UserServiceBeanDefinitionParserTests.java

/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.config.authentication;

import static org.assertj.core.api.Assertions.*;

import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.beans.FatalBeanException;

import org.junit.Test;
import org.junit.After;

/**
 * @author Luke Taylor
 */
public class UserServiceBeanDefinitionParserTests {
	private AbstractXmlApplicationContext appContext;

	@After
	public void closeAppContext() {
		if (appContext != null) {
			appContext.close();
		}
	}

	@Test
	public void userServiceWithValidPropertiesFileWorksSuccessfully() {
		setContext("<user-service id='service' "
				+ "properties='classpath:org/springframework/security/config/users.properties'/>");
		UserDetailsService userService = (UserDetailsService) appContext
				.getBean("service");
		userService.loadUserByUsername("bob");
		userService.loadUserByUsername("joe");
	}

	@Test
	public void userServiceWithEmbeddedUsersWorksSuccessfully() {
		setContext("<user-service id='service'>"
				+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
				+ "</user-service>");
		UserDetailsService userService = (UserDetailsService) appContext
				.getBean("service");
		userService.loadUserByUsername("joe");
	}

	@Test
	public void namePasswordAndAuthoritiesSupportPlaceholders() {
		System.setProperty("principal.name", "joe");
		System.setProperty("principal.pass", "joespassword");
		System.setProperty("principal.authorities", "ROLE_A,ROLE_B");
		setContext("<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>"
				+ "<user-service id='service'>"
				+ "    <user name='${principal.name}' password='${principal.pass}' authorities='${principal.authorities}'/>"
				+ "</user-service>");
		UserDetailsService userService = (UserDetailsService) appContext
				.getBean("service");
		UserDetails joe = userService.loadUserByUsername("joe");
		assertThat(joe.getPassword()).isEqualTo("joespassword");
		assertThat(joe.getAuthorities()).hasSize(2);
	}

	@Test
	public void embeddedUsersWithNoPasswordIsGivenGeneratedValue() {
		setContext("<user-service id='service'>"
				+ "    <user name='joe' authorities='ROLE_A'/>" + "</user-service>");
		UserDetailsService userService = (UserDetailsService) appContext
				.getBean("service");
		UserDetails joe = userService.loadUserByUsername("joe");
		assertThat(joe.getPassword().length() > 0).isTrue();
		Long.parseLong(joe.getPassword());
	}

	@Test
	public void worksWithOpenIDUrlsAsNames() {
		setContext("<user-service id='service'>"
				+ "    <user name='http://joe.myopenid.com/' authorities='ROLE_A'/>"
				+ "    <user name='https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9' authorities='ROLE_A'/>"
				+ "</user-service>");
		UserDetailsService userService = (UserDetailsService) appContext
				.getBean("service");
		assertThat(
				userService.loadUserByUsername("http://joe.myopenid.com/").getUsername())
				.isEqualTo("http://joe.myopenid.com/");
		assertThat(
				userService.loadUserByUsername(
						"https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9")
						.getUsername())
				.isEqualTo("https://www.google.com/accounts/o8/id?id=MPtOaenBIk5yzW9n7n9");
	}

	@Test
	public void disabledAndEmbeddedFlagsAreSupported() {
		setContext("<user-service id='service'>"
				+ "    <user name='joe' password='joespassword' authorities='ROLE_A' locked='true'/>"
				+ "    <user name='Bob' password='bobspassword' authorities='ROLE_A' disabled='true'/>"
				+ "</user-service>");
		UserDetailsService userService = (UserDetailsService) appContext
				.getBean("service");
		UserDetails joe = userService.loadUserByUsername("joe");
		assertThat(joe.isAccountNonLocked()).isFalse();
		// Check case-sensitive lookup SEC-1432
		UserDetails bob = userService.loadUserByUsername("Bob");
		assertThat(bob.isEnabled()).isFalse();
	}

	@Test(expected = FatalBeanException.class)
	public void userWithBothPropertiesAndEmbeddedUsersThrowsException() {
		setContext("<user-service id='service' properties='doesntmatter.props'>"
				+ "    <user name='joe' password='joespassword' authorities='ROLE_A'/>"
				+ "</user-service>");
		UserDetailsService userService = (UserDetailsService) appContext
				.getBean("service");
		userService.loadUserByUsername("Joe");
	}

	@Test(expected = FatalBeanException.class)
	public void multipleTopLevelUseWithoutIdThrowsException() {
		setContext("<user-service properties='classpath:org/springframework/security/config/users.properties'/>"
				+ "<user-service properties='classpath:org/springframework/security/config/users.properties'/>");

	}

	@Test(expected = FatalBeanException.class)
	public void userServiceWithMissingPropertiesFileThrowsException() {
		setContext("<user-service id='service' properties='classpath:doesntexist.properties'/>");
	}

	private void setContext(String context) {
		appContext = new InMemoryXmlApplicationContext(context);
	}
}