Add UsernamePasswordAuthenticationToken factory methods
- unauthenticated factory method - authenticated factory method - test for unauthenticated factory method - test for authenticated factory method - make existing constructor protected - use newly factory methods in rest of the project - update copyright dates Closes gh-10790
This commit is contained in:
committed by
Josh Cummings
parent
28c7a4be11
commit
abd33389be
+16
-11
@@ -56,14 +56,14 @@ public class BindAuthenticatorTests {
|
||||
public void setUp() {
|
||||
this.authenticator = new BindAuthenticator(this.contextSource);
|
||||
this.authenticator.setMessageSource(new SpringSecurityMessageSource());
|
||||
this.bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
|
||||
this.bob = UsernamePasswordAuthenticationToken.unauthenticated("bob", "bobspassword");
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void emptyPasswordIsRejected() {
|
||||
assertThatExceptionOfType(BadCredentialsException.class)
|
||||
.isThrownBy(() -> this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("jen", "")));
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(
|
||||
() -> this.authenticator.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("jen", "")));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -72,14 +72,15 @@ public class BindAuthenticatorTests {
|
||||
|
||||
DirContextOperations user = this.authenticator.authenticate(this.bob);
|
||||
assertThat(user.getStringAttribute("uid")).isEqualTo("bob");
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("mouse, jerry", "jerryspassword"));
|
||||
this.authenticator
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("mouse, jerry", "jerryspassword"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAuthenticationWithInvalidUserNameFails() {
|
||||
this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticator
|
||||
.authenticate(new UsernamePasswordAuthenticationToken("nonexistentsuser", "password")));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("nonexistentsuser", "password")));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -93,14 +94,18 @@ public class BindAuthenticatorTests {
|
||||
assertThat(result.getStringAttribute("cn")).isEqualTo("Bob Hamilton");
|
||||
// SEC-1444
|
||||
this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people", "(cn={0})", this.contextSource));
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("mouse, jerry", "jerryspassword"));
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("slash/guy", "slashguyspassword"));
|
||||
this.authenticator
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("mouse, jerry", "jerryspassword"));
|
||||
this.authenticator
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("slash/guy", "slashguyspassword"));
|
||||
// SEC-1661
|
||||
this.authenticator.setUserSearch(
|
||||
new FilterBasedLdapUserSearch("ou=\\\"quoted people\\\"", "(cn={0})", this.contextSource));
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy", "quoteguyspassword"));
|
||||
this.authenticator
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("quote\"guy", "quoteguyspassword"));
|
||||
this.authenticator.setUserSearch(new FilterBasedLdapUserSearch("", "(cn={0})", this.contextSource));
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy", "quoteguyspassword"));
|
||||
this.authenticator
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("quote\"guy", "quoteguyspassword"));
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -127,8 +132,8 @@ public class BindAuthenticatorTests {
|
||||
@Test
|
||||
public void testAuthenticationWithWrongPasswordFails() {
|
||||
this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(
|
||||
() -> this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpassword")));
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticator
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "wrongpassword")));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
+10
-9
@@ -63,8 +63,8 @@ public class PasswordComparisonAuthenticatorTests {
|
||||
this.authenticator = new PasswordComparisonAuthenticator(this.contextSource);
|
||||
this.authenticator.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
|
||||
this.authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
|
||||
this.bob = new UsernamePasswordAuthenticationToken("bob", "bobspassword");
|
||||
this.ben = new UsernamePasswordAuthenticationToken("ben", "benspassword");
|
||||
this.bob = UsernamePasswordAuthenticationToken.unauthenticated("bob", "bobspassword");
|
||||
this.ben = UsernamePasswordAuthenticationToken.unauthenticated("ben", "benspassword");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -81,16 +81,16 @@ public class PasswordComparisonAuthenticatorTests {
|
||||
.isEmpty();
|
||||
this.authenticator.setUserSearch(new MockUserSearch(null));
|
||||
this.authenticator.afterPropertiesSet();
|
||||
assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(
|
||||
() -> this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("Joe", "pass")));
|
||||
assertThatExceptionOfType(UsernameNotFoundException.class).isThrownBy(() -> this.authenticator
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("Joe", "pass")));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testLdapPasswordCompareFailsWithWrongPassword() {
|
||||
// Don't retrieve the password
|
||||
this.authenticator.setUserAttributes(new String[] { "uid", "cn", "sn" });
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(
|
||||
() -> this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "wrongpass")));
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.authenticator
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "wrongpass")));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -131,14 +131,14 @@ public class PasswordComparisonAuthenticatorTests {
|
||||
@Test
|
||||
public void testUseOfDifferentPasswordAttributeSucceeds() {
|
||||
this.authenticator.setPasswordAttributeName("uid");
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("bob", "bob"));
|
||||
this.authenticator.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bob", "bob"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testLdapCompareWithDifferentPasswordAttributeSucceeds() {
|
||||
this.authenticator.setUserAttributes(new String[] { "uid" });
|
||||
this.authenticator.setPasswordAttributeName("cn");
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("ben", "Ben Alex"));
|
||||
this.authenticator.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "Ben Alex"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -152,7 +152,8 @@ public class PasswordComparisonAuthenticatorTests {
|
||||
ctx.setAttributeValue("userPassword", "bobspassword");
|
||||
|
||||
this.authenticator.setUserSearch(new MockUserSearch(ctx));
|
||||
this.authenticator.authenticate(new UsernamePasswordAuthenticationToken("shouldntbeused", "bobspassword"));
|
||||
this.authenticator
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("shouldntbeused", "bobspassword"));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+4
-4
@@ -192,8 +192,8 @@ public class LdapUserDetailsManagerTests {
|
||||
|
||||
this.mgr.createUser(p.createUserDetails());
|
||||
|
||||
SecurityContextHolder.getContext().setAuthentication(
|
||||
new UsernamePasswordAuthenticationToken("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
|
||||
SecurityContextHolder.getContext().setAuthentication(UsernamePasswordAuthenticationToken
|
||||
.authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
|
||||
|
||||
this.mgr.changePassword("yossarianspassword", "yossariansnewpassword");
|
||||
|
||||
@@ -211,8 +211,8 @@ public class LdapUserDetailsManagerTests {
|
||||
p.setPassword("yossarianspassword");
|
||||
p.setAuthorities(TEST_AUTHORITIES);
|
||||
this.mgr.createUser(p.createUserDetails());
|
||||
SecurityContextHolder.getContext().setAuthentication(
|
||||
new UsernamePasswordAuthenticationToken("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
|
||||
SecurityContextHolder.getContext().setAuthentication(UsernamePasswordAuthenticationToken
|
||||
.authenticated("johnyossarian", "yossarianspassword", TEST_AUTHORITIES));
|
||||
assertThatExceptionOfType(BadCredentialsException.class)
|
||||
.isThrownBy(() -> this.mgr.changePassword("wrongpassword", "yossariansnewpassword"));
|
||||
}
|
||||
|
||||
+2
-2
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -99,7 +99,7 @@ public abstract class AbstractLdapAuthenticationProvider implements Authenticati
|
||||
UserDetails user) {
|
||||
Object password = this.useAuthenticationRequestCredentials ? authentication.getCredentials()
|
||||
: user.getPassword();
|
||||
UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(user, password,
|
||||
UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(user, password,
|
||||
this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
|
||||
result.setDetails(authentication.getDetails());
|
||||
this.logger.debug("Authenticated user");
|
||||
|
||||
+11
-9
@@ -67,16 +67,17 @@ public class LdapAuthenticationProviderTests {
|
||||
public void testEmptyOrNullUserNameThrowsException() {
|
||||
LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
|
||||
new MockAuthoritiesPopulator());
|
||||
assertThatExceptionOfType(BadCredentialsException.class)
|
||||
.isThrownBy(() -> ldapProvider.authenticate(new UsernamePasswordAuthenticationToken(null, "password")));
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(
|
||||
() -> ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("", "bobspassword")));
|
||||
() -> ldapProvider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated(null, "password")));
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> ldapProvider
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("", "bobspassword")));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void usernameNotFoundExceptionIsHiddenByDefault() {
|
||||
final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
|
||||
final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
|
||||
final UsernamePasswordAuthenticationToken joe = UsernamePasswordAuthenticationToken.unauthenticated("joe",
|
||||
"password");
|
||||
given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody"));
|
||||
LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> provider.authenticate(joe));
|
||||
@@ -85,7 +86,8 @@ public class LdapAuthenticationProviderTests {
|
||||
@Test
|
||||
public void usernameNotFoundExceptionIsNotHiddenIfConfigured() {
|
||||
final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
|
||||
final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
|
||||
final UsernamePasswordAuthenticationToken joe = UsernamePasswordAuthenticationToken.unauthenticated("joe",
|
||||
"password");
|
||||
given(authenticator.authenticate(joe)).willThrow(new UsernameNotFoundException("nobody"));
|
||||
LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
|
||||
provider.setHideUserNotFoundExceptions(false);
|
||||
@@ -100,7 +102,7 @@ public class LdapAuthenticationProviderTests {
|
||||
userMapper.setRoleAttributes(new String[] { "ou" });
|
||||
ldapProvider.setUserDetailsContextMapper(userMapper);
|
||||
assertThat(ldapProvider.getAuthoritiesPopulator()).isNotNull();
|
||||
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben",
|
||||
UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated("ben",
|
||||
"benspassword");
|
||||
Object authDetails = new Object();
|
||||
authRequest.setDetails(authDetails);
|
||||
@@ -121,7 +123,7 @@ public class LdapAuthenticationProviderTests {
|
||||
LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
|
||||
new MockAuthoritiesPopulator());
|
||||
ldapProvider.setUseAuthenticationRequestCredentials(false);
|
||||
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben",
|
||||
UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated("ben",
|
||||
"benspassword");
|
||||
Authentication authResult = ldapProvider.authenticate(authRequest);
|
||||
assertThat(authResult.getCredentials()).isEqualTo("{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
|
||||
@@ -133,7 +135,7 @@ public class LdapAuthenticationProviderTests {
|
||||
LdapUserDetailsMapper userMapper = new LdapUserDetailsMapper();
|
||||
userMapper.setRoleAttributes(new String[] { "ou" });
|
||||
ldapProvider.setUserDetailsContextMapper(userMapper);
|
||||
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben",
|
||||
UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated("ben",
|
||||
"benspassword");
|
||||
UserDetails user = (UserDetails) ldapProvider.authenticate(authRequest).getPrincipal();
|
||||
assertThat(user.getAuthorities()).hasSize(1);
|
||||
@@ -142,7 +144,7 @@ public class LdapAuthenticationProviderTests {
|
||||
|
||||
@Test
|
||||
public void authenticateWithNamingException() {
|
||||
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken("ben",
|
||||
UsernamePasswordAuthenticationToken authRequest = UsernamePasswordAuthenticationToken.unauthenticated("ben",
|
||||
"benspassword");
|
||||
LdapAuthenticator mockAuthenticator = mock(LdapAuthenticator.class);
|
||||
CommunicationException expectedCause = new CommunicationException(new javax.naming.CommunicationException());
|
||||
|
||||
+1
-1
@@ -53,7 +53,7 @@ public class PasswordComparisonAuthenticatorMockTests {
|
||||
final NamingEnumeration searchResults = new BasicAttributes("", null).getAll();
|
||||
given(dirCtx.search(eq("cn=Bob,ou=people"), eq("(userPassword={0})"), any(Object[].class),
|
||||
any(SearchControls.class))).willReturn(searchResults);
|
||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("Bob", "bobspassword"));
|
||||
authenticator.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("Bob", "bobspassword"));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+5
-5
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -68,7 +68,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
|
||||
|
||||
ActiveDirectoryLdapAuthenticationProvider provider;
|
||||
|
||||
UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
|
||||
UsernamePasswordAuthenticationToken joe = UsernamePasswordAuthenticationToken.unauthenticated("joe", "password");
|
||||
|
||||
@BeforeEach
|
||||
public void setUp() {
|
||||
@@ -162,7 +162,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
|
||||
any(SearchControls.class))).willReturn(new MockNamingEnumeration(sr));
|
||||
this.provider.contextFactory = createContextFactoryReturning(ctx);
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
|
||||
this.provider.authenticate(new UsernamePasswordAuthenticationToken("joe@mydomain.eu", "password"));
|
||||
this.provider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("joe@mydomain.eu", "password"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -189,8 +189,8 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
|
||||
// SEC-2500
|
||||
@Test
|
||||
public void sec2500PreventAnonymousBind() {
|
||||
assertThatExceptionOfType(BadCredentialsException.class)
|
||||
.isThrownBy(() -> this.provider.authenticate(new UsernamePasswordAuthenticationToken("rwinch", "")));
|
||||
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(
|
||||
() -> this.provider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("rwinch", "")));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
Reference in New Issue
Block a user