@RequestMapping(value = "/authenticate", method = RequestMethod.POST) public TokenTransfer authenticate(@RequestParam("username") String username, @RequestParam("password") String password) { UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password); Authentication authentication = authManager.authenticate(authenticationToken); SecurityContextHolder.getContext().setAuthentication(authentication); UserDetails userDetails = userDetailsService.loadUserByUsername(username); return new TokenTransfer(TokenUtils.createToken(userDetails)); }
public Collection<? extends GrantedAuthority> attemptAuthentication(String username, String password) throws RemoteAuthenticationException { UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken( username, password); try { return authenticationManager.authenticate(request).getAuthorities(); } catch (AuthenticationException authEx) { throw new RemoteAuthenticationException(authEx.getMessage()); } }
@Test public void authenticateWhenSuccessThenSucces() { when(delegate.authenticate(any())).thenReturn(authentication); when(authentication.isAuthenticated()).thenReturn(true); Authentication result = manager.authenticate(authentication).block(); assertThat(result).isEqualTo(authentication); }
@Test public void authenticationEventPublisherBeanUsedByDefault() { this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); assertThat(this.listener.getEvents()).hasSize(1); }
@Test public void authenticateWhenReturnNotAuthenticatedThenError() { when(delegate.authenticate(any())).thenReturn(authentication); Authentication result = manager.authenticate(authentication).block(); assertThat(result).isNull(); }
@Test public void delegateUsesExisitingAuthentication() { String username = "user"; String password = "password"; when(this.uds.loadUserByUsername(username)).thenReturn(PasswordEncodedUser.user()); AuthenticationManager authenticationManager = this.adapter.authenticationManager; assertThat(authenticationManager).isNotNull(); Authentication auth = authenticationManager.authenticate( new UsernamePasswordAuthenticationToken(username, password)); verify(this.uds).loadUserByUsername(username); assertThat(auth.getPrincipal()).isEqualTo(PasswordEncodedUser.user()); }
@Test(expected = RemoteAuthenticationException.class) public void testFailedAuthenticationReturnsRemoteAuthenticationException() { RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl(); AuthenticationManager am = mock(AuthenticationManager.class); when(am.authenticate(any(Authentication.class))).thenThrow( new BadCredentialsException("")); manager.setAuthenticationManager(am); manager.attemptAuthentication("rod", "password"); }
@Test public void getAuthenticationWhenAuthenticationManagerBeanThenAuthenticates() throws Exception { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, AuthenticationManagerBeanConfig.class).autowire(); AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager(); when(authentication.authenticate(token)).thenReturn(TestAuthentication.authenticatedUser()); assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName()); }
@Test public void getAuthenticationWhenUserDetailsServiceBeanThenAuthenticationManagerUsesUserDetailsServiceBean() throws Exception { this.spring.register(UserDetailsServiceBeanConfig.class).autowire(); UserDetailsService uds = this.spring.getContext().getBean(UserDetailsService.class); AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager(); when(uds.loadUserByUsername("user")).thenReturn(PasswordEncodedUser.user(), PasswordEncodedUser.user()); am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); assertThatThrownBy(() -> am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid"))) .isInstanceOf(AuthenticationException.class); }
@Test public void getAuthenticationWhenConfiguredThenBootNotTrigger() throws Exception { this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire(); AuthenticationConfiguration config = this.spring.getContext().getBean(AuthenticationConfiguration.class); config.setGlobalAuthenticationConfigurers(Arrays.asList(new ConfiguresInMemoryConfigurerAdapter(), new BootGlobalAuthenticationConfigurerAdapter())); AuthenticationManager authenticationManager = config.getAuthenticationManager(); authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); assertThatThrownBy(() -> authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("boot", "password"))) .isInstanceOf(AuthenticationException.class); }
private void setUpAuthenticationResult(ClientRegistration registration) { OAuth2AuthorizationCodeAuthenticationToken authentication = new OAuth2AuthorizationCodeAuthenticationToken(registration, success(), noScopes(), refreshToken()); when(this.authenticationManager.authenticate(any(Authentication.class))).thenReturn(authentication); } }
@Test // http@authentication-manager-ref public void configureWhenAuthenticationManagerProvidedThenVerifyUse() throws Exception { AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class); this.spring.register(AuthenticationManagerRefConfig.class).autowire(); this.mockMvc.perform(formLogin()); verify(AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER, times(1)).authenticate(any(Authentication.class)); }
@Test public void getAuthenticationManagerWhenProtectedPasswordEncoderBeanThenUsed() throws Exception { this.spring.register(PasswordEncoderGlobalConfig.class).autowire(); AuthenticationManager manager = this.spring.getContext() .getBean(AuthenticationConfiguration.class).getAuthenticationManager(); Authentication auth = manager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); assertThat(auth.getName()).isEqualTo("user"); assertThat(auth.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsOnly("ROLE_USER"); }
@Test public void testSuccessfulAuthentication() { RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl(); AuthenticationManager am = mock(AuthenticationManager.class); when(am.authenticate(any(Authentication.class))).thenReturn( new TestingAuthenticationToken("u", "p", "A")); manager.setAuthenticationManager(am); manager.attemptAuthentication("rod", "password"); } }
@Test public void isSupportedByAuthenticationProviderElement() { setContext("<authentication-manager>" + " <authentication-provider>" + " <jdbc-user-service data-source-ref='dataSource'/>" + " </authentication-provider>" + "</authentication-manager>" + DATA_SOURCE); AuthenticationManager mgr = (AuthenticationManager) appContext .getBean(BeanIds.AUTHENTICATION_MANAGER); mgr.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala")); }
@Test public void configureWhenOverrideAuthenticationManagerBeanThenAuthenticationManagerBeanRegistered() throws Exception { this.spring.register(SecurityConfig.class).autowire(); AuthenticationManager authenticationManager = this.spring.getContext().getBean(AuthenticationManager.class); Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); assertThat(authentication.isAuthenticated()).isTrue(); }
@Test public void getAuthenticationWhenGlobalAuthenticationConfigurerAdapterThenAuthenticates() throws Exception { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password"); this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class, UserGlobalAuthenticationConfigurerAdapter.class).autowire(); AuthenticationManager authentication = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager(); assertThat(authentication.authenticate(token).getName()).isEqualTo(token.getName()); }
@Test public void getAuthenticationWhenAuthenticationProviderAndUserDetailsBeanThenAuthenticationProviderUsed() throws Exception { this.spring.register(AuthenticationProviderBeanAndUserDetailsServiceConfig.class).autowire(); AuthenticationProvider ap = this.spring.getContext().getBean(AuthenticationProvider.class); AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager(); when(ap.supports(any())).thenReturn(true); when(ap.authenticate(any())).thenReturn(TestAuthentication.authenticatedUser()); am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); }
@Test public void getAuthenticationWhenUserDetailsServiceAndPasswordManagerThenManagerUsed() throws Exception { UserDetails user = new User("user", "{noop}password", AuthorityUtils.createAuthorityList("ROLE_USER")); this.spring.register(UserDetailsPasswordManagerBeanConfig.class).autowire(); UserDetailsPasswordManagerBeanConfig.Manager manager = this.spring.getContext().getBean(UserDetailsPasswordManagerBeanConfig.Manager.class); AuthenticationManager am = this.spring.getContext().getBean(AuthenticationConfiguration.class).getAuthenticationManager(); when(manager.loadUserByUsername("user")).thenReturn(User.withUserDetails(user).build(), User.withUserDetails(user).build()); when(manager.updatePassword(any(), any())).thenReturn(user); am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); verify(manager).updatePassword(eq(user), startsWith("{bcrypt}")); }
@Test public void methodSecurityAuthenticationManagerPublishesEvent() { this.spring.register(InMemoryAuthWithGlobalMethodSecurityConfig.class).autowire(); try { this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("foo", "bar")); } catch(AuthenticationException e) {} assertThat(this.events.getEvents()).extracting(Object::getClass).containsOnly((Class) AuthenticationFailureBadCredentialsEvent.class); }