1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss.callback;
18
19 import java.util.Collections;
20
21 import org.springframework.security.authentication.AuthenticationManager;
22 import org.springframework.security.authentication.BadCredentialsException;
23 import org.springframework.security.authentication.TestingAuthenticationToken;
24 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
25 import org.springframework.security.core.Authentication;
26 import org.springframework.security.core.GrantedAuthority;
27 import org.springframework.security.core.context.SecurityContextHolder;
28 import org.springframework.ws.soap.security.callback.CleanupCallback;
29
30 import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
31 import org.junit.After;
32 import org.junit.Assert;
33 import org.junit.Before;
34 import org.junit.Test;
35
36 import static org.easymock.EasyMock.*;
37
38 public class SpringPlainTextPasswordValidationCallbackHandlerTest {
39
40 private SpringPlainTextPasswordValidationCallbackHandler callbackHandler;
41
42 private AuthenticationManager authenticationManager;
43
44 private PasswordValidationCallback callback;
45
46 private String username;
47
48 private String password;
49
50 @Before
51 public void setUp() throws Exception {
52 callbackHandler = new SpringPlainTextPasswordValidationCallbackHandler();
53 authenticationManager = createMock(AuthenticationManager.class);
54 callbackHandler.setAuthenticationManager(authenticationManager);
55 username = "Bert";
56 password = "Ernie";
57 PasswordValidationCallback.PlainTextPasswordRequest request =
58 new PasswordValidationCallback.PlainTextPasswordRequest(username, password);
59 callback = new PasswordValidationCallback(request);
60 }
61
62 @After
63 public void tearDown() throws Exception {
64 SecurityContextHolder.clearContext();
65 }
66
67 @Test
68 public void testAuthenticateUserPlainTextValid() throws Exception {
69 Authentication authResult = new TestingAuthenticationToken(username, password, Collections
70 .<GrantedAuthority>emptyList());
71 expect(authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password))).andReturn(authResult);
72
73 replay(authenticationManager);
74
75 callbackHandler.handleInternal(callback);
76 boolean authenticated = callback.getResult();
77 Assert.assertTrue("Not authenticated", authenticated);
78 Assert.assertNotNull("No Authentication created", SecurityContextHolder.getContext().getAuthentication());
79
80 verify(authenticationManager);
81 }
82
83 @Test
84 public void testAuthenticateUserPlainTextInvalid() throws Exception {
85 expect(authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password))).andThrow(new BadCredentialsException(""));
86
87 replay(authenticationManager);
88
89 callbackHandler.handleInternal(callback);
90 boolean authenticated = callback.getResult();
91 Assert.assertFalse("Authenticated", authenticated);
92 Assert.assertNull("Authentication created", SecurityContextHolder.getContext().getAuthentication());
93
94 verify(authenticationManager);
95 }
96
97 @Test
98 public void testCleanUp() throws Exception {
99 TestingAuthenticationToken authentication =
100 new TestingAuthenticationToken(new Object(), new Object(), Collections.<GrantedAuthority>emptyList());
101 SecurityContextHolder.getContext().setAuthentication(authentication);
102
103 CleanupCallback cleanupCallback = new CleanupCallback();
104 callbackHandler.handleInternal(cleanupCallback);
105 Assert.assertNull("Authentication created", SecurityContextHolder.getContext().getAuthentication());
106 }
107
108 }