def run(self):
context = cherrypy.session.get("SPRINGPYTHON_SECURITY_CONTEXT_KEY")
if not context:
context = self.newContext()
SecurityContextHolder.setContext(context)
cherrypy.session["SPRINGPYTHON_SECURITY_CONTEXT_KEY"] = context
def testAuthenticationProcessingFilterWithBadPassword(self):
def start_response():
pass
def application(environ, start_response):
return ["Success"]
environ = {}
environ["PATH_INFO"] = "/index.html"
inMemoryUserDetailsService = InMemoryUserDetailsService()
inMemoryUserDetailsService.user_dict = {"user1": ("good_password", ["role1", "blue"], True)}
inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider()
inMemoryDaoAuthenticationProvider.user_details_service = inMemoryUserDetailsService
inMemoryDaoAuthenticationManager = AuthenticationManager([inMemoryDaoAuthenticationProvider])
authenticationFilter = AuthenticationProcessingFilter()
authenticationFilter.auth_manager = inMemoryDaoAuthenticationManager
authenticationFilter.alwaysReauthenticate = False
token = UsernamePasswordAuthenticationToken("user1", "bad_password", None)
self.assertFalse(token.isAuthenticated())
SecurityContextHolder.setContext(SecurityContext())
SecurityContextHolder.getContext().authentication = token
filterChainProxy = FilterChainProxy()
filterChainProxy.filterInvocationDefinitionSource = [("/.*", [authenticationFilter])]
filterChainProxy.application = application
self.assertRaises(BadCredentialsException, filterChainProxy, environ, start_response)
self.assertFalse(SecurityContextHolder.getContext().authentication.isAuthenticated())
def setupContext(self, username, password):
applicationContext = ApplicationContext(XMLConfig("support/unanimousBasedApplicationContext.xml"))
token = UsernamePasswordAuthenticationToken(username, password)
auth_manager = applicationContext.get_object("auth_manager")
SecurityContextHolder.setContext(SecurityContext())
SecurityContextHolder.getContext().authentication = auth_manager.authenticate(token)
self.sampleService = applicationContext.get_object("sampleService")
self.block1 = SampleBlockOfData("block1")
self.block2 = SampleBlockOfData("block2")
def setupContext(self, username, password):
applicationContext = ApplicationContext(XMLConfig("support/labelBasedAclVoterApplicationContext.xml"))
token = UsernamePasswordAuthenticationToken(username, password)
auth_manager = applicationContext.get_object("auth_manager")
SecurityContextHolder.setContext(SecurityContext())
SecurityContextHolder.getContext().authentication = auth_manager.authenticate(token)
self.sampleService = applicationContext.get_object("sampleService")
self.blueblock = SampleBlockOfData("blue")
self.orangeblock = SampleBlockOfData("orange")
self.sharedblock = SampleBlockOfData("blue-orange")
def setupContext(self, username, password):
applicationContext = ApplicationContext(
XMLConfig("support/unanimousBasedApplicationContext.xml"))
token = UsernamePasswordAuthenticationToken(username, password)
auth_manager = applicationContext.get_object("auth_manager")
SecurityContextHolder.setContext(SecurityContext())
SecurityContextHolder.getContext(
).authentication = auth_manager.authenticate(token)
self.sampleService = applicationContext.get_object("sampleService")
self.block1 = SampleBlockOfData("block1")
self.block2 = SampleBlockOfData("block2")
def setupContext(self, username, password):
applicationContext = ApplicationContext(
XMLConfig("support/labelBasedAclVoterApplicationContext.xml"))
token = UsernamePasswordAuthenticationToken(username, password)
auth_manager = applicationContext.get_object("auth_manager")
SecurityContextHolder.setContext(SecurityContext())
SecurityContextHolder.getContext(
).authentication = auth_manager.authenticate(token)
self.sampleService = applicationContext.get_object("sampleService")
self.blueblock = SampleBlockOfData("blue")
self.orangeblock = SampleBlockOfData("orange")
self.sharedblock = SampleBlockOfData("blue-orange")
def testAuthenticationProcessingFilterWithGoodPassword(self):
def start_response():
pass
def application(environ, start_response):
return ["Success"]
environ = {}
environ["PATH_INFO"] = "/index.html"
inMemoryUserDetailsService = InMemoryUserDetailsService()
inMemoryUserDetailsService.user_dict = {
"user1": ("good_password", ["role1", "blue"], True)
}
inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider()
inMemoryDaoAuthenticationProvider.user_details_service = inMemoryUserDetailsService
inMemoryDaoAuthenticationManager = AuthenticationManager(
[inMemoryDaoAuthenticationProvider])
authenticationFilter = AuthenticationProcessingFilter()
authenticationFilter.auth_manager = inMemoryDaoAuthenticationManager
authenticationFilter.alwaysReauthenticate = False
token = UsernamePasswordAuthenticationToken("user1", "good_password",
None)
self.assertFalse(token.isAuthenticated())
SecurityContextHolder.setContext(SecurityContext())
SecurityContextHolder.getContext().authentication = token
filterChainProxy = FilterChainProxy()
filterChainProxy.filterInvocationDefinitionSource = [
("/.*", [authenticationFilter])
]
filterChainProxy.application = application
self.assertEquals(["Success"],
filterChainProxy(environ, start_response))
self.assertTrue(SecurityContextHolder.getContext().authentication.
isAuthenticated())
self.assertEquals(["Success"],
filterChainProxy(environ, start_response))
self.assertTrue(SecurityContextHolder.getContext().authentication.
isAuthenticated())
def __call__(self, environ, start_response):
session = SessionObject(environ, **self.options)
environ[self.environ_key] = session
# SpringPython Security Context Initialization
if session:
context_from_session_object = None
if self.SPRINGPYTHON_SECURITY_CONTEXT_KEY in session:
context_from_session_object = pickle.loads(
session[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY]
)
if context_from_session_object:
if isinstance(context_from_session_object, SecurityContext):
self.logger.debug("Obtained from SPRINGPYTHON_SECURITY_CONTEXT_KEY a \
valid SecurityContext and set to \
SecurityContextHolder: '%s'" % context_from_session_object)
SecurityContextHolder.setContext(context_from_session_object)
else:
self.logger.warn("SPRINGPYTHON_SECURITY_CONTEXT_KEY did not contain a SecurityContext but contained: '%s'" % context_from_session_object
+ "'; are you improperly modifying the HttpSession directly (you should always use "
+ "SecurityContextHolder) or using the HttpSession attribute reserved for this class? "
+ "- new SecurityContext instance associated with SecurityContextHolder")
SecurityContextHolder.setContext(self.generate_new_context())
else:
self.logger.debug("HttpSession returned null object for SPRINGPYTHON_SECURITY_CONTEXT_KEY " +
"- new SecurityContext instance associated with SecurityContextHolder")
SecurityContextHolder.setContext(self.generate_new_context())
else:
self.logger.debug("No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder")
SecurityContextHolder.setContext(self.generate_new_context())
def session_start_response(status, headers, exc_info = None):
session[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY] = \
pickle.dumps(SecurityContextHolder.getContext())
SecurityContextHolder.clearContext()
self.logger.debug("SecurityContextHolder cleared out, as request processing completed")
if session.accessed():
session.persist()
if session.__dict__['_headers']['set_cookie']:
cookie = session.__dict__['_headers']['cookie_out']
if cookie:
headers.append(('Set-cookie', cookie))
return start_response(status, headers, exc_info)
return self.doNextFilter(environ, session_start_response)
def __call__(self, environ, start_response):
"""This filter copies SecurityContext information back and forth between the HttpSession and the SecurityContextHolder."""
httpSession = self.sessionStrategy.getHttpSession(environ)
contextWhenChainProceeded = None
if httpSession is not None:
contextFromSessionObject = None
if self.SPRINGPYTHON_SECURITY_CONTEXT_KEY in httpSession:
contextFromSessionObject = pickle.loads(httpSession[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY])
if contextFromSessionObject is not None:
if isinstance(contextFromSessionObject, SecurityContext):
self.logger.debug("Obtained from SPRINGPYTHON_SECURITY_CONTEXT_KEY a valid SecurityContext and set "
+ "to SecurityContextHolder: '%s'" % contextFromSessionObject)
SecurityContextHolder.setContext(contextFromSessionObject)
else:
self.logger.warn("SPRINGPYTHON_SECURITY_CONTEXT_KEY did not contain a SecurityContext but contained: '%s'" % contextFromSessionObject
+ "'; are you improperly modifying the HttpSession directly (you should always use "
+ "SecurityContextHolder) or using the HttpSession attribute reserved for this class? "
+ "- new SecurityContext instance associated with SecurityContextHolder")
SecurityContextHolder.setContext(self.generateNewContext())
else:
self.logger.debug("HttpSession returned null object for SPRINGPYTHON_SECURITY_CONTEXT_KEY " +
"- new SecurityContext instance associated with SecurityContextHolder")
SecurityContextHolder.setContext(self.generateNewContext())
else:
self.logger.debug("No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder")
SecurityContextHolder.setContext(self.generateNewContext())
self.logger.debug("Setting contextWhenChainProceeded to %s" % SecurityContextHolder.getContext())
contextWhenChainProceeded = str(SecurityContextHolder.getContext())
results = self.doNextFilter(environ, start_response)
self.sessionStrategy.setHttpSession(self.SPRINGPYTHON_SECURITY_CONTEXT_KEY,
pickle.dumps(SecurityContextHolder.getContext()))
self.logger.debug("SecurityContext stored to HttpSession: '%s'" % SecurityContextHolder.getContext())
SecurityContextHolder.clearContext()
self.logger.debug("SecurityContextHolder cleared out, as request processing completed")
return results
def __call__(self, environ, start_response):
"""This filter copies SecurityContext information back and forth between the HttpSession and the SecurityContextHolder."""
httpSession = self.sessionStrategy.getHttpSession(environ)
contextWhenChainProceeded = None
if httpSession is not None:
contextFromSessionObject = None
if self.SPRINGPYTHON_SECURITY_CONTEXT_KEY in httpSession:
contextFromSessionObject = pickle.loads(
httpSession[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY])
if contextFromSessionObject is not None:
if isinstance(contextFromSessionObject, SecurityContext):
self.logger.debug(
"Obtained from SPRINGPYTHON_SECURITY_CONTEXT_KEY a valid SecurityContext and set "
+ "to SecurityContextHolder: '%s'" %
contextFromSessionObject)
SecurityContextHolder.setContext(contextFromSessionObject)
else:
self.logger.warn(
"SPRINGPYTHON_SECURITY_CONTEXT_KEY did not contain a SecurityContext but contained: '%s'"
% contextFromSessionObject +
"'; are you improperly modifying the HttpSession directly (you should always use "
+
"SecurityContextHolder) or using the HttpSession attribute reserved for this class? "
+
"- new SecurityContext instance associated with SecurityContextHolder"
)
SecurityContextHolder.setContext(self.generateNewContext())
else:
self.logger.debug(
"HttpSession returned null object for SPRINGPYTHON_SECURITY_CONTEXT_KEY "
+
"- new SecurityContext instance associated with SecurityContextHolder"
)
SecurityContextHolder.setContext(self.generateNewContext())
else:
self.logger.debug(
"No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder"
)
SecurityContextHolder.setContext(self.generateNewContext())
self.logger.debug("Setting contextWhenChainProceeded to %s" %
SecurityContextHolder.getContext())
contextWhenChainProceeded = str(SecurityContextHolder.getContext())
results = self.doNextFilter(environ, start_response)
self.sessionStrategy.setHttpSession(
self.SPRINGPYTHON_SECURITY_CONTEXT_KEY,
pickle.dumps(SecurityContextHolder.getContext()))
self.logger.debug("SecurityContext stored to HttpSession: '%s'" %
SecurityContextHolder.getContext())
SecurityContextHolder.clearContext()
self.logger.debug(
"SecurityContextHolder cleared out, as request processing completed"
)
return results
def setUp(self):
SecurityContextHolder.setContext(SecurityContext())
self.appContext = ApplicationContext(XMLConfig("support/ldapApplicationContext.xml"))
def setUp(self):
SecurityContextHolder.setContext(SecurityContext())
self.appContext = ApplicationContext(XMLConfig("support/providerApplicationContext.xml"))
self.auth_manager = self.appContext.get_object("dao_mgr_hiding_exception")
self.mock = self.mock()
self.appContext.get_object("dataSource").stubConnection.mockCursor = self.mock
def setUp(self):
SecurityContextHolder.setContext(SecurityContext())
self.appContext = ApplicationContext(XMLConfig("support/providerApplicationContext.xml"))
self.auth_manager = self.appContext.get_object("inMemoryDaoAuthenticationManager")
