Examples of org.springframework.security.authentication.TestingAuthenticationToken

• org.springframework.security.authentication.TestingAuthenticationToken
  An {@link org.springframework.security.core.Authentication} implementation that is designed for use whilst unit testing.

  The corresponding authentication provider is {@link TestingAuthenticationProvider}. @author Ben Alex

    private ConcurrentSessionControlAuthenticationStrategy strategy;

    @Before
    public void setup() throws Exception {
        authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
        request = new MockHttpServletRequest();
        response = new MockHttpServletResponse();
        sessionInformation = new SessionInformation(authentication.getPrincipal(), "unique", new Date(1374766134216L));

        strategy = new ConcurrentSessionControlAuthenticationStrategy(sessionRegistry);

    private MockHttpServletResponse response;

    @Before
    public void setup() {
        authenticationStrategy = new RegisterSessionAuthenticationStrategy(registry);
        authentication = new TestingAuthenticationToken("user", "password","ROLE_USER");
        request = new MockHttpServletRequest();
        response = new MockHttpServletResponse();
    }

    }

    // SEC-1968
    @Test
    public void nullPreAuthenticationClearsPreviousUser() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("oldUser", "pass","ROLE_USER"));
        ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
        filter.principal = null;
        filter.setCheckForPrincipalChanges(true);

        filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());

        assertEquals(null, SecurityContextHolder.getContext().getAuthentication());
    }

    @Test
    public void nullPreAuthenticationPerservesPreviousUserCheckPrincipalChangesFalse() throws Exception {
        TestingAuthenticationToken authentication = new TestingAuthenticationToken("oldUser", "pass","ROLE_USER");
        SecurityContextHolder.getContext().setAuthentication(authentication);
        ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
        filter.principal = null;

        filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());

 */
public class TestingAuthenticationProviderTests extends TestCase {

    public void testAuthenticates() {
        TestingAuthenticationProvider provider = new TestingAuthenticationProvider();
        TestingAuthenticationToken token = new TestingAuthenticationToken("Test", "Password","ROLE_ONE","ROLE_TWO");
        Authentication result = provider.authenticate(token);

        assertTrue(result instanceof TestingAuthenticationToken);

        TestingAuthenticationToken castResult = (TestingAuthenticationToken) result;
        assertEquals("Test", castResult.getPrincipal());
        assertEquals("Password", castResult.getCredentials());
        assertTrue(AuthorityUtils.authorityListToSet(castResult.getAuthorities()).contains("ROLE_ONE"));
        assertTrue(AuthorityUtils.authorityListToSet(castResult.getAuthorities()).contains("ROLE_TWO"));
    }

    public void testIgnoresClassesItDoesNotSupport() throws Exception {
        RememberMeAuthenticationProvider aap = new RememberMeAuthenticationProvider();
        aap.setKey("qwerty");

        TestingAuthenticationToken token = new TestingAuthenticationToken("user", "password","ROLE_A");
        assertFalse(aap.supports(TestingAuthenticationToken.class));

        // Try it anyway
        assertNull(aap.authenticate(token));
    }

    @Test
    public void testSuccessfulAuthentication() {
        RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(any(Authentication.class))).thenReturn(new TestingAuthenticationToken("u","p","A"));
        manager.setAuthenticationManager(am);

        manager.attemptAuthentication("rod", "password");
    }

        assertTrue("Only ROLE_TEST1 and ROLE_TEST2 should have been returned", auth.getAuthorities().size() == 2);
    }

    @Test
    public void testUnsupportedAuthenticationObjectReturnsNull() {
        assertNull(jaasProvider.authenticate(new TestingAuthenticationToken("foo", "bar", AuthorityUtils.NO_AUTHORITIES )));
    }

    }

    @Test(expected=IllegalArgumentException.class)
    public void getPrincipalRejectsNonLdapUserDetailsObject() {
        AuthenticationSource source = new SpringSecurityAuthenticationSource();
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password"));

        source.getPrincipal();
    }

    }

    @Test
    public void expectedCredentialsAreReturned() {
        AuthenticationSource source = new SpringSecurityAuthenticationSource();
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(new Object(), "password"));

        assertEquals("password", source.getCredentials());
    }