@Before public void setup() { authority = new SimpleGrantedAuthority("ROLE_AUTH"); TestingAuthenticationToken authentication = new TestingAuthenticationToken("foo", "bar", Arrays.asList(authority)); authentication.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(authentication); }
@Test(expected = AccessDeniedException.class) public void securedAdminRoleDenied() { SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER")); service.securedAdminRole(); }
@Test public void preAuthorizeAdminRoleGranted() { SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_ADMIN")); service.preAuthorizeAdminRole(); }
@Test public void constructorWhenArityAuthoritiesThenAuthenticated() { TestingAuthenticationToken authenticated = new TestingAuthenticationToken("principal", "credentials", "authority"); assertThat(authenticated.isAuthenticated()).isTrue(); }
@Test(expected = AccessDeniedException.class) public void preAuthorizeAdminRoleDenied() { SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "ROLE_USER")); service.preAuthorizeAdminRole(); }
@Test(expected = IllegalArgumentException.class) public void getPrincipalRejectsNonLdapUserDetailsObject() { AuthenticationSource source = new SpringSecurityAuthenticationSource(); SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken(new Object(), "password")); source.getPrincipal(); }
@Test public void testSuccessfulAuthentication() { RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl(); AuthenticationManager am = mock(AuthenticationManager.class); when(am.authenticate(any(Authentication.class))).thenReturn( new TestingAuthenticationToken("u", "p", "A")); manager.setAuthenticationManager(am); manager.attemptAuthentication("rod", "password"); } }
@Test public void genericMethodsAllowed() { loadContext("<global-method-security secured-annotations=\"enabled\" pre-post-annotations=\"enabled\"/>" + "<b:bean class='" + Service.class.getName() + "'/>"); SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken("test", "pass", "saveUsers")); Service service = context.getBean(Service.class); service.save(new User()); }
@Test public void checkWhenHasRoleAndNotAuthorizedThenReturnFalse() { manager = AuthorityReactiveAuthorizationManager.hasRole("ADMIN"); authentication = new TestingAuthenticationToken("rob", "secret", "ADMIN"); boolean granted = manager.check(Mono.just(authentication), null).block().isGranted(); assertThat(granted).isFalse(); }
@Test(expected = AccessDeniedException.class) public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() { loadContext(); TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password", "ROLE_SOMEOTHERROLE"); token.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(token); target.someAdminMethod(); }
@Test(expected = AccessDeniedException.class) public void targetIsSerializableAfterUse() throws Exception { try { target.someAdminMethod(); } catch (AuthenticationCredentialsNotFoundException expected) { } SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken("u", "p", "ROLE_A")); BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(target); chompedTarget.someAdminMethod(); }
@Test public void orderingAutowiredOnEnableWebMvcSecurity() { this.spring.register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class, GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class).autowire(); SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); this.service.run(); }
@Test public void testIgnoresClassesItDoesNotSupport() throws Exception { AnonymousAuthenticationProvider aap = new AnonymousAuthenticationProvider( "qwerty"); TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password", "ROLE_A"); assertThat(aap.supports(TestingAuthenticationToken.class)).isFalse(); // Try it anyway assertThat(aap.authenticate(token)).isNull(); }
@Test public void authenticateWhenNoSubscriptionThenDoesNothing() { // we didn't do anything because it should cause a ClassCastException (as verified below) TestingAuthenticationToken token = new TestingAuthenticationToken("a", "b"); assertThatCode(()-> this.manager.authenticate(token)) .doesNotThrowAnyException(); assertThatThrownBy(() -> this.manager.authenticate(token).block()) .isInstanceOf(Throwable.class); }
@Before public void setup() { attrs = Arrays.<ConfigAttribute> asList(new SecurityConfig("ROLE_USER")); interceptor = new ChannelSecurityInterceptor(source); interceptor.setAccessDecisionManager(accessDecisionManager); interceptor.setRunAsManager(runAsManager); originalAuth = new TestingAuthenticationToken("user", "pass", "ROLE_USER"); SecurityContextHolder.getContext().setAuthentication(originalAuth); }
@Test public void testCorrectOperationIsAnonymous() { AuthenticationTrustResolverImpl trustResolver = new AuthenticationTrustResolverImpl(); assertThat(trustResolver.isAnonymous(new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored")))).isTrue(); assertThat(trustResolver.isAnonymous(new TestingAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("ignored")))).isFalse(); }
@Test public void hierarchicalRoleIsIncludedInDecision() { RoleHierarchyImpl roleHierarchyImpl = new RoleHierarchyImpl(); roleHierarchyImpl.setHierarchy("ROLE_A > ROLE_B"); // User has role A, role B is required TestingAuthenticationToken auth = new TestingAuthenticationToken("user", "password", "ROLE_A"); RoleHierarchyVoter voter = new RoleHierarchyVoter(roleHierarchyImpl); assertThat(voter.vote(auth, new Object(), SecurityConfig.createList("ROLE_B"))).isEqualTo(RoleHierarchyVoter.ACCESS_GRANTED); } }
@Test public void expectedPrincipalIsReturned() { LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence(); user.setUsername("joe"); user.setDn(new DistinguishedName("uid=joe,ou=users")); AuthenticationSource source = new SpringSecurityAuthenticationSource(); SecurityContextHolder.getContext().setAuthentication( new TestingAuthenticationToken(user.createUserDetails(), null)); assertThat(source.getPrincipal()).isEqualTo("uid=joe,ou=users"); } }
@Test public void setContextAndClearAndGetContextThenEmitsEmpty() { SecurityContext expectedContext = new SecurityContextImpl( new TestingAuthenticationToken("user", "password", "ROLE_USER")); Mono<SecurityContext> context = Mono.subscriberContext() .flatMap( c -> ReactiveSecurityContextHolder.getContext()) .subscriberContext(ReactiveSecurityContextHolder.clearContext()) .subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(expectedContext))); StepVerifier.create(context) .verifyComplete(); }
@Test public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception { this.spring.register(AuthenticationPrincipalConfig.class).autowire(); this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password")))) .andExpect(content().string("user1")); }