1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 package waffle.spring;
25
26 import java.io.IOException;
27 import java.nio.charset.StandardCharsets;
28 import java.util.ArrayList;
29 import java.util.Base64;
30 import java.util.Collection;
31 import java.util.Collections;
32 import java.util.List;
33
34 import javax.servlet.ServletException;
35
36 import org.junit.jupiter.api.AfterEach;
37 import org.junit.jupiter.api.Assertions;
38 import org.junit.jupiter.api.BeforeEach;
39 import org.junit.jupiter.api.Test;
40 import org.springframework.context.ApplicationContext;
41 import org.springframework.context.support.AbstractApplicationContext;
42 import org.springframework.context.support.ClassPathXmlApplicationContext;
43 import org.springframework.security.core.Authentication;
44 import org.springframework.security.core.GrantedAuthority;
45 import org.springframework.security.core.context.SecurityContextHolder;
46
47 import waffle.mock.http.SimpleFilterChain;
48 import waffle.mock.http.SimpleHttpRequest;
49 import waffle.mock.http.SimpleHttpResponse;
50 import waffle.servlet.spi.BasicSecurityFilterProvider;
51 import waffle.servlet.spi.NegotiateSecurityFilterProvider;
52 import waffle.servlet.spi.SecurityFilterProviderCollection;
53 import waffle.windows.auth.PrincipalFormat;
54 import waffle.windows.auth.impl.WindowsAccountImpl;
55
56
57
58
59 class NegotiateSecurityFilterTest {
60
61
62 private NegotiateSecurityFilter filter;
63
64
65 private ApplicationContext ctx;
66
67
68
69
70 @BeforeEach
71 void setUp() {
72 final String[] configFiles = new String[] { "springTestFilterBeans.xml" };
73 this.ctx = new ClassPathXmlApplicationContext(configFiles);
74 SecurityContextHolder.getContext().setAuthentication(null);
75 this.filter = (NegotiateSecurityFilter) this.ctx.getBean("waffleNegotiateSecurityFilter");
76 }
77
78
79
80
81 @AfterEach
82 void shutDown() {
83 ((AbstractApplicationContext) this.ctx).close();
84 }
85
86
87
88
89 @Test
90 void testFilter() {
91 Assertions.assertFalse(this.filter.isAllowGuestLogin());
92 Assertions.assertEquals(PrincipalFormat.FQN, this.filter.getPrincipalFormat());
93 Assertions.assertEquals(PrincipalFormat.BOTH, this.filter.getRoleFormat());
94 Assertions.assertNull(this.filter.getFilterConfig());
95 Assertions.assertNotNull(this.filter.getProvider());
96 }
97
98
99
100
101
102
103
104 @Test
105 void testProvider() throws ClassNotFoundException {
106 final SecurityFilterProviderCollection provider = this.filter.getProvider();
107 Assertions.assertEquals(2, provider.size());
108 Assertions.assertTrue(provider.getByClassName(
109 "waffle.servlet.spi.BasicSecurityFilterProvider") instanceof BasicSecurityFilterProvider);
110 Assertions.assertTrue(provider.getByClassName(
111 "waffle.servlet.spi.NegotiateSecurityFilterProvider") instanceof NegotiateSecurityFilterProvider);
112 }
113
114
115
116
117
118
119
120
121
122 @Test
123 void testNoChallengeGET() throws IOException, ServletException {
124 final SimpleHttpRequest request = new SimpleHttpRequest();
125 request.setMethod("GET");
126 final SimpleHttpResponse response = new SimpleHttpResponse();
127 final SimpleFilterChain chain = new SimpleFilterChain();
128 this.filter.doFilter(request, response, chain);
129
130 Assertions.assertEquals(500, response.getStatus());
131 }
132
133
134
135
136
137
138
139
140
141 @Test
142 void testNegotiate() throws IOException, ServletException {
143 final String securityPackage = "Negotiate";
144 final SimpleFilterChain filterChain = new SimpleFilterChain();
145 final SimpleHttpRequest request = new SimpleHttpRequest();
146
147 final String clientToken = Base64.getEncoder()
148 .encodeToString(WindowsAccountImpl.getCurrentUsername().getBytes(StandardCharsets.UTF_8));
149 request.addHeader("Authorization", securityPackage + " " + clientToken);
150
151 final SimpleHttpResponse response = new SimpleHttpResponse();
152 this.filter.doFilter(request, response, filterChain);
153
154 final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
155 Assertions.assertNotNull(auth);
156 final Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
157 Assertions.assertNotNull(authorities);
158 Assertions.assertEquals(3, authorities.size());
159
160 final List<String> list = new ArrayList<>();
161 for (final GrantedAuthority grantedAuthority : authorities) {
162 list.add(grantedAuthority.getAuthority());
163 }
164 Collections.sort(list);
165 Assertions.assertEquals("ROLE_EVERYONE", list.get(0));
166 Assertions.assertEquals("ROLE_USER", list.get(1));
167 Assertions.assertEquals("ROLE_USERS", list.get(2));
168 Assertions.assertEquals(0, response.getHeaderNamesSize());
169 }
170
171
172
173
174
175
176
177
178
179 @Test
180 void testUnsupportedSecurityPackagePassthrough() throws IOException, ServletException {
181 final SimpleFilterChain filterChain = new SimpleFilterChain();
182 final SimpleHttpRequest request = new SimpleHttpRequest();
183 request.addHeader("Authorization", "Unsupported challenge");
184 final SimpleHttpResponse response = new SimpleHttpResponse();
185 this.filter.doFilter(request, response, filterChain);
186
187 Assertions.assertEquals(500, response.getStatus());
188 }
189
190
191
192
193
194
195
196
197
198 @Test
199 void testGuestIsDisabled() throws IOException, ServletException {
200 final String securityPackage = "Negotiate";
201 final SimpleFilterChain filterChain = new SimpleFilterChain();
202 final SimpleHttpRequest request = new SimpleHttpRequest();
203
204 final String clientToken = Base64.getEncoder().encodeToString("Guest".getBytes(StandardCharsets.UTF_8));
205 request.addHeader("Authorization", securityPackage + " " + clientToken);
206
207 final SimpleHttpResponse response = new SimpleHttpResponse();
208 this.filter.doFilter(request, response, filterChain);
209
210 Assertions.assertEquals(401, response.getStatus());
211 Assertions.assertNull(SecurityContextHolder.getContext().getAuthentication());
212 }
213
214
215
216
217
218
219
220 @Test
221 void testAfterPropertiesSet() throws ServletException {
222 this.filter.setProvider(null);
223 Assertions.assertThrows(ServletException.class, () -> {
224 this.filter.afterPropertiesSet();
225 });
226 }
227
228 }