securityManager.login(subject, goodToken); Assert.assertTrue(true); securityManager.login(subject, badToken); Assert.assertTrue(true); securityManager.logout(subject); securityManager.login(subject, badToken); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) { securityManager.login(subject, notGoodTokenAnyLonger); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) { securityManager.login(subject, newGoodToken); Assert.assertTrue(true); securityManager.login(subject, notGoodTokenAnyLonger); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) {
public void login(AuthenticationToken token) throws AuthenticationException { clearRunAsIdentitiesInternal(); Subject subject = securityManager.login(this, token);
@Test public void testConfigure() { final MockRealm mockRealm = createMock(MockRealm.class); AuthenticationToken authToken = createMock(AuthenticationToken.class); AuthenticationInfo info = new SimpleAuthenticationInfo("mockUser", "password", "mockRealm"); expect(mockRealm.supports(authToken)).andReturn(true); expect(mockRealm.getAuthenticationInfo(authToken)).andReturn(info); replay(mockRealm); Injector injector = Guice.createInjector(new ShiroModule() { @Override protected void configureShiro() { bindRealm().to(MockRealm.class); } @Provides public MockRealm createRealm() { return mockRealm; } }); SecurityManager securityManager = injector.getInstance(SecurityManager.class); assertNotNull(securityManager); SecurityUtils.setSecurityManager(securityManager); final Subject subject = new Subject.Builder(securityManager).buildSubject(); securityManager.login(subject, authToken); verify(mockRealm); }
@Test(groups = "slow") public void testAuthorization() throws SecurityApiException { final String username = "i like"; final String password = "c0ff33"; securityApi.addRoleDefinition("restricted", ImmutableList.of("account:*", "invoice", "tag:create_tag_definition"), callContext); securityApi.addUserRoles(username, password, ImmutableList.of("restricted"), callContext); final AuthenticationToken goodToken = new UsernamePasswordToken(username, password); final Subject subject = securityManager.login(null, goodToken); subject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString()); subject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString()); subject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString()); try { subject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString()); Assert.fail("Subject should not have rights to delete tag definitions"); } catch (AuthorizationException e) { } subject.logout(); securityApi.addRoleDefinition("newRestricted", ImmutableList.of("account:*", "invoice", "tag:delete_tag_definition"), callContext); securityApi.updateUserRoles(username, ImmutableList.of("newRestricted"), callContext); final Subject newSubject = securityManager.login(null, goodToken); newSubject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString()); newSubject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString()); newSubject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString()); try { newSubject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString()); Assert.fail("Subject should not have rights to create tag definitions"); } catch (AuthorizationException e) { } }
public void login(AuthenticationToken token) throws AuthenticationException { clearRunAsIdentitiesInternal(); Subject subject = securityManager.login(this, token);
@Override public Subject login(Subject subject, AuthenticationToken authenticationToken) { return delegate.login(subject, authenticationToken); }
securityManager.login(subject, goodToken); Assert.assertTrue(true); securityManager.login(subject, badToken); Assert.assertTrue(true); securityManager.logout(subject); securityManager.login(subject, badToken); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) { securityManager.login(subject, notGoodTokenAnyLonger); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) { securityManager.login(subject, newGoodToken); Assert.assertTrue(true); securityManager.login(subject, notGoodTokenAnyLonger); Assert.fail("Should not succeed to login with an incorrect password"); } catch (final AuthenticationException e) {
public void login(AuthenticationToken token) throws AuthenticationException { clearRunAsIdentities(); Subject subject = securityManager.login(this, token);
@Override public void login(AuthenticationToken token) throws AuthenticationException { clearRunAsIdentitiesInternal(); Subject subject = securityManager.login(this, token);
@Override public void login(AuthenticationToken token) throws AuthenticationException { clearRunAsIdentitiesInternal(); Subject subject = securityManager.login(this, token);
@Test(groups = "slow") public void testAuthorization() throws SecurityApiException { final String username = "i like"; final String password = "c0ff33"; securityApi.addRoleDefinition("restricted", ImmutableList.of("account:*", "invoice", "tag:create_tag_definition"), callContext); securityApi.addUserRoles(username, password, ImmutableList.of("restricted"), callContext); final AuthenticationToken goodToken = new UsernamePasswordToken(username, password); final Subject subject = securityManager.login(null, goodToken); subject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString()); subject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString()); subject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString()); try { subject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString()); Assert.fail("Subject should not have rights to delete tag definitions"); } catch (AuthorizationException e) { } subject.logout(); securityApi.addRoleDefinition("newRestricted", ImmutableList.of("account:*", "invoice", "tag:delete_tag_definition"), callContext); securityApi.updateUserRoles(username, ImmutableList.of("newRestricted"), callContext); final Subject newSubject = securityManager.login(null, goodToken); newSubject.checkPermission(Permission.ACCOUNT_CAN_CHARGE.toString()); newSubject.checkPermission(Permission.INVOICE_CAN_CREDIT.toString()); newSubject.checkPermission(Permission.TAG_CAN_DELETE_TAG_DEFINITION.toString()); try { newSubject.checkPermission(Permission.TAG_CAN_CREATE_TAG_DEFINITION.toString()); Assert.fail("Subject should not have rights to create tag definitions"); } catch (AuthorizationException e) { } }