package fr.openwide.core.test.jpa.security; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import java.util.Collection; import org.junit.After; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import fr.openwide.core.jpa.exception.SecurityServiceException; import fr.openwide.core.jpa.exception.ServiceException; import fr.openwide.core.jpa.security.business.authority.util.CoreAuthorityConstants; import fr.openwide.core.test.AbstractJpaSecurityTestCase; import fr.openwide.core.test.jpa.security.business.person.model.MockUser; public class TestCoreAuthenticationService extends AbstractJpaSecurityTestCase { @Test public void testAuthenticationUserInfo() throws ServiceException, SecurityServiceException { assertFalse(authenticationService.isLoggedIn()); MockUser user = createMockPerson(System.getProperty("user.name"), "firstName", "lastName"); user.addAuthority(authorityService.getByName(CoreAuthorityConstants.ROLE_AUTHENTICATED)); mockUserService.update(user); /* * Pour des raisons de sécurité le mot de passe est effacé après authentification. * on désactive cette option pour les besoins du test suivant. */ authenticationManager.setEraseCredentialsAfterAuthentication(false); authenticateAs(user); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); assertTrue(authenticationService.isLoggedIn()); assertNotNull(authentication); assertEquals(user.getUserName(), authentication.getName()); assertEquals(DEFAULT_PASSWORD, authentication.getCredentials()); assertTrue(authentication.isAuthenticated()); authenticationManager.setEraseCredentialsAfterAuthentication(true); authenticationService.signOut(); assertFalse(authenticationService.isLoggedIn()); assertNull(SecurityContextHolder.getContext().getAuthentication()); } @Test public void testAuthenticationRoles() throws ServiceException, SecurityServiceException { MockUser user = createMockPerson(System.getProperty("user.name"), "firstName", "lastName"); user.addAuthority(authorityService.getByName(CoreAuthorityConstants.ROLE_AUTHENTICATED)); mockUserService.update(user); authenticateAs(user); @SuppressWarnings("unchecked") Collection<GrantedAuthority> grantedAuthorities = (Collection<GrantedAuthority>) authenticationService.getAuthorities(); assertTrue(grantedAuthorities.size() > 0); boolean hasRoleSystem = false; boolean hasRoleAdmin = false; boolean hasRoleAuthenticated = false; boolean hasRoleAnonymous = false; for (GrantedAuthority grantedAuthority : grantedAuthorities) { if(CoreAuthorityConstants.ROLE_SYSTEM.equals(grantedAuthority.getAuthority())) { hasRoleSystem = true; } else if(CoreAuthorityConstants.ROLE_ADMIN.equals(grantedAuthority.getAuthority())) { hasRoleAdmin = true; } else if(CoreAuthorityConstants.ROLE_AUTHENTICATED.equals(grantedAuthority.getAuthority())) { hasRoleAuthenticated = true; } else if(CoreAuthorityConstants.ROLE_ANONYMOUS.equals(grantedAuthority.getAuthority())) { hasRoleAnonymous = true; } } assertFalse(hasRoleSystem); assertFalse(hasRoleAdmin); assertTrue(hasRoleAuthenticated); assertTrue(hasRoleAnonymous); } @Test public void testSecurityProxy() throws ServiceException, SecurityServiceException { MockUser user = createMockPerson(System.getProperty("user.name"), "firstName", "lastName"); user.addAuthority(authorityService.getByName(CoreAuthorityConstants.ROLE_AUTHENTICATED)); mockUserService.update(user); authenticateAs(user); try { mockUserService.protectedMethodRoleAdmin(); Assert.fail("L'accès devrait être interdit."); } catch (AccessDeniedException e) {} mockUserService.protectedMethodRoleAuthenticated(); } @Before @After public void signOut() { authenticationService.signOut(); } }