Examples of org.springframework.security.authentication.AuthenticationManager.authenticate()

org.springframework.security.authentication.AuthenticationManager.authenticate()
Attempts to authenticate the passed {@link Authentication} object, returning a fully populatedAuthentication object (including granted authorities) if successful.
An AuthenticationManager must honour the following contract concerning exceptions:
- A {@link DisabledException} must be thrown if an account is disabled and theAuthenticationManager can test for this state.
- A {@link LockedException} must be thrown if an account is locked and theAuthenticationManager can test for account locking.
- A {@link BadCredentialsException} must be thrown if incorrect credentials are presented. Whilst theabove exceptions are optional, an AuthenticationManager must always test credentials.
Exceptions should be tested for and if applicable thrown in the order expressed above (i.e. if an account is disabled or locked, the authentication request is immediately rejected and the credentials testing process is not performed). This prevents credentials being tested against disabled or locked accounts. @param authentication the authentication request object @return a fully authenticated object including credentials @throws AuthenticationException if authentication fails

    }


    @Test
    public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exception {
        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
        filter.setAuthenticationManager(am);
        filter.afterPropertiesSet();
        filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

View Full Code Here


    /* SEC-881 */
    @Test(expected=BadCredentialsException.class)
    public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse() throws Exception {
        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
        filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
        filter.setAuthenticationManager(am);
        filter.afterPropertiesSet();
        filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
        assertNull(SecurityContextHolder.getContext().getAuthentication());

View Full Code Here

    private static ConcretePreAuthenticatedProcessingFilter getFilter(boolean grantAccess) throws Exception {
        ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
        AuthenticationManager am = mock(AuthenticationManager.class);


        if (!grantAccess) {
            when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
        } else {
            when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer<Authentication>() {
                public Authentication answer(InvocationOnMock invocation) throws Throwable {
                    return (Authentication) invocation.getArguments()[0];
                }

View Full Code Here

        AuthenticationManager am = mock(AuthenticationManager.class);


        if (!grantAccess) {
            when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
        } else {
            when(am.authenticate(any(Authentication.class))).thenAnswer(new Answer<Authentication>() {
                public Authentication answer(InvocationOnMock invocation) throws Throwable {
                    return (Authentication) invocation.getArguments()[0];
                }
            });
        }

View Full Code Here


    @Test(expected=RemoteAuthenticationException.class)
    public void testFailedAuthenticationReturnsRemoteAuthenticationException() {
        RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
        manager.setAuthenticationManager(am);


        manager.attemptAuthentication("rod", "password");
    }

View Full Code Here


    @Test
    public void testSuccessfulAuthentication() {
        RemoteAuthenticationManagerImpl manager = new RemoteAuthenticationManagerImpl();
        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(any(Authentication.class))).thenReturn(new TestingAuthenticationToken("u","p","A"));
        manager.setAuthenticationManager(am);


        manager.attemptAuthentication("rod", "password");
    }
}

View Full Code Here

    @Test
    public void changePasswordSucceedsWithIfReAuthenticationSucceeds() {
        insertJoe();
        Authentication currentAuth = authenticateJoe();
        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(currentAuth)).thenReturn(currentAuth);


        manager.setAuthenticationManager(am);
        manager.changePassword("password", "newPassword");
        UserDetails newJoe = manager.loadUserByUsername("joe");

View Full Code Here

    @Test
    public void changePasswordFailsIfReAuthenticationFails() {
        insertJoe();
        authenticateJoe();
        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));


        manager.setAuthenticationManager(am);


        try {
            manager.changePassword("password", "newPassword");

View Full Code Here

    @Test
    public void testSuccessfulAuthentication() {
        String[] grants = {"tester", "insight"};
        Authentication token = new TestingAuthenticationToken("testSuccessfulAuthentication", "shir", grants);
        AuthenticationManager testManager = new AuthenticationTestManager(false);
        Authentication result = testManager.authenticate(token);
        assertNotNull("No authentication result", result);
        assertSame("Mismatched authentication instances equality", token, result);
        assertOperationResult(result, Arrays.asList(grants));
    }

View Full Code Here

        getAspect().setSensitiveValueMarker(marker);


        String[] grants = {"tester", "insight"};
        Authentication token = new TestingAuthenticationToken("testObscuredCredentials", "omer", grants);
        AuthenticationManager testManager = new AuthenticationTestManager(true);
        Authentication result = testManager.authenticate(token);
        assertNotSame("Authentication token not cloned", token, result);
        assertObscuredAuthValues(token, result, marker);
    }


    @Override

View Full Code Here

0 1 2

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.