@After
public void teardown() throws Exception {
if (originalSecurityContext != null) {
SecurityContextHolder.setContext(originalSecurityContext);
}
configHelper.onTearDown();
}
public Principal login(Object credentials, String charset) {
List<String> decodedCredentials = Arrays.asList(decodeBase64Credentials(credentials, charset));
HttpGraniteContext context = (HttpGraniteContext) GraniteContext.getCurrentInstance();
HttpServletRequest httpRequest = context.getRequest();
String user = decodedCredentials.get(0);
String password = decodedCredentials.get(1);
Authentication auth = new UsernamePasswordAuthenticationToken(user, password);
Principal principal = null;
ApplicationContext ctx =
WebApplicationContextUtils.getWebApplicationContext(
httpRequest.getSession().getServletContext());
if (ctx != null) {
AbstractAuthenticationManager authenticationManager =
BeanFactoryUtils.beanOfTypeIncludingAncestors(ctx, AbstractAuthenticationManager.class);
try {
Authentication authentication = authenticationManager.authenticate(auth);
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);
principal = authentication;
SecurityContextHolder.setContext(securityContext);
saveSecurityContextInSession(securityContext, 0);
endLogin(credentials, charset);
} catch (AuthenticationException e) {
handleAuthenticationExceptions(e);
}
}
log.debug("User %s logged in", user);
return principal;
}
private void setCurrentUser(String username) {
originalSecurityContext = SecurityContextHolder.getContext();
SecurityContextImpl context = new SecurityContextImpl();
context.setAuthentication(
new UsernamePasswordAuthenticationToken(
new User(username, "", true, new GrantedAuthority[] {}), null));
SecurityContextHolder.setContext(context);
}
public Object authorize(AbstractSecurityContext context) throws Exception {
log.debug("Authorize: %s", context);
log.debug(
"Is %s secured? %b",
context.getDestination().getId(), context.getDestination().isSecured());
startAuthorization(context);
HttpGraniteContext graniteContext = (HttpGraniteContext) GraniteContext.getCurrentInstance();
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
SecurityContext securityContextBefore = null;
int securityContextHashBefore = 0;
if (graniteContext.getRequest().getAttribute(FILTER_APPLIED) == null) {
securityContextBefore = loadSecurityContextFromSession();
if (securityContextBefore == null) securityContextBefore = SecurityContextHolder.getContext();
else securityContextHashBefore = securityContextBefore.hashCode();
SecurityContextHolder.setContext(securityContextBefore);
authentication = securityContextBefore.getAuthentication();
}
if (context.getDestination().isSecured()) {
if (!isAuthenticated(authentication)
|| authentication instanceof AnonymousAuthenticationToken) {
log.debug("Is not authenticated!");
throw SecurityServiceException.newNotLoggedInException("User not logged in");
}
if (!userCanAccessService(context, authentication)) {
log.debug("Access denied for: %s", authentication.getName());
throw SecurityServiceException.newAccessDeniedException("User not in required role");
}
}
try {
Object returnedObject =
securityInterceptor != null
? securityInterceptor.invoke(context)
: endAuthorization(context);
return returnedObject;
} catch (AccessDeniedException e) {
throw SecurityServiceException.newAccessDeniedException(e.getMessage());
} catch (InvocationTargetException e) {
handleAuthorizationExceptions(e);
throw e;
} finally {
if (graniteContext.getRequest().getAttribute(FILTER_APPLIED) == null) {
// Do this only when not already filtered by Spring Security
SecurityContext securityContextAfter = SecurityContextHolder.getContext();
SecurityContextHolder.clearContext();
saveSecurityContextInSession(securityContextAfter, securityContextHashBefore);
}
}
}
public void testAddUserAsAdmin() throws Exception {
SecurityContext context = new SecurityContextImpl();
User user = new User("admin");
user.setId(2L);
user.setPassword("password");
user.addRole(new Role(Constants.ADMIN_ROLE));
UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(
user.getUsername(), user.getPassword(), user.getAuthorities());
token.setDetails(user);
context.setAuthentication(token);
SecurityContextHolder.setContext(context);
UserManager userManager = makeInterceptedTarget();
User adminUser = new User("admin");
adminUser.setId(2L);
userDao.expects(once()).method("saveUser");
userManager.saveUser(adminUser);
}
@Override
protected void setUp() throws Exception {
super.setUp();
// store initial security context for later restoration
initialSecurityContext = SecurityContextHolder.getContext();
SecurityContext context = new SecurityContextImpl();
User user = new User("user");
user.setId(1L);
user.setPassword("password");
user.addRole(new Role(Constants.USER_ROLE));
UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(
user.getUsername(), user.getPassword(), user.getAuthorities());
token.setDetails(user);
context.setAuthentication(token);
SecurityContextHolder.setContext(context);
}
@Override
protected void tearDown() {
SecurityContextHolder.setContext(initialSecurityContext);
}