def testAuthenticationProcessingFilterWithBadPassword(self): def start_response(): pass def application(environ, start_response): return ["Success"] environ = {} environ["PATH_INFO"] = "/index.html" inMemoryUserDetailsService = InMemoryUserDetailsService() inMemoryUserDetailsService.user_dict = {"user1": ("good_password", ["role1", "blue"], True)} inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider() inMemoryDaoAuthenticationProvider.user_details_service = inMemoryUserDetailsService inMemoryDaoAuthenticationManager = AuthenticationManager([inMemoryDaoAuthenticationProvider]) authenticationFilter = AuthenticationProcessingFilter() authenticationFilter.auth_manager = inMemoryDaoAuthenticationManager authenticationFilter.alwaysReauthenticate = False token = UsernamePasswordAuthenticationToken("user1", "bad_password", None) self.assertFalse(token.isAuthenticated()) SecurityContextHolder.setContext(SecurityContext()) SecurityContextHolder.getContext().authentication = token filterChainProxy = FilterChainProxy() filterChainProxy.filterInvocationDefinitionSource = [("/.*", [authenticationFilter])] filterChainProxy.application = application self.assertRaises(BadCredentialsException, filterChainProxy, environ, start_response) self.assertFalse(SecurityContextHolder.getContext().authentication.isAuthenticated())
def testHttpSessionContextIntegrationFilter(self): def start_response(): pass def application(environ, start_response): return ["Success"] environ = {} environ["PATH_INFO"] = "/index.html" sessionStrategy = StubSessionStrategy() httpSessionContextIntegrationFilter = HttpSessionContextIntegrationFilter( sessionStrategy) # HttpSessionContextIntegrationFilter expects another filter after it to alter the credentials. stubAuthenticationFilter = StubAuthenticationFilter() filterChainProxy = FilterChainProxy() filterChainProxy.filterInvocationDefinitionSource = [ ("/.*", [httpSessionContextIntegrationFilter, stubAuthenticationFilter]) ] filterChainProxy.application = application self.assertEquals(["Success"], filterChainProxy(environ, start_response)) self.assertEquals(["Success"], filterChainProxy(environ, start_response)) httpSession = sessionStrategy.getHttpSession(environ) httpSession[httpSessionContextIntegrationFilter. SPRINGPYTHON_SECURITY_CONTEXT_KEY] = pickle.dumps( "Bad credentials") self.assertEquals(["Success"], filterChainProxy(environ, start_response))
def testFilterChainProxyWithMixedURLs(self): """ This test goes through the FilterChainProxy, and proves that it takes differing routes through filters based on URL pattern matching. """ class PassthroughFilter1(Filter): """This filter inserts a simple value to prove it was used.""" def __call__(self, environ, start_response): environ["PASSTHROUGH_FILTER1"] = True return self.doNextFilter(environ, start_response) class PassthroughFilter2(Filter): """This filter inserts a simple value to prove it was used.""" def __call__(self, environ, start_response): environ["PASSTHROUGH_FILTER2"] = True return self.doNextFilter(environ, start_response) def start_response(): pass def application(environ, start_response): return ["Success"] filterChainProxy = FilterChainProxy() filterChainProxy.filterInvocationDefinitionSource = [("/.*html", [PassthroughFilter1()]), ("/.*jsp", [PassthroughFilter2()])] filterChainProxy.application = application environ = {} environ["PATH_INFO"] = "/index.html" filterChainProxy(environ, start_response) self.assertTrue("PASSTHROUGH_FILTER1" in environ) self.assertTrue("PASSTHROUGH_FILTER2" not in environ) environ = {} environ["PATH_INFO"] = "/index.jsp" filterChainProxy(environ, start_response) self.assertTrue("PASSTHROUGH_FILTER1" not in environ) self.assertTrue("PASSTHROUGH_FILTER2" in environ) filterChainProxy2 = FilterChainProxy(filterInvocationDefinitionSource=[("/.*html", [PassthroughFilter1()]), ("/.*jsp", [PassthroughFilter2()])]) filterChainProxy2.application = application environ = {} environ["PATH_INFO"] = "/index.html" filterChainProxy2(environ, start_response) self.assertTrue("PASSTHROUGH_FILTER1" in environ) self.assertTrue("PASSTHROUGH_FILTER2" not in environ) environ = {} environ["PATH_INFO"] = "/index.jsp" filterChainProxy2(environ, start_response) self.assertTrue("PASSTHROUGH_FILTER1" not in environ) self.assertTrue("PASSTHROUGH_FILTER2" in environ)
def testAuthenticationProcessingFilterWithGoodPassword(self): def start_response(): pass def application(environ, start_response): return ["Success"] environ = {} environ["PATH_INFO"] = "/index.html" inMemoryUserDetailsService = InMemoryUserDetailsService() inMemoryUserDetailsService.user_dict = { "user1": ("good_password", ["role1", "blue"], True) } inMemoryDaoAuthenticationProvider = DaoAuthenticationProvider() inMemoryDaoAuthenticationProvider.user_details_service = inMemoryUserDetailsService inMemoryDaoAuthenticationManager = AuthenticationManager( [inMemoryDaoAuthenticationProvider]) authenticationFilter = AuthenticationProcessingFilter() authenticationFilter.auth_manager = inMemoryDaoAuthenticationManager authenticationFilter.alwaysReauthenticate = False token = UsernamePasswordAuthenticationToken("user1", "good_password", None) self.assertFalse(token.isAuthenticated()) SecurityContextHolder.setContext(SecurityContext()) SecurityContextHolder.getContext().authentication = token filterChainProxy = FilterChainProxy() filterChainProxy.filterInvocationDefinitionSource = [ ("/.*", [authenticationFilter]) ] filterChainProxy.application = application self.assertEquals(["Success"], filterChainProxy(environ, start_response)) self.assertTrue(SecurityContextHolder.getContext().authentication. isAuthenticated()) self.assertEquals(["Success"], filterChainProxy(environ, start_response)) self.assertTrue(SecurityContextHolder.getContext().authentication. isAuthenticated())
def testFilterChainProxyWithMixedURLs(self): """ This test goes through the FilterChainProxy, and proves that it takes differing routes through filters based on URL pattern matching. """ class PassthroughFilter1(Filter): """This filter inserts a simple value to prove it was used.""" def __call__(self, environ, start_response): environ["PASSTHROUGH_FILTER1"] = True return self.doNextFilter(environ, start_response) class PassthroughFilter2(Filter): """This filter inserts a simple value to prove it was used.""" def __call__(self, environ, start_response): environ["PASSTHROUGH_FILTER2"] = True return self.doNextFilter(environ, start_response) def start_response(): pass def application(environ, start_response): return ["Success"] filterChainProxy = FilterChainProxy() filterChainProxy.filterInvocationDefinitionSource = [ ("/.*html", [PassthroughFilter1()]), ("/.*jsp", [PassthroughFilter2()]) ] filterChainProxy.application = application environ = {} environ["PATH_INFO"] = "/index.html" filterChainProxy(environ, start_response) self.assertTrue("PASSTHROUGH_FILTER1" in environ) self.assertTrue("PASSTHROUGH_FILTER2" not in environ) environ = {} environ["PATH_INFO"] = "/index.jsp" filterChainProxy(environ, start_response) self.assertTrue("PASSTHROUGH_FILTER1" not in environ) self.assertTrue("PASSTHROUGH_FILTER2" in environ) filterChainProxy2 = FilterChainProxy( filterInvocationDefinitionSource=[( "/.*html", [PassthroughFilter1()]), ("/.*jsp", [PassthroughFilter2()])]) filterChainProxy2.application = application environ = {} environ["PATH_INFO"] = "/index.html" filterChainProxy2(environ, start_response) self.assertTrue("PASSTHROUGH_FILTER1" in environ) self.assertTrue("PASSTHROUGH_FILTER2" not in environ) environ = {} environ["PATH_INFO"] = "/index.jsp" filterChainProxy2(environ, start_response) self.assertTrue("PASSTHROUGH_FILTER1" not in environ) self.assertTrue("PASSTHROUGH_FILTER2" in environ)
def __call__(self, environ=None, start_response=None): if cherrypy.request.handler is None: return False def cherrypy_handler(*args, **kwargs): return cherrypy.request.handler(*args, **kwargs) def func(args): return args[0]() self.application = (func, (cherrypy_handler,)) cherrypy.response.body = FilterChainProxy.__call__(self, cherrypy.request.wsgi_environ, None) return True
def testHttpSessionContextIntegrationFilter(self): def start_response(): pass def application(environ, start_response): return ["Success"] environ = {} environ["PATH_INFO"] = "/index.html" sessionStrategy = StubSessionStrategy() httpSessionContextIntegrationFilter = HttpSessionContextIntegrationFilter(sessionStrategy) # HttpSessionContextIntegrationFilter expects another filter after it to alter the credentials. stubAuthenticationFilter = StubAuthenticationFilter() filterChainProxy = FilterChainProxy() filterChainProxy.filterInvocationDefinitionSource = [("/.*", [httpSessionContextIntegrationFilter, stubAuthenticationFilter])] filterChainProxy.application = application self.assertEquals(["Success"], filterChainProxy(environ, start_response)) self.assertEquals(["Success"], filterChainProxy(environ, start_response)) httpSession = sessionStrategy.getHttpSession(environ) httpSession[httpSessionContextIntegrationFilter.SPRINGPYTHON_SECURITY_CONTEXT_KEY] = pickle.dumps("Bad credentials") self.assertEquals(["Success"], filterChainProxy(environ, start_response))
def __call__(self, environ=None, start_response=None): innerfunc = cherrypy.request.handler def mini_app(*args, **kwargs): def cherrypy_wrapper(nexthandler, *args, **kwargs): results = nexthandler(*args, **kwargs) self.logger.debug("Results = %s" % results) return results return cherrypy_wrapper(innerfunc, *args, **kwargs) self.application = (self.invoke, (mini_app,)) # Store the final results... cherrypy.response.body = FilterChainProxy.__call__(self, cherrypy.request.wsgi_environ, None) #...and then signal there is no more handling for CherryPy to do. return True
def __init__(self, filterInvocationDefinitionSource=None): FilterChainProxy.__init__(self, filterInvocationDefinitionSource) self.logger = logging.getLogger("springpython.security.cherrypy3.CP3FilterChainProxy") cherrypy.tools.filterChainProxy = cherrypy._cptools.HandlerTool(self)