def testAuthenticationProcessingFilterWithBadPassword(self):
def start_response():
pass
def application(environ, start_response):
return ["Success"]
environ = {}
environ["PATH_INFO"] = "/index.html"
inMemoryUserDetailsService = InMemoryUserDetailsService()
inMemoryUserDetailsService.user_dict = {"user1": ("good_password", ["role1", "blue"], True)}
inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider()
inMemoryDaoAuthenticationProvider.user_details_service = inMemoryUserDetailsService
inMemoryDaoAuthenticationManager = AuthenticationManager([inMemoryDaoAuthenticationProvider])
authenticationFilter = AuthenticationProcessingFilter()
authenticationFilter.auth_manager = inMemoryDaoAuthenticationManager
authenticationFilter.alwaysReauthenticate = False
token = UsernamePasswordAuthenticationToken("user1", "bad_password", None)
self.assertFalse(token.isAuthenticated())
SecurityContextHolder.setContext(SecurityContext())
SecurityContextHolder.getContext().authentication = token
filterChainProxy = FilterChainProxy()
filterChainProxy.filterInvocationDefinitionSource = [("/.*", [authenticationFilter])]
filterChainProxy.application = application
self.assertRaises(BadCredentialsException, filterChainProxy, environ, start_response)
self.assertFalse(SecurityContextHolder.getContext().authentication.isAuthenticated())
def testProgrammaticSetupForAffirmativeBased(self):
inMemoryUserDetailsService = InMemoryUserDetailsService()
inMemoryUserDetailsService.user_dict["blueuser"] = ("password1",
["LABEL_BLUE"
], False)
inMemoryUserDetailsService.user_dict["superuser"] = ("password2",
["LABEL_SHARED"
], False),
inMemoryUserDetailsService.user_dict["orangeuser"] = ("password3",
["LABEL_ORANGE"
], False),
inMemoryUserDetailsService.user_dict["multiuser"] = ("password4", [
"LABEL_BLUE", "LABEL_ORANGE"
], False)
inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider()
inMemoryDaoAuthenticationProvider.userDetailsService = inMemoryUserDetailsService
authenticationProvider = AuthenticationManager(
[inMemoryDaoAuthenticationProvider])
auth_manager = AuthenticationManager()
auth_manager.authenticationProviderList = [authenticationProvider]
labelBasedAclVoter = LabelBasedAclVoter()
labelBasedAclVoter.label_dict["LABEL_BLUE"] = ["blue", "blue-orange"]
labelBasedAclVoter.label_dict["LABEL_ORANGE"] = [
"orange", "blue-orange"
]
labelBasedAclVoter.label_dict["LABEL_SHARED"] = [
"blue", "orange", "blue-orange"
]
labelBasedAclVoter.attr_indicating_labeled_op = "LABELED_OPERATION"
labelBasedAclVoter.access_decision_mgr = AffirmativeBased(access_decision_voters = [labelBasedAclVoter], \
allow_if_all_abstain = False)
def shaAuthenticationProvider(self):
"""This authentication provider takes a user details service and links it with a password encoder, to hash
passwords before comparing with the user details service."""
provider = DaoAuthenticationProvider()
provider.user_details_service = self.shaUserDetailsService()
provider.password_encoder = self.shaEncoder()
return provider
def shaAuthenticationProvider(self):
"""This authentication provider takes a user details service and links it with a password encoder, to hash
passwords before comparing with the user details service."""
provider = DaoAuthenticationProvider()
provider.user_details_service = self.shaUserDetailsService()
provider.password_encoder = self.shaEncoder()
return provider
def testAuthenticationProcessingFilterWithGoodPassword(self):
def start_response():
pass
def application(environ, start_response):
return ["Success"]
environ = {}
environ["PATH_INFO"] = "/index.html"
inMemoryUserDetailsService = InMemoryUserDetailsService()
inMemoryUserDetailsService.user_dict = {
"user1": ("good_password", ["role1", "blue"], True)
}
inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider()
inMemoryDaoAuthenticationProvider.user_details_service = inMemoryUserDetailsService
inMemoryDaoAuthenticationManager = AuthenticationManager(
[inMemoryDaoAuthenticationProvider])
authenticationFilter = AuthenticationProcessingFilter()
authenticationFilter.auth_manager = inMemoryDaoAuthenticationManager
authenticationFilter.alwaysReauthenticate = False
token = UsernamePasswordAuthenticationToken("user1", "good_password",
None)
self.assertFalse(token.isAuthenticated())
SecurityContextHolder.setContext(SecurityContext())
SecurityContextHolder.getContext().authentication = token
filterChainProxy = FilterChainProxy()
filterChainProxy.filterInvocationDefinitionSource = [
("/.*", [authenticationFilter])
]
filterChainProxy.application = application
self.assertEquals(["Success"],
filterChainProxy(environ, start_response))
self.assertTrue(SecurityContextHolder.getContext().authentication.
isAuthenticated())
self.assertEquals(["Success"],
filterChainProxy(environ, start_response))
self.assertTrue(SecurityContextHolder.getContext().authentication.
isAuthenticated())
def testProgrammaticSetupForConsensusBased(self):
inMemoryUserDetailsService = InMemoryUserDetailsService()
inMemoryUserDetailsService.user_dict["blueuser"] = ("password1", ["LABEL_BLUE"], False)
inMemoryUserDetailsService.user_dict["superuser"] = ("password2", ["LABEL_SHARED"], False),
inMemoryUserDetailsService.user_dict["orangeuser"] = ("password3", ["LABEL_ORANGE"], False),
inMemoryUserDetailsService.user_dict["multiuser"] = ("password4", ["LABEL_BLUE", "LABEL_ORANGE"], False)
inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider()
inMemoryDaoAuthenticationProvider.userDetailsService = inMemoryUserDetailsService
authenticationProvider = AuthenticationManager([inMemoryDaoAuthenticationProvider])
auth_manager = AuthenticationManager()
auth_manager.authenticationProviderList = [authenticationProvider]
labelBasedAclVoter = LabelBasedAclVoter()
labelBasedAclVoter.label_dict["LABEL_BLUE"] = ["blue", "blue-orange"]
labelBasedAclVoter.label_dict["LABEL_ORANGE"] = ["orange", "blue-orange"]
labelBasedAclVoter.label_dict["LABEL_SHARED"] = ["blue", "orange", "blue-orange"]
labelBasedAclVoter.attr_indicating_labeled_op = "LABELED_OPERATION"
labelBasedAclVoter.access_decision_mgr = ConsensusBased(access_decision_voters = [labelBasedAclVoter], \
allow_if_all_abstain = False)
def shaAuthenticationProvider(self):
provider = DaoAuthenticationProvider()
provider.user_details_service = self.shaUserDetailsService()
provider.password_encoder = self.shaEncoder()
return provider
def shaAuthenticationProvider(self):
provider = DaoAuthenticationProvider()
provider.user_details_service = self.shaUserDetailsService()
provider.password_encoder = self.shaEncoder()
return provider