1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss.callback.acegi;
18
19 import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
20 import junit.framework.TestCase;
21 import org.acegisecurity.GrantedAuthority;
22 import org.acegisecurity.DisabledException;
23 import org.acegisecurity.context.SecurityContextHolder;
24 import org.acegisecurity.providers.TestingAuthenticationToken;
25 import org.acegisecurity.userdetails.User;
26 import org.acegisecurity.userdetails.UserDetailsService;
27 import org.acegisecurity.userdetails.UsernameNotFoundException;
28 import org.easymock.MockControl;
29
30 import org.springframework.ws.soap.security.callback.CleanupCallback;
31
32 public class AcegiDigestPasswordValidationCallbackHandlerTest extends TestCase {
33
34 private AcegiDigestPasswordValidationCallbackHandler callbackHandler;
35
36 private MockControl control;
37
38 private UserDetailsService mock;
39
40 private String username;
41
42 private String password;
43
44 private PasswordValidationCallback callback;
45
46 protected void setUp() throws Exception {
47 callbackHandler = new AcegiDigestPasswordValidationCallbackHandler();
48 control = MockControl.createControl(UserDetailsService.class);
49 mock = (UserDetailsService) control.getMock();
50 callbackHandler.setUserDetailsService(mock);
51 username = "Bert";
52 password = "Ernie";
53 String nonce = "9mdsYDCrjjYRur0rxzYt2oD7";
54 String passwordDigest = "kwNstEaiFOrI7B31j7GuETYvdgk=";
55 String creationTime = "2006-06-01T23:48:42Z";
56 PasswordValidationCallback.DigestPasswordRequest request =
57 new PasswordValidationCallback.DigestPasswordRequest(username, passwordDigest, nonce, creationTime);
58 callback = new PasswordValidationCallback(request);
59 }
60
61 protected void tearDown() throws Exception {
62 SecurityContextHolder.clearContext();
63 }
64
65 public void testAuthenticateUserDigestUserNotFound() throws Exception {
66 control.expectAndThrow(mock.loadUserByUsername(username), new UsernameNotFoundException(username));
67 control.replay();
68 callbackHandler.handleInternal(callback);
69 boolean authenticated = callback.getResult();
70 assertFalse("Authenticated", authenticated);
71 assertNull("Authentication created", SecurityContextHolder.getContext().getAuthentication());
72 control.verify();
73 }
74
75 public void testAuthenticateUserDigestValid() throws Exception {
76 User user = new User(username, password, true, true, true, true, new GrantedAuthority[0]);
77 control.expectAndReturn(mock.loadUserByUsername(username), user);
78 control.replay();
79 callbackHandler.handleInternal(callback);
80 boolean authenticated = callback.getResult();
81 assertTrue("Not authenticated", authenticated);
82 assertNotNull("No Authentication created", SecurityContextHolder.getContext().getAuthentication());
83 control.verify();
84 }
85
86 public void testAuthenticateUserDigestValidInvalid() throws Exception {
87 User user = new User(username, "Big bird", true, true, true, true, new GrantedAuthority[0]);
88 control.expectAndReturn(mock.loadUserByUsername(username), user);
89 control.replay();
90 callbackHandler.handleInternal(callback);
91 boolean authenticated = callback.getResult();
92 assertFalse("Authenticated", authenticated);
93 assertNull("Authentication created", SecurityContextHolder.getContext().getAuthentication());
94 control.verify();
95 }
96
97 public void testAuthenticateUserDigestDisbaled() throws Exception {
98 User user = new User(username, "Ernie", false, true, true, true, new GrantedAuthority[0]);
99 control.expectAndReturn(mock.loadUserByUsername(username), user);
100 control.replay();
101 try {
102 callbackHandler.handleInternal(callback);
103 fail("disabled user authenticated");
104 } catch (
105 DisabledException expected) {
106 }
107 }
108
109 public void testCleanUp() throws Exception {
110 TestingAuthenticationToken authentication =
111 new TestingAuthenticationToken(new Object(), new Object(), new GrantedAuthority[0]);
112 SecurityContextHolder.getContext().setAuthentication(authentication);
113
114 CleanupCallback cleanupCallback = new CleanupCallback();
115 callbackHandler.handleInternal(cleanupCallback);
116 assertNull("Authentication created", SecurityContextHolder.getContext().getAuthentication());
117 }
118
119 }