[1240] | 1 | package gov.va.med.edp.springframework.security.providers.vistalink;
|
---|
| 2 |
|
---|
| 3 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetails;
|
---|
| 4 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetailsService;
|
---|
| 5 | import junit.framework.TestCase;
|
---|
| 6 | import org.springframework.security.*;
|
---|
| 7 | import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
---|
| 8 | import org.springframework.security.providers.dao.UserCache;
|
---|
| 9 | import org.springframework.security.providers.dao.cache.NullUserCache;
|
---|
| 10 | import org.springframework.security.providers.x509.X509AuthenticationToken;
|
---|
| 11 | import org.springframework.security.userdetails.UserDetails;
|
---|
| 12 | import org.springframework.dao.DataRetrievalFailureException;
|
---|
| 13 | import org.easymock.MockControl;
|
---|
| 14 |
|
---|
| 15 | import java.util.HashMap;
|
---|
| 16 | import java.util.Map;
|
---|
| 17 |
|
---|
| 18 | public class VistaAuthenticationProviderTest extends TestCase {
|
---|
| 19 |
|
---|
| 20 | private static final String TEST_REMOTE_ADDRESS = "192.168.0.1";
|
---|
| 21 | private static final String TEST_STATION_NUMBER = "663";
|
---|
| 22 | private static final String TEST_ACCESS = "10VEHU";
|
---|
| 23 | private static final String TEST_VERIFY = "VEHU10";
|
---|
| 24 | private static final String TEST_DUZ = "12345";
|
---|
| 25 |
|
---|
| 26 | private VistaUserDetails user;
|
---|
| 27 | private VistaAuthenticationProviderTest.MockUserCache mockCache;
|
---|
| 28 |
|
---|
| 29 | private MockControl mockUserDetailServiceControl;
|
---|
| 30 | private VistaUserDetailsService mockUserDetailService;
|
---|
| 31 | private VistaAuthenticationProvider provider;
|
---|
| 32 |
|
---|
| 33 |
|
---|
| 34 | protected void setUp() throws Exception {
|
---|
| 35 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, TEST_ACCESS + ";" + TEST_VERIFY + ";" + TEST_REMOTE_ADDRESS, true, true, true, true, new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
|
---|
| 36 |
|
---|
| 37 | mockUserDetailServiceControl = MockControl.createControl(VistaUserDetailsService.class);
|
---|
| 38 | mockUserDetailService = (VistaUserDetailsService) mockUserDetailServiceControl.getMock();
|
---|
| 39 |
|
---|
| 40 | provider = new VistaAuthenticationProvider();
|
---|
| 41 | provider.setUserDetailsService(mockUserDetailService);
|
---|
| 42 | mockCache = new MockUserCache();
|
---|
| 43 | provider.setUserCache(mockCache);
|
---|
| 44 | provider.afterPropertiesSet();
|
---|
| 45 | }
|
---|
| 46 |
|
---|
| 47 | protected VistaUserDetails createUser(String logIEN, String stationNumber, String duz, String password, boolean nonExpired, boolean nonLocked, boolean credentialsNonExpired, boolean enabled, GrantedAuthority[] authorities) {
|
---|
| 48 | MockControl mockUserControl = MockControl.createControl(VistaUserDetails.class);
|
---|
| 49 | VistaUserDetails user = (VistaUserDetails) mockUserControl.getMock();
|
---|
| 50 | mockUserControl.expectAndDefaultReturn(user.getSignonLogInternalEntryNumber(), logIEN);
|
---|
| 51 | mockUserControl.expectAndDefaultReturn(user.getLoginStationNumber(), stationNumber);
|
---|
| 52 | mockUserControl.expectAndDefaultReturn(user.getDuz(), duz);
|
---|
| 53 | mockUserControl.expectAndDefaultReturn(user.isAccountNonExpired(), nonExpired);
|
---|
| 54 | mockUserControl.expectAndDefaultReturn(user.isAccountNonLocked(), nonLocked);
|
---|
| 55 | mockUserControl.expectAndDefaultReturn(user.isCredentialsNonExpired(), credentialsNonExpired);
|
---|
| 56 | mockUserControl.expectAndDefaultReturn(user.isEnabled(), enabled);
|
---|
| 57 | mockUserControl.expectAndDefaultReturn(user.getUsername(), duz + "@" + stationNumber);
|
---|
| 58 | mockUserControl.expectAndDefaultReturn(user.getPassword(), password);
|
---|
| 59 | mockUserControl.expectAndDefaultReturn(user.getAuthorities(), authorities);
|
---|
| 60 | mockUserControl.replay();
|
---|
| 61 | return user;
|
---|
| 62 | }
|
---|
| 63 |
|
---|
| 64 | public void testSupports() {
|
---|
| 65 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
| 66 |
|
---|
| 67 | assertTrue(provider.supports(VistaAuthenticationToken.class));
|
---|
| 68 | assertFalse(provider.supports(UsernamePasswordAuthenticationToken.class));
|
---|
| 69 | assertFalse(provider.supports(X509AuthenticationToken.class));
|
---|
| 70 | }
|
---|
| 71 |
|
---|
| 72 | public void testReceivedBadCredentialsWhenCredentialsNotProvided() {
|
---|
| 73 | mockUserDetailServiceControl.expectAndThrow(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, null, null), new BadCredentialsException("missing credentials"));
|
---|
| 74 | mockUserDetailServiceControl.replay();
|
---|
| 75 |
|
---|
| 76 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, null, null);
|
---|
| 77 | try {
|
---|
| 78 | provider.authenticate(token);
|
---|
| 79 | fail("Expected BadCredenialsException");
|
---|
| 80 | } catch (BadCredentialsException expected) {
|
---|
| 81 | // NOOP
|
---|
| 82 | }
|
---|
| 83 |
|
---|
| 84 | mockUserDetailServiceControl.verify();
|
---|
| 85 | }
|
---|
| 86 |
|
---|
| 87 | public void testAuthenticateFailsIfAccountExpired() {
|
---|
| 88 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, false, true, true, true, new GrantedAuthority[]{});
|
---|
| 89 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
| 90 | mockUserDetailServiceControl.replay();
|
---|
| 91 |
|
---|
| 92 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 93 |
|
---|
| 94 | try {
|
---|
| 95 | provider.authenticate(token);
|
---|
| 96 | fail("Should have thrown AccountExpiredException");
|
---|
| 97 | } catch (AccountExpiredException expected) {
|
---|
| 98 | assertTrue(true);
|
---|
| 99 | }
|
---|
| 100 | }
|
---|
| 101 |
|
---|
| 102 | public void testAuthenticateFailsIfAccountLocked() {
|
---|
| 103 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, false, true, true, new GrantedAuthority[]{});
|
---|
| 104 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
| 105 | mockUserDetailServiceControl.replay();
|
---|
| 106 |
|
---|
| 107 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 108 |
|
---|
| 109 | try {
|
---|
| 110 | provider.authenticate(token);
|
---|
| 111 | fail("Should have thrown LockedException");
|
---|
| 112 | } catch (LockedException expected) {
|
---|
| 113 | assertTrue(true);
|
---|
| 114 | }
|
---|
| 115 | }
|
---|
| 116 |
|
---|
| 117 | public void testAuthenticateFailsIfCredentialsExpired() {
|
---|
| 118 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, true, false, true, new GrantedAuthority[]{});
|
---|
| 119 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
| 120 | mockUserDetailServiceControl.replay();
|
---|
| 121 |
|
---|
| 122 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 123 | try {
|
---|
| 124 | provider.authenticate(token);
|
---|
| 125 | fail("Expected CredentialsExpiredException");
|
---|
| 126 | } catch (CredentialsExpiredException expected) {
|
---|
| 127 | // NOOP
|
---|
| 128 | }
|
---|
| 129 |
|
---|
| 130 | mockUserDetailServiceControl.verify();
|
---|
| 131 | }
|
---|
| 132 |
|
---|
| 133 | public void testAuthenticateFailsIfUserDisabled() {
|
---|
| 134 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, true, true, false, new GrantedAuthority[]{});
|
---|
| 135 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
| 136 | mockUserDetailServiceControl.replay();
|
---|
| 137 |
|
---|
| 138 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 139 |
|
---|
| 140 | try {
|
---|
| 141 | provider.authenticate(token);
|
---|
| 142 | fail("Should have thrown DisabledException");
|
---|
| 143 | } catch (DisabledException expected) {
|
---|
| 144 | assertTrue(true);
|
---|
| 145 | }
|
---|
| 146 | }
|
---|
| 147 |
|
---|
| 148 |
|
---|
| 149 | public void testAuthenticateFailsWhenAuthenticationDaoHasBackendFailure() {
|
---|
| 150 | mockUserDetailServiceControl.expectAndThrow(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), new DataRetrievalFailureException("This mock simulator is designed to fail"));
|
---|
| 151 | mockUserDetailServiceControl.replay();
|
---|
| 152 |
|
---|
| 153 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 154 | try {
|
---|
| 155 | provider.authenticate(token);
|
---|
| 156 | fail("Should have thrown AuthenticationServiceException");
|
---|
| 157 | } catch (AuthenticationServiceException expected) {
|
---|
| 158 | assertTrue(true);
|
---|
| 159 | }
|
---|
| 160 |
|
---|
| 161 | mockUserDetailServiceControl.verify();
|
---|
| 162 | }
|
---|
| 163 |
|
---|
| 164 | public void testAuthenticates() {
|
---|
| 165 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
| 166 | mockUserDetailServiceControl.replay();
|
---|
| 167 |
|
---|
| 168 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 169 | Authentication result = provider.authenticate(token);
|
---|
| 170 |
|
---|
| 171 | if (!(result instanceof VistaAuthenticationToken)) {
|
---|
| 172 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
| 173 | }
|
---|
| 174 | assertNotSame(token, result);
|
---|
| 175 |
|
---|
| 176 | VistaAuthenticationToken castResult = (VistaAuthenticationToken) result;
|
---|
| 177 | assertTrue(VistaUserDetails.class.isAssignableFrom(castResult.getPrincipal().getClass()));
|
---|
| 178 | assertEquals(TEST_ACCESS, castResult.getAccessCode());
|
---|
| 179 | assertEquals(TEST_VERIFY, castResult.getVerifyCode());
|
---|
| 180 | assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority());
|
---|
| 181 | assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority());
|
---|
| 182 | assertEquals(TEST_REMOTE_ADDRESS, castResult.getDetails());
|
---|
| 183 |
|
---|
| 184 | mockUserDetailServiceControl.verify();
|
---|
| 185 | }
|
---|
| 186 |
|
---|
| 187 | public void testAuthenticatesASecondTime() {
|
---|
| 188 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS),user);
|
---|
| 189 | mockUserDetailServiceControl.replay();
|
---|
| 190 |
|
---|
| 191 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 192 |
|
---|
| 193 | Authentication result = provider.authenticate(token);
|
---|
| 194 |
|
---|
| 195 | if (!(result instanceof VistaAuthenticationToken)) {
|
---|
| 196 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
| 197 | }
|
---|
| 198 |
|
---|
| 199 | // Now try to authenticate with the previous result (with its UserDetails)
|
---|
| 200 | Authentication result2 = provider.authenticate(result);
|
---|
| 201 |
|
---|
| 202 | if (!(result2 instanceof VistaAuthenticationToken)) {
|
---|
| 203 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
| 204 | }
|
---|
| 205 |
|
---|
| 206 | assertNotSame(result, result2);
|
---|
| 207 | assertEquals(result.getCredentials(), result2.getCredentials());
|
---|
| 208 | }
|
---|
| 209 |
|
---|
| 210 | public void testDetectsNullBeingReturnedFromAuthenticationDao() {
|
---|
| 211 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), null);
|
---|
| 212 | mockUserDetailServiceControl.replay();
|
---|
| 213 |
|
---|
| 214 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 215 |
|
---|
| 216 | try {
|
---|
| 217 | provider.authenticate(token);
|
---|
| 218 | fail("Should have thrown AuthenticationServiceException");
|
---|
| 219 | } catch (AuthenticationServiceException expected) {
|
---|
| 220 | assertEquals("VistaUserDetailsService returned null, which is an interface contract violation",
|
---|
| 221 | expected.getMessage());
|
---|
| 222 | }
|
---|
| 223 | }
|
---|
| 224 |
|
---|
| 225 | public void testGoesBackToAuthenticationDaoToObtainLatestVerifyCodeIfCachedVerifyCodeSeemsIncorrect() {
|
---|
| 226 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
| 227 | mockUserDetailServiceControl.replay();
|
---|
| 228 |
|
---|
| 229 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 230 |
|
---|
| 231 | // This will work, as password still "koala"
|
---|
| 232 | provider.authenticate(token);
|
---|
| 233 |
|
---|
| 234 | // Check "12345@663 = 10VEHU;VEHU10;192.168.0.1" ended up in the cache
|
---|
| 235 | assertEquals(TEST_ACCESS + ";" + TEST_VERIFY + ";" + TEST_REMOTE_ADDRESS, mockCache.getUserFromCache(TEST_DUZ + "@" + TEST_STATION_NUMBER).getPassword());
|
---|
| 236 | mockUserDetailServiceControl.verify();
|
---|
| 237 |
|
---|
| 238 | // Now change the password the AuthenticationDao will return
|
---|
| 239 | mockUserDetailServiceControl.reset();
|
---|
| 240 |
|
---|
| 241 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, TEST_ACCESS + ";easternLongNeckTurtle;" + TEST_REMOTE_ADDRESS, true, true, true, true, new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
|
---|
| 242 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, "easternLongNeckTurtle", TEST_REMOTE_ADDRESS), user);
|
---|
| 243 | mockUserDetailServiceControl.replay();
|
---|
| 244 |
|
---|
| 245 | // Now try authentication again, with the new password
|
---|
| 246 | token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, "easternLongNeckTurtle", TEST_REMOTE_ADDRESS);
|
---|
| 247 | provider.authenticate(token);
|
---|
| 248 |
|
---|
| 249 | // To get this far, the new password was accepted
|
---|
| 250 | // Check the cache was updated
|
---|
| 251 | assertEquals("10VEHU;easternLongNeckTurtle;192.168.0.1", mockCache.getUserFromCache(TEST_DUZ + "@" + TEST_STATION_NUMBER).getPassword());
|
---|
| 252 | }
|
---|
| 253 |
|
---|
| 254 | public void testStartupFailsIfNoVistaUserDetailsService()
|
---|
| 255 | throws Exception {
|
---|
| 256 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
| 257 |
|
---|
| 258 | try {
|
---|
| 259 | provider.afterPropertiesSet();
|
---|
| 260 | fail("Should have thrown IllegalArgumentException");
|
---|
| 261 | } catch (IllegalArgumentException expected) {
|
---|
| 262 | assertTrue(true);
|
---|
| 263 | }
|
---|
| 264 | }
|
---|
| 265 |
|
---|
| 266 | public void testStartupFailsIfNoUserCacheSet() throws Exception {
|
---|
| 267 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
| 268 | provider.setUserDetailsService(mockUserDetailService);
|
---|
| 269 | assertEquals(NullUserCache.class, provider.getUserCache().getClass());
|
---|
| 270 | provider.setUserCache(null);
|
---|
| 271 |
|
---|
| 272 | try {
|
---|
| 273 | provider.afterPropertiesSet();
|
---|
| 274 | fail("Should have thrown IllegalArgumentException");
|
---|
| 275 | } catch (IllegalArgumentException expected) {
|
---|
| 276 | assertTrue(true);
|
---|
| 277 | }
|
---|
| 278 | }
|
---|
| 279 |
|
---|
| 280 | public void testStartupSuccess() throws Exception {
|
---|
| 281 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
| 282 | provider.setUserDetailsService(mockUserDetailService);
|
---|
| 283 | provider.setUserCache(new MockUserCache());
|
---|
| 284 | assertSame(mockUserDetailService, provider.getUserDetailsService());
|
---|
| 285 | provider.afterPropertiesSet();
|
---|
| 286 | }
|
---|
| 287 |
|
---|
| 288 | private class MockUserCache implements UserCache {
|
---|
| 289 | private Map cache = new HashMap();
|
---|
| 290 |
|
---|
| 291 | public UserDetails getUserFromCache(String username) {
|
---|
| 292 | return (UserDetails) cache.get(username);
|
---|
| 293 | }
|
---|
| 294 |
|
---|
| 295 | public void putUserInCache(UserDetails user) {
|
---|
| 296 | cache.put(user.getUsername(), user);
|
---|
| 297 | }
|
---|
| 298 |
|
---|
| 299 | public void removeUserFromCache(String username) {
|
---|
| 300 | }
|
---|
| 301 | }
|
---|
| 302 | }
|
---|
| 303 |
|
---|
| 304 | /* this is the source for when we move to java 5 an later easymock version
|
---|
| 305 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetails;
|
---|
| 306 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetailsService;
|
---|
| 307 | import junit.framework.TestCase;
|
---|
| 308 | import org.springframework.security.*;
|
---|
| 309 | import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
---|
| 310 | import org.springframework.security.providers.dao.UserCache;
|
---|
| 311 | import org.springframework.security.providers.dao.cache.NullUserCache;
|
---|
| 312 | import org.springframework.security.providers.x509.X509AuthenticationToken;
|
---|
| 313 | import org.springframework.security.userdetails.UserDetails;
|
---|
| 314 | import org.easymock.EasyMock;
|
---|
| 315 | import static org.easymock.EasyMock.*;
|
---|
| 316 | import org.springframework.dao.DataRetrievalFailureException;
|
---|
| 317 |
|
---|
| 318 | import java.util.HashMap;
|
---|
| 319 | import java.util.Map;
|
---|
| 320 |
|
---|
| 321 | public class VistaAuthenticationProviderTest extends TestCase {
|
---|
| 322 |
|
---|
| 323 | private static final String TEST_REMOTE_ADDRESS = "192.168.0.1";
|
---|
| 324 | private static final String TEST_STATION_NUMBER = "663";
|
---|
| 325 | private static final String TEST_ACCESS = "10VEHU";
|
---|
| 326 | private static final String TEST_VERIFY = "VEHU10";
|
---|
| 327 | private static final String TEST_DUZ = "12345";
|
---|
| 328 |
|
---|
| 329 | private VistaUserDetails user;
|
---|
| 330 | private VistaAuthenticationProviderTest.MockUserCache mockCache;
|
---|
| 331 |
|
---|
| 332 | private VistaUserDetailsService mockUserDetailService;
|
---|
| 333 | private VistaAuthenticationProvider provider;
|
---|
| 334 |
|
---|
| 335 |
|
---|
| 336 | protected void setUp() throws Exception {
|
---|
| 337 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, TEST_ACCESS + ";" + TEST_VERIFY + ";" + TEST_REMOTE_ADDRESS, true, true, true, true, new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"));
|
---|
| 338 |
|
---|
| 339 | mockUserDetailService = EasyMock.createMock(VistaUserDetailsService.class);
|
---|
| 340 |
|
---|
| 341 | provider = new VistaAuthenticationProvider();
|
---|
| 342 | provider.setUserDetailsService(mockUserDetailService);
|
---|
| 343 | mockCache = new MockUserCache();
|
---|
| 344 | provider.setUserCache(mockCache);
|
---|
| 345 | provider.afterPropertiesSet();
|
---|
| 346 | }
|
---|
| 347 |
|
---|
| 348 | protected VistaUserDetails createUser(String logIEN, String stationNumber, String duz, String password, boolean nonExpired, boolean nonLocked, boolean credentialsNonExpired, boolean enabled, GrantedAuthority... authorities) {
|
---|
| 349 | VistaUserDetails user = EasyMock.createMock(VistaUserDetails.class);
|
---|
| 350 | EasyMock.expect(user.getSignonLogInternalEntryNumber()).andReturn(logIEN).anyTimes();
|
---|
| 351 | EasyMock.expect(user.getLoginStationNumber()).andReturn(stationNumber).anyTimes();
|
---|
| 352 | EasyMock.expect(user.getDuz()).andReturn(duz).anyTimes();
|
---|
| 353 | EasyMock.expect(user.isAccountNonExpired()).andReturn(nonExpired).anyTimes();
|
---|
| 354 | EasyMock.expect(user.isAccountNonLocked()).andReturn(nonLocked).anyTimes();
|
---|
| 355 | EasyMock.expect(user.isCredentialsNonExpired()).andReturn(credentialsNonExpired).anyTimes();
|
---|
| 356 | EasyMock.expect(user.isEnabled()).andReturn(enabled).anyTimes();
|
---|
| 357 | EasyMock.expect(user.getUsername()).andReturn(duz + "@" + stationNumber).anyTimes();
|
---|
| 358 | EasyMock.expect(user.getPassword()).andReturn(password).anyTimes();
|
---|
| 359 | EasyMock.expect(user.getAuthorities()).andReturn(authorities).anyTimes();
|
---|
| 360 | EasyMock.replay(user);
|
---|
| 361 | return user;
|
---|
| 362 | }
|
---|
| 363 |
|
---|
| 364 | public void testSupports() {
|
---|
| 365 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
| 366 |
|
---|
| 367 | assertTrue(provider.supports(VistaAuthenticationToken.class));
|
---|
| 368 | assertFalse(provider.supports(UsernamePasswordAuthenticationToken.class));
|
---|
| 369 | assertFalse(provider.supports(X509AuthenticationToken.class));
|
---|
| 370 | }
|
---|
| 371 |
|
---|
| 372 | public void testReceivedBadCredentialsWhenCredentialsNotProvided() {
|
---|
| 373 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, null, null)).andThrow(new BadCredentialsException("missing credentials"));
|
---|
| 374 | replay(mockUserDetailService);
|
---|
| 375 |
|
---|
| 376 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, null, null);
|
---|
| 377 | try {
|
---|
| 378 | provider.authenticate(token);
|
---|
| 379 | fail("Expected BadCredenialsException");
|
---|
| 380 | } catch (BadCredentialsException expected) {
|
---|
| 381 | // NOOP
|
---|
| 382 | }
|
---|
| 383 |
|
---|
| 384 | verify(mockUserDetailService);
|
---|
| 385 | }
|
---|
| 386 |
|
---|
| 387 | public void testAuthenticateFailsIfAccountExpired() {
|
---|
| 388 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, false, true, true, true);
|
---|
| 389 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
| 390 | replay(mockUserDetailService);
|
---|
| 391 |
|
---|
| 392 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 393 |
|
---|
| 394 | try {
|
---|
| 395 | provider.authenticate(token);
|
---|
| 396 | fail("Should have thrown AccountExpiredException");
|
---|
| 397 | } catch (AccountExpiredException expected) {
|
---|
| 398 | assertTrue(true);
|
---|
| 399 | }
|
---|
| 400 | }
|
---|
| 401 |
|
---|
| 402 | public void testAuthenticateFailsIfAccountLocked() {
|
---|
| 403 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, false, true, true);
|
---|
| 404 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
| 405 | replay(mockUserDetailService);
|
---|
| 406 |
|
---|
| 407 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 408 |
|
---|
| 409 | try {
|
---|
| 410 | provider.authenticate(token);
|
---|
| 411 | fail("Should have thrown LockedException");
|
---|
| 412 | } catch (LockedException expected) {
|
---|
| 413 | assertTrue(true);
|
---|
| 414 | }
|
---|
| 415 | }
|
---|
| 416 |
|
---|
| 417 | public void testAuthenticateFailsIfCredentialsExpired() {
|
---|
| 418 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, true, false, true);
|
---|
| 419 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
| 420 | replay(mockUserDetailService);
|
---|
| 421 |
|
---|
| 422 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 423 | try {
|
---|
| 424 | provider.authenticate(token);
|
---|
| 425 | fail("Expected CredentialsExpiredException");
|
---|
| 426 | } catch (CredentialsExpiredException expected) {
|
---|
| 427 | // NOOP
|
---|
| 428 | }
|
---|
| 429 |
|
---|
| 430 | verify(mockUserDetailService);
|
---|
| 431 | }
|
---|
| 432 |
|
---|
| 433 | public void testAuthenticateFailsIfUserDisabled() {
|
---|
| 434 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, true, true, false);
|
---|
| 435 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
| 436 | replay(mockUserDetailService);
|
---|
| 437 |
|
---|
| 438 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 439 |
|
---|
| 440 | try {
|
---|
| 441 | provider.authenticate(token);
|
---|
| 442 | fail("Should have thrown DisabledException");
|
---|
| 443 | } catch (DisabledException expected) {
|
---|
| 444 | assertTrue(true);
|
---|
| 445 | }
|
---|
| 446 | }
|
---|
| 447 |
|
---|
| 448 |
|
---|
| 449 | public void testAuthenticateFailsWhenAuthenticationDaoHasBackendFailure() {
|
---|
| 450 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andThrow(new DataRetrievalFailureException("This mock simulator is designed to fail"));
|
---|
| 451 | replay(mockUserDetailService);
|
---|
| 452 |
|
---|
| 453 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 454 | try {
|
---|
| 455 | provider.authenticate(token);
|
---|
| 456 | fail("Should have thrown AuthenticationServiceException");
|
---|
| 457 | } catch (AuthenticationServiceException expected) {
|
---|
| 458 | assertTrue(true);
|
---|
| 459 | }
|
---|
| 460 |
|
---|
| 461 | verify(mockUserDetailService);
|
---|
| 462 | }
|
---|
| 463 |
|
---|
| 464 | public void testAuthenticates() {
|
---|
| 465 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
| 466 | replay(mockUserDetailService);
|
---|
| 467 |
|
---|
| 468 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 469 | Authentication result = provider.authenticate(token);
|
---|
| 470 |
|
---|
| 471 | if (!(result instanceof VistaAuthenticationToken)) {
|
---|
| 472 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
| 473 | }
|
---|
| 474 | assertNotSame(token, result);
|
---|
| 475 |
|
---|
| 476 | VistaAuthenticationToken castResult = (VistaAuthenticationToken) result;
|
---|
| 477 | assertTrue(VistaUserDetails.class.isAssignableFrom(castResult.getPrincipal().getClass()));
|
---|
| 478 | assertEquals(TEST_ACCESS, castResult.getAccessCode());
|
---|
| 479 | assertEquals(TEST_VERIFY, castResult.getVerifyCode());
|
---|
| 480 | assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority());
|
---|
| 481 | assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority());
|
---|
| 482 | assertEquals(TEST_REMOTE_ADDRESS, castResult.getDetails());
|
---|
| 483 |
|
---|
| 484 | verify(mockUserDetailService);
|
---|
| 485 | }
|
---|
| 486 |
|
---|
| 487 | public void testAuthenticatesASecondTime() {
|
---|
| 488 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
| 489 | replay(mockUserDetailService);
|
---|
| 490 |
|
---|
| 491 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 492 |
|
---|
| 493 | Authentication result = provider.authenticate(token);
|
---|
| 494 |
|
---|
| 495 | if (!(result instanceof VistaAuthenticationToken)) {
|
---|
| 496 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
| 497 | }
|
---|
| 498 |
|
---|
| 499 | // Now try to authenticate with the previous result (with its UserDetails)
|
---|
| 500 | Authentication result2 = provider.authenticate(result);
|
---|
| 501 |
|
---|
| 502 | if (!(result2 instanceof VistaAuthenticationToken)) {
|
---|
| 503 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
| 504 | }
|
---|
| 505 |
|
---|
| 506 | assertNotSame(result, result2);
|
---|
| 507 | assertEquals(result.getCredentials(), result2.getCredentials());
|
---|
| 508 | }
|
---|
| 509 |
|
---|
| 510 | public void testDetectsNullBeingReturnedFromAuthenticationDao() {
|
---|
| 511 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(null);
|
---|
| 512 | replay(mockUserDetailService);
|
---|
| 513 |
|
---|
| 514 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 515 |
|
---|
| 516 | try {
|
---|
| 517 | provider.authenticate(token);
|
---|
| 518 | fail("Should have thrown AuthenticationServiceException");
|
---|
| 519 | } catch (AuthenticationServiceException expected) {
|
---|
| 520 | assertEquals("VistaUserDetailsService returned null, which is an interface contract violation",
|
---|
| 521 | expected.getMessage());
|
---|
| 522 | }
|
---|
| 523 | }
|
---|
| 524 |
|
---|
| 525 | public void testGoesBackToAuthenticationDaoToObtainLatestVerifyCodeIfCachedVerifyCodeSeemsIncorrect() {
|
---|
| 526 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
| 527 | replay(mockUserDetailService);
|
---|
| 528 |
|
---|
| 529 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
| 530 |
|
---|
| 531 | // This will work, as password still "koala"
|
---|
| 532 | provider.authenticate(token);
|
---|
| 533 |
|
---|
| 534 | // Check "12345@663 = 10VEHU;VEHU10;192.168.0.1" ended up in the cache
|
---|
| 535 | assertEquals(TEST_ACCESS + ";" + TEST_VERIFY + ";" + TEST_REMOTE_ADDRESS, mockCache.getUserFromCache(TEST_DUZ + "@" + TEST_STATION_NUMBER).getPassword());
|
---|
| 536 | verify(mockUserDetailService);
|
---|
| 537 |
|
---|
| 538 | // Now change the password the AuthenticationDao will return
|
---|
| 539 | EasyMock.reset(mockUserDetailService);
|
---|
| 540 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, TEST_ACCESS + ";easternLongNeckTurtle;" + TEST_REMOTE_ADDRESS, true, true, true, true, new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"));
|
---|
| 541 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, "easternLongNeckTurtle", TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
| 542 | replay(mockUserDetailService);
|
---|
| 543 |
|
---|
| 544 | // Now try authentication again, with the new password
|
---|
| 545 | token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, "easternLongNeckTurtle", TEST_REMOTE_ADDRESS);
|
---|
| 546 | provider.authenticate(token);
|
---|
| 547 |
|
---|
| 548 | // To get this far, the new password was accepted
|
---|
| 549 | // Check the cache was updated
|
---|
| 550 | assertEquals("10VEHU;easternLongNeckTurtle;192.168.0.1", mockCache.getUserFromCache(TEST_DUZ + "@" + TEST_STATION_NUMBER).getPassword());
|
---|
| 551 | }
|
---|
| 552 |
|
---|
| 553 | public void testStartupFailsIfNoVistaUserDetailsService()
|
---|
| 554 | throws Exception {
|
---|
| 555 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
| 556 |
|
---|
| 557 | try {
|
---|
| 558 | provider.afterPropertiesSet();
|
---|
| 559 | fail("Should have thrown IllegalArgumentException");
|
---|
| 560 | } catch (IllegalArgumentException expected) {
|
---|
| 561 | assertTrue(true);
|
---|
| 562 | }
|
---|
| 563 | }
|
---|
| 564 |
|
---|
| 565 | public void testStartupFailsIfNoUserCacheSet() throws Exception {
|
---|
| 566 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
| 567 | provider.setUserDetailsService(mockUserDetailService);
|
---|
| 568 | assertEquals(NullUserCache.class, provider.getUserCache().getClass());
|
---|
| 569 | provider.setUserCache(null);
|
---|
| 570 |
|
---|
| 571 | try {
|
---|
| 572 | provider.afterPropertiesSet();
|
---|
| 573 | fail("Should have thrown IllegalArgumentException");
|
---|
| 574 | } catch (IllegalArgumentException expected) {
|
---|
| 575 | assertTrue(true);
|
---|
| 576 | }
|
---|
| 577 | }
|
---|
| 578 |
|
---|
| 579 | public void testStartupSuccess() throws Exception {
|
---|
| 580 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
| 581 | provider.setUserDetailsService(mockUserDetailService);
|
---|
| 582 | provider.setUserCache(new MockUserCache());
|
---|
| 583 | assertSame(mockUserDetailService, provider.getUserDetailsService());
|
---|
| 584 | provider.afterPropertiesSet();
|
---|
| 585 | }
|
---|
| 586 |
|
---|
| 587 | private class MockUserCache implements UserCache {
|
---|
| 588 | private Map cache = new HashMap();
|
---|
| 589 |
|
---|
| 590 | public UserDetails getUserFromCache(String username) {
|
---|
| 591 | return (UserDetails) cache.get(username);
|
---|
| 592 | }
|
---|
| 593 |
|
---|
| 594 | public void putUserInCache(UserDetails user) {
|
---|
| 595 | cache.put(user.getUsername(), user);
|
---|
| 596 | }
|
---|
| 597 |
|
---|
| 598 | public void removeUserFromCache(String username) {
|
---|
| 599 | }
|
---|
| 600 | }
|
---|
| 601 | }
|
---|
| 602 | */
|
---|