getCache().removeAll();
String username = "castest";
CasFormAuthenticationHelper helper = new CasFormAuthenticationHelper(casServerURLPrefix,
username, username);
Assertion ass = authenticateWithPGT(helper);
String proxyTicket = null;
for (int i = 0; i < 2; i++) {
request = createRequest("wms");
request.setQueryString("request=getCapabilities");
proxyTicket = ass.getPrincipal().getProxyTicketFor(
request.getRequestURL().toString() + "?" + request.getQueryString());
assertNotNull(proxyTicket);
response = new MockHttpServletResponse();
chain = new MockFilterChain();
request.setupAddParameter("ticket", proxyTicket);
if (i==0) {
request.setupAddParameter(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
request.setQueryString(request.getQueryString()+"&ticket="+proxyTicket+"&"+GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT+"=false");
} else {
request.setHeader(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
request.setQueryString(request.getQueryString()+"&ticket="+proxyTicket);
}
getProxy().doFilter(request, response, chain);
assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
TestingAuthenticationCache cache = getCache();
Authentication casAuth = cache.get(casProxyFilterName, username);
assertNotNull(casAuth);
checkForAuthenticatedRole(casAuth);
assertEquals(username, casAuth.getPrincipal());
assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(rootRole)));
assertTrue(casAuth.getAuthorities().contains(new GeoServerRole(derivedRole)));
assertNotNull(request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY));
assertNull(request.getSession(false));
}
assertNull(GeoServerCasAuthenticationFilter.getHandler().getSessionMappingStorage()
.removeSessionByMappingId(proxyTicket));
helper.ssoLogout();
// check unknown user
username = "unknown";
helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, username);
ass = authenticateWithPGT(helper);
for (int i = 0; i < 2; i++) {
request = createRequest("wms");
request.setQueryString("request=getCapabilities");
proxyTicket = ass.getPrincipal().getProxyTicketFor(request.getRequestURL().toString() + "?" + request.getQueryString());
assertNotNull(proxyTicket);
response = new MockHttpServletResponse();
chain = new MockFilterChain();
request.setupAddParameter("ticket", proxyTicket);
if (i==0) {
request.setupAddParameter(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
request.setQueryString(request.getQueryString()+"&ticket="+proxyTicket+"&"+GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT+"=false");
} else {
request.setHeader(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
request.setQueryString(request.getQueryString()+"&ticket="+proxyTicket);
}
getProxy().doFilter(request, response, chain);
assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
TestingAuthenticationCache cache = getCache();
Authentication casAuth = cache.get(casProxyFilterName, username);
assertNotNull(casAuth);
checkForAuthenticatedRole(casAuth);
assertEquals(username, casAuth.getPrincipal());
assertEquals(1, casAuth.getAuthorities().size());
assertNotNull(request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY));
assertNull(request.getSession(false));
}
helper.ssoLogout();
// check for disabled user
getCache().removeAll();
updateUser("ug1", "castest", false);
username = "castest";
helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, username);
ass = authenticateWithPGT(helper);
request = createRequest("wms");
proxyTicket = ass.getPrincipal().getProxyTicketFor(request.getRequestURL().toString());
assertNotNull(proxyTicket);
response = new MockHttpServletResponse();
chain = new MockFilterChain();
request.setupAddParameter("ticket", proxyTicket);
request.setupAddParameter(GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT, "false");
request.setQueryString("ticket="+proxyTicket+"&"+GeoServerCasAuthenticationEntryPoint.CAS_REDIRECT+"=false");
getProxy().doFilter(request, response, chain);
assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
TestingAuthenticationCache cache = getCache();
Authentication casAuth = cache.get(casProxyFilterName, proxyTicket);
assertNull(casAuth);
assertNull(request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY));
assertNull(request.getSession(false));
updateUser("ug1", "castest", true);
helper.ssoLogout();
// Test anonymous
insertAnonymousFilter();
request = createRequest("wms");
response = new MockHttpServletResponse();
chain = new MockFilterChain();
getProxy().doFilter(request, response, chain);
assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
// Anonymous context is not stored in http session, no further testing
removeAnonymousFilter();
// test proxy granting ticket in proxied auth filter
pconfig1.setProxyCallbackUrlPrefix(proxyCallbackUrlPrefix.toString());
getSecurityManager().saveFilter(pconfig1);
getCache().removeAll();
username = "castest";
helper = new CasFormAuthenticationHelper(casServerURLPrefix, username, username);
ass = authenticateWithPGT(helper);
request = createRequest("wms");
proxyTicket = ass.getPrincipal().getProxyTicketFor(request.getRequestURL().toString());
assertNotNull(proxyTicket);
response = new MockHttpServletResponse();
chain = new MockFilterChain();
request.setupAddParameter("ticket", proxyTicket);
getProxy().doFilter(request, response, chain);