATTER = new Object();
|
||||||
|
|
||||||
private static RequiredFactor REQUIRED_PASSWORD = RequiredFactor
|
private static RequiredFactor REQUIRED_PASSWORD = RequiredFactor
|
||||||
.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
private static RequiredFactor EXPIRING_PASSWORD = RequiredFactor
|
private static RequiredFactor EXPIRING_PASSWORD = RequiredFactor
|
||||||
.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.validDuration(Duration.ofHours(1))
|
.validDuration(Duration.ofHours(1))
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
@ -67,10 +66,10 @@ class AllFactorsAuthorizationManagerTests {
|
|||||||
@Test
|
@Test
|
||||||
void authorizeWhenConsumerGranted() {
|
void authorizeWhenConsumerGranted() {
|
||||||
AllFactorsAuthorizationManager<Object> allFactors = AllFactorsAuthorizationManager.builder()
|
AllFactorsAuthorizationManager<Object> allFactors = AllFactorsAuthorizationManager.builder()
|
||||||
.requiredFactor((required) -> required.authority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY))
|
.requiredFactor((required) -> required.authority(FactorGrantedAuthority.PASSWORD_AUTHORITY))
|
||||||
.build();
|
.build();
|
||||||
FactorGrantedAuthority passwordFactor = FactorGrantedAuthority
|
FactorGrantedAuthority passwordFactor = FactorGrantedAuthority
|
||||||
.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.issuedAt(Instant.now())
|
.issuedAt(Instant.now())
|
||||||
.build();
|
.build();
|
||||||
Authentication authentication = new TestingAuthenticationToken("user", "password", passwordFactor);
|
Authentication authentication = new TestingAuthenticationToken("user", "password", passwordFactor);
|
||||||
@ -171,7 +170,7 @@ class AllFactorsAuthorizationManagerTests {
|
|||||||
Duration expiresIn = Duration.ofHours(1);
|
Duration expiresIn = Duration.ofHours(1);
|
||||||
Instant justExpired = now.minus(expiresIn);
|
Instant justExpired = now.minus(expiresIn);
|
||||||
Clock clock = Clock.fixed(now, ZoneId.systemDefault());
|
Clock clock = Clock.fixed(now, ZoneId.systemDefault());
|
||||||
RequiredFactor expiringPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
RequiredFactor expiringPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.validDuration(expiresIn)
|
.validDuration(expiresIn)
|
||||||
.build();
|
.build();
|
||||||
AllFactorsAuthorizationManager<Object> allFactors = AllFactorsAuthorizationManager.builder()
|
AllFactorsAuthorizationManager<Object> allFactors = AllFactorsAuthorizationManager.builder()
|
||||||
@ -193,7 +192,7 @@ class AllFactorsAuthorizationManagerTests {
|
|||||||
Duration expiresIn = Duration.ofHours(1);
|
Duration expiresIn = Duration.ofHours(1);
|
||||||
Instant justExpired = now.minus(expiresIn).plus(Duration.ofNanos(1));
|
Instant justExpired = now.minus(expiresIn).plus(Duration.ofNanos(1));
|
||||||
Clock clock = Clock.fixed(now, ZoneId.systemDefault());
|
Clock clock = Clock.fixed(now, ZoneId.systemDefault());
|
||||||
RequiredFactor expiringPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
RequiredFactor expiringPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.validDuration(expiresIn)
|
.validDuration(expiresIn)
|
||||||
.build();
|
.build();
|
||||||
AllFactorsAuthorizationManager<Object> allFactors = AllFactorsAuthorizationManager.builder()
|
AllFactorsAuthorizationManager<Object> allFactors = AllFactorsAuthorizationManager.builder()
|
||||||
|
|||||||
@ -21,7 +21,7 @@ import java.util.List;
|
|||||||
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||||
@ -42,7 +42,7 @@ class FactorAuthorizationDecisionTests {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void isGrantedWhenNotEmptyThenFalse() {
|
void isGrantedWhenNotEmptyThenFalse() {
|
||||||
RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
RequiredFactorError missingPassword = RequiredFactorError.createMissing(requiredPassword);
|
RequiredFactorError missingPassword = RequiredFactorError.createMissing(requiredPassword);
|
||||||
FactorAuthorizationDecision decision = new FactorAuthorizationDecision(List.of(missingPassword));
|
FactorAuthorizationDecision decision = new FactorAuthorizationDecision(List.of(missingPassword));
|
||||||
@ -51,7 +51,7 @@ class FactorAuthorizationDecisionTests {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void getFactorErrors() {
|
void getFactorErrors() {
|
||||||
RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
RequiredFactorError missingPassword = RequiredFactorError.createMissing(requiredPassword);
|
RequiredFactorError missingPassword = RequiredFactorError.createMissing(requiredPassword);
|
||||||
List<RequiredFactorError> factorErrors = List.of(missingPassword);
|
List<RequiredFactorError> factorErrors = List.of(missingPassword);
|
||||||
@ -67,7 +67,7 @@ class FactorAuthorizationDecisionTests {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void constructorWhenContainsNullThenThrowIllegalArgumentException() {
|
void constructorWhenContainsNullThenThrowIllegalArgumentException() {
|
||||||
RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
RequiredFactorError missingPassword = RequiredFactorError.createMissing(requiredPassword);
|
RequiredFactorError missingPassword = RequiredFactorError.createMissing(requiredPassword);
|
||||||
List<RequiredFactorError> hasNullValue = Arrays.asList(missingPassword, null);
|
List<RequiredFactorError> hasNullValue = Arrays.asList(missingPassword, null);
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import java.util.List;
|
|||||||
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||||
@ -37,16 +37,16 @@ class MapRequiredAuthoritiesRepositoryTests {
|
|||||||
|
|
||||||
private String username = "user";
|
private String username = "user";
|
||||||
|
|
||||||
private List<String> authorities = List.of(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
private List<String> authorities = List.of(FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
FactorGrantedAuthority.OTT_AUTHORITY);
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void workflow() {
|
void workflow() {
|
||||||
this.repository.saveRequiredAuthorities(this.username, this.authorities);
|
this.repository.saveRequiredAuthorities(this.username, this.authorities);
|
||||||
assertThat(this.repository.findRequiredAuthorities(this.username))
|
assertThat(this.repository.findRequiredAuthorities(this.username))
|
||||||
.containsExactlyInAnyOrderElementsOf(this.authorities);
|
.containsExactlyInAnyOrderElementsOf(this.authorities);
|
||||||
List<String> otherAuthorities = List.of(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
List<String> otherAuthorities = List.of(FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY);
|
FactorGrantedAuthority.WEBAUTHN_AUTHORITY);
|
||||||
this.repository.saveRequiredAuthorities(this.username, otherAuthorities);
|
this.repository.saveRequiredAuthorities(this.username, otherAuthorities);
|
||||||
assertThat(this.repository.findRequiredAuthorities(this.username))
|
assertThat(this.repository.findRequiredAuthorities(this.username))
|
||||||
.containsExactlyInAnyOrderElementsOf(otherAuthorities);
|
.containsExactlyInAnyOrderElementsOf(otherAuthorities);
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import java.time.Duration;
|
|||||||
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||||
@ -34,7 +34,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException
|
|||||||
class RequiredFactorErrorTests {
|
class RequiredFactorErrorTests {
|
||||||
|
|
||||||
public static final RequiredFactor REQUIRED_FACTOR = RequiredFactor
|
public static final RequiredFactor REQUIRED_FACTOR = RequiredFactor
|
||||||
.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.validDuration(Duration.ofHours(1))
|
.validDuration(Duration.ofHours(1))
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
@ -56,7 +56,7 @@ class RequiredFactorErrorTests {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void createExpiredWhenNullValidDurationThenIllegalArgumentException() {
|
void createExpiredWhenNullValidDurationThenIllegalArgumentException() {
|
||||||
RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
assertThatIllegalArgumentException().isThrownBy(() -> RequiredFactorError.createExpired(requiredPassword));
|
assertThatIllegalArgumentException().isThrownBy(() -> RequiredFactorError.createExpired(requiredPassword));
|
||||||
}
|
}
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import java.time.Duration;
|
|||||||
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||||
@ -41,19 +41,19 @@ class RequiredFactorTests {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
void withAuthorityThenEquals() {
|
void withAuthorityThenEquals() {
|
||||||
RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
assertThat(requiredPassword.getAuthority()).isEqualTo(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
assertThat(requiredPassword.getAuthority()).isEqualTo(FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||||
assertThat(requiredPassword.getValidDuration()).isNull();
|
assertThat(requiredPassword.getValidDuration()).isNull();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void builderValidDurationThenEquals() {
|
void builderValidDurationThenEquals() {
|
||||||
Duration validDuration = Duration.ofMinutes(1);
|
Duration validDuration = Duration.ofMinutes(1);
|
||||||
RequiredFactor requiredPassword = RequiredFactor.withAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
RequiredFactor requiredPassword = RequiredFactor.withAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
.validDuration(validDuration)
|
.validDuration(validDuration)
|
||||||
.build();
|
.build();
|
||||||
assertThat(requiredPassword.getAuthority()).isEqualTo(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
assertThat(requiredPassword.getAuthority()).isEqualTo(FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||||
assertThat(requiredPassword.getValidDuration()).isEqualTo(validDuration);
|
assertThat(requiredPassword.getValidDuration()).isEqualTo(validDuration);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -11,8 +11,8 @@ OWASP places factors into the following categories:
|
|||||||
|
|
||||||
== `FactorGrantedAuthority`
|
== `FactorGrantedAuthority`
|
||||||
|
|
||||||
At the time of authentication, Spring Security's authentication mechanisms add a javadoc:org.springframework.security.core.authority.FactorGrantedAuthority[] using the constants found in javadoc:org.springframework.security.core.GrantedAuthorities[].
|
At the time of authentication, Spring Security's authentication mechanisms add a javadoc:org.springframework.security.core.authority.FactorGrantedAuthority[].
|
||||||
For example, when a user authenticates using a password a `FactorGrantedAuthority` with the `authority` of `GrantedAuthorities.FACTOR_PASSWORD` is automatically added to the `Authentiation`.
|
For example, when a user authenticates using a password a `FactorGrantedAuthority` with the `authority` of `FactorGrantedAuthority.PASSWORD_AUTHORITY` is automatically added to the `Authentiation`.
|
||||||
In order to require MFA with Spring Security you must:
|
In order to require MFA with Spring Security you must:
|
||||||
|
|
||||||
- Specify an authorization rule that requires multiple factors
|
- Specify an authorization rule that requires multiple factors
|
||||||
|
|||||||
@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.config.test.SpringTestContext;
|
import org.springframework.security.config.test.SpringTestContext;
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||||
@ -52,7 +52,7 @@ public class AuthorizationManagerFactoryTests {
|
|||||||
MockMvc mockMvc;
|
MockMvc mockMvc;
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY })
|
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY })
|
||||||
void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception {
|
void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception {
|
||||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -63,7 +63,7 @@ public class AuthorizationManagerFactoryTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
@WithMockUser(authorities = FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception {
|
void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception {
|
||||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -74,7 +74,7 @@ public class AuthorizationManagerFactoryTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
@WithMockUser(authorities = FactorGrantedAuthority.OTT_AUTHORITY)
|
||||||
void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception {
|
void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception {
|
||||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|||||||
@ -7,7 +7,7 @@ import org.springframework.security.authorization.DefaultAuthorizationManagerFac
|
|||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
@ -40,8 +40,8 @@ class UseAuthorizationManagerFactoryConfiguration {
|
|||||||
AuthorizationManagerFactory<Object> authz() {
|
AuthorizationManagerFactory<Object> authz() {
|
||||||
return DefaultAuthorizationManagerFactory.builder()
|
return DefaultAuthorizationManagerFactory.builder()
|
||||||
.requireAdditionalAuthorities(
|
.requireAdditionalAuthorities(
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
)
|
)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,7 +6,7 @@ import org.springframework.security.config.Customizer;
|
|||||||
import org.springframework.security.config.annotation.authorization.EnableGlobalMultiFactorAuthentication;
|
import org.springframework.security.config.annotation.authorization.EnableGlobalMultiFactorAuthentication;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
@ -18,8 +18,8 @@ import org.springframework.security.web.authentication.ott.RedirectOneTimeTokenG
|
|||||||
@Configuration(proxyBeanMethods = false)
|
@Configuration(proxyBeanMethods = false)
|
||||||
// tag::enable-global-mfa[]
|
// tag::enable-global-mfa[]
|
||||||
@EnableGlobalMultiFactorAuthentication(authorities = {
|
@EnableGlobalMultiFactorAuthentication(authorities = {
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY })
|
FactorGrantedAuthority.OTT_AUTHORITY })
|
||||||
// end::enable-global-mfa[]
|
// end::enable-global-mfa[]
|
||||||
public class EnableGlobalMultiFactorAuthenticationConfiguration {
|
public class EnableGlobalMultiFactorAuthenticationConfiguration {
|
||||||
|
|
||||||
|
|||||||
@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.config.test.SpringTestContext;
|
import org.springframework.security.config.test.SpringTestContext;
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||||
@ -52,7 +52,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
|
|||||||
MockMvc mockMvc;
|
MockMvc mockMvc;
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_USER" })
|
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_USER" })
|
||||||
void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception {
|
void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception {
|
||||||
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -63,7 +63,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
@WithMockUser(authorities = FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception {
|
void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception {
|
||||||
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -74,7 +74,7 @@ public class EnableGlobalMultiFactorAuthenticationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
@WithMockUser(authorities = FactorGrantedAuthority.OTT_AUTHORITY)
|
||||||
void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception {
|
void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception {
|
||||||
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|||||||
@ -5,7 +5,7 @@ import org.springframework.context.annotation.Configuration;
|
|||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
@ -25,8 +25,8 @@ class ListAuthoritiesConfiguration {
|
|||||||
.authorizeHttpRequests((authorize) -> authorize
|
.authorizeHttpRequests((authorize) -> authorize
|
||||||
// <1>
|
// <1>
|
||||||
.anyRequest().hasAllAuthorities(
|
.anyRequest().hasAllAuthorities(
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
// <2>
|
// <2>
|
||||||
|
|||||||
@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.config.test.SpringTestContext;
|
import org.springframework.security.config.test.SpringTestContext;
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||||
@ -52,7 +52,7 @@ public class MultiFactorAuthenticationTests {
|
|||||||
MockMvc mockMvc;
|
MockMvc mockMvc;
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY })
|
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY })
|
||||||
void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception {
|
void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception {
|
||||||
this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -63,7 +63,7 @@ public class MultiFactorAuthenticationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
@WithMockUser(authorities = FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception {
|
void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception {
|
||||||
this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -74,7 +74,7 @@ public class MultiFactorAuthenticationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
@WithMockUser(authorities = FactorGrantedAuthority.OTT_AUTHORITY)
|
||||||
void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception {
|
void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception {
|
||||||
this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|||||||
@ -21,7 +21,7 @@ import org.springframework.context.annotation.Configuration;
|
|||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
@ -42,14 +42,14 @@ public class MultipleAuthorizationRulesConfiguration {
|
|||||||
// <1>
|
// <1>
|
||||||
.requestMatchers("/admin/**").hasAllAuthorities(
|
.requestMatchers("/admin/**").hasAllAuthorities(
|
||||||
"ROLE_ADMIN",
|
"ROLE_ADMIN",
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
)
|
)
|
||||||
// <2>
|
// <2>
|
||||||
.anyRequest().hasAllAuthorities(
|
.anyRequest().hasAllAuthorities(
|
||||||
"ROLE_USER",
|
"ROLE_USER",
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
// <3>
|
// <3>
|
||||||
|
|||||||
@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.config.test.SpringTestContext;
|
import org.springframework.security.config.test.SpringTestContext;
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||||
@ -52,7 +52,7 @@ public class MultipleAuthorizationRulesConfigurationTests {
|
|||||||
MockMvc mockMvc;
|
MockMvc mockMvc;
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_USER" })
|
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_USER" })
|
||||||
void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception {
|
void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception {
|
||||||
this.spring.register(MultipleAuthorizationRulesConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(MultipleAuthorizationRulesConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -63,7 +63,7 @@ public class MultipleAuthorizationRulesConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
@WithMockUser(authorities = FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception {
|
void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception {
|
||||||
this.spring.register(MultipleAuthorizationRulesConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(MultipleAuthorizationRulesConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -74,7 +74,7 @@ public class MultipleAuthorizationRulesConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
@WithMockUser(authorities = FactorGrantedAuthority.OTT_AUTHORITY)
|
||||||
void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception {
|
void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception {
|
||||||
this.spring.register(MultipleAuthorizationRulesConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(MultipleAuthorizationRulesConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|||||||
@ -14,7 +14,7 @@ import org.springframework.security.config.Customizer;
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
||||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
||||||
@ -49,7 +49,7 @@ class MissingAuthorityConfiguration {
|
|||||||
@Bean
|
@Bean
|
||||||
AuthorizationManagerFactory<Object> authz() {
|
AuthorizationManagerFactory<Object> authz() {
|
||||||
return DefaultAuthorizationManagerFactory.builder()
|
return DefaultAuthorizationManagerFactory.builder()
|
||||||
.requireAdditionalAuthorities(GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY)
|
.requireAdditionalAuthorities(FactorGrantedAuthority.X509_AUTHORITY, FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
// end::authorizationManagerFactoryBean[]
|
// end::authorizationManagerFactoryBean[]
|
||||||
|
|||||||
@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.config.test.SpringTestContext;
|
import org.springframework.security.config.test.SpringTestContext;
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||||
@ -62,7 +62,7 @@ public class ObtainingMoreAuthorizationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY })
|
@WithMockUser(authorities = { FactorGrantedAuthority.X509_AUTHORITY, FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY })
|
||||||
void profileWhenMissingAuthorityConfigurationThenRedirectsToAuthorizationServer() throws Exception {
|
void profileWhenMissingAuthorityConfigurationThenRedirectsToAuthorizationServer() throws Exception {
|
||||||
this.spring.register(MissingAuthorityConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(MissingAuthorityConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -83,7 +83,7 @@ public class ObtainingMoreAuthorizationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY, "SCOPE_profile:read" })
|
@WithMockUser(authorities = { FactorGrantedAuthority.X509_AUTHORITY, FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY, "SCOPE_profile:read" })
|
||||||
void profileWhenAuthenticatedAndHasScopeThenPermits() throws Exception {
|
void profileWhenAuthenticatedAndHasScopeThenPermits() throws Exception {
|
||||||
this.spring.register(MissingAuthorityConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(MissingAuthorityConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|||||||
@ -16,7 +16,7 @@ import org.springframework.security.config.Customizer;
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
@ -52,8 +52,8 @@ class AdminMfaAuthorizationManagerConfiguration {
|
|||||||
if ("admin".equals(authentication.get().getName())) {
|
if ("admin".equals(authentication.get().getName())) {
|
||||||
AuthorizationManager<Object> admins =
|
AuthorizationManager<Object> admins =
|
||||||
AllAuthoritiesAuthorizationManager.hasAllAuthorities(
|
AllAuthoritiesAuthorizationManager.hasAllAuthorities(
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY,
|
FactorGrantedAuthority.OTT_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY
|
FactorGrantedAuthority.PASSWORD_AUTHORITY
|
||||||
);
|
);
|
||||||
// <1>
|
// <1>
|
||||||
return admins.authorize(authentication, context);
|
return admins.authorize(authentication, context);
|
||||||
|
|||||||
@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.config.test.SpringTestContext;
|
import org.springframework.security.config.test.SpringTestContext;
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||||
@ -74,7 +74,7 @@ public class AdminMfaAuthorizationManagerConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(username = "admin", authorities = { GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY })
|
@WithMockUser(username = "admin", authorities = { FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY })
|
||||||
void getWhenAdminAndHasFactorThenAllows() throws Exception {
|
void getWhenAdminAndHasFactorThenAllows() throws Exception {
|
||||||
this.spring.register(AdminMfaAuthorizationManagerConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(AdminMfaAuthorizationManagerConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|||||||
@ -11,7 +11,7 @@ import org.springframework.security.authorization.RequiredAuthoritiesAuthorizati
|
|||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
@ -44,8 +44,8 @@ class RequiredAuthoritiesAuthorizationManagerConfiguration {
|
|||||||
// <1>
|
// <1>
|
||||||
MapRequiredAuthoritiesRepository authorities = new MapRequiredAuthoritiesRepository();
|
MapRequiredAuthoritiesRepository authorities = new MapRequiredAuthoritiesRepository();
|
||||||
authorities.saveRequiredAuthorities("admin", List.of(
|
authorities.saveRequiredAuthorities("admin", List.of(
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
FactorGrantedAuthority.OTT_AUTHORITY)
|
||||||
);
|
);
|
||||||
// <2>
|
// <2>
|
||||||
return new RequiredAuthoritiesAuthorizationManager<>(authorities);
|
return new RequiredAuthoritiesAuthorizationManager<>(authorities);
|
||||||
|
|||||||
@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.config.test.SpringTestContext;
|
import org.springframework.security.config.test.SpringTestContext;
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||||
@ -74,7 +74,7 @@ public class RequiredAuthoritiesAuthorizationManagerConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(username = "admin", authorities = { GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY })
|
@WithMockUser(username = "admin", authorities = { FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY })
|
||||||
void getWhenAdminAndHasFactorThenAllows() throws Exception {
|
void getWhenAdminAndHasFactorThenAllows() throws Exception {
|
||||||
this.spring.register(AdminMfaAuthorizationManagerConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(AdminMfaAuthorizationManagerConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|||||||
@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.config.test.SpringTestContext;
|
import org.springframework.security.config.test.SpringTestContext;
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||||
@ -74,7 +74,7 @@ public class ReauthenticationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
@WithMockUser(authorities = FactorGrantedAuthority.OTT_AUTHORITY)
|
||||||
void ottWhenRequireOttConfigurationThenAllows() throws Exception {
|
void ottWhenRequireOttConfigurationThenAllows() throws Exception {
|
||||||
this.spring.register(RequireOttConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(RequireOttConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|||||||
@ -5,7 +5,7 @@ import org.springframework.context.annotation.Configuration;
|
|||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
@ -23,7 +23,7 @@ public class RequireOttConfiguration {
|
|||||||
// @formatter:off
|
// @formatter:off
|
||||||
http
|
http
|
||||||
.authorizeHttpRequests((authorize) -> authorize
|
.authorizeHttpRequests((authorize) -> authorize
|
||||||
.requestMatchers("/profile/**").hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY) // <1>
|
.requestMatchers("/profile/**").hasAuthority(FactorGrantedAuthority.OTT_AUTHORITY) // <1>
|
||||||
.anyRequest().authenticated()
|
.anyRequest().authenticated()
|
||||||
)
|
)
|
||||||
.formLogin(Customizer.withDefaults())
|
.formLogin(Customizer.withDefaults())
|
||||||
|
|||||||
@ -7,7 +7,7 @@ import org.springframework.security.authorization.DefaultAuthorizationManagerFac
|
|||||||
import org.springframework.security.config.Customizer;
|
import org.springframework.security.config.Customizer;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||||
@ -27,8 +27,8 @@ class SelectiveMfaConfiguration {
|
|||||||
AuthorizationManagerFactory<Object> mfa =
|
AuthorizationManagerFactory<Object> mfa =
|
||||||
DefaultAuthorizationManagerFactory.<Object>builder()
|
DefaultAuthorizationManagerFactory.<Object>builder()
|
||||||
.requireAdditionalAuthorities(
|
.requireAdditionalAuthorities(
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
)
|
)
|
||||||
.build();
|
.build();
|
||||||
http
|
http
|
||||||
|
|||||||
@ -22,7 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.config.test.SpringTestContext;
|
import org.springframework.security.config.test.SpringTestContext;
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||||
import org.springframework.security.test.context.support.WithMockUser;
|
import org.springframework.security.test.context.support.WithMockUser;
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||||
@ -53,7 +53,7 @@ public class SelectiveMfaConfigurationTests {
|
|||||||
MockMvc mockMvc;
|
MockMvc mockMvc;
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_ADMIN" })
|
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_ADMIN" })
|
||||||
void adminWhenMissingOttThenRequired() throws Exception {
|
void adminWhenMissingOttThenRequired() throws Exception {
|
||||||
this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -64,7 +64,7 @@ public class SelectiveMfaConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_ADMIN" })
|
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_ADMIN" })
|
||||||
void adminWhenMfaThenAllowed() throws Exception {
|
void adminWhenMfaThenAllowed() throws Exception {
|
||||||
this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -75,7 +75,7 @@ public class SelectiveMfaConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_ADMIN" })
|
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_ADMIN" })
|
||||||
void userSettingsRequiresMfa() throws Exception {
|
void userSettingsRequiresMfa() throws Exception {
|
||||||
this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
@ -86,7 +86,7 @@ public class SelectiveMfaConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_USER" })
|
@WithMockUser(authorities = { FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_USER" })
|
||||||
void userSettingsWhenMissingOttThenRequired() throws Exception {
|
void userSettingsWhenMissingOttThenRequired() throws Exception {
|
||||||
this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire();
|
this.spring.register(SelectiveMfaConfiguration.class, Http200Controller.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|||||||
@ -8,8 +8,8 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
|||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.authentication.ott.OneTimeTokenAuthentication;
|
import org.springframework.security.authentication.ott.OneTimeTokenAuthentication;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
|
||||||
import static org.mockito.ArgumentMatchers.any;
|
import static org.mockito.ArgumentMatchers.any;
|
||||||
@ -20,10 +20,10 @@ public class CopyAuthoritiesTests {
|
|||||||
@Test
|
@Test
|
||||||
void toBuilderWhenApplyThenCopies() {
|
void toBuilderWhenApplyThenCopies() {
|
||||||
UsernamePasswordAuthenticationToken previous = new UsernamePasswordAuthenticationToken("alice", "pass",
|
UsernamePasswordAuthenticationToken previous = new UsernamePasswordAuthenticationToken("alice", "pass",
|
||||||
AuthorityUtils.createAuthorityList( GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY));
|
AuthorityUtils.createAuthorityList( FactorGrantedAuthority.PASSWORD_AUTHORITY));
|
||||||
SecurityContextHolder.getContext().setAuthentication(previous);
|
SecurityContextHolder.getContext().setAuthentication(previous);
|
||||||
Authentication latest = new OneTimeTokenAuthentication("bob",
|
Authentication latest = new OneTimeTokenAuthentication("bob",
|
||||||
AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_OTT_AUTHORITY));
|
AuthorityUtils.createAuthorityList(FactorGrantedAuthority.OTT_AUTHORITY));
|
||||||
AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
|
AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
|
||||||
given(authenticationManager.authenticate(any())).willReturn(latest);
|
given(authenticationManager.authenticate(any())).willReturn(latest);
|
||||||
Authentication authenticationRequest = new TestingAuthenticationToken("user", "pass");
|
Authentication authenticationRequest = new TestingAuthenticationToken("user", "pass");
|
||||||
@ -36,7 +36,8 @@ public class CopyAuthoritiesTests {
|
|||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
// end::springSecurity[]
|
// end::springSecurity[]
|
||||||
SecurityAssertions.assertThat(lastestResult).hasAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
SecurityAssertions.assertThat(lastestResult).hasAuthorities(
|
||||||
|
FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY);
|
||||||
SecurityContextHolder.clearContext();
|
SecurityContextHolder.clearContext();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||||||
import org.springframework.beans.factory.annotation.Autowired
|
import org.springframework.beans.factory.annotation.Autowired
|
||||||
import org.springframework.security.config.test.SpringTestContext
|
import org.springframework.security.config.test.SpringTestContext
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension
|
import org.springframework.security.config.test.SpringTestContextExtension
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.test.context.support.WithMockUser
|
import org.springframework.security.test.context.support.WithMockUser
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
||||||
@ -47,7 +47,7 @@ class AuthorizationManagerFactoryTests {
|
|||||||
var mockMvc: MockMvc? = null
|
var mockMvc: MockMvc? = null
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithPasswordAndOttThenPermits() {
|
fun getWhenAuthenticatedWithPasswordAndOttThenPermits() {
|
||||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java)
|
this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java)
|
||||||
@ -60,7 +60,7 @@ class AuthorizationManagerFactoryTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() {
|
fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() {
|
||||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java)
|
this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java)
|
||||||
@ -73,7 +73,7 @@ class AuthorizationManagerFactoryTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.OTT_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithOttThenRedirectsToPassword() {
|
fun getWhenAuthenticatedWithOttThenRedirectsToPassword() {
|
||||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java)
|
this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java)
|
||||||
|
|||||||
@ -7,7 +7,7 @@ import org.springframework.security.authorization.DefaultAuthorizationManagerFac
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||||
import org.springframework.security.config.annotation.web.invoke
|
import org.springframework.security.config.annotation.web.invoke
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.core.userdetails.User
|
import org.springframework.security.core.userdetails.User
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||||
@ -40,8 +40,8 @@ internal class UseAuthorizationManagerFactoryConfiguration {
|
|||||||
fun authz(): AuthorizationManagerFactory<Object> {
|
fun authz(): AuthorizationManagerFactory<Object> {
|
||||||
return DefaultAuthorizationManagerFactory.builder<Object>()
|
return DefaultAuthorizationManagerFactory.builder<Object>()
|
||||||
.requireAdditionalAuthorities(
|
.requireAdditionalAuthorities(
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
)
|
)
|
||||||
.build()
|
.build()
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,7 +6,7 @@ import org.springframework.security.config.annotation.authorization.EnableGlobal
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||||
import org.springframework.security.config.annotation.web.invoke
|
import org.springframework.security.config.annotation.web.invoke
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.core.userdetails.User
|
import org.springframework.security.core.userdetails.User
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||||
@ -19,8 +19,8 @@ import org.springframework.security.web.authentication.ott.RedirectOneTimeTokenG
|
|||||||
|
|
||||||
// tag::enable-global-mfa[]
|
// tag::enable-global-mfa[]
|
||||||
@EnableGlobalMultiFactorAuthentication( authorities = [
|
@EnableGlobalMultiFactorAuthentication( authorities = [
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
FactorGrantedAuthority.OTT_AUTHORITY])
|
||||||
// end::enable-global-mfa[]
|
// end::enable-global-mfa[]
|
||||||
internal class EnableGlobalMultiFactorAuthenticationConfiguration {
|
internal class EnableGlobalMultiFactorAuthenticationConfiguration {
|
||||||
|
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||||||
import org.springframework.beans.factory.annotation.Autowired
|
import org.springframework.beans.factory.annotation.Autowired
|
||||||
import org.springframework.security.config.test.SpringTestContext
|
import org.springframework.security.config.test.SpringTestContext
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension
|
import org.springframework.security.config.test.SpringTestContextExtension
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.test.context.support.WithMockUser
|
import org.springframework.security.test.context.support.WithMockUser
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
||||||
@ -47,7 +47,7 @@ class EnableGlobalMultiFactorAuthenticationConfigurationTests {
|
|||||||
var mockMvc: MockMvc? = null
|
var mockMvc: MockMvc? = null
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_ADMIN"])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_ADMIN"])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithPasswordAndOttThenPermits() {
|
fun getWhenAuthenticatedWithPasswordAndOttThenPermits() {
|
||||||
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
@ -59,7 +59,7 @@ class EnableGlobalMultiFactorAuthenticationConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() {
|
fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() {
|
||||||
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
@ -71,7 +71,7 @@ class EnableGlobalMultiFactorAuthenticationConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.OTT_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithOttThenRedirectsToPassword() {
|
fun getWhenAuthenticatedWithOttThenRedirectsToPassword() {
|
||||||
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(EnableGlobalMultiFactorAuthenticationConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
|
|||||||
@ -5,7 +5,7 @@ import org.springframework.context.annotation.Configuration
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||||
import org.springframework.security.config.annotation.web.invoke
|
import org.springframework.security.config.annotation.web.invoke
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.core.userdetails.User
|
import org.springframework.security.core.userdetails.User
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||||
@ -25,8 +25,8 @@ internal class ListAuthoritiesConfiguration {
|
|||||||
authorizeHttpRequests {
|
authorizeHttpRequests {
|
||||||
// <1>
|
// <1>
|
||||||
authorize(anyRequest, hasAllAuthorities(
|
authorize(anyRequest, hasAllAuthorities(
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
))
|
))
|
||||||
}
|
}
|
||||||
// <2>
|
// <2>
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||||||
import org.springframework.beans.factory.annotation.Autowired
|
import org.springframework.beans.factory.annotation.Autowired
|
||||||
import org.springframework.security.config.test.SpringTestContext
|
import org.springframework.security.config.test.SpringTestContext
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension
|
import org.springframework.security.config.test.SpringTestContextExtension
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.test.context.support.WithMockUser
|
import org.springframework.security.test.context.support.WithMockUser
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
||||||
@ -47,7 +47,7 @@ class MultiFactorAuthenticationTests {
|
|||||||
var mockMvc: MockMvc? = null
|
var mockMvc: MockMvc? = null
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithPasswordAndOttThenPermits() {
|
fun getWhenAuthenticatedWithPasswordAndOttThenPermits() {
|
||||||
this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
@ -59,7 +59,7 @@ class MultiFactorAuthenticationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() {
|
fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() {
|
||||||
this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
@ -71,7 +71,7 @@ class MultiFactorAuthenticationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.OTT_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithOttThenRedirectsToPassword() {
|
fun getWhenAuthenticatedWithOttThenRedirectsToPassword() {
|
||||||
this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
|
|||||||
@ -5,7 +5,7 @@ import org.springframework.context.annotation.Configuration
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||||
import org.springframework.security.config.annotation.web.invoke
|
import org.springframework.security.config.annotation.web.invoke
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.core.userdetails.User
|
import org.springframework.security.core.userdetails.User
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||||
@ -26,14 +26,14 @@ internal class MultipleAuthorizationRulesConfiguration {
|
|||||||
// <1>
|
// <1>
|
||||||
authorize("/admin/**", hasAllAuthorities(
|
authorize("/admin/**", hasAllAuthorities(
|
||||||
"ROLE_ADMIN",
|
"ROLE_ADMIN",
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
))
|
))
|
||||||
// <2>
|
// <2>
|
||||||
authorize(anyRequest, hasAllAuthorities(
|
authorize(anyRequest, hasAllAuthorities(
|
||||||
"ROLE_USER",
|
"ROLE_USER",
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
))
|
))
|
||||||
}
|
}
|
||||||
// <3>
|
// <3>
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||||||
import org.springframework.beans.factory.annotation.Autowired
|
import org.springframework.beans.factory.annotation.Autowired
|
||||||
import org.springframework.security.config.test.SpringTestContext
|
import org.springframework.security.config.test.SpringTestContext
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension
|
import org.springframework.security.config.test.SpringTestContextExtension
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.test.context.support.WithMockUser
|
import org.springframework.security.test.context.support.WithMockUser
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
||||||
@ -47,7 +47,7 @@ class MultipleAuthorizationRulesConfigurationTests {
|
|||||||
var mockMvc: MockMvc? = null
|
var mockMvc: MockMvc? = null
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_USER"])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_USER"])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithPasswordAndOttThenPermits() {
|
fun getWhenAuthenticatedWithPasswordAndOttThenPermits() {
|
||||||
this.spring.register(MultipleAuthorizationRulesConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(MultipleAuthorizationRulesConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
@ -59,7 +59,7 @@ class MultipleAuthorizationRulesConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() {
|
fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() {
|
||||||
this.spring.register(MultipleAuthorizationRulesConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(MultipleAuthorizationRulesConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
@ -71,7 +71,7 @@ class MultipleAuthorizationRulesConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.OTT_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun getWhenAuthenticatedWithOttThenRedirectsToPassword() {
|
fun getWhenAuthenticatedWithOttThenRedirectsToPassword() {
|
||||||
this.spring.register(MultipleAuthorizationRulesConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(MultipleAuthorizationRulesConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
|
|||||||
@ -11,7 +11,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
|
|||||||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
|
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
|
||||||
import org.springframework.security.config.annotation.web.invoke
|
import org.springframework.security.config.annotation.web.invoke
|
||||||
import org.springframework.security.core.AuthenticationException
|
import org.springframework.security.core.AuthenticationException
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
|
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
|
||||||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
|
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
|
||||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations
|
import org.springframework.security.oauth2.client.registration.TestClientRegistrations
|
||||||
@ -55,7 +55,10 @@ internal class MissingAuthorityConfiguration {
|
|||||||
@Bean
|
@Bean
|
||||||
fun authz(): AuthorizationManagerFactory<Object> {
|
fun authz(): AuthorizationManagerFactory<Object> {
|
||||||
return DefaultAuthorizationManagerFactory.builder<Object>()
|
return DefaultAuthorizationManagerFactory.builder<Object>()
|
||||||
.requireAdditionalAuthorities(GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY)
|
.requireAdditionalAuthorities(
|
||||||
|
FactorGrantedAuthority.X509_AUTHORITY,
|
||||||
|
FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY
|
||||||
|
)
|
||||||
.build()
|
.build()
|
||||||
}
|
}
|
||||||
// end::authorizationManagerFactoryBean[]
|
// end::authorizationManagerFactoryBean[]
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||||||
import org.springframework.beans.factory.annotation.Autowired
|
import org.springframework.beans.factory.annotation.Autowired
|
||||||
import org.springframework.security.config.test.SpringTestContext
|
import org.springframework.security.config.test.SpringTestContext
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension
|
import org.springframework.security.config.test.SpringTestContextExtension
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.docs.servlet.authentication.obtainingmoreauthorization.ScopeConfiguration
|
import org.springframework.security.docs.servlet.authentication.obtainingmoreauthorization.ScopeConfiguration
|
||||||
import org.springframework.security.test.context.support.WithMockUser
|
import org.springframework.security.test.context.support.WithMockUser
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||||
@ -59,7 +59,7 @@ class ObtainingMoreAuthorizationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.X509_AUTHORITY, FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun profileWhenMissingAuthorityConfigurationThenRedirectsToAuthorizationServer() {
|
fun profileWhenMissingAuthorityConfigurationThenRedirectsToAuthorizationServer() {
|
||||||
this.spring.register(MissingAuthorityConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(MissingAuthorityConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
@ -82,7 +82,7 @@ class ObtainingMoreAuthorizationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY, "SCOPE_profile:read"])
|
@WithMockUser(authorities = [FactorGrantedAuthority.X509_AUTHORITY, FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY, "SCOPE_profile:read"])
|
||||||
@Throws(
|
@Throws(
|
||||||
Exception::class
|
Exception::class
|
||||||
)
|
)
|
||||||
|
|||||||
@ -7,7 +7,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
|||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||||
import org.springframework.security.config.annotation.web.invoke
|
import org.springframework.security.config.annotation.web.invoke
|
||||||
import org.springframework.security.core.Authentication
|
import org.springframework.security.core.Authentication
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.core.userdetails.PasswordEncodedUser
|
import org.springframework.security.core.userdetails.PasswordEncodedUser
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||||
@ -27,7 +27,9 @@ internal class AdminMfaAuthorizationManagerConfiguration {
|
|||||||
// @formatter:off
|
// @formatter:off
|
||||||
http {
|
http {
|
||||||
authorizeHttpRequests {
|
authorizeHttpRequests {
|
||||||
|
// <1>
|
||||||
authorize("/admin/**", hasRole("ADMIN"))
|
authorize("/admin/**", hasRole("ADMIN"))
|
||||||
|
// <2>
|
||||||
authorize(anyRequest, authenticated)
|
authorize(anyRequest, authenticated)
|
||||||
}
|
}
|
||||||
formLogin { }
|
formLogin { }
|
||||||
@ -46,9 +48,8 @@ internal class AdminMfaAuthorizationManagerConfiguration {
|
|||||||
return if ("admin" == authentication.get().name) {
|
return if ("admin" == authentication.get().name) {
|
||||||
var admins =
|
var admins =
|
||||||
AllAuthoritiesAuthorizationManager.hasAllAuthorities<Any>(
|
AllAuthoritiesAuthorizationManager.hasAllAuthorities<Any>(
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY,
|
FactorGrantedAuthority.OTT_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY
|
FactorGrantedAuthority.PASSWORD_AUTHORITY)
|
||||||
)
|
|
||||||
// <1>
|
// <1>
|
||||||
admins.authorize(authentication, context)
|
admins.authorize(authentication, context)
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||||||
import org.springframework.beans.factory.annotation.Autowired
|
import org.springframework.beans.factory.annotation.Autowired
|
||||||
import org.springframework.security.config.test.SpringTestContext
|
import org.springframework.security.config.test.SpringTestContext
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension
|
import org.springframework.security.config.test.SpringTestContextExtension
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.test.context.support.WithMockUser
|
import org.springframework.security.test.context.support.WithMockUser
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated
|
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated
|
||||||
@ -73,7 +73,7 @@ class AdminMfaAuthorizationManagerConfigurationTests {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
@WithMockUser(username = "admin", authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY ])
|
@WithMockUser(username = "admin", authorities = [FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY])
|
||||||
fun getWhenAdminAndHasFactorThenAllows() {
|
fun getWhenAdminAndHasFactorThenAllows() {
|
||||||
this.spring.register(AdminMfaAuthorizationManagerConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(AdminMfaAuthorizationManagerConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
|
|||||||
@ -9,7 +9,7 @@ import org.springframework.security.authorization.RequiredAuthoritiesAuthorizati
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||||
import org.springframework.security.config.annotation.web.invoke
|
import org.springframework.security.config.annotation.web.invoke
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.core.userdetails.PasswordEncodedUser
|
import org.springframework.security.core.userdetails.PasswordEncodedUser
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||||
@ -44,8 +44,8 @@ internal class RequiredAuthoritiesAuthorizationManagerConfiguration {
|
|||||||
// <1>
|
// <1>
|
||||||
val authorities = MapRequiredAuthoritiesRepository()
|
val authorities = MapRequiredAuthoritiesRepository()
|
||||||
authorities.saveRequiredAuthorities("admin", List.of(
|
authorities.saveRequiredAuthorities("admin", List.of(
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
FactorGrantedAuthority.OTT_AUTHORITY)
|
||||||
)
|
)
|
||||||
// <2>
|
// <2>
|
||||||
return RequiredAuthoritiesAuthorizationManager(authorities)
|
return RequiredAuthoritiesAuthorizationManager(authorities)
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||||||
import org.springframework.beans.factory.annotation.Autowired
|
import org.springframework.beans.factory.annotation.Autowired
|
||||||
import org.springframework.security.config.test.SpringTestContext
|
import org.springframework.security.config.test.SpringTestContext
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension
|
import org.springframework.security.config.test.SpringTestContextExtension
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.test.context.support.WithMockUser
|
import org.springframework.security.test.context.support.WithMockUser
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
||||||
@ -75,7 +75,7 @@ class RequiredAuthoritiesAuthorizationManagerConfigurationTests {
|
|||||||
@Test
|
@Test
|
||||||
@WithMockUser(
|
@WithMockUser(
|
||||||
username = "admin",
|
username = "admin",
|
||||||
authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY]
|
authorities = [FactorGrantedAuthority.OTT_AUTHORITY, FactorGrantedAuthority.PASSWORD_AUTHORITY]
|
||||||
)
|
)
|
||||||
@Throws(
|
@Throws(
|
||||||
Exception::class
|
Exception::class
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||||||
import org.springframework.beans.factory.annotation.Autowired
|
import org.springframework.beans.factory.annotation.Autowired
|
||||||
import org.springframework.security.config.test.SpringTestContext
|
import org.springframework.security.config.test.SpringTestContext
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension
|
import org.springframework.security.config.test.SpringTestContextExtension
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.docs.servlet.authentication.reauthentication.RequireOttConfiguration
|
import org.springframework.security.docs.servlet.authentication.reauthentication.RequireOttConfiguration
|
||||||
import org.springframework.security.docs.servlet.authentication.reauthentication.SimpleConfiguration
|
import org.springframework.security.docs.servlet.authentication.reauthentication.SimpleConfiguration
|
||||||
import org.springframework.security.test.context.support.WithMockUser
|
import org.springframework.security.test.context.support.WithMockUser
|
||||||
@ -73,7 +73,7 @@ class ReauthenticationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
@WithMockUser(authorities = [FactorGrantedAuthority.OTT_AUTHORITY])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun ottWhenRequireOttConfigurationThenAllows() {
|
fun ottWhenRequireOttConfigurationThenAllows() {
|
||||||
this.spring.register(RequireOttConfiguration::class.java, Http200Controller::class.java).autowire()
|
this.spring.register(RequireOttConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||||
|
|||||||
@ -5,7 +5,7 @@ import org.springframework.context.annotation.Configuration
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||||
import org.springframework.security.config.annotation.web.invoke
|
import org.springframework.security.config.annotation.web.invoke
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.core.userdetails.User
|
import org.springframework.security.core.userdetails.User
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||||
@ -23,7 +23,7 @@ class RequireOttConfiguration {
|
|||||||
// @formatter:off
|
// @formatter:off
|
||||||
http {
|
http {
|
||||||
authorizeHttpRequests {
|
authorizeHttpRequests {
|
||||||
authorize("/profile/**", hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY)) // <1>
|
authorize("/profile/**", hasAuthority(FactorGrantedAuthority.OTT_AUTHORITY)) // <1>
|
||||||
authorize(anyRequest, authenticated)
|
authorize(anyRequest, authenticated)
|
||||||
}
|
}
|
||||||
formLogin { }
|
formLogin { }
|
||||||
|
|||||||
@ -7,7 +7,7 @@ import org.springframework.security.authorization.DefaultAuthorizationManagerFac
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||||
import org.springframework.security.config.annotation.web.invoke
|
import org.springframework.security.config.annotation.web.invoke
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.core.userdetails.User
|
import org.springframework.security.core.userdetails.User
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||||
@ -27,8 +27,8 @@ internal class SelectiveMfaConfiguration {
|
|||||||
val mfa: AuthorizationManagerFactory<Any> =
|
val mfa: AuthorizationManagerFactory<Any> =
|
||||||
DefaultAuthorizationManagerFactory.builder<Any>()
|
DefaultAuthorizationManagerFactory.builder<Any>()
|
||||||
.requireAdditionalAuthorities(
|
.requireAdditionalAuthorities(
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
)
|
)
|
||||||
.build()
|
.build()
|
||||||
http {
|
http {
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||||||
import org.springframework.beans.factory.annotation.Autowired
|
import org.springframework.beans.factory.annotation.Autowired
|
||||||
import org.springframework.security.config.test.SpringTestContext
|
import org.springframework.security.config.test.SpringTestContext
|
||||||
import org.springframework.security.config.test.SpringTestContextExtension
|
import org.springframework.security.config.test.SpringTestContextExtension
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.test.context.support.WithMockUser
|
import org.springframework.security.test.context.support.WithMockUser
|
||||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
||||||
@ -47,7 +47,7 @@ class SelectiveMfaConfigurationTests {
|
|||||||
var mockMvc: MockMvc? = null
|
var mockMvc: MockMvc? = null
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_ADMIN"])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_ADMIN"])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun adminWhenMissingOttThenRequired() {
|
fun adminWhenMissingOttThenRequired() {
|
||||||
this.spring.register(
|
this.spring.register(
|
||||||
@ -61,7 +61,7 @@ class SelectiveMfaConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_ADMIN"])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, FactorGrantedAuthority.OTT_AUTHORITY, "ROLE_ADMIN"])
|
||||||
@Throws(
|
@Throws(
|
||||||
Exception::class
|
Exception::class
|
||||||
)
|
)
|
||||||
@ -77,7 +77,7 @@ class SelectiveMfaConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_ADMIN"])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_ADMIN"])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun userSettingsRequiresMfa() {
|
fun userSettingsRequiresMfa() {
|
||||||
this.spring.register(
|
this.spring.register(
|
||||||
@ -91,7 +91,7 @@ class SelectiveMfaConfigurationTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, "ROLE_USER"])
|
@WithMockUser(authorities = [FactorGrantedAuthority.PASSWORD_AUTHORITY, "ROLE_USER"])
|
||||||
@Throws(Exception::class)
|
@Throws(Exception::class)
|
||||||
fun userSettingsWhenMissingOttThenRequired() {
|
fun userSettingsWhenMissingOttThenRequired() {
|
||||||
this.spring.register(
|
this.spring.register(
|
||||||
|
|||||||
@ -10,18 +10,18 @@ import org.springframework.security.authentication.TestingAuthenticationToken
|
|||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
|
||||||
import org.springframework.security.authentication.ott.OneTimeTokenAuthentication
|
import org.springframework.security.authentication.ott.OneTimeTokenAuthentication
|
||||||
import org.springframework.security.core.Authentication
|
import org.springframework.security.core.Authentication
|
||||||
import org.springframework.security.core.GrantedAuthorities
|
|
||||||
import org.springframework.security.core.authority.AuthorityUtils
|
import org.springframework.security.core.authority.AuthorityUtils
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority
|
||||||
import org.springframework.security.core.context.SecurityContextHolder
|
import org.springframework.security.core.context.SecurityContextHolder
|
||||||
|
|
||||||
class CopyAuthoritiesTests {
|
class CopyAuthoritiesTests {
|
||||||
@Test
|
@Test
|
||||||
fun toBuilderWhenApplyThenCopies() {
|
fun toBuilderWhenApplyThenCopies() {
|
||||||
val previous: Authentication = UsernamePasswordAuthenticationToken("alice", "pass",
|
val previous: Authentication = UsernamePasswordAuthenticationToken("alice", "pass",
|
||||||
AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY))
|
AuthorityUtils.createAuthorityList(FactorGrantedAuthority.PASSWORD_AUTHORITY))
|
||||||
SecurityContextHolder.getContext().authentication = previous
|
SecurityContextHolder.getContext().authentication = previous
|
||||||
var latest: Authentication = OneTimeTokenAuthentication("bob",
|
var latest: Authentication = OneTimeTokenAuthentication("bob",
|
||||||
AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_OTT_AUTHORITY))
|
AuthorityUtils.createAuthorityList(FactorGrantedAuthority.OTT_AUTHORITY))
|
||||||
val authenticationManager: AuthenticationManager = Mockito.mock(AuthenticationManager::class.java)
|
val authenticationManager: AuthenticationManager = Mockito.mock(AuthenticationManager::class.java)
|
||||||
BDDMockito.given(authenticationManager.authenticate(ArgumentMatchers.any())).willReturn(latest)
|
BDDMockito.given(authenticationManager.authenticate(ArgumentMatchers.any())).willReturn(latest)
|
||||||
val authenticationRequest: Authentication = TestingAuthenticationToken("user", "pass")
|
val authenticationRequest: Authentication = TestingAuthenticationToken("user", "pass")
|
||||||
@ -34,7 +34,10 @@ class CopyAuthoritiesTests {
|
|||||||
}.build()
|
}.build()
|
||||||
}
|
}
|
||||||
// end::springSecurity[]
|
// end::springSecurity[]
|
||||||
SecurityAssertions.assertThat(latestResult).hasAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
SecurityAssertions.assertThat(latestResult).hasAuthorities(
|
||||||
|
FactorGrantedAuthority.PASSWORD_AUTHORITY,
|
||||||
|
FactorGrantedAuthority.OTT_AUTHORITY
|
||||||
|
)
|
||||||
SecurityContextHolder.clearContext()
|
SecurityContextHolder.clearContext()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -32,7 +32,6 @@ import org.springframework.security.authentication.BadCredentialsException;
|
|||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
@ -53,7 +52,7 @@ import org.springframework.util.StringUtils;
|
|||||||
*/
|
*/
|
||||||
public abstract class AbstractLdapAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {
|
public abstract class AbstractLdapAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {
|
||||||
|
|
||||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY;
|
private static final String AUTHORITY = FactorGrantedAuthority.PASSWORD_AUTHORITY;
|
||||||
|
|
||||||
protected final Log logger = LogFactory.getLog(getClass());
|
protected final Log logger = LogFactory.getLog(getClass());
|
||||||
|
|
||||||
|
|||||||
@ -29,9 +29,9 @@ import org.springframework.security.authentication.InternalAuthenticationService
|
|||||||
import org.springframework.security.authentication.SecurityAssertions;
|
import org.springframework.security.authentication.SecurityAssertions;
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||||
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
|
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
|
||||||
@ -165,7 +165,7 @@ public class LdapAuthenticationProviderTests {
|
|||||||
LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(authenticator, populator);
|
LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(authenticator, populator);
|
||||||
UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken("ben", "benspassword");
|
UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken("ben", "benspassword");
|
||||||
Authentication result = ldapProvider.authenticate(request);
|
Authentication result = ldapProvider.authenticate(request);
|
||||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.PASSWORD_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
class MockAuthenticator implements LdapAuthenticator {
|
class MockAuthenticator implements LdapAuthenticator {
|
||||||
|
|||||||
@ -24,7 +24,6 @@ import java.util.Map;
|
|||||||
import org.springframework.security.authentication.AuthenticationProvider;
|
import org.springframework.security.authentication.AuthenticationProvider;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||||
@ -70,7 +69,7 @@ import org.springframework.util.Assert;
|
|||||||
*/
|
*/
|
||||||
public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider {
|
public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider {
|
||||||
|
|
||||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY;
|
private static final String AUTHORITY = FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY;
|
||||||
|
|
||||||
private final OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider;
|
private final OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider;
|
||||||
|
|
||||||
|
|||||||
@ -31,9 +31,9 @@ import org.mockito.stubbing.Answer;
|
|||||||
|
|
||||||
import org.springframework.security.authentication.SecurityAssertions;
|
import org.springframework.security.authentication.SecurityAssertions;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
|
||||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
|
||||||
@ -220,7 +220,7 @@ public class OAuth2LoginAuthenticationProviderTests {
|
|||||||
Authentication request = new OAuth2LoginAuthenticationToken(this.clientRegistration,
|
Authentication request = new OAuth2LoginAuthenticationToken(this.clientRegistration,
|
||||||
this.authorizationExchange);
|
this.authorizationExchange);
|
||||||
Authentication result = this.authenticationProvider.authenticate(request);
|
Authentication result = this.authenticationProvider.authenticate(request);
|
||||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY);
|
SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.AUTHORIZATION_CODE_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
private OAuth2AccessTokenResponse accessTokenSuccessResponse() {
|
private OAuth2AccessTokenResponse accessTokenSuccessResponse() {
|
||||||
|
|||||||
@ -21,7 +21,6 @@ import java.util.HashSet;
|
|||||||
|
|
||||||
import org.springframework.core.convert.converter.Converter;
|
import org.springframework.core.convert.converter.Converter;
|
||||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.oauth2.jwt.Jwt;
|
import org.springframework.security.oauth2.jwt.Jwt;
|
||||||
@ -37,7 +36,7 @@ import org.springframework.util.Assert;
|
|||||||
*/
|
*/
|
||||||
public class JwtAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
|
public class JwtAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
|
||||||
|
|
||||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_BEARER_AUTHORITY;
|
private static final String AUTHORITY = FactorGrantedAuthority.BEARER_AUTHORITY;
|
||||||
|
|
||||||
private Converter<Jwt, Collection<GrantedAuthority>> jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
|
private Converter<Jwt, Collection<GrantedAuthority>> jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
|
||||||
|
|
||||||
|
|||||||
@ -28,7 +28,6 @@ import org.springframework.security.authentication.AuthenticationProvider;
|
|||||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||||
@ -75,7 +74,7 @@ import org.springframework.util.Assert;
|
|||||||
*/
|
*/
|
||||||
public final class OpaqueTokenAuthenticationProvider implements AuthenticationProvider {
|
public final class OpaqueTokenAuthenticationProvider implements AuthenticationProvider {
|
||||||
|
|
||||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_BEARER_AUTHORITY;
|
private static final String AUTHORITY = FactorGrantedAuthority.BEARER_AUTHORITY;
|
||||||
|
|
||||||
private final Log logger = LogFactory.getLog(getClass());
|
private final Log logger = LogFactory.getLog(getClass());
|
||||||
|
|
||||||
|
|||||||
@ -25,8 +25,8 @@ import org.springframework.core.convert.converter.Converter;
|
|||||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||||
import org.springframework.security.authentication.SecurityAssertions;
|
import org.springframework.security.authentication.SecurityAssertions;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.security.oauth2.jwt.Jwt;
|
import org.springframework.security.oauth2.jwt.Jwt;
|
||||||
import org.springframework.security.oauth2.jwt.TestJwts;
|
import org.springframework.security.oauth2.jwt.TestJwts;
|
||||||
@ -116,7 +116,7 @@ public class JwtAuthenticationConverterTests {
|
|||||||
public void convertWhenDefaultsThenIssuesFactor() {
|
public void convertWhenDefaultsThenIssuesFactor() {
|
||||||
Jwt jwt = TestJwts.jwt().build();
|
Jwt jwt = TestJwts.jwt().build();
|
||||||
Authentication result = this.jwtAuthenticationConverter.convert(jwt);
|
Authentication result = this.jwtAuthenticationConverter.convert(jwt);
|
||||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_BEARER_AUTHORITY);
|
SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.BEARER_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -29,8 +29,8 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
|
|||||||
import org.springframework.security.authentication.SecurityAssertions;
|
import org.springframework.security.authentication.SecurityAssertions;
|
||||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
|
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
|
||||||
import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
|
import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
|
||||||
import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals;
|
import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals;
|
||||||
@ -155,7 +155,7 @@ public class OpaqueTokenAuthenticationProviderTests {
|
|||||||
OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
|
OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
|
||||||
Authentication request = new BearerTokenAuthenticationToken("token");
|
Authentication request = new BearerTokenAuthenticationToken("token");
|
||||||
Authentication result = provider.authenticate(request);
|
Authentication result = provider.authenticate(request);
|
||||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_BEARER_AUTHORITY);
|
SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.BEARER_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
static Predicate<GrantedAuthority> isScope() {
|
static Predicate<GrantedAuthority> isScope() {
|
||||||
|
|||||||
@ -58,7 +58,6 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
|
|||||||
import org.springframework.security.authentication.AuthenticationProvider;
|
import org.springframework.security.authentication.AuthenticationProvider;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
@ -114,7 +113,7 @@ import org.springframework.util.StringUtils;
|
|||||||
*/
|
*/
|
||||||
public final class OpenSaml5AuthenticationProvider implements AuthenticationProvider {
|
public final class OpenSaml5AuthenticationProvider implements AuthenticationProvider {
|
||||||
|
|
||||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_SAML_RESPONSE_AUTHORITY;
|
private static final String AUTHORITY = FactorGrantedAuthority.SAML_RESPONSE_AUTHORITY;
|
||||||
|
|
||||||
private final BaseOpenSamlAuthenticationProvider delegate;
|
private final BaseOpenSamlAuthenticationProvider delegate;
|
||||||
|
|
||||||
|
|||||||
@ -73,9 +73,9 @@ import org.opensaml.xmlsec.signature.support.SignatureConstants;
|
|||||||
import org.springframework.core.convert.converter.Converter;
|
import org.springframework.core.convert.converter.Converter;
|
||||||
import org.springframework.security.authentication.SecurityAssertions;
|
import org.springframework.security.authentication.SecurityAssertions;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.jackson2.SecurityJackson2Modules;
|
import org.springframework.security.jackson2.SecurityJackson2Modules;
|
||||||
import org.springframework.security.saml2.core.Saml2Error;
|
import org.springframework.security.saml2.core.Saml2Error;
|
||||||
import org.springframework.security.saml2.core.Saml2ErrorCodes;
|
import org.springframework.security.saml2.core.Saml2ErrorCodes;
|
||||||
@ -991,7 +991,7 @@ public class OpenSaml5AuthenticationProviderTests {
|
|||||||
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
|
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
|
||||||
Authentication request = token(response, verifying(registration()));
|
Authentication request = token(response, verifying(registration()));
|
||||||
Authentication result = this.provider.authenticate(request);
|
Authentication result = this.provider.authenticate(request);
|
||||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_SAML_RESPONSE_AUTHORITY);
|
SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.SAML_RESPONSE_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
private <T extends XMLObject> T build(QName qName) {
|
private <T extends XMLObject> T build(QName qName) {
|
||||||
|
|||||||
@ -27,8 +27,8 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.User;
|
import org.springframework.security.core.userdetails.User;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
@ -70,7 +70,7 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
|
|||||||
public void withAuthoritiesStringAllowsAnyOrderAndPermitsAnyImpl() throws Exception {
|
public void withAuthoritiesStringAllowsAnyOrderAndPermitsAnyImpl() throws Exception {
|
||||||
this.mockMvc.perform(formLogin())
|
this.mockMvc.perform(formLogin())
|
||||||
.andExpect(authenticated().withAuthorities("ROLE_ADMIN", "ROLE_SELLER",
|
.andExpect(authenticated().withAuthorities("ROLE_ADMIN", "ROLE_SELLER",
|
||||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY));
|
FactorGrantedAuthority.PASSWORD_AUTHORITY));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -84,7 +84,7 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
|
|||||||
@Test
|
@Test
|
||||||
public void withAuthoritiesStringSupportsCustomAuthority() throws Exception {
|
public void withAuthoritiesStringSupportsCustomAuthority() throws Exception {
|
||||||
this.mockMvc.perform(formLogin().user("custom"))
|
this.mockMvc.perform(formLogin().user("custom"))
|
||||||
.andExpect(authenticated().withAuthorities(ROLE_CUSTOM, GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY));
|
.andExpect(authenticated().withAuthorities(ROLE_CUSTOM, FactorGrantedAuthority.PASSWORD_AUTHORITY));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
|
|||||||
@ -33,7 +33,7 @@ import org.springframework.security.authorization.AuthorizationDeniedException;
|
|||||||
import org.springframework.security.authorization.FactorAuthorizationDecision;
|
import org.springframework.security.authorization.FactorAuthorizationDecision;
|
||||||
import org.springframework.security.authorization.RequiredFactor;
|
import org.springframework.security.authorization.RequiredFactor;
|
||||||
import org.springframework.security.authorization.RequiredFactorError;
|
import org.springframework.security.authorization.RequiredFactorError;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||||
import org.springframework.security.core.context.SecurityContextImpl;
|
import org.springframework.security.core.context.SecurityContextImpl;
|
||||||
import org.springframework.security.web.WebAttributes;
|
import org.springframework.security.web.WebAttributes;
|
||||||
@ -213,7 +213,7 @@ public class DefaultLoginPageGeneratingFilterTests {
|
|||||||
filter.setOneTimeTokenGenerationUrl("/ott/authenticate");
|
filter.setOneTimeTokenGenerationUrl("/ott/authenticate");
|
||||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||||
MockHttpServletRequest loginRequest = createLoginRequestFromMissingAuthority(
|
MockHttpServletRequest loginRequest = createLoginRequestFromMissingAuthority(
|
||||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
FactorGrantedAuthority.OTT_AUTHORITY);
|
||||||
filter.doFilter(loginRequest, response, this.chain);
|
filter.doFilter(loginRequest, response, this.chain);
|
||||||
assertThat(response.getContentAsString()).contains("Request a One-Time Token");
|
assertThat(response.getContentAsString()).contains("Request a One-Time Token");
|
||||||
assertThat(response.getContentAsString()).contains("""
|
assertThat(response.getContentAsString()).contains("""
|
||||||
|
|||||||
@ -23,7 +23,6 @@ import org.springframework.security.authentication.AuthenticationProvider;
|
|||||||
import org.springframework.security.authentication.BadCredentialsException;
|
import org.springframework.security.authentication.BadCredentialsException;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
import org.springframework.security.core.userdetails.UserDetails;
|
||||||
@ -45,7 +44,7 @@ import org.springframework.util.Assert;
|
|||||||
*/
|
*/
|
||||||
public class WebAuthnAuthenticationProvider implements AuthenticationProvider {
|
public class WebAuthnAuthenticationProvider implements AuthenticationProvider {
|
||||||
|
|
||||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY;
|
private static final String AUTHORITY = FactorGrantedAuthority.WEBAUTHN_AUTHORITY;
|
||||||
|
|
||||||
private final WebAuthnRelyingPartyOperations relyingPartyOperations;
|
private final WebAuthnRelyingPartyOperations relyingPartyOperations;
|
||||||
|
|
||||||
|
|||||||
@ -20,7 +20,7 @@ import org.junit.jupiter.api.Test;
|
|||||||
|
|
||||||
import org.springframework.security.authentication.SecurityAssertions;
|
import org.springframework.security.authentication.SecurityAssertions;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.GrantedAuthorities;
|
import org.springframework.security.core.authority.FactorGrantedAuthority;
|
||||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse;
|
import org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse;
|
||||||
@ -56,7 +56,7 @@ class WebAuthnAuthenticationProviderTests {
|
|||||||
given(users.loadUserByUsername(any())).willReturn(PasswordEncodedUser.user());
|
given(users.loadUserByUsername(any())).willReturn(PasswordEncodedUser.user());
|
||||||
given(operations.authenticate(any())).willReturn(TestPublicKeyCredentialUserEntities.userEntity().build());
|
given(operations.authenticate(any())).willReturn(TestPublicKeyCredentialUserEntities.userEntity().build());
|
||||||
Authentication result = provider.authenticate(request);
|
Authentication result = provider.authenticate(request);
|
||||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY);
|
SecurityAssertions.assertThat(result).hasAuthority(FactorGrantedAuthority.WEBAUTHN_AUTHORITY);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user