001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.ui.x509;
017:
018: import junit.framework.TestCase;
019:
020: import org.acegisecurity.Authentication;
021: import org.acegisecurity.AuthenticationManager;
022: import org.acegisecurity.BadCredentialsException;
023: import org.acegisecurity.MockAuthenticationManager;
024:
025: import org.acegisecurity.context.SecurityContextHolder;
026:
027: import org.acegisecurity.providers.x509.X509AuthenticationToken;
028: import org.acegisecurity.providers.x509.X509TestUtils;
029:
030: import org.acegisecurity.ui.AbstractProcessingFilter;
031:
032: import org.acegisecurity.util.MockFilterChain;
033:
034: import org.springframework.mock.web.MockHttpServletRequest;
035: import org.springframework.mock.web.MockHttpServletResponse;
036:
037: import java.security.cert.X509Certificate;
038:
039: import javax.servlet.FilterChain;
040: import javax.servlet.ServletException;
041:
042: /**
043: * Tests {@link org.acegisecurity.ui.x509.X509ProcessingFilter}.
044: *
045: * @author Luke Taylor
046: * @version $Id: X509ProcessingFilterTests.java 1496 2006-05-23 13:38:33Z benalex $
047: */
048: public class X509ProcessingFilterTests extends TestCase {
049: //~ Constructors ===================================================================================================
050:
051: public X509ProcessingFilterTests() {
052: super ();
053: }
054:
055: public X509ProcessingFilterTests(String arg0) {
056: super (arg0);
057: }
058:
059: //~ Methods ========================================================================================================
060:
061: public final void setUp() throws Exception {
062: super .setUp();
063: }
064:
065: public void tearDown() {
066: SecurityContextHolder.getContext().setAuthentication(null);
067: }
068:
069: public void testAuthenticationIsNullWithNoCertificate()
070: throws Exception {
071: MockHttpServletRequest request = new MockHttpServletRequest();
072: MockHttpServletResponse response = new MockHttpServletResponse();
073: FilterChain chain = new MockFilterChain(true);
074:
075: AuthenticationManager authMgr = new MockX509AuthenticationManager();
076: X509ProcessingFilter filter = new X509ProcessingFilter();
077:
078: filter.setAuthenticationManager(authMgr);
079:
080: SecurityContextHolder.getContext().setAuthentication(null);
081: filter.doFilter(request, response, chain);
082:
083: Object lastException = request
084: .getSession()
085: .getAttribute(
086: AbstractProcessingFilter.ACEGI_SECURITY_LAST_EXCEPTION_KEY);
087:
088: assertNull("Authentication should be null",
089: SecurityContextHolder.getContext().getAuthentication());
090: assertTrue("BadCredentialsException should have been thrown",
091: lastException instanceof BadCredentialsException);
092: }
093:
094: public void testDoFilterWithNonHttpServletRequestDetected()
095: throws Exception {
096: X509ProcessingFilter filter = new X509ProcessingFilter();
097:
098: try {
099: filter.doFilter(null, new MockHttpServletResponse(),
100: new MockFilterChain(false));
101: fail("Should have thrown ServletException");
102: } catch (ServletException expected) {
103: assertEquals("Can only process HttpServletRequest",
104: expected.getMessage());
105: }
106: }
107:
108: public void testDoFilterWithNonHttpServletResponseDetected()
109: throws Exception {
110: X509ProcessingFilter filter = new X509ProcessingFilter();
111:
112: try {
113: filter.doFilter(new MockHttpServletRequest(null, null),
114: null, new MockFilterChain(false));
115: fail("Should have thrown ServletException");
116: } catch (ServletException expected) {
117: assertEquals("Can only process HttpServletResponse",
118: expected.getMessage());
119: }
120: }
121:
122: public void testFailedAuthentication() throws Exception {
123: MockHttpServletRequest request = new MockHttpServletRequest();
124: MockHttpServletResponse response = new MockHttpServletResponse();
125: FilterChain chain = new MockFilterChain(true);
126:
127: request.setAttribute("javax.servlet.request.X509Certificate",
128: new X509Certificate[] { X509TestUtils
129: .buildTestCertificate() });
130:
131: AuthenticationManager authMgr = new MockAuthenticationManager(
132: false);
133:
134: SecurityContextHolder.getContext().setAuthentication(null);
135:
136: X509ProcessingFilter filter = new X509ProcessingFilter();
137:
138: filter.setAuthenticationManager(authMgr);
139: filter.afterPropertiesSet();
140: filter.init(null);
141: filter.doFilter(request, response, chain);
142: filter.destroy();
143:
144: Authentication result = SecurityContextHolder.getContext()
145: .getAuthentication();
146:
147: assertNull(result);
148: }
149:
150: public void testNeedsAuthenticationManager() throws Exception {
151: X509ProcessingFilter filter = new X509ProcessingFilter();
152:
153: try {
154: filter.afterPropertiesSet();
155: fail("Expected IllegalArgumentException");
156: } catch (IllegalArgumentException failed) {
157: // ignored
158: }
159: }
160:
161: public void testNormalOperation() throws Exception {
162: MockHttpServletRequest request = new MockHttpServletRequest();
163: MockHttpServletResponse response = new MockHttpServletResponse();
164: FilterChain chain = new MockFilterChain(true);
165:
166: request.setAttribute("javax.servlet.request.X509Certificate",
167: new X509Certificate[] { X509TestUtils
168: .buildTestCertificate() });
169:
170: AuthenticationManager authMgr = new MockX509AuthenticationManager();
171:
172: SecurityContextHolder.getContext().setAuthentication(null);
173:
174: X509ProcessingFilter filter = new X509ProcessingFilter();
175:
176: filter.setAuthenticationManager(authMgr);
177: filter.afterPropertiesSet();
178: filter.init(null);
179: filter.doFilter(request, response, chain);
180: filter.destroy();
181:
182: Authentication result = SecurityContextHolder.getContext()
183: .getAuthentication();
184:
185: assertNotNull(result);
186: }
187:
188: //~ Inner Classes ==================================================================================================
189:
190: private static class MockX509AuthenticationManager implements
191: AuthenticationManager {
192: public Authentication authenticate(Authentication a) {
193: if (!(a instanceof X509AuthenticationToken)) {
194: TestCase
195: .fail("Needed an X509Authentication token but found "
196: + a);
197: }
198:
199: if (a.getCredentials() == null) {
200: throw new BadCredentialsException(
201: "Mock authentication manager rejecting null certificate");
202: }
203:
204: return a;
205: }
206: }
207: }
|