2010-12-07 17:13:16 +01:00
|
|
|
/**
|
|
|
|
|
* Copyright (c) 2010, Sebastian Sdorra
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions are met:
|
|
|
|
|
*
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
|
|
|
* and/or other materials provided with the distribution.
|
|
|
|
|
* 3. Neither the name of SCM-Manager; nor the names of its
|
|
|
|
|
* contributors may be used to endorse or promote products derived from this
|
|
|
|
|
* software without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
|
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
|
|
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
|
|
|
|
|
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
|
|
|
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
|
|
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
|
|
|
|
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*
|
|
|
|
|
* http://bitbucket.org/sdorra/scm-manager
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
package sonia.scm.web.security;
|
|
|
|
|
|
|
|
|
|
//~--- non-JDK imports --------------------------------------------------------
|
|
|
|
|
|
2013-04-04 13:38:33 +02:00
|
|
|
import com.google.common.collect.ImmutableSet;
|
2011-08-16 19:10:36 +02:00
|
|
|
|
2010-12-07 17:13:16 +01:00
|
|
|
import org.junit.Test;
|
|
|
|
|
|
|
|
|
|
import sonia.scm.AbstractTestBase;
|
|
|
|
|
import sonia.scm.SCMContextProvider;
|
2013-04-04 13:38:33 +02:00
|
|
|
import sonia.scm.cache.MapCacheManager;
|
2014-02-16 15:41:48 +01:00
|
|
|
import sonia.scm.config.ScmConfiguration;
|
2011-01-15 14:05:13 +01:00
|
|
|
import sonia.scm.security.MessageDigestEncryptionHandler;
|
2010-12-07 17:13:16 +01:00
|
|
|
import sonia.scm.user.User;
|
2013-04-04 13:38:33 +02:00
|
|
|
import sonia.scm.user.UserManager;
|
2010-12-07 17:13:16 +01:00
|
|
|
import sonia.scm.user.UserTestData;
|
|
|
|
|
import sonia.scm.util.MockUtil;
|
|
|
|
|
|
|
|
|
|
import static org.junit.Assert.*;
|
|
|
|
|
|
2013-04-04 13:38:33 +02:00
|
|
|
import static org.mockito.Mockito.*;
|
2011-08-16 19:10:36 +02:00
|
|
|
|
2010-12-07 17:13:16 +01:00
|
|
|
//~--- JDK imports ------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
import java.io.IOException;
|
|
|
|
|
|
|
|
|
|
import java.util.Set;
|
|
|
|
|
|
|
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
*
|
|
|
|
|
* @author Sebastian Sdorra
|
|
|
|
|
*/
|
|
|
|
|
public class ChainAuthenticationManagerTest extends AbstractTestBase
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test
|
|
|
|
|
public void testAuthenticateFailed()
|
|
|
|
|
{
|
2013-04-04 13:38:33 +02:00
|
|
|
manager = createManager();
|
|
|
|
|
|
2011-01-15 14:05:13 +01:00
|
|
|
AuthenticationResult result = manager.authenticate(request, response,
|
|
|
|
|
trillian.getName(), "trillian");
|
2010-12-07 17:13:16 +01:00
|
|
|
|
2011-01-08 13:04:04 +01:00
|
|
|
assertNull(result);
|
2010-12-07 17:13:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test
|
|
|
|
|
public void testAuthenticateNotFound()
|
|
|
|
|
{
|
2013-04-04 13:38:33 +02:00
|
|
|
manager = createManager();
|
|
|
|
|
|
2011-01-15 14:05:13 +01:00
|
|
|
AuthenticationResult result = manager.authenticate(request, response,
|
|
|
|
|
"dent", "trillian");
|
2010-12-07 17:13:16 +01:00
|
|
|
|
2011-01-08 13:04:04 +01:00
|
|
|
assertNull(result);
|
2010-12-07 17:13:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test
|
|
|
|
|
public void testAuthenticateSuccess()
|
|
|
|
|
{
|
2013-04-04 13:38:33 +02:00
|
|
|
manager = createManager();
|
|
|
|
|
|
2011-01-15 14:05:13 +01:00
|
|
|
AuthenticationResult result = manager.authenticate(request, response,
|
|
|
|
|
trillian.getName(), "trillian123");
|
2010-12-07 17:13:16 +01:00
|
|
|
|
2011-01-08 13:04:04 +01:00
|
|
|
assertNotNull(result);
|
|
|
|
|
assertUserEquals(trillian, result.getUser());
|
|
|
|
|
assertEquals("trilliansType", result.getUser().getType());
|
|
|
|
|
result = manager.authenticate(request, response, perfect.getName(),
|
2013-01-23 13:38:26 +01:00
|
|
|
"perfect123");
|
2010-12-07 17:13:16 +01:00
|
|
|
assertNotNull(perfect);
|
2011-01-08 13:04:04 +01:00
|
|
|
assertUserEquals(perfect, result.getUser());
|
|
|
|
|
assertEquals("perfectsType", result.getUser().getType());
|
2010-12-07 17:13:16 +01:00
|
|
|
}
|
|
|
|
|
|
2013-04-04 13:38:33 +02:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test
|
|
|
|
|
public void testAuthenticationOrder()
|
|
|
|
|
{
|
|
|
|
|
User trillian = UserTestData.createTrillian();
|
|
|
|
|
|
|
|
|
|
trillian.setPassword("trillian123");
|
|
|
|
|
|
|
|
|
|
SingleUserAuthenticaionHandler a1 =
|
|
|
|
|
new SingleUserAuthenticaionHandler("a1", trillian);
|
|
|
|
|
SingleUserAuthenticaionHandler a2 =
|
|
|
|
|
new SingleUserAuthenticaionHandler("a2", trillian);
|
|
|
|
|
|
2014-02-16 15:41:48 +01:00
|
|
|
manager = createManager("a2", false, a1, a2);
|
2013-04-04 13:38:33 +02:00
|
|
|
|
|
|
|
|
AuthenticationResult result = manager.authenticate(request, response,
|
|
|
|
|
trillian.getName(), "trillian123");
|
|
|
|
|
|
|
|
|
|
assertNotNull(result);
|
|
|
|
|
assertEquals(AuthenticationState.SUCCESS, result.getState());
|
|
|
|
|
assertEquals("a2", result.getUser().getType());
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-16 15:41:48 +01:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
@Test
|
|
|
|
|
public void testStopChain()
|
|
|
|
|
{
|
|
|
|
|
ChainAuthenticatonManager cam = createManager("", false);
|
|
|
|
|
|
|
|
|
|
assertTrue(cam.stopChain(new AuthenticationResult(perfect)));
|
|
|
|
|
assertTrue(cam.stopChain(AuthenticationResult.FAILED));
|
|
|
|
|
assertFalse(cam.stopChain(AuthenticationResult.NOT_FOUND));
|
|
|
|
|
cam = createManager("", true);
|
|
|
|
|
assertTrue(cam.stopChain(new AuthenticationResult(perfect)));
|
|
|
|
|
assertFalse(cam.stopChain(AuthenticationResult.FAILED));
|
|
|
|
|
assertFalse(cam.stopChain(AuthenticationResult.NOT_FOUND));
|
|
|
|
|
}
|
|
|
|
|
|
2010-12-07 17:13:16 +01:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @throws Exception
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
protected void postSetUp() throws Exception
|
|
|
|
|
{
|
|
|
|
|
request = MockUtil.getHttpServletRequest();
|
|
|
|
|
response = MockUtil.getHttpServletResponse();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @throws Exception
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
protected void preTearDown() throws Exception
|
|
|
|
|
{
|
|
|
|
|
manager.close();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param user
|
|
|
|
|
* @param other
|
|
|
|
|
*/
|
|
|
|
|
private void assertUserEquals(User user, User other)
|
|
|
|
|
{
|
|
|
|
|
assertEquals(user.getName(), other.getName());
|
|
|
|
|
assertEquals(user.getDisplayName(), other.getDisplayName());
|
|
|
|
|
assertEquals(user.getMail(), other.getMail());
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-04 13:38:33 +02:00
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
private ChainAuthenticatonManager createManager()
|
|
|
|
|
{
|
|
|
|
|
perfect = UserTestData.createPerfect();
|
|
|
|
|
perfect.setPassword("perfect123");
|
|
|
|
|
trillian = UserTestData.createTrillian();
|
|
|
|
|
trillian.setPassword("trillian123");
|
|
|
|
|
|
2014-02-16 15:41:48 +01:00
|
|
|
return createManager("", false,
|
2013-04-04 13:38:33 +02:00
|
|
|
new SingleUserAuthenticaionHandler("perfectsType", perfect),
|
|
|
|
|
new SingleUserAuthenticaionHandler("trilliansType", trillian));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param defaultType
|
2014-02-16 15:41:48 +01:00
|
|
|
* @param skipFailedAuthenticators
|
2013-04-04 13:38:33 +02:00
|
|
|
* @param handlers
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
private ChainAuthenticatonManager createManager(String defaultType,
|
2014-02-16 15:41:48 +01:00
|
|
|
boolean skipFailedAuthenticators, AuthenticationHandler... handlers)
|
2013-04-04 13:38:33 +02:00
|
|
|
{
|
2014-02-16 15:41:48 +01:00
|
|
|
if ( handlers == null || handlers.length == 0 ){
|
|
|
|
|
//J-
|
|
|
|
|
handlers = new AuthenticationHandler[]{
|
|
|
|
|
new SingleUserAuthenticaionHandler("perfectsType", perfect),
|
|
|
|
|
new SingleUserAuthenticaionHandler("trilliansType", trillian)
|
|
|
|
|
};
|
|
|
|
|
//J+
|
|
|
|
|
}
|
|
|
|
|
ScmConfiguration configuration = new ScmConfiguration();
|
|
|
|
|
|
|
|
|
|
configuration.setSkipFailedAuthenticators(skipFailedAuthenticators);
|
|
|
|
|
|
2013-04-04 13:38:33 +02:00
|
|
|
Set<AuthenticationHandler> handlerSet = ImmutableSet.copyOf(handlers);
|
|
|
|
|
|
|
|
|
|
UserManager userManager = mock(UserManager.class);
|
|
|
|
|
|
|
|
|
|
when(userManager.getDefaultType()).thenReturn(defaultType);
|
2014-02-18 21:25:29 +01:00
|
|
|
manager = new ChainAuthenticatonManager(configuration, userManager,
|
|
|
|
|
handlerSet, new MessageDigestEncryptionHandler(), new MapCacheManager());
|
2013-04-04 13:38:33 +02:00
|
|
|
manager.init(contextProvider);
|
|
|
|
|
|
|
|
|
|
return manager;
|
|
|
|
|
}
|
|
|
|
|
|
2010-12-07 17:13:16 +01:00
|
|
|
//~--- inner classes --------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Class description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @version Enter version here..., 2010-12-07
|
|
|
|
|
* @author Sebastian Sdorra
|
|
|
|
|
*/
|
|
|
|
|
private static class SingleUserAuthenticaionHandler
|
2013-01-23 13:38:26 +01:00
|
|
|
implements AuthenticationHandler
|
2010-12-07 17:13:16 +01:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Constructs ...
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param type
|
|
|
|
|
* @param user
|
|
|
|
|
*/
|
|
|
|
|
public SingleUserAuthenticaionHandler(String type, User user)
|
|
|
|
|
{
|
|
|
|
|
this.type = type;
|
|
|
|
|
this.user = user;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//~--- methods ------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param request
|
|
|
|
|
* @param response
|
|
|
|
|
* @param username
|
|
|
|
|
* @param password
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public AuthenticationResult authenticate(HttpServletRequest request,
|
2013-01-23 13:38:26 +01:00
|
|
|
HttpServletResponse response, String username, String password)
|
2010-12-07 17:13:16 +01:00
|
|
|
{
|
|
|
|
|
AuthenticationResult result = null;
|
|
|
|
|
|
|
|
|
|
if (username.equals(user.getName()))
|
|
|
|
|
{
|
|
|
|
|
if (password.equals(user.getPassword()))
|
|
|
|
|
{
|
2013-04-04 13:38:33 +02:00
|
|
|
result = new AuthenticationResult(user.clone());
|
2010-12-07 17:13:16 +01:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
result = AuthenticationResult.FAILED;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
result = AuthenticationResult.NOT_FOUND;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @throws IOException
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public void close() throws IOException {}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @param context
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public void init(SCMContextProvider context) {}
|
|
|
|
|
|
|
|
|
|
//~--- get methods --------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Method description
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
@Override
|
|
|
|
|
public String getType()
|
|
|
|
|
{
|
|
|
|
|
return type;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//~--- fields -------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
2014-02-16 15:41:48 +01:00
|
|
|
private final String type;
|
2010-12-07 17:13:16 +01:00
|
|
|
|
|
|
|
|
/** Field description */
|
2014-02-16 15:41:48 +01:00
|
|
|
private final User user;
|
2010-12-07 17:13:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//~--- fields ---------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
|
|
|
|
private ChainAuthenticatonManager manager;
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
|
|
|
|
private User perfect;
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
|
|
|
|
private HttpServletRequest request;
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
|
|
|
|
private HttpServletResponse response;
|
|
|
|
|
|
|
|
|
|
/** Field description */
|
|
|
|
|
private User trillian;
|
|
|
|
|
}
|
