Reformat code using spring-javaformat
Run `./gradlew format` to reformat all java files. Issue gh-8945
This commit is contained in:
Phillip Webb
+5
-2
@@ -21,11 +21,13 @@ import org.springframework.security.core.AuthenticationException;
|
||||
* Indicates that OpenID authentication was cancelled
|
||||
*
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Robin Bramley, Opsera Ltd
|
||||
*/
|
||||
public class AuthenticationCancelledException extends AuthenticationException {
|
||||
|
||||
// ~ Constructors
|
||||
// ===================================================================================================
|
||||
|
||||
@@ -36,4 +38,5 @@ public class AuthenticationCancelledException extends AuthenticationException {
|
||||
public AuthenticationCancelledException(String msg, Throwable t) {
|
||||
super(msg, t);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -25,8 +25,9 @@ import java.util.List;
|
||||
* OpenID providers, since they do not all support the same attributes.
|
||||
*
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Luke Taylor
|
||||
* @since 3.1
|
||||
*/
|
||||
@@ -35,9 +36,9 @@ public interface AxFetchListFactory {
|
||||
/**
|
||||
* Builds the list of attributes which should be added to the fetch request for the
|
||||
* supplied OpenID identifier.
|
||||
*
|
||||
* @param identifier the claimed_identity
|
||||
* @return the attributes to fetch for this identifier
|
||||
*/
|
||||
List<OpenIDAttribute> createAttributeList(String identifier);
|
||||
|
||||
}
|
||||
|
||||
+5
-2
@@ -20,13 +20,16 @@ import java.util.List;
|
||||
|
||||
/**
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Luke Taylor
|
||||
* @since 3.1
|
||||
*/
|
||||
public class NullAxFetchListFactory implements AxFetchListFactory {
|
||||
|
||||
public List<OpenIDAttribute> createAttributeList(String identifier) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -42,14 +42,17 @@ import org.springframework.util.StringUtils;
|
||||
|
||||
/**
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Ray Krueger
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public class OpenID4JavaConsumer implements OpenIDConsumer {
|
||||
|
||||
private static final String DISCOVERY_INFO_KEY = DiscoveryInformation.class.getName();
|
||||
|
||||
private static final String ATTRIBUTE_LIST_KEY = "SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST";
|
||||
|
||||
// ~ Instance fields
|
||||
@@ -58,6 +61,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
|
||||
protected final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private final ConsumerManager consumerManager;
|
||||
|
||||
private final AxFetchListFactory attributesToFetchFactory;
|
||||
|
||||
// ~ Constructors
|
||||
@@ -67,13 +71,11 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
|
||||
this(new ConsumerManager(), new NullAxFetchListFactory());
|
||||
}
|
||||
|
||||
public OpenID4JavaConsumer(AxFetchListFactory attributesToFetchFactory)
|
||||
throws ConsumerException {
|
||||
public OpenID4JavaConsumer(AxFetchListFactory attributesToFetchFactory) throws ConsumerException {
|
||||
this(new ConsumerManager(), attributesToFetchFactory);
|
||||
}
|
||||
|
||||
public OpenID4JavaConsumer(ConsumerManager consumerManager,
|
||||
AxFetchListFactory attributesToFetchFactory) {
|
||||
public OpenID4JavaConsumer(ConsumerManager consumerManager, AxFetchListFactory attributesToFetchFactory) {
|
||||
this.consumerManager = consumerManager;
|
||||
this.attributesToFetchFactory = attributesToFetchFactory;
|
||||
}
|
||||
@@ -81,8 +83,8 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
||||
public String beginConsumption(HttpServletRequest req, String identityUrl,
|
||||
String returnToUrl, String realm) throws OpenIDConsumerException {
|
||||
public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm)
|
||||
throws OpenIDConsumerException {
|
||||
List<DiscoveryInformation> discoveries;
|
||||
|
||||
try {
|
||||
@@ -102,48 +104,42 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
|
||||
|
||||
logger.debug("Looking up attribute fetch list for identifier: " + identityUrl);
|
||||
|
||||
List<OpenIDAttribute> attributesToFetch = attributesToFetchFactory
|
||||
.createAttributeList(identityUrl);
|
||||
List<OpenIDAttribute> attributesToFetch = attributesToFetchFactory.createAttributeList(identityUrl);
|
||||
|
||||
if (!attributesToFetch.isEmpty()) {
|
||||
req.getSession().setAttribute(ATTRIBUTE_LIST_KEY, attributesToFetch);
|
||||
FetchRequest fetchRequest = FetchRequest.createFetchRequest();
|
||||
for (OpenIDAttribute attr : attributesToFetch) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Adding attribute " + attr.getType()
|
||||
+ " to fetch request");
|
||||
logger.debug("Adding attribute " + attr.getType() + " to fetch request");
|
||||
}
|
||||
fetchRequest.addAttribute(attr.getName(), attr.getType(),
|
||||
attr.isRequired(), attr.getCount());
|
||||
fetchRequest.addAttribute(attr.getName(), attr.getType(), attr.isRequired(), attr.getCount());
|
||||
}
|
||||
authReq.addExtension(fetchRequest);
|
||||
}
|
||||
}
|
||||
catch (MessageException | ConsumerException e) {
|
||||
throw new OpenIDConsumerException(
|
||||
"Error processing ConsumerManager authentication", e);
|
||||
throw new OpenIDConsumerException("Error processing ConsumerManager authentication", e);
|
||||
}
|
||||
|
||||
return authReq.getDestinationUrl(true);
|
||||
}
|
||||
|
||||
public OpenIDAuthenticationToken endConsumption(HttpServletRequest request)
|
||||
throws OpenIDConsumerException {
|
||||
public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
|
||||
// extract the parameters from the authentication response
|
||||
// (which comes in as a HTTP request from the OpenID provider)
|
||||
ParameterList openidResp = new ParameterList(request.getParameterMap());
|
||||
|
||||
// retrieve the previously stored discovery information
|
||||
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession()
|
||||
.getAttribute(DISCOVERY_INFO_KEY);
|
||||
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
|
||||
|
||||
if (discovered == null) {
|
||||
throw new OpenIDConsumerException(
|
||||
"DiscoveryInformation is not available. Possible causes are lost session or replay attack");
|
||||
}
|
||||
|
||||
List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request
|
||||
.getSession().getAttribute(ATTRIBUTE_LIST_KEY);
|
||||
List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession()
|
||||
.getAttribute(ATTRIBUTE_LIST_KEY);
|
||||
|
||||
request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
|
||||
request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY);
|
||||
@@ -160,8 +156,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
|
||||
VerificationResult verification;
|
||||
|
||||
try {
|
||||
verification = consumerManager.verify(receivingURL.toString(), openidResp,
|
||||
discovered);
|
||||
verification = consumerManager.verify(receivingURL.toString(), openidResp, discovered);
|
||||
}
|
||||
catch (MessageException | AssociationException | DiscoveryException e) {
|
||||
throw new OpenIDConsumerException("Error verifying openid response", e);
|
||||
@@ -175,21 +170,19 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
|
||||
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE,
|
||||
id == null ? "Unknown" : id.getIdentifier(),
|
||||
"Verification status message: [" + verification.getStatusMsg() + "]",
|
||||
Collections.<OpenIDAttribute> emptyList());
|
||||
Collections.<OpenIDAttribute>emptyList());
|
||||
}
|
||||
|
||||
List<OpenIDAttribute> attributes = fetchAxAttributes(
|
||||
verification.getAuthResponse(), attributesToFetch);
|
||||
List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
|
||||
|
||||
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS,
|
||||
verified.getIdentifier(), "some message", attributes);
|
||||
return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(),
|
||||
"some message", attributes);
|
||||
}
|
||||
|
||||
List<OpenIDAttribute> fetchAxAttributes(Message authSuccess,
|
||||
List<OpenIDAttribute> attributesToFetch) throws OpenIDConsumerException {
|
||||
List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch)
|
||||
throws OpenIDConsumerException {
|
||||
|
||||
if (attributesToFetch == null
|
||||
|| !authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
|
||||
if (attributesToFetch == null || !authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
@@ -206,8 +199,7 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
|
||||
for (OpenIDAttribute attr : attributesToFetch) {
|
||||
List<String> values = fetchResp.getAttributeValues(attr.getName());
|
||||
if (!values.isEmpty()) {
|
||||
OpenIDAttribute fetched = new OpenIDAttribute(attr.getName(),
|
||||
attr.getType(), values);
|
||||
OpenIDAttribute fetched = new OpenIDAttribute(attr.getName(), attr.getType(), values);
|
||||
fetched.setRequired(attr.isRequired());
|
||||
attributes.add(fetched);
|
||||
}
|
||||
@@ -224,4 +216,5 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
|
||||
|
||||
return attributes;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -28,15 +28,20 @@ import org.springframework.util.Assert;
|
||||
* are returned during the authentication process.
|
||||
*
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Luke Taylor
|
||||
* @since 3.0
|
||||
*/
|
||||
public class OpenIDAttribute implements Serializable {
|
||||
|
||||
private final String name;
|
||||
|
||||
private final String typeIdentifier;
|
||||
|
||||
private boolean required = false;
|
||||
|
||||
private int count = 1;
|
||||
|
||||
private final List<String> values;
|
||||
@@ -96,8 +101,7 @@ public class OpenIDAttribute implements Serializable {
|
||||
* The values obtained from an attribute exchange.
|
||||
*/
|
||||
public List<String> getValues() {
|
||||
Assert.notNull(values,
|
||||
"Cannot read values from an authentication request attribute");
|
||||
Assert.notNull(values, "Cannot read values from an authentication request attribute");
|
||||
return values;
|
||||
}
|
||||
|
||||
@@ -112,4 +116,5 @@ public class OpenIDAttribute implements Serializable {
|
||||
result.append("]");
|
||||
return result.toString();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+17
-22
@@ -60,8 +60,9 @@ import java.util.*;
|
||||
* order to load the authorities for the user.
|
||||
*
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Robin Bramley
|
||||
* @author Ray Krueger
|
||||
* @author Luke Taylor
|
||||
@@ -69,6 +70,7 @@ import java.util.*;
|
||||
* @see OpenIDAuthenticationProvider
|
||||
*/
|
||||
public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
|
||||
|
||||
// ~ Static fields/initializers
|
||||
// =====================================================================================
|
||||
|
||||
@@ -78,8 +80,11 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
// ================================================================================================
|
||||
|
||||
private OpenIDConsumer consumer;
|
||||
|
||||
private String claimedIdentityFieldName = DEFAULT_CLAIMED_IDENTITY_FIELD;
|
||||
|
||||
private Map<String, String> realmMapping = Collections.emptyMap();
|
||||
|
||||
private Set<String> returnToUrlParameters = Collections.emptySet();
|
||||
|
||||
// ~ Constructors
|
||||
@@ -105,12 +110,9 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
}
|
||||
}
|
||||
|
||||
if (returnToUrlParameters.isEmpty()
|
||||
&& getRememberMeServices() instanceof AbstractRememberMeServices) {
|
||||
if (returnToUrlParameters.isEmpty() && getRememberMeServices() instanceof AbstractRememberMeServices) {
|
||||
returnToUrlParameters = new HashSet<>();
|
||||
returnToUrlParameters
|
||||
.add(((AbstractRememberMeServices) getRememberMeServices())
|
||||
.getParameter());
|
||||
returnToUrlParameters.add(((AbstractRememberMeServices) getRememberMeServices()).getParameter());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -124,8 +126,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
* </ol>
|
||||
*/
|
||||
@Override
|
||||
public Authentication attemptAuthentication(HttpServletRequest request,
|
||||
HttpServletResponse response) throws AuthenticationException, IOException {
|
||||
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
|
||||
throws AuthenticationException, IOException {
|
||||
OpenIDAuthenticationToken token;
|
||||
|
||||
String identity = request.getParameter("openid.identity");
|
||||
@@ -136,11 +138,9 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
try {
|
||||
String returnToUrl = buildReturnToUrl(request);
|
||||
String realm = lookupRealm(returnToUrl);
|
||||
String openIdUrl = consumer.beginConsumption(request, claimedIdentity,
|
||||
returnToUrl, realm);
|
||||
String openIdUrl = consumer.beginConsumption(request, claimedIdentity, returnToUrl, realm);
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("return_to is '" + returnToUrl + "', realm is '" + realm
|
||||
+ "'");
|
||||
logger.debug("return_to is '" + returnToUrl + "', realm is '" + realm + "'");
|
||||
logger.debug("Redirecting to " + openIdUrl);
|
||||
}
|
||||
response.sendRedirect(openIdUrl);
|
||||
@@ -169,8 +169,7 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
token.setDetails(authenticationDetailsSource.buildDetails(request));
|
||||
|
||||
// delegate to the authentication provider
|
||||
Authentication authentication = this.getAuthenticationManager().authenticate(
|
||||
token);
|
||||
Authentication authentication = this.getAuthenticationManager().authenticate(token);
|
||||
|
||||
return authentication;
|
||||
}
|
||||
@@ -183,8 +182,8 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
URL url = new URL(returnToUrl);
|
||||
int port = url.getPort();
|
||||
|
||||
StringBuilder realmBuffer = new StringBuilder(returnToUrl.length())
|
||||
.append(url.getProtocol()).append("://").append(url.getHost());
|
||||
StringBuilder realmBuffer = new StringBuilder(returnToUrl.length()).append(url.getProtocol())
|
||||
.append("://").append(url.getHost());
|
||||
if (port > 0) {
|
||||
realmBuffer.append(":").append(port);
|
||||
}
|
||||
@@ -202,7 +201,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
/**
|
||||
* Builds the <tt>return_to</tt> URL that will be sent to the OpenID service provider.
|
||||
* By default returns the URL of the current request.
|
||||
*
|
||||
* @param request the current request which is being processed by this filter
|
||||
* @return The <tt>return_to</tt> URL.
|
||||
*/
|
||||
@@ -259,7 +257,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
* protocol, hostname and port followed by a trailing slash. This means that
|
||||
* <tt>https://foo.example.com/login/openid</tt> will automatically become
|
||||
* <tt>http://foo.example.com:80/</tt>
|
||||
*
|
||||
* @param realmMapping containing returnToUrl -> realm mappings
|
||||
*/
|
||||
public void setRealmMapping(Map<String, String> realmMapping) {
|
||||
@@ -269,7 +266,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
/**
|
||||
* The name of the request parameter containing the OpenID identity, as submitted from
|
||||
* the initial login form.
|
||||
*
|
||||
* @param claimedIdentityFieldName defaults to "openid_identifier"
|
||||
*/
|
||||
public void setClaimedIdentityFieldName(String claimedIdentityFieldName) {
|
||||
@@ -284,7 +280,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
* Specifies any extra parameters submitted along with the identity field which should
|
||||
* be appended to the {@code return_to} URL which is assembled by
|
||||
* {@link #buildReturnToUrl}.
|
||||
*
|
||||
* @param returnToUrlParameters the set of parameter names. If not set, it will
|
||||
* default to the parameter name used by the {@code RememberMeServices} obtained from
|
||||
* the parent class (if one is set).
|
||||
@@ -296,7 +291,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
|
||||
/**
|
||||
* Performs URL encoding with UTF-8
|
||||
*
|
||||
* @param value the value to URL encode
|
||||
* @return the encoded value
|
||||
*/
|
||||
@@ -311,4 +305,5 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
|
||||
throw err;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+16
-21
@@ -45,17 +45,19 @@ import org.springframework.util.Assert;
|
||||
* telephone numbers etc can easily be stored.
|
||||
*
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Robin Bramley, Opsera Ltd.
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class OpenIDAuthenticationProvider
|
||||
implements AuthenticationProvider, InitializingBean {
|
||||
public class OpenIDAuthenticationProvider implements AuthenticationProvider, InitializingBean {
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private AuthenticationUserDetailsService<OpenIDAuthenticationToken> userDetailsService;
|
||||
|
||||
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
|
||||
|
||||
// ~ Methods
|
||||
@@ -72,8 +74,7 @@ public class OpenIDAuthenticationProvider
|
||||
* org.springframework.security.authentication.AuthenticationProvider#authenticate
|
||||
* (org.springframework.security.Authentication)
|
||||
*/
|
||||
public Authentication authenticate(final Authentication authentication)
|
||||
throws AuthenticationException {
|
||||
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
|
||||
|
||||
if (!supports(authentication.getClass())) {
|
||||
return null;
|
||||
@@ -86,8 +87,7 @@ public class OpenIDAuthenticationProvider
|
||||
// handle the various possibilities
|
||||
if (status == OpenIDAuthenticationStatus.SUCCESS) {
|
||||
// Lookup user details
|
||||
UserDetails userDetails = this.userDetailsService
|
||||
.loadUserDetails(response);
|
||||
UserDetails userDetails = this.userDetailsService.loadUserDetails(response);
|
||||
|
||||
return createSuccessfulAuthentication(userDetails, response);
|
||||
|
||||
@@ -96,20 +96,17 @@ public class OpenIDAuthenticationProvider
|
||||
throw new AuthenticationCancelledException("Log in cancelled");
|
||||
}
|
||||
else if (status == OpenIDAuthenticationStatus.ERROR) {
|
||||
throw new AuthenticationServiceException(
|
||||
"Error message from server: " + response.getMessage());
|
||||
throw new AuthenticationServiceException("Error message from server: " + response.getMessage());
|
||||
}
|
||||
else if (status == OpenIDAuthenticationStatus.FAILURE) {
|
||||
throw new BadCredentialsException(
|
||||
"Log in failed - identity could not be verified");
|
||||
throw new BadCredentialsException("Log in failed - identity could not be verified");
|
||||
}
|
||||
else if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
|
||||
throw new AuthenticationServiceException(
|
||||
"The server responded setup was needed, which shouldn't happen");
|
||||
}
|
||||
else {
|
||||
throw new AuthenticationServiceException(
|
||||
"Unrecognized return value " + status.toString());
|
||||
throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -123,24 +120,21 @@ public class OpenIDAuthenticationProvider
|
||||
* The default implementation just creates a new OpenIDAuthenticationToken from the
|
||||
* original, but with the UserDetails as the principal and including the authorities
|
||||
* loaded by the UserDetailsService.
|
||||
*
|
||||
* @param userDetails the loaded UserDetails object
|
||||
* @param auth the token passed to the authenticate method, containing
|
||||
* @return the token which will represent the authenticated user.
|
||||
*/
|
||||
protected Authentication createSuccessfulAuthentication(UserDetails userDetails,
|
||||
OpenIDAuthenticationToken auth) {
|
||||
protected Authentication createSuccessfulAuthentication(UserDetails userDetails, OpenIDAuthenticationToken auth) {
|
||||
return new OpenIDAuthenticationToken(userDetails,
|
||||
this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()),
|
||||
auth.getIdentityUrl(), auth.getAttributes());
|
||||
this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), auth.getIdentityUrl(),
|
||||
auth.getAttributes());
|
||||
}
|
||||
|
||||
/**
|
||||
* Used to load the {@code UserDetails} for the authenticated OpenID user.
|
||||
*/
|
||||
public void setUserDetailsService(UserDetailsService userDetailsService) {
|
||||
this.userDetailsService = new UserDetailsByNameServiceWrapper<>(
|
||||
userDetailsService);
|
||||
this.userDetailsService = new UserDetailsByNameServiceWrapper<>(userDetailsService);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -165,4 +159,5 @@ public class OpenIDAuthenticationProvider
|
||||
public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper) {
|
||||
this.authoritiesMapper = authoritiesMapper;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+4
-3
@@ -17,10 +17,10 @@ package org.springframework.security.openid;
|
||||
|
||||
/**
|
||||
* Authentication status codes, based on JanRain status codes
|
||||
*
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author JanRain Inc.
|
||||
* @author Robin Bramley, Opsera Ltd
|
||||
* @author Luke Taylor
|
||||
@@ -58,4 +58,5 @@ public enum OpenIDAuthenticationStatus {
|
||||
public String toString() {
|
||||
return name;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+12
-8
@@ -27,8 +27,9 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
|
||||
* OpenID Authentication Token
|
||||
*
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Robin Bramley
|
||||
*/
|
||||
public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
|
||||
@@ -39,16 +40,20 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
|
||||
// ================================================================================================
|
||||
|
||||
private final OpenIDAuthenticationStatus status;
|
||||
|
||||
private final Object principal;
|
||||
|
||||
private final String identityUrl;
|
||||
|
||||
private final String message;
|
||||
|
||||
private final List<OpenIDAttribute> attributes;
|
||||
|
||||
// ~ Constructors
|
||||
// ===================================================================================================
|
||||
|
||||
public OpenIDAuthenticationToken(OpenIDAuthenticationStatus status,
|
||||
String identityUrl, String message, List<OpenIDAttribute> attributes) {
|
||||
public OpenIDAuthenticationToken(OpenIDAuthenticationStatus status, String identityUrl, String message,
|
||||
List<OpenIDAttribute> attributes) {
|
||||
super(new ArrayList<>(0));
|
||||
this.principal = identityUrl;
|
||||
this.status = status;
|
||||
@@ -60,14 +65,12 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
|
||||
|
||||
/**
|
||||
* Created by the <tt>OpenIDAuthenticationProvider</tt> on successful authentication.
|
||||
*
|
||||
* @param principal usually the <tt>UserDetails</tt> returned by the configured
|
||||
* <tt>UserDetailsService</tt> used by the <tt>OpenIDAuthenticationProvider</tt>.
|
||||
*
|
||||
*/
|
||||
public OpenIDAuthenticationToken(Object principal,
|
||||
Collection<? extends GrantedAuthority> authorities, String identityUrl,
|
||||
List<OpenIDAttribute> attributes) {
|
||||
public OpenIDAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities,
|
||||
String identityUrl, List<OpenIDAttribute> attributes) {
|
||||
super(authorities);
|
||||
this.principal = principal;
|
||||
this.status = OpenIDAuthenticationStatus.SUCCESS;
|
||||
@@ -118,4 +121,5 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
|
||||
public String toString() {
|
||||
return "[" + super.toString() + ", attributes : " + attributes + "]";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -21,8 +21,9 @@ import javax.servlet.http.HttpServletRequest;
|
||||
* An interface for OpenID library implementations
|
||||
*
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Ray Krueger
|
||||
* @author Robin Bramley, Opsera Ltd
|
||||
*/
|
||||
@@ -31,7 +32,6 @@ public interface OpenIDConsumer {
|
||||
/**
|
||||
* Given the request, the claimedIdentity, the return to url, and a realm, lookup the
|
||||
* openId authentication page the user should be redirected to.
|
||||
*
|
||||
* @param req HttpServletRequest
|
||||
* @param claimedIdentity String URI the user presented during authentication
|
||||
* @param returnToUrl String URI of the URL we want the user sent back to by the OP
|
||||
@@ -39,10 +39,9 @@ public interface OpenIDConsumer {
|
||||
* @return String URI to redirect user to for authentication
|
||||
* @throws OpenIDConsumerException if anything bad happens
|
||||
*/
|
||||
String beginConsumption(HttpServletRequest req, String claimedIdentity,
|
||||
String returnToUrl, String realm) throws OpenIDConsumerException;
|
||||
|
||||
OpenIDAuthenticationToken endConsumption(HttpServletRequest req)
|
||||
String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, String realm)
|
||||
throws OpenIDConsumerException;
|
||||
|
||||
OpenIDAuthenticationToken endConsumption(HttpServletRequest req) throws OpenIDConsumerException;
|
||||
|
||||
}
|
||||
|
||||
+5
-2
@@ -19,11 +19,13 @@ package org.springframework.security.openid;
|
||||
* Thrown by an OpenIDConsumer if it cannot process a request
|
||||
*
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Robin Bramley, Opsera Ltd
|
||||
*/
|
||||
public class OpenIDConsumerException extends Exception {
|
||||
|
||||
// ~ Constructors
|
||||
// ===================================================================================================
|
||||
|
||||
@@ -34,4 +36,5 @@ public class OpenIDConsumerException extends Exception {
|
||||
public OpenIDConsumerException(String message, Throwable t) {
|
||||
super(message, t);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+4
-2
@@ -23,12 +23,14 @@ import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Luke Taylor
|
||||
* @since 3.1
|
||||
*/
|
||||
public class RegexBasedAxFetchListFactory implements AxFetchListFactory {
|
||||
|
||||
private final Map<Pattern, List<OpenIDAttribute>> idToAttributes;
|
||||
|
||||
/**
|
||||
|
||||
@@ -14,4 +14,3 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.openid;
|
||||
|
||||
|
||||
@@ -19,15 +19,18 @@ import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
/**
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Robin Bramley, Opsera Ltd
|
||||
*/
|
||||
public class MockOpenIDConsumer implements OpenIDConsumer {
|
||||
|
||||
// ~ Instance fields
|
||||
// ================================================================================================
|
||||
|
||||
private OpenIDAuthenticationToken token;
|
||||
|
||||
private String redirectUrl;
|
||||
|
||||
public MockOpenIDConsumer() {
|
||||
@@ -49,8 +52,7 @@ public class MockOpenIDConsumer implements OpenIDConsumer {
|
||||
// ~ Methods
|
||||
// ========================================================================================================
|
||||
|
||||
public String beginConsumption(HttpServletRequest req, String claimedIdentity,
|
||||
String returnToUrl, String realm) {
|
||||
public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, String realm) {
|
||||
return redirectUrl;
|
||||
}
|
||||
|
||||
@@ -60,7 +62,6 @@ public class MockOpenIDConsumer implements OpenIDConsumer {
|
||||
|
||||
/**
|
||||
* Set the redirectUrl to be returned by beginConsumption
|
||||
*
|
||||
* @param redirectUrl
|
||||
*/
|
||||
public void setRedirectUrl(String redirectUrl) {
|
||||
@@ -73,10 +74,10 @@ public class MockOpenIDConsumer implements OpenIDConsumer {
|
||||
|
||||
/**
|
||||
* Set the token to be returned by endConsumption
|
||||
*
|
||||
* @param token
|
||||
*/
|
||||
public void setToken(OpenIDAuthenticationToken token) {
|
||||
this.token = token;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+27
-45
@@ -41,11 +41,13 @@ import java.util.*;
|
||||
|
||||
/**
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class OpenID4JavaConsumerTests {
|
||||
|
||||
List<OpenIDAttribute> attributes = Arrays.asList(new OpenIDAttribute("a", "b"),
|
||||
new OpenIDAttribute("b", "b", Arrays.asList("c")));
|
||||
|
||||
@@ -56,20 +58,17 @@ public class OpenID4JavaConsumerTests {
|
||||
AuthRequest authReq = mock(AuthRequest.class);
|
||||
DiscoveryInformation di = mock(DiscoveryInformation.class);
|
||||
|
||||
when(mgr.authenticate(any(DiscoveryInformation.class), any(), any()))
|
||||
.thenReturn(authReq);
|
||||
when(mgr.authenticate(any(DiscoveryInformation.class), any(), any())).thenReturn(authReq);
|
||||
when(mgr.associate(any())).thenReturn(di);
|
||||
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
|
||||
new MockAttributesFactory());
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new MockAttributesFactory());
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
consumer.beginConsumption(request, "", "", "");
|
||||
|
||||
assertThat(request.getSession().getAttribute(
|
||||
"SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST")).isEqualTo(attributes);
|
||||
assertThat(
|
||||
request.getSession().getAttribute(DiscoveryInformation.class.getName())).isEqualTo(di);
|
||||
assertThat(request.getSession().getAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST"))
|
||||
.isEqualTo(attributes);
|
||||
assertThat(request.getSession().getAttribute(DiscoveryInformation.class.getName())).isEqualTo(di);
|
||||
|
||||
// Check with empty attribute fetch list
|
||||
consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
|
||||
@@ -81,18 +80,15 @@ public class OpenID4JavaConsumerTests {
|
||||
@Test(expected = OpenIDConsumerException.class)
|
||||
public void discoveryExceptionRaisesOpenIDException() throws Exception {
|
||||
ConsumerManager mgr = mock(ConsumerManager.class);
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
|
||||
new NullAxFetchListFactory());
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
|
||||
when(mgr.discover(any())).thenThrow(new DiscoveryException("msg"));
|
||||
consumer.beginConsumption(new MockHttpServletRequest(), "", "", "");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void messageOrConsumerAuthenticationExceptionRaisesOpenIDException()
|
||||
throws Exception {
|
||||
public void messageOrConsumerAuthenticationExceptionRaisesOpenIDException() throws Exception {
|
||||
ConsumerManager mgr = mock(ConsumerManager.class);
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
|
||||
new NullAxFetchListFactory());
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
|
||||
|
||||
when(mgr.authenticate(ArgumentMatchers.<DiscoveryInformation>any(), any(), any()))
|
||||
.thenThrow(new MessageException("msg"), new ConsumerException("msg"));
|
||||
@@ -114,14 +110,11 @@ public class OpenID4JavaConsumerTests {
|
||||
@Test
|
||||
public void failedVerificationReturnsFailedAuthenticationStatus() throws Exception {
|
||||
ConsumerManager mgr = mock(ConsumerManager.class);
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
|
||||
new NullAxFetchListFactory());
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
|
||||
VerificationResult vr = mock(VerificationResult.class);
|
||||
DiscoveryInformation di = mock(DiscoveryInformation.class);
|
||||
|
||||
when(
|
||||
mgr.verify(any(), any(ParameterList.class),
|
||||
any(DiscoveryInformation.class))).thenReturn(vr);
|
||||
when(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).thenReturn(vr);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
@@ -135,14 +128,10 @@ public class OpenID4JavaConsumerTests {
|
||||
@Test
|
||||
public void verificationExceptionsRaiseOpenIDException() throws Exception {
|
||||
ConsumerManager mgr = mock(ConsumerManager.class);
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
|
||||
new NullAxFetchListFactory());
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
|
||||
|
||||
when(
|
||||
mgr.verify(any(), any(ParameterList.class),
|
||||
any(DiscoveryInformation.class)))
|
||||
.thenThrow(new MessageException(""))
|
||||
.thenThrow(new AssociationException(""))
|
||||
when(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class)))
|
||||
.thenThrow(new MessageException("")).thenThrow(new AssociationException(""))
|
||||
.thenThrow(new DiscoveryException(""));
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
@@ -175,24 +164,20 @@ public class OpenID4JavaConsumerTests {
|
||||
@Test
|
||||
public void successfulVerificationReturnsExpectedAuthentication() throws Exception {
|
||||
ConsumerManager mgr = mock(ConsumerManager.class);
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr,
|
||||
new NullAxFetchListFactory());
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(mgr, new NullAxFetchListFactory());
|
||||
VerificationResult vr = mock(VerificationResult.class);
|
||||
DiscoveryInformation di = mock(DiscoveryInformation.class);
|
||||
Identifier id = (Identifier) () -> "id";
|
||||
Message msg = mock(Message.class);
|
||||
|
||||
when(
|
||||
mgr.verify(any(), any(ParameterList.class),
|
||||
any(DiscoveryInformation.class))).thenReturn(vr);
|
||||
when(mgr.verify(any(), any(ParameterList.class), any(DiscoveryInformation.class))).thenReturn(vr);
|
||||
when(vr.getVerifiedId()).thenReturn(id);
|
||||
when(vr.getAuthResponse()).thenReturn(msg);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
request.getSession().setAttribute(DiscoveryInformation.class.getName(), di);
|
||||
request.getSession().setAttribute(
|
||||
"SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", attributes);
|
||||
request.getSession().setAttribute("SPRING_SECURITY_OPEN_ID_ATTRIBUTES_FETCH_LIST", attributes);
|
||||
|
||||
OpenIDAuthenticationToken auth = consumer.endConsumption(request);
|
||||
|
||||
@@ -201,8 +186,7 @@ public class OpenID4JavaConsumerTests {
|
||||
|
||||
@Test
|
||||
public void fetchAttributesReturnsExpectedValues() throws Exception {
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(
|
||||
new NullAxFetchListFactory());
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
|
||||
Message msg = mock(Message.class);
|
||||
FetchResponse fr = mock(FetchResponse.class);
|
||||
when(msg.hasExtension(AxMessage.OPENID_NS_AX)).thenReturn(true);
|
||||
@@ -216,15 +200,12 @@ public class OpenID4JavaConsumerTests {
|
||||
}
|
||||
|
||||
@Test(expected = OpenIDConsumerException.class)
|
||||
public void messageExceptionFetchingAttributesRaisesOpenIDException()
|
||||
throws Exception {
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(
|
||||
new NullAxFetchListFactory());
|
||||
public void messageExceptionFetchingAttributesRaisesOpenIDException() throws Exception {
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
|
||||
Message msg = mock(Message.class);
|
||||
FetchResponse fr = mock(FetchResponse.class);
|
||||
when(msg.hasExtension(AxMessage.OPENID_NS_AX)).thenReturn(true);
|
||||
when(msg.getExtension(AxMessage.OPENID_NS_AX))
|
||||
.thenThrow(new MessageException(""));
|
||||
when(msg.getExtension(AxMessage.OPENID_NS_AX)).thenThrow(new MessageException(""));
|
||||
when(fr.getAttributeValues("a")).thenReturn(Arrays.asList("x", "y"));
|
||||
|
||||
consumer.fetchAxAttributes(msg, attributes);
|
||||
@@ -232,8 +213,7 @@ public class OpenID4JavaConsumerTests {
|
||||
|
||||
@Test(expected = OpenIDConsumerException.class)
|
||||
public void missingDiscoveryInformationThrowsException() throws Exception {
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(
|
||||
new NullAxFetchListFactory());
|
||||
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
|
||||
consumer.endConsumption(new MockHttpServletRequest());
|
||||
}
|
||||
|
||||
@@ -248,5 +228,7 @@ public class OpenID4JavaConsumerTests {
|
||||
public List<OpenIDAttribute> createAttributeList(String identifier) {
|
||||
return attributes;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+13
-8
@@ -33,17 +33,22 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenti
|
||||
|
||||
/**
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
*/
|
||||
public class OpenIDAuthenticationFilterTests {
|
||||
|
||||
OpenIDAuthenticationFilter filter;
|
||||
|
||||
private static final String REDIRECT_URL = "https://www.example.com/redirect";
|
||||
|
||||
private static final String CLAIMED_IDENTITY_URL = "https://www.example.com/identity";
|
||||
|
||||
private static final String REQUEST_PATH = "/login/openid";
|
||||
private static final String FILTER_PROCESS_URL = "http://localhost:8080"
|
||||
+ REQUEST_PATH;
|
||||
|
||||
private static final String FILTER_PROCESS_URL = "http://localhost:8080" + REQUEST_PATH;
|
||||
|
||||
private static final String DEFAULT_TARGET_URL = FILTER_PROCESS_URL;
|
||||
|
||||
@Before
|
||||
@@ -69,8 +74,8 @@ public class OpenIDAuthenticationFilterTests {
|
||||
req.setRemoteHost("www.example.com");
|
||||
|
||||
filter.setConsumer(new MockOpenIDConsumer() {
|
||||
public String beginConsumption(HttpServletRequest req,
|
||||
String claimedIdentity, String returnToUrl, String realm) {
|
||||
public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl,
|
||||
String realm) {
|
||||
assertThat(claimedIdentity).isEqualTo(CLAIMED_IDENTITY_URL);
|
||||
assertThat(returnToUrl).isEqualTo(DEFAULT_TARGET_URL);
|
||||
assertThat(realm).isEqualTo("http://localhost:8080/");
|
||||
@@ -82,8 +87,7 @@ public class OpenIDAuthenticationFilterTests {
|
||||
filter.doFilter(req, response, fc);
|
||||
assertThat(response.getRedirectedUrl()).isEqualTo(REDIRECT_URL);
|
||||
// Filter chain shouldn't proceed
|
||||
verify(fc, never()).doFilter(any(HttpServletRequest.class),
|
||||
any(HttpServletResponse.class));
|
||||
verify(fc, never()).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -116,4 +120,5 @@ public class OpenIDAuthenticationFilterTests {
|
||||
}
|
||||
return count;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
+21
-27
@@ -36,11 +36,13 @@ import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
* Tests {@link OpenIDAuthenticationProvider}
|
||||
*
|
||||
* @deprecated The OpenID 1.0 and 2.0 protocols have been deprecated and users are
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to migrate</a>
|
||||
* to <a href="https://openid.net/connect/">OpenID Connect</a>, which is supported by <code>spring-security-oauth2</code>.
|
||||
* <a href="https://openid.net/specs/openid-connect-migration-1_0.html">encouraged to
|
||||
* migrate</a> to <a href="https://openid.net/connect/">OpenID Connect</a>, which is
|
||||
* supported by <code>spring-security-oauth2</code>.
|
||||
* @author Robin Bramley, Opsera Ltd
|
||||
*/
|
||||
public class OpenIDAuthenticationProviderTests {
|
||||
|
||||
// ~ Static fields/initializers
|
||||
// =====================================================================================
|
||||
|
||||
@@ -60,8 +62,8 @@ public class OpenIDAuthenticationProviderTests {
|
||||
provider.setUserDetailsService(new MockUserDetailsService());
|
||||
provider.setAuthoritiesMapper(new NullAuthoritiesMapper());
|
||||
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(
|
||||
OpenIDAuthenticationStatus.CANCELLED, USERNAME, "", null);
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.CANCELLED, USERNAME, "",
|
||||
null);
|
||||
|
||||
assertThat(preAuth.isAuthenticated()).isFalse();
|
||||
|
||||
@@ -84,8 +86,7 @@ public class OpenIDAuthenticationProviderTests {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setUserDetailsService(new MockUserDetailsService());
|
||||
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(
|
||||
OpenIDAuthenticationStatus.ERROR, USERNAME, "", null);
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.ERROR, USERNAME, "", null);
|
||||
|
||||
assertThat(preAuth.isAuthenticated()).isFalse();
|
||||
|
||||
@@ -107,11 +108,9 @@ public class OpenIDAuthenticationProviderTests {
|
||||
public void testAuthenticateFailure() {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setAuthenticationUserDetailsService(
|
||||
new UserDetailsByNameServiceWrapper<>(
|
||||
new MockUserDetailsService()));
|
||||
new UserDetailsByNameServiceWrapper<>(new MockUserDetailsService()));
|
||||
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(
|
||||
OpenIDAuthenticationStatus.FAILURE, USERNAME, "", null);
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, USERNAME, "", null);
|
||||
|
||||
assertThat(preAuth.isAuthenticated()).isFalse();
|
||||
|
||||
@@ -120,8 +119,7 @@ public class OpenIDAuthenticationProviderTests {
|
||||
fail("Should throw an AuthenticationException");
|
||||
}
|
||||
catch (BadCredentialsException expected) {
|
||||
assertThat("Log in failed - identity could not be verified").isEqualTo(
|
||||
expected.getMessage());
|
||||
assertThat("Log in failed - identity could not be verified").isEqualTo(expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -135,8 +133,8 @@ public class OpenIDAuthenticationProviderTests {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setUserDetailsService(new MockUserDetailsService());
|
||||
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(
|
||||
OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "", null);
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SETUP_NEEDED, USERNAME, "",
|
||||
null);
|
||||
|
||||
assertThat(preAuth.isAuthenticated()).isFalse();
|
||||
|
||||
@@ -145,9 +143,8 @@ public class OpenIDAuthenticationProviderTests {
|
||||
fail("Should throw an AuthenticationException");
|
||||
}
|
||||
catch (AuthenticationServiceException expected) {
|
||||
assertThat(
|
||||
"The server responded setup was needed, which shouldn't happen").isEqualTo(
|
||||
expected.getMessage());
|
||||
assertThat("The server responded setup was needed, which shouldn't happen")
|
||||
.isEqualTo(expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -161,8 +158,7 @@ public class OpenIDAuthenticationProviderTests {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setUserDetailsService(new MockUserDetailsService());
|
||||
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(
|
||||
OpenIDAuthenticationStatus.SUCCESS, USERNAME, "", null);
|
||||
Authentication preAuth = new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, USERNAME, "", null);
|
||||
|
||||
assertThat(preAuth.isAuthenticated()).isFalse();
|
||||
|
||||
@@ -175,8 +171,7 @@ public class OpenIDAuthenticationProviderTests {
|
||||
assertThat(postAuth.getPrincipal() instanceof UserDetails).isTrue();
|
||||
assertThat(postAuth.getAuthorities()).isNotNull();
|
||||
assertThat(postAuth.getAuthorities().size() > 0).isTrue();
|
||||
assertThat(
|
||||
((OpenIDAuthenticationToken) postAuth).getStatus() == OpenIDAuthenticationStatus.SUCCESS).isTrue();
|
||||
assertThat(((OpenIDAuthenticationToken) postAuth).getStatus() == OpenIDAuthenticationStatus.SUCCESS).isTrue();
|
||||
assertThat(((OpenIDAuthenticationToken) postAuth).getMessage() == null).isTrue();
|
||||
}
|
||||
|
||||
@@ -203,8 +198,7 @@ public class OpenIDAuthenticationProviderTests {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setUserDetailsService(new MockUserDetailsService());
|
||||
|
||||
assertThat(
|
||||
provider.supports(UsernamePasswordAuthenticationToken.class)).isFalse();
|
||||
assertThat(provider.supports(UsernamePasswordAuthenticationToken.class)).isFalse();
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -217,8 +211,7 @@ public class OpenIDAuthenticationProviderTests {
|
||||
OpenIDAuthenticationProvider provider = new OpenIDAuthenticationProvider();
|
||||
provider.setUserDetailsService(new MockUserDetailsService());
|
||||
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
|
||||
USERNAME, "password");
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(USERNAME, "password");
|
||||
assertThat(provider.authenticate(token)).isNull();
|
||||
}
|
||||
|
||||
@@ -253,10 +246,11 @@ public class OpenIDAuthenticationProviderTests {
|
||||
|
||||
static class MockUserDetailsService implements UserDetailsService {
|
||||
|
||||
public UserDetails loadUserByUsername(String ssoUserId)
|
||||
throws AuthenticationException {
|
||||
public UserDetails loadUserByUsername(String ssoUserId) throws AuthenticationException {
|
||||
return new User(ssoUserId, "password", true, true, true, true,
|
||||
AuthorityUtils.createAuthorityList("ROLE_A", "ROLE_B"));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user