/** * Get the list of roles currently known by users (there's guarantee the well known * ROLE_ADMINISTRATOR will be part of the lot) */ public List<String> getRoles() { checkUserMap(); Set<String> roles = new TreeSet<String>(); roles.add("ROLE_ADMINISTRATOR"); for (User user : getUsers()) { for (GrantedAuthority ga : user.getAuthorities()) { roles.add(ga.getAuthority()); } } return new ArrayList<String>(roles); }
/** * Turns the users password, granted authorities and enabled state into a property file value * * @param user */ String serializeUser(User user) { StringBuffer sb = new StringBuffer(); sb.append(user.getPassword()); sb.append(","); for (GrantedAuthority ga : user.getAuthorities()) { sb.append(ga.getAuthority()); sb.append(","); } sb.append(user.isEnabled() ? "enabled" : "disabled"); return sb.toString(); } }
private UsernamePasswordAuthenticationToken createToken() { User user = createDefaultUser(); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities()); return token; }
@Test public void deserializeUserWithClassIdInAuthoritiesTest() throws IOException { User user = mapper.readValue(userJson(), User.class); assertThat(user).isNotNull(); assertThat(user.getUsername()).isEqualTo("admin"); assertThat(user.getPassword()).isEqualTo("1234"); assertThat(user.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); }
@Test public void deserializeUserWithNullPasswordNoAuthorityTest() throws Exception { String userJsonWithoutPasswordString = removeNode(userWithNoAuthoritiesJson(), mapper, "password"); User user = mapper.readValue(userJsonWithoutPasswordString, User.class); assertThat(user).isNotNull(); assertThat(user.getUsername()).isEqualTo("admin"); assertThat(user.getPassword()).isNull(); assertThat(user.getAuthorities()).isEmpty(); assertThat(user.isEnabled()).isEqualTo(true); }
@Test public void serializeRememberMeAuthenticationWithUserToken() throws JsonProcessingException, JSONException { User user = createDefaultUser(); RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user, user.getAuthorities()); String actualJson = mapper.writeValueAsString(token); JSONAssert.assertEquals(String.format(REMEMBERME_AUTH_JSON, "\"password\""), actualJson, true); }
@Test public void deserializeAuthenticatedUsernamePasswordAuthenticationTokenWithUserTest() throws IOException { UsernamePasswordAuthenticationToken token = mapper .readValue(AUTHENTICATED_JSON, UsernamePasswordAuthenticationToken.class); assertThat(token).isNotNull(); assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class); assertThat(((User) token.getPrincipal()).getAuthorities()).isNotNull().hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); assertThat(token.isAuthenticated()).isEqualTo(true); assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); }
@Test public void deserializeRememberMeAuthenticationTokenWithUserTest() throws IOException { RememberMeAuthenticationToken token = mapper .readValue(String.format(REMEMBERME_AUTH_JSON, "\"password\""), RememberMeAuthenticationToken.class); assertThat(token).isNotNull(); assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class); assertThat(((User) token.getPrincipal()).getUsername()).isEqualTo("admin"); assertThat(((User) token.getPrincipal()).getPassword()).isEqualTo("1234"); assertThat(((User) token.getPrincipal()).getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); assertThat(token.getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); assertThat(((User) token.getPrincipal()).isEnabled()).isEqualTo(true); } }
@Test public void withUserDetailsWhenAllEnabled() throws Exception { User expected = new User("rob", "pass", true, true, true, true, ROLE_12); UserDetails actual = User.withUserDetails(expected).build(); assertThat(actual.getUsername()).isEqualTo(expected.getUsername()); assertThat(actual.getPassword()).isEqualTo(expected.getPassword()); assertThat(actual.getAuthorities()).isEqualTo(expected.getAuthorities()); assertThat(actual.isAccountNonExpired()).isEqualTo(expected.isAccountNonExpired()); assertThat(actual.isAccountNonLocked()).isEqualTo(expected.isAccountNonLocked()); assertThat(actual.isCredentialsNonExpired()).isEqualTo(expected.isCredentialsNonExpired()); assertThat(actual.isEnabled()).isEqualTo(expected.isEnabled()); }
@Test public void serializeAnonymousAuthenticationTokenMixinAfterEraseCredentialTest() throws JsonProcessingException, JSONException { User user = createDefaultUser(); AnonymousAuthenticationToken token = new AnonymousAuthenticationToken( HASH_KEY, user, user.getAuthorities() ); token.eraseCredentials(); String actualJson = mapper.writeValueAsString(token); JSONAssert.assertEquals(ANONYMOUS_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true); } }
@Test public void serializeAuthenticatedUsernamePasswordAuthenticationTokenMixinTest() throws JsonProcessingException, JSONException { User user = createDefaultUser(); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUsername(), user.getPassword(), user.getAuthorities()); String serializedJson = mapper.writeValueAsString(token); JSONAssert.assertEquals(AUTHENTICATED_STRINGPRINCIPAL_JSON, serializedJson, true); }
@Test public void serializeAnonymousAuthenticationTokenTest() throws JsonProcessingException, JSONException { User user = createDefaultUser(); AnonymousAuthenticationToken token = new AnonymousAuthenticationToken( HASH_KEY, user, user.getAuthorities() ); String actualJson = mapper.writeValueAsString(token); JSONAssert.assertEquals(ANONYMOUS_JSON, actualJson, true); }
@Test public void withUserDetailsWhenAllDisabled() throws Exception { User expected = new User("rob", "pass", false, false, false, false, ROLE_12); UserDetails actual = User.withUserDetails(expected).build(); assertThat(actual.getUsername()).isEqualTo(expected.getUsername()); assertThat(actual.getPassword()).isEqualTo(expected.getPassword()); assertThat(actual.getAuthorities()).isEqualTo(expected.getAuthorities()); assertThat(actual.isAccountNonExpired()).isEqualTo(expected.isAccountNonExpired()); assertThat(actual.isAccountNonLocked()).isEqualTo(expected.isAccountNonLocked()); assertThat(actual.isCredentialsNonExpired()).isEqualTo(expected.isCredentialsNonExpired()); assertThat(actual.isEnabled()).isEqualTo(expected.isEnabled()); }
@Test public void serializeRememberMeAuthenticationWithUserTokenAfterEraseCredential() throws JsonProcessingException, JSONException { User user = createDefaultUser(); RememberMeAuthenticationToken token = new RememberMeAuthenticationToken(REMEMBERME_KEY, user, user.getAuthorities()); token.eraseCredentials(); String actualJson = mapper.writeValueAsString(token); JSONAssert.assertEquals(REMEMBERME_AUTH_JSON.replace(UserDeserializerTests.USER_PASSWORD, "null"), actualJson, true); }
@Test public void authenticationPrincipalExpressionWhenBeanExpressionSuppliedThenBeanUsed() throws Exception { User user = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities())); SecurityContextHolder.setContext(context); MockMvc mockMvc = MockMvcBuilders .webAppContextSetup(wac) .build(); mockMvc.perform(get("/users/self")) .andExpect(status().isOk()) .andExpect(content().string("extracted-user")); }
public void grantUserAccess(User user) { SecurityContext securityContext = SecurityContextHolder.getContext(); Authentication auth = securityContext.getAuthentication(); user.getAuthorities().clear(); user.getAuthorities().add(new GrantedAuthorityImpl("ROLE_AUTHORIZED_USER")); Authentication newAuth = new UsernamePasswordAuthenticationToken(user, auth.getCredentials(), user.getAuthorities()); securityContext.setAuthentication(newAuth); }
public JwtProviderAuthenticationToken(User userDetails, String accessToken, String refreshToken, AuthenticationResult authenticationResult) { super(userDetails.getAuthorities()); this.accessToken = accessToken; this.refreshToken = refreshToken; this.userDetails = userDetails; this.authenticationResult = authenticationResult; }
@Override public void write(Kryo kryo, Output output, User user) { output.writeString(user.getPassword()); output.writeString(user.getUsername()); final Collection<GrantedAuthority> authorities = user.getAuthorities(); output.writeInt(authorities.size(), true); for (final GrantedAuthority item : authorities) { _kryo.writeClassAndObject(output, item); } output.writeBoolean(user.isAccountNonExpired()); output.writeBoolean(user.isAccountNonLocked()); output.writeBoolean(user.isCredentialsNonExpired()); output.writeBoolean(user.isEnabled()); }
private OAuth2Authentication createAuthentication(String username, Set<String> scopes, Set<String> roles) { List<GrantedAuthority> authorities = roles.stream() .map(SimpleGrantedAuthority::new) .collect(Collectors.toList()); User principal = new User(username, "test", true, true, true, true, authorities); Authentication authentication = new UsernamePasswordAuthenticationToken(principal, principal.getPassword(), principal.getAuthorities()); // Create the authorization request and OAuth2Authentication object OAuth2Request authRequest = new OAuth2Request(null, "testClient", null, true, scopes, null, null, null, null); return new OAuth2Authentication(authRequest, authentication); }
private OAuth2Authentication createAuthentication(String username, Set<String> scopes, Set<String> roles) { List<GrantedAuthority> authorities = roles.stream() .map(SimpleGrantedAuthority::new) .collect(Collectors.toList()); User principal = new User(username, "test", true, true, true, true, authorities); Authentication authentication = new UsernamePasswordAuthenticationToken(principal, principal.getPassword(), principal.getAuthorities()); // Create the authorization request and OAuth2Authentication object OAuth2Request authRequest = new OAuth2Request(null, "testClient", null, true, scopes, null, null, null, null); return new OAuth2Authentication(authRequest, authentication); }