1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss.callback;
18
19 import java.util.Collections;
20
21 import org.springframework.security.authentication.DisabledException;
22 import org.springframework.security.authentication.TestingAuthenticationToken;
23 import org.springframework.security.core.GrantedAuthority;
24 import org.springframework.security.core.context.SecurityContextHolder;
25 import org.springframework.security.core.userdetails.User;
26 import org.springframework.security.core.userdetails.UserDetailsService;
27 import org.springframework.security.core.userdetails.UsernameNotFoundException;
28 import org.springframework.ws.soap.security.callback.CleanupCallback;
29
30 import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
31 import org.junit.After;
32 import org.junit.Assert;
33 import org.junit.Before;
34 import org.junit.Test;
35
36 import static org.easymock.EasyMock.*;
37
38 public class SpringDigestPasswordValidationCallbackHandlerTest {
39
40 private SpringDigestPasswordValidationCallbackHandler callbackHandler;
41
42 private UserDetailsService userDetailsService;
43
44 private String username;
45
46 private String password;
47
48 private PasswordValidationCallback callback;
49
50 @Before
51 public void setUp() throws Exception {
52 callbackHandler = new SpringDigestPasswordValidationCallbackHandler();
53 userDetailsService = createMock(UserDetailsService.class);
54 callbackHandler.setUserDetailsService(userDetailsService);
55 username = "Bert";
56 password = "Ernie";
57 String nonce = "9mdsYDCrjjYRur0rxzYt2oD7";
58 String passwordDigest = "kwNstEaiFOrI7B31j7GuETYvdgk=";
59 String creationTime = "2006-06-01T23:48:42Z";
60 PasswordValidationCallback.DigestPasswordRequest request =
61 new PasswordValidationCallback.DigestPasswordRequest(username, passwordDigest, nonce, creationTime);
62 callback = new PasswordValidationCallback(request);
63 }
64
65 @After
66 public void tearDown() throws Exception {
67 SecurityContextHolder.clearContext();
68 }
69
70 @Test
71 public void testAuthenticateUserDigestUserNotFound() throws Exception {
72 expect(userDetailsService.loadUserByUsername(username)).andThrow(new UsernameNotFoundException(username));
73
74 replay(userDetailsService);
75
76 callbackHandler.handleInternal(callback);
77 boolean authenticated = callback.getResult();
78 Assert.assertFalse("Authenticated", authenticated);
79 Assert.assertNull("Authentication created", SecurityContextHolder.getContext().getAuthentication());
80
81 verify(userDetailsService);
82 }
83
84 @Test
85 public void testAuthenticateUserDigestValid() throws Exception {
86 User user = new User(username, password, true, true, true, true, Collections.<GrantedAuthority>emptyList());
87 expect(userDetailsService.loadUserByUsername(username)).andReturn(user);
88
89 replay(userDetailsService);
90
91 callbackHandler.handleInternal(callback);
92 boolean authenticated = callback.getResult();
93 Assert.assertTrue("Not authenticated", authenticated);
94 Assert.assertNotNull("No Authentication created", SecurityContextHolder.getContext().getAuthentication());
95
96 verify(userDetailsService);
97 }
98
99 @Test
100 public void testAuthenticateUserDigestValidInvalid() throws Exception {
101 User user = new User(username, "Big bird", true, true, true, true, Collections.<GrantedAuthority>emptyList());
102 expect(userDetailsService.loadUserByUsername(username)).andReturn(user);
103
104 replay(userDetailsService);
105
106 callbackHandler.handleInternal(callback);
107 boolean authenticated = callback.getResult();
108 Assert.assertFalse("Authenticated", authenticated);
109 Assert.assertNull("Authentication created", SecurityContextHolder.getContext().getAuthentication());
110
111 verify(userDetailsService);
112 }
113
114 @Test
115 public void testAuthenticateUserDigestDisabled() throws Exception {
116 User user = new User(username, "Ernie", false, true, true, true, Collections.<GrantedAuthority>emptyList());
117 expect(userDetailsService.loadUserByUsername(username)).andReturn(user);
118
119 replay(userDetailsService);
120
121 try {
122 callbackHandler.handleInternal(callback);
123 Assert.fail("disabled user authenticated");
124 } catch (DisabledException expected) {
125
126 }
127 verify(userDetailsService);
128 }
129
130 @Test
131 public void testCleanUp() throws Exception {
132 TestingAuthenticationToken authentication =
133 new TestingAuthenticationToken(new Object(), new Object(), Collections.<GrantedAuthority>emptyList());
134 SecurityContextHolder.getContext().setAuthentication(authentication);
135
136 CleanupCallback cleanupCallback = new CleanupCallback();
137 callbackHandler.handleInternal(cleanupCallback);
138 Assert.assertNull("Authentication created", SecurityContextHolder.getContext().getAuthentication());
139 }
140
141 }