switchuserprocessingfiltertests.java

acegi构造安全的java系统

    public void testBadConfigMissingTargetUrl() {
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
        filter.setSwitchUserUrl("/j_acegi_switch_user");
        filter.setExitUserUrl("/j_acegi_exit_user");

        try {
            filter.afterPropertiesSet();
            fail("Expect to fail due to missing 'targetUrl'");
        } catch (Exception expected) {
            // expected exception
        }
    }

    public void testDefaultProcessesFilterUrlWithPathParameter() {
        MockHttpServletRequest request = createMockSwitchRequest();
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setSwitchUserUrl("/j_acegi_switch_user");

        request.setRequestURI("/webapp/j_acegi_switch_user;jsessionid=8JHDUD723J8");
        assertTrue(filter.requiresSwitchUser(request));
    }

    public void testExitRequestUserJackLordToDano() throws Exception {
        // original user
        GrantedAuthority[] auths = {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")};
        UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("dano", "hawaii50", auths);

        // set current user (Admin)
        GrantedAuthority[] adminAuths = {
                new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"),
                new SwitchUserGrantedAuthority("PREVIOUS_ADMINISTRATOR", source)
            };
        UsernamePasswordAuthenticationToken admin = new UsernamePasswordAuthenticationToken("jacklord", "hawaii50",
                adminAuths);

        SecurityContextHolder.getContext().setAuthentication(admin);

        // http request
        MockHttpServletRequest request = createMockSwitchRequest();
        request.setRequestURI("/j_acegi_exit_user");

        // http response
        MockHttpServletResponse response = new MockHttpServletResponse();

        // setup filter
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
        filter.setExitUserUrl("/j_acegi_exit_user");

        MockFilterChain chain = new MockFilterChain(true);

        // run 'exit'
        filter.doFilter(request, response, chain);

        // check current user, should be back to original user (dano)
        Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication();
        assertNotNull(targetAuth);
        assertEquals("dano", targetAuth.getPrincipal());
    }

    public void testExitUserWithNoCurrentUser() throws Exception {
        // no current user in secure context
        SecurityContextHolder.getContext().setAuthentication(null);

        // http request
        MockHttpServletRequest request = createMockSwitchRequest();
        request.setRequestURI("/j_acegi_exit_user");

        // http response
        MockHttpServletResponse response = new MockHttpServletResponse();

        // setup filter
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
        filter.setExitUserUrl("/j_acegi_exit_user");

        MockFilterChain chain = new MockFilterChain(true);

        // run 'exit', expect fail due to no current user
        try {
            filter.doFilter(request, response, chain);

            fail("Cannot exit from a user with no current user set!");
        } catch (AuthenticationException expected) {}
    }

    public void testRedirectToTargetUrl() throws Exception {
        // set current user
        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
        SecurityContextHolder.getContext().setAuthentication(auth);

        MockHttpServletRequest request = createMockSwitchRequest();
        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
        request.setRequestURI("/webapp/j_acegi_switch_user");

        MockHttpServletResponse response = new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain(true);

        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setSwitchUserUrl("/j_acegi_switch_user");
        filter.setTargetUrl("/webapp/someOtherUrl");
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());

        filter.doFilter(request, response, chain);

        assertEquals("/webapp/someOtherUrl", response.getRedirectedUrl());
    }

    public void testRequiresExitUser() {
        // filter
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setExitUserUrl("/j_acegi_exit_user");

        // request
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI("/j_acegi_exit_user");

        assertTrue(filter.requiresExitUser(request));
    }

    public void testRequiresSwitch() {
        // filter
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setSwitchUserUrl("/j_acegi_switch_user");

        // request
        MockHttpServletRequest request = createMockSwitchRequest();

        assertTrue(filter.requiresSwitchUser(request));
    }

    public void testSwitchRequestFromDanoToJackLord() throws Exception {
        // set current user
        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
        SecurityContextHolder.getContext().setAuthentication(auth);

        // http request
        MockHttpServletRequest request = new MockHttpServletRequest();
        request.setRequestURI("/webapp/j_acegi_switch_user");
        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");

        // http response
        MockHttpServletResponse response = new MockHttpServletResponse();

        // setup filter
        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
        filter.setSwitchUserUrl("/j_acegi_switch_user");

        MockFilterChain chain = new MockFilterChain(true);

        // test updates user token and context
        filter.doFilter(request, response, chain);

        // check current user
        Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication();
        assertNotNull(targetAuth);
        assertTrue(targetAuth.getPrincipal() instanceof UserDetails);
        assertEquals("jacklord", ((User) targetAuth.getPrincipal()).getUsername());
    }

    public void testModificationOfAuthoritiesWorks() {
        UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
        SecurityContextHolder.getContext().setAuthentication(auth);

        MockHttpServletRequest request = new MockHttpServletRequest();
        request.addParameter(SwitchUserProcessingFilter.ACEGI_SECURITY_SWITCH_USERNAME_KEY, "jacklord");

        SwitchUserProcessingFilter filter = new SwitchUserProcessingFilter();
        filter.setUserDetailsService(new MockAuthenticationDaoUserJackLord());
        filter.setSwitchUserAuthorityChanger(new SwitchUserAuthorityChanger() {
            public void modifyGrantedAuthorities(UserDetails targetUser, Authentication currentAuthentication, List authoritiesToBeGranted) {
                authoritiesToBeGranted.clear();
                authoritiesToBeGranted.add(new GrantedAuthorityImpl("ROLE_NEW"));
            }
        });

        Authentication result = filter.attemptSwitchUser(request);
        assertTrue(result != null);
        assertEquals(2, result.getAuthorities().length);
        assertEquals("ROLE_NEW", result.getAuthorities()[0].getAuthority());        
    }

    //~ Inner Classes ==================================================================================================

    private class MockAuthenticationDaoUserJackLord implements UserDetailsService {
        private String password = "hawaii50";

        public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException, DataAccessException {
            // jacklord, dano  (active)
            // mcgarrett (disabled)
            // wofat (account expired)
            // steve (credentials expired)
            if ("jacklord".equals(username) || "dano".equals(username)) {
                return new User(username, password, true, true, true, true,
                    new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
            } else if ("mcgarrett".equals(username)) {
                return new User(username, password, false, true, true, true,
                    new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
            } else if ("wofat".equals(username)) {
                return new User(username, password, true, false, true, true,
                    new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
            } else if ("steve".equals(username)) {
                return new User(username, password, true, true, false, true,
                    new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
            } else {
                throw new UsernameNotFoundException("Could not find: " + username);
            }
        }

        public void setPassword(String password) {
            this.password = password;
        }
    }
}