def run(self): context = cherrypy.session.get("SPRINGPYTHON_SECURITY_CONTEXT_KEY") if not context: context = self.newContext() SecurityContextHolder.setContext(context) cherrypy.session["SPRINGPYTHON_SECURITY_CONTEXT_KEY"] = context
def testAuthenticationProcessingFilterWithBadPassword(self): def start_response(): pass def application(environ, start_response): return ["Success"] environ = {} environ["PATH_INFO"] = "/index.html" inMemoryUserDetailsService = InMemoryUserDetailsService() inMemoryUserDetailsService.user_dict = {"user1": ("good_password", ["role1", "blue"], True)} inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider() inMemoryDaoAuthenticationProvider.user_details_service = inMemoryUserDetailsService inMemoryDaoAuthenticationManager = AuthenticationManager([inMemoryDaoAuthenticationProvider]) authenticationFilter = AuthenticationProcessingFilter() authenticationFilter.auth_manager = inMemoryDaoAuthenticationManager authenticationFilter.alwaysReauthenticate = False token = UsernamePasswordAuthenticationToken("user1", "bad_password", None) self.assertFalse(token.isAuthenticated()) SecurityContextHolder.setContext(SecurityContext()) SecurityContextHolder.getContext().authentication = token filterChainProxy = FilterChainProxy() filterChainProxy.filterInvocationDefinitionSource = [("/.*", [authenticationFilter])] filterChainProxy.application = application self.assertRaises(BadCredentialsException, filterChainProxy, environ, start_response) self.assertFalse(SecurityContextHolder.getContext().authentication.isAuthenticated())
def setupContext(self, username, password): applicationContext = ApplicationContext(XMLConfig("support/unanimousBasedApplicationContext.xml")) token = UsernamePasswordAuthenticationToken(username, password) auth_manager = applicationContext.get_object("auth_manager") SecurityContextHolder.setContext(SecurityContext()) SecurityContextHolder.getContext().authentication = auth_manager.authenticate(token) self.sampleService = applicationContext.get_object("sampleService") self.block1 = SampleBlockOfData("block1") self.block2 = SampleBlockOfData("block2")
def setupContext(self, username, password): applicationContext = ApplicationContext(XMLConfig("support/labelBasedAclVoterApplicationContext.xml")) token = UsernamePasswordAuthenticationToken(username, password) auth_manager = applicationContext.get_object("auth_manager") SecurityContextHolder.setContext(SecurityContext()) SecurityContextHolder.getContext().authentication = auth_manager.authenticate(token) self.sampleService = applicationContext.get_object("sampleService") self.blueblock = SampleBlockOfData("blue") self.orangeblock = SampleBlockOfData("orange") self.sharedblock = SampleBlockOfData("blue-orange")
def setupContext(self, username, password): applicationContext = ApplicationContext( XMLConfig("support/unanimousBasedApplicationContext.xml")) token = UsernamePasswordAuthenticationToken(username, password) auth_manager = applicationContext.get_object("auth_manager") SecurityContextHolder.setContext(SecurityContext()) SecurityContextHolder.getContext( ).authentication = auth_manager.authenticate(token) self.sampleService = applicationContext.get_object("sampleService") self.block1 = SampleBlockOfData("block1") self.block2 = SampleBlockOfData("block2")
def setupContext(self, username, password): applicationContext = ApplicationContext( XMLConfig("support/labelBasedAclVoterApplicationContext.xml")) token = UsernamePasswordAuthenticationToken(username, password) auth_manager = applicationContext.get_object("auth_manager") SecurityContextHolder.setContext(SecurityContext()) SecurityContextHolder.getContext( ).authentication = auth_manager.authenticate(token) self.sampleService = applicationContext.get_object("sampleService") self.blueblock = SampleBlockOfData("blue") self.orangeblock = SampleBlockOfData("orange") self.sharedblock = SampleBlockOfData("blue-orange")
def testAuthenticationProcessingFilterWithGoodPassword(self): def start_response(): pass def application(environ, start_response): return ["Success"] environ = {} environ["PATH_INFO"] = "/index.html" inMemoryUserDetailsService = InMemoryUserDetailsService() inMemoryUserDetailsService.user_dict = { "user1": ("good_password", ["role1", "blue"], True) } inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider() inMemoryDaoAuthenticationProvider.user_details_service = inMemoryUserDetailsService inMemoryDaoAuthenticationManager = AuthenticationManager( [inMemoryDaoAuthenticationProvider]) authenticationFilter = AuthenticationProcessingFilter() authenticationFilter.auth_manager = inMemoryDaoAuthenticationManager authenticationFilter.alwaysReauthenticate = False token = UsernamePasswordAuthenticationToken("user1", "good_password", None) self.assertFalse(token.isAuthenticated()) SecurityContextHolder.setContext(SecurityContext()) SecurityContextHolder.getContext().authentication = token filterChainProxy = FilterChainProxy() filterChainProxy.filterInvocationDefinitionSource = [ ("/.*", [authenticationFilter]) ] filterChainProxy.application = application self.assertEquals(["Success"], filterChainProxy(environ, start_response)) self.assertTrue(SecurityContextHolder.getContext().authentication. isAuthenticated()) self.assertEquals(["Success"], filterChainProxy(environ, start_response)) self.assertTrue(SecurityContextHolder.getContext().authentication. isAuthenticated())
def __call__(self, environ, start_response): session = SessionObject(environ, **self.options) environ[self.environ_key] = session # SpringPython Security Context Initialization if session: context_from_session_object = None if self.SPRINGPYTHON_SECURITY_CONTEXT_KEY in session: context_from_session_object = pickle.loads( session[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY] ) if context_from_session_object: if isinstance(context_from_session_object, SecurityContext): self.logger.debug("Obtained from SPRINGPYTHON_SECURITY_CONTEXT_KEY a \ valid SecurityContext and set to \ SecurityContextHolder: '%s'" % context_from_session_object) SecurityContextHolder.setContext(context_from_session_object) else: self.logger.warn("SPRINGPYTHON_SECURITY_CONTEXT_KEY did not contain a SecurityContext but contained: '%s'" % context_from_session_object + "'; are you improperly modifying the HttpSession directly (you should always use " + "SecurityContextHolder) or using the HttpSession attribute reserved for this class? " + "- new SecurityContext instance associated with SecurityContextHolder") SecurityContextHolder.setContext(self.generate_new_context()) else: self.logger.debug("HttpSession returned null object for SPRINGPYTHON_SECURITY_CONTEXT_KEY " + "- new SecurityContext instance associated with SecurityContextHolder") SecurityContextHolder.setContext(self.generate_new_context()) else: self.logger.debug("No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder") SecurityContextHolder.setContext(self.generate_new_context()) def session_start_response(status, headers, exc_info = None): session[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY] = \ pickle.dumps(SecurityContextHolder.getContext()) SecurityContextHolder.clearContext() self.logger.debug("SecurityContextHolder cleared out, as request processing completed") if session.accessed(): session.persist() if session.__dict__['_headers']['set_cookie']: cookie = session.__dict__['_headers']['cookie_out'] if cookie: headers.append(('Set-cookie', cookie)) return start_response(status, headers, exc_info) return self.doNextFilter(environ, session_start_response)
def __call__(self, environ, start_response): """This filter copies SecurityContext information back and forth between the HttpSession and the SecurityContextHolder.""" httpSession = self.sessionStrategy.getHttpSession(environ) contextWhenChainProceeded = None if httpSession is not None: contextFromSessionObject = None if self.SPRINGPYTHON_SECURITY_CONTEXT_KEY in httpSession: contextFromSessionObject = pickle.loads(httpSession[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY]) if contextFromSessionObject is not None: if isinstance(contextFromSessionObject, SecurityContext): self.logger.debug("Obtained from SPRINGPYTHON_SECURITY_CONTEXT_KEY a valid SecurityContext and set " + "to SecurityContextHolder: '%s'" % contextFromSessionObject) SecurityContextHolder.setContext(contextFromSessionObject) else: self.logger.warn("SPRINGPYTHON_SECURITY_CONTEXT_KEY did not contain a SecurityContext but contained: '%s'" % contextFromSessionObject + "'; are you improperly modifying the HttpSession directly (you should always use " + "SecurityContextHolder) or using the HttpSession attribute reserved for this class? " + "- new SecurityContext instance associated with SecurityContextHolder") SecurityContextHolder.setContext(self.generateNewContext()) else: self.logger.debug("HttpSession returned null object for SPRINGPYTHON_SECURITY_CONTEXT_KEY " + "- new SecurityContext instance associated with SecurityContextHolder") SecurityContextHolder.setContext(self.generateNewContext()) else: self.logger.debug("No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder") SecurityContextHolder.setContext(self.generateNewContext()) self.logger.debug("Setting contextWhenChainProceeded to %s" % SecurityContextHolder.getContext()) contextWhenChainProceeded = str(SecurityContextHolder.getContext()) results = self.doNextFilter(environ, start_response) self.sessionStrategy.setHttpSession(self.SPRINGPYTHON_SECURITY_CONTEXT_KEY, pickle.dumps(SecurityContextHolder.getContext())) self.logger.debug("SecurityContext stored to HttpSession: '%s'" % SecurityContextHolder.getContext()) SecurityContextHolder.clearContext() self.logger.debug("SecurityContextHolder cleared out, as request processing completed") return results
def __call__(self, environ, start_response): """This filter copies SecurityContext information back and forth between the HttpSession and the SecurityContextHolder.""" httpSession = self.sessionStrategy.getHttpSession(environ) contextWhenChainProceeded = None if httpSession is not None: contextFromSessionObject = None if self.SPRINGPYTHON_SECURITY_CONTEXT_KEY in httpSession: contextFromSessionObject = pickle.loads( httpSession[self.SPRINGPYTHON_SECURITY_CONTEXT_KEY]) if contextFromSessionObject is not None: if isinstance(contextFromSessionObject, SecurityContext): self.logger.debug( "Obtained from SPRINGPYTHON_SECURITY_CONTEXT_KEY a valid SecurityContext and set " + "to SecurityContextHolder: '%s'" % contextFromSessionObject) SecurityContextHolder.setContext(contextFromSessionObject) else: self.logger.warn( "SPRINGPYTHON_SECURITY_CONTEXT_KEY did not contain a SecurityContext but contained: '%s'" % contextFromSessionObject + "'; are you improperly modifying the HttpSession directly (you should always use " + "SecurityContextHolder) or using the HttpSession attribute reserved for this class? " + "- new SecurityContext instance associated with SecurityContextHolder" ) SecurityContextHolder.setContext(self.generateNewContext()) else: self.logger.debug( "HttpSession returned null object for SPRINGPYTHON_SECURITY_CONTEXT_KEY " + "- new SecurityContext instance associated with SecurityContextHolder" ) SecurityContextHolder.setContext(self.generateNewContext()) else: self.logger.debug( "No HttpSession currently exists - new SecurityContext instance associated with SecurityContextHolder" ) SecurityContextHolder.setContext(self.generateNewContext()) self.logger.debug("Setting contextWhenChainProceeded to %s" % SecurityContextHolder.getContext()) contextWhenChainProceeded = str(SecurityContextHolder.getContext()) results = self.doNextFilter(environ, start_response) self.sessionStrategy.setHttpSession( self.SPRINGPYTHON_SECURITY_CONTEXT_KEY, pickle.dumps(SecurityContextHolder.getContext())) self.logger.debug("SecurityContext stored to HttpSession: '%s'" % SecurityContextHolder.getContext()) SecurityContextHolder.clearContext() self.logger.debug( "SecurityContextHolder cleared out, as request processing completed" ) return results
def setUp(self): SecurityContextHolder.setContext(SecurityContext()) self.appContext = ApplicationContext(XMLConfig("support/ldapApplicationContext.xml"))
def setUp(self): SecurityContextHolder.setContext(SecurityContext()) self.appContext = ApplicationContext(XMLConfig("support/providerApplicationContext.xml")) self.auth_manager = self.appContext.get_object("dao_mgr_hiding_exception") self.mock = self.mock() self.appContext.get_object("dataSource").stubConnection.mockCursor = self.mock
def setUp(self): SecurityContextHolder.setContext(SecurityContext()) self.appContext = ApplicationContext(XMLConfig("support/providerApplicationContext.xml")) self.auth_manager = self.appContext.get_object("inMemoryDaoAuthenticationManager")