Examples of org.springframework.security.authentication.TestingAuthenticationToken

• org.springframework.security.authentication.TestingAuthenticationToken
  An {@link org.springframework.security.core.Authentication} implementation that is designed for use whilst unit testing.

  The corresponding authentication provider is {@link TestingAuthenticationProvider}. @author Ben Alex

    protected void tearDown() throws Exception {
        SecurityContextHolder.clearContext();
    }

    public void testCorrectOperationWithStringBasedPrincipal() throws Exception {
        Authentication auth = new TestingAuthenticationToken("rod", "koala","ROLE_FOO");
        SecurityContextHolder.getContext().setAuthentication(auth);

        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI("/");

        assertFalse(wrapper.isUserInRole("ROLE_NOT_GRANTED"));
        assertEquals(auth, wrapper.getUserPrincipal());
    }

    public void testUseOfRolePrefixMeansItIsntNeededWhenCallngIsUserInRole() {
        Authentication auth = new TestingAuthenticationToken("rod", "koala", "ROLE_FOO");
        SecurityContextHolder.getContext().setAuthentication(auth);

        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI("/");

        assertTrue(wrapper.isUserInRole("FOO"));
    }

    public void testCorrectOperationWithUserDetailsBasedPrincipal() throws Exception {
        Authentication auth = new TestingAuthenticationToken(new User("rodAsUserDetails", "koala", true, true,
                    true, true, AuthorityUtils.NO_AUTHORITIES ), "koala", "ROLE_HELLO", "ROLE_FOOBAR");
        SecurityContextHolder.getContext().setAuthentication(auth);

        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI("/");

        assertFalse(wrapper.isUserInRole("ROLE_ANY"));
        assertNull(wrapper.getUserPrincipal());
    }

    public void testRolesArentHeldIfAuthenticationPrincipalIsNull() throws Exception {
        Authentication auth = new TestingAuthenticationToken(null, "koala","ROLE_HELLO","ROLE_FOOBAR");
        SecurityContextHolder.getContext().setAuthentication(auth);

        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI("/");

    }

    @Test
    public void testOperationWhenAuthenticationExistsInContextHolder() throws Exception {
        // Put an Authentication object into the SecurityContextHolder
        Authentication originalAuth = new TestingAuthenticationToken("user", "password", "ROLE_A");
        SecurityContextHolder.getContext().setAuthentication(originalAuth);

        AnonymousAuthenticationFilter filter =
                new AnonymousAuthenticationFilter("qwerty", "anonymousUsername", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));

        assertFalse(wipe.isAllowed("/foo/index.jsp", null));
    }

    @Test
    public void allowsAccessIfAccessDecisionMangerDoes() throws Exception {
        Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
        DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);
        assertTrue(wipe.isAllowed("/foo/index.jsp", token));
    }

    }

    @SuppressWarnings("unchecked")
    @Test
    public void deniesAccessIfAccessDecisionMangerDoes() throws Exception {
        Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
        DefaultWebInvocationPrivilegeEvaluator wipe = new DefaultWebInvocationPrivilegeEvaluator(interceptor);

        doThrow(new AccessDeniedException("")).when(adm).decide(any(Authentication.class), anyObject(), anyList());

        assertFalse(wipe.isAllowed("/foo/index.jsp", token));

    public void targetIsSerializableAfterUse() throws Exception {
        try {
            target.someAdminMethod();
        } catch (AuthenticationCredentialsNotFoundException expected) {
        }
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("u","p","ROLE_A"));

        BusinessService chompedTarget = (BusinessService) serializeAndDeserialize(target);
        chompedTarget.someAdminMethod();
    }

    @Test
    public void doFilterClearsSecurityContextHolder() throws Exception {
        when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
        doAnswer(new Answer<Object>() {
            public Object answer(InvocationOnMock inv) throws Throwable {
                SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("username", "password"));
                return null;
            }
        }).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));

        fcp.doFilter(request, response, chain);

    @Test
    public void doFilterClearsSecurityContextHolderWithException() throws Exception {
        when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
        doAnswer(new Answer<Object>() {
            public Object answer(InvocationOnMock inv) throws Throwable {
                SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("username", "password"));
                throw new ServletException("oops");
            }
        }).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));

        try {