def handle(self, event):
request = event.get('request')
# check the current token
token = self.security_context.token
if token and token.authenticated and token.username == request.authorization.username:
self.logger.info("BasicAuthenticationListener - token is valid")
return
if not request.authorization:
self.logger.info("BasicAuthenticationListener - no authorization headers, sending default one")
self.security_context.token = None
event.set('response', self.entry_point.start(request))
return
# no token, create a new one and check credential
try:
token = UsernamePasswordToken(self.provider_key, request.authorization.username)
token.credentials = request.authorization.password
token = self.authentication_manager.authenticate(token)
self.security_context.token = token
if self.logger:
self.logger.info("BasicAuthenticationListener - AuthenticationException OK")
except AuthenticationException, e:
self.security_context.token = None
event.set('response', self.entry_point.start(request))
if self.logger:
self.logger.info("BasicAuthenticationListener - AuthenticationException occurs : %s" % e)
def test_authenticate(self):
provider = InMemoryProvider([{"username": "******", "password": "******", "roles": ["ADMIN"]}, {"username": "******"}])
auth_provider = DaoAuthenticationProvider(provider, "admin")
t = UsernamePasswordToken("admin", "foo")
t.credentials = "bar"
token = auth_provider.authenticate(t)
self.assertEquals(["ADMIN"], token.roles)
def test_authenticate(self):
auth_provider = DaoAuthenticationProvider(InMemoryProvider(), "admin")
auth_manager = AuthenticationProviderManager(Dispatcher(), [auth_provider])
t = UsernamePasswordToken("admin", "foo")
t.credentials = "bar"
with self.assertRaises(UsernameNotFoundException):
auth_manager.authenticate(t)
def test_authenticate_exception(self):
provider = InMemoryProvider([{"username": "******", "password": "******", "roles": ["ADMIN"]}, {"username": "******"}])
auth_provider = DaoAuthenticationProvider(provider, "admin")
with self.assertRaises(UsernameNotFoundException):
auth_provider.authenticate(UsernamePasswordToken("admin", "anno."))
with self.assertRaises(BadCredentialsException):
t = UsernamePasswordToken("admin", "foo")
t.credentials = "fake password"
auth_provider.authenticate(t)
def test_authenticate(self):
provider = InMemoryProvider([
{'username': '******', 'password': '******', 'roles': ['ADMIN']},
{'username': '******'}
])
auth_provider = DaoAuthenticationProvider(provider, 'admin')
t = UsernamePasswordToken('admin', 'foo')
t.credentials = 'bar'
token = auth_provider.authenticate(t)
self.assertEquals(['ADMIN'], token.roles)
def test_authenticate_exception(self):
provider = InMemoryProvider([
{'username': '******', 'password': '******', 'roles': ['ADMIN']},
{'username': '******'}
])
auth_provider = DaoAuthenticationProvider(provider, 'admin')
with self.assertRaises(UsernameNotFoundException):
auth_provider.authenticate(UsernamePasswordToken('admin', 'anno.'))
with self.assertRaises(BadCredentialsException):
t = UsernamePasswordToken('admin', 'foo')
t.credentials = 'fake password'
auth_provider.authenticate(t)
def authenticate(self, token):
if not self.supports(token):
return
try:
user = self.user_provider.loadUserByUsername(token.username)
if user.password != token.credentials:
raise BadCredentialsException('Invalid credentials, check login or password')
token = UsernamePasswordToken(token.key, user, roles=user.roles)
token.authenticated = True
return token
except UsernameNotFoundException, e:
raise e
