Examples of org.springframework.security.core.Authentication

• org.springframework.security.core.Authentication
  Represents the token for an authentication request or for an authenticated principal once the request has been processed by the {@link AuthenticationManager#authenticate(Authentication)} method.

  Once the request has been authenticated, the Authentication will usually be stored in a thread-local SecurityContext managed by the {@link SecurityContextHolder} by the authentication mechanism which isbeing used. An explicit authentication can be achieved, without using one of Spring Security's authentication mechanisms, by creating an Authentication instance and using the code:

   SecurityContextHolder.getContext().setAuthentication(anAuthentication); 

  Note that unless the Authentication has the authenticated property set to true, it will still be authenticated by any security interceptor (for method or web invocations) which encounters it.

  In most cases, the framework transparently takes care of managing the security context and authentication objects for you. @author Ben Alex

        permissionEvaluator = new TodoPermissionEvaluator();
    }

    @Test
    public void hasPermissionWhenUserIsAnonymous() {
        Authentication anonymous = createAuthenticationForAnonymousUser();
        boolean hasPermission = permissionEvaluator.hasPermission(anonymous, DOMAIN_OBJECT_TODO, PERMISSION_ADD);
        assertFalse(hasPermission);
    }

        assertFalse(hasPermission);
    }

    @Test
    public void hasPermissionWhenUserIsLoggedInAndTargetDomainObjectIsUnknown() {
        Authentication loggedInUser = createAuthenticationForLoggedInUser(SecurityRole.ROLE_USER.name());
        boolean hasPermission = permissionEvaluator.hasPermission(loggedInUser, new Todo(), PERMISSION_ADD);
        assertFalse(hasPermission);
    }

        assertFalse(hasPermission);
    }

    @Test
    public void hasPermissionWhenUserIsLoggedInButHasUnknownRole() {
        Authentication loggedInUser = createAuthenticationForLoggedInUser(ROLE_UNKNOWN);
        boolean hasPermission = permissionEvaluator.hasPermission(loggedInUser, DOMAIN_OBJECT_TODO, PERMISSION_ADD);
        assertFalse(hasPermission);
    }

        assertFalse(hasPermission);
    }

    @Test
    public void hasPermissionWhenUserIsLoggedIn() {
        Authentication loggedInUser = createAuthenticationForLoggedInUser(SecurityRole.ROLE_USER.name());
        boolean hasPermission = permissionEvaluator.hasPermission(loggedInUser, DOMAIN_OBJECT_TODO, PERMISSION_ADD);
        assertTrue(hasPermission);
    }

        assertTrue(hasPermission);
    }

    @Test
    public void hasPermissionNotImplemented() {
        Authentication loggedInUser = createAuthenticationForLoggedInUser(SecurityRole.ROLE_USER.name());
        boolean hasPermission = permissionEvaluator.hasPermission(loggedInUser, TARGET_ID, DOMAIN_OBJECT_TODO, PERMISSION_ADD);
        assertFalse(hasPermission);
    }

    public UserDetails getPrincipal() {
        LOGGER.debug("Getting principal from the security context");

        UserDetails principal = null;

        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

        if (authentication != null) {
            Object currentPrincipal = authentication.getPrincipal();
            if (currentPrincipal instanceof UserDetails) {
                principal = (UserDetails) currentPrincipal;
            }
        }

    }

    @Test
    public void getPrincipal() {
        SecurityContext securityContextMock = mock(SecurityContext.class);
        Authentication authenticationMock = mock(Authentication.class);

        PowerMockito.mockStatic(SecurityContextHolder.class);
        when(SecurityContextHolder.getContext()).thenReturn(securityContextMock);
        when(securityContextMock.getAuthentication()).thenReturn(authenticationMock);

        UserDetails expectedPrincipal = new User("user", "password", new ArrayList<GrantedAuthority>());
        when(authenticationMock.getPrincipal()).thenReturn(expectedPrincipal);

        UserDetails actualPrincipal = securityContextUtil.getPrincipal();

        PowerMockito.verifyStatic(times(1));
        SecurityContextHolder.getContext();

    }

    @Test
    public void getPrincipalWhenAuthenticationDoesNotImplementUserDetails() {
        SecurityContext securityContextMock = mock(SecurityContext.class);
        Authentication authenticationMock = mock(Authentication.class);

        PowerMockito.mockStatic(SecurityContextHolder.class);
        when(SecurityContextHolder.getContext()).thenReturn(securityContextMock);
        when(securityContextMock.getAuthentication()).thenReturn(authenticationMock);
        when(authenticationMock.getPrincipal()).thenReturn(new String(""));

        UserDetails principal = securityContextUtil.getPrincipal();

        PowerMockito.verifyStatic(times(1));
        SecurityContextHolder.getContext();

    @Test
    public void onAuthenticationSuccess() throws ServletException, IOException {
        MockHttpServletRequest request = new MockHttpServletRequest();
        MockHttpServletResponse response = new MockHttpServletResponse();
        Authentication authentication = new UsernamePasswordAuthenticationToken(null, null);

        successHandler.onAuthenticationSuccess(request, response, authentication);

        assertEquals(MockHttpServletResponse.SC_OK, response.getStatus());
    }

    @Test
    public void onLogoutSuccess() throws IOException, ServletException {
        MockHttpServletRequest request = new MockHttpServletRequest();
        MockHttpServletResponse response = new MockHttpServletResponse();
        Authentication authentication = new TestingAuthenticationToken(null, null);

        logoutSuccessHandler.onLogoutSuccess(request, response, authentication);

        assertEquals(HttpServletResponse.SC_OK, response.getStatus());
    }