/** Test challenge post. */
 @Test
 public void testChallengePOST() {
   final String securityPackage = "Negotiate";
   IWindowsCredentialsHandle clientCredentials = null;
   WindowsSecurityContextImpl clientContext = null;
   try {
     // client credentials handle
     clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
     clientCredentials.initialize();
     // initial client security context
     clientContext = new WindowsSecurityContextImpl();
     clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
     clientContext.setCredentialsHandle(clientCredentials.getHandle());
     clientContext.setSecurityPackage(securityPackage);
     clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
     final SimpleHttpRequest request = new SimpleHttpRequest();
     request.setMethod("POST");
     request.setContentLength(0);
     final String clientToken = BaseEncoding.base64().encode(clientContext.getToken());
     request.addHeader("Authorization", securityPackage + " " + clientToken);
     final SimpleHttpResponse response = new SimpleHttpResponse();
     this.authenticator.authenticate(request, response);
     Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
     Assert.assertEquals("keep-alive", response.getHeader("Connection"));
     Assert.assertEquals(2, response.getHeaderNames().size());
     Assert.assertEquals(401, response.getStatus());
   } finally {
     if (clientContext != null) {
       clientContext.dispose();
     }
     if (clientCredentials != null) {
       clientCredentials.dispose();
     }
   }
 }
Пример #2
0
  @Test
  public void testNegotiate() throws IOException {
    String securityPackage = "Negotiate";
    // client credentials handle
    IWindowsCredentialsHandle clientCredentials = null;
    WindowsSecurityContextImpl clientContext = null;
    try {
      // client credentials handle
      clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
      clientCredentials.initialize();
      // initial client security context
      clientContext = new WindowsSecurityContextImpl();
      clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
      clientContext.setCredentialsHandle(clientCredentials.getHandle());
      clientContext.setSecurityPackage(securityPackage);
      clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
      // negotiate
      boolean authenticated = false;
      SimpleHttpRequest request = new SimpleHttpRequest();
      request.setQueryString("j_negotiate_check");
      while (true) {
        String clientToken = Base64.encode(clientContext.getToken());
        request.addHeader("Authorization", securityPackage + " " + clientToken);

        SimpleHttpResponse response = new SimpleHttpResponse();
        authenticated = _authenticator.authenticate(request, response);

        if (authenticated) {
          assertTrue(response.getHeaderNames().size() >= 0);
          break;
        }

        assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
        assertEquals("keep-alive", response.getHeader("Connection"));
        assertEquals(2, response.getHeaderNames().size());
        assertEquals(401, response.getStatus());
        String continueToken =
            response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1);
        byte[] continueTokenBytes = Base64.decode(continueToken);
        assertTrue(continueTokenBytes.length > 0);
        SecBufferDesc continueTokenBuffer =
            new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes);
        clientContext.initialize(
            clientContext.getHandle(),
            continueTokenBuffer,
            WindowsAccountImpl.getCurrentUsername());
      }
      assertTrue(authenticated);
    } finally {
      if (clientContext != null) {
        clientContext.dispose();
      }
      if (clientCredentials != null) {
        clientCredentials.dispose();
      }
    }
  }
Пример #3
0
  public void testProgrammaticSecurity() throws ServletException {
    _authenticator.setAuth(new MockWindowsAuthProvider());
    SimpleHttpRequest request = new SimpleHttpRequest();
    request.setContext((Context) _authenticator.getContainer());

    request.login(WindowsAccountImpl.getCurrentUsername(), "");

    assertEquals(WindowsAccountImpl.getCurrentUsername(), request.getRemoteUser());
    assertTrue(request.getUserPrincipal() instanceof GenericWindowsPrincipal);
    GenericWindowsPrincipal windowsPrincipal = (GenericWindowsPrincipal) request.getUserPrincipal();
    assertTrue(windowsPrincipal.getSidString().startsWith("S-"));
  }
Пример #4
0
 @Test
 public void testSecurityCheckParameters() {
   _authenticator.setAuth(new MockWindowsAuthProvider());
   SimpleHttpRequest request = new SimpleHttpRequest();
   request.addParameter("j_security_check", "");
   request.addParameter("j_username", WindowsAccountImpl.getCurrentUsername());
   request.addParameter("j_password", "");
   SimpleHttpResponse response = new SimpleHttpResponse();
   assertTrue(_authenticator.authenticate(request, response));
 }
 @Test
 public void testAuthenticate() {
   MockWindowsIdentity mockIdentity =
       new MockWindowsIdentity(WindowsAccountImpl.getCurrentUsername(), new ArrayList<String>());
   WindowsPrincipal principal = new WindowsPrincipal(mockIdentity);
   UsernamePasswordAuthenticationToken authentication =
       new UsernamePasswordAuthenticationToken(principal, "password");
   Authentication authenticated = _provider.authenticate(authentication);
   assertNotNull(authenticated);
   assertTrue(authenticated.isAuthenticated());
   Collection<? extends GrantedAuthority> authorities = authenticated.getAuthorities();
   Iterator<? extends GrantedAuthority> authoritiesIterator = authorities.iterator();
   assertEquals(3, authorities.size());
   assertEquals("ROLE_USER", authoritiesIterator.next().getAuthority());
   assertEquals("ROLE_USERS", authoritiesIterator.next().getAuthority());
   assertEquals("ROLE_EVERYONE", authoritiesIterator.next().getAuthority());
   assertTrue(authenticated.getPrincipal() instanceof WindowsPrincipal);
 }
  @Test
  public void testAuthenticateWithCustomGrantedAuthorityFactory() {
    _provider.setDefaultGrantedAuthority(null);
    _provider.setGrantedAuthorityFactory(new FqnGrantedAuthorityFactory(null, false));

    MockWindowsIdentity mockIdentity =
        new MockWindowsIdentity(WindowsAccountImpl.getCurrentUsername(), new ArrayList<String>());
    WindowsPrincipal principal = new WindowsPrincipal(mockIdentity);
    UsernamePasswordAuthenticationToken authentication =
        new UsernamePasswordAuthenticationToken(principal, "password");

    Authentication authenticated = _provider.authenticate(authentication);
    assertNotNull(authenticated);
    assertTrue(authenticated.isAuthenticated());
    Collection<? extends GrantedAuthority> authorities = authenticated.getAuthorities();
    Iterator<? extends GrantedAuthority> authoritiesIterator = authorities.iterator();
    assertEquals(2, authorities.size());
    assertEquals("Users", authoritiesIterator.next().getAuthority());
    assertEquals("Everyone", authoritiesIterator.next().getAuthority());
    assertTrue(authenticated.getPrincipal() instanceof WindowsPrincipal);
  }
Пример #7
0
  @Test
  public void testWaffleInfo() throws ParserConfigurationException {
    WaffleInfo helper = new WaffleInfo();
    Document info = helper.getWaffleInfo();

    // Make sure JNA Version is properly noted
    assertEquals(
        Platform.class.getPackage().getImplementationVersion(),
        info.getDocumentElement().getAttribute("jna"));

    Node node =
        info.getDocumentElement() // waffle
            .getFirstChild() // auth
            .getFirstChild() // currentUser
            .getNextSibling(); // computer

    assertEquals("computer", node.getNodeName());

    IWindowsAuthProvider auth = new WindowsAuthProviderImpl();
    IWindowsComputer computer = auth.getCurrentComputer();

    NodeList nodes = node.getChildNodes();
    assertEquals(computer.getComputerName(), nodes.item(0).getTextContent());
    assertEquals(computer.getMemberOf(), nodes.item(1).getTextContent());
    assertEquals(computer.getJoinStatus(), nodes.item(2).getTextContent());

    // Add Lookup Info for Various accounts
    String lookup = WindowsAccountImpl.getCurrentUsername();
    IWindowsAccount account = new WindowsAccountImpl(lookup);
    Element elem = helper.getLookupInfo(info, lookup);
    assertEquals(lookup, elem.getAttribute("name"));
    assertEquals(account.getName(), elem.getFirstChild().getTextContent());

    // Report an error when unknown name
    lookup = "__UNKNOWN_ACCOUNT_NAME___";
    elem = helper.getLookupInfo(info, lookup);
    assertEquals(lookup, elem.getAttribute("name"));
    assertEquals("exception", elem.getFirstChild().getNodeName());
  }
  @Test
  public void testNegotiate() throws IOException, ServletException {
    String securityPackage = "Negotiate";
    SimpleFilterChain filterChain = new SimpleFilterChain();
    SimpleHttpRequest request = new SimpleHttpRequest();

    String clientToken =
        BaseEncoding.base64().encode(WindowsAccountImpl.getCurrentUsername().getBytes());
    request.addHeader("Authorization", securityPackage + " " + clientToken);

    SimpleHttpResponse response = new SimpleHttpResponse();
    this.filter.doFilter(request, response, filterChain);

    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    assertNotNull(auth);
    GrantedAuthority[] authorities = auth.getAuthorities();
    assertNotNull(authorities);
    assertEquals(3, authorities.length);
    assertEquals("ROLE_USER", authorities[0].getAuthority());
    assertEquals("ROLE_USERS", authorities[1].getAuthority());
    assertEquals("ROLE_EVERYONE", authorities[2].getAuthority());
    assertEquals(0, response.getHeaderNamesSize());
  }
  /** Test post empty. */
  @Test
  public void testPOSTEmpty() {
    final String securityPackage = "Negotiate";
    IWindowsCredentialsHandle clientCredentials = null;
    WindowsSecurityContextImpl clientContext = null;
    try {
      // client credentials handle
      clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
      clientCredentials.initialize();
      // initial client security context
      clientContext = new WindowsSecurityContextImpl();
      clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
      clientContext.setCredentialsHandle(clientCredentials.getHandle());
      clientContext.setSecurityPackage(securityPackage);
      clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
      // negotiate
      boolean authenticated = false;
      final SimpleHttpRequest request = new SimpleHttpRequest();
      request.setMethod("POST");
      request.setContentLength(0);
      String clientToken;
      String continueToken;
      byte[] continueTokenBytes;
      SimpleHttpResponse response;
      SecBufferDesc continueTokenBuffer;
      while (true) {
        clientToken = BaseEncoding.base64().encode(clientContext.getToken());
        request.addHeader("Authorization", securityPackage + " " + clientToken);

        response = new SimpleHttpResponse();
        try {
          authenticated = this.authenticator.authenticate(request, response);
        } catch (final Exception e) {
          NegotiateAuthenticatorTests.LOGGER.error("{}", e);
          return;
        }

        if (authenticated) {
          Assertions.assertThat(response.getHeaderNames().size()).isGreaterThanOrEqualTo(0);
          break;
        }

        if (response.getHeader("WWW-Authenticate").startsWith(securityPackage + ",")) {
          Assert.assertEquals("close", response.getHeader("Connection"));
          Assert.assertEquals(2, response.getHeaderNames().size());
          Assert.assertEquals(401, response.getStatus());
          return;
        }

        Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
        Assert.assertEquals("keep-alive", response.getHeader("Connection"));
        Assert.assertEquals(2, response.getHeaderNames().size());
        Assert.assertEquals(401, response.getStatus());
        continueToken =
            response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1);
        continueTokenBytes = BaseEncoding.base64().decode(continueToken);
        Assertions.assertThat(continueTokenBytes.length).isGreaterThan(0);
        continueTokenBuffer = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes);
        clientContext.initialize(
            clientContext.getHandle(),
            continueTokenBuffer,
            WindowsAccountImpl.getCurrentUsername());
      }
      Assert.assertTrue(authenticated);
    } finally {
      if (clientContext != null) {
        clientContext.dispose();
      }
      if (clientCredentials != null) {
        clientCredentials.dispose();
      }
    }
  }
  /** Test negotiate. */
  @Test
  public void testNegotiate() {
    final String securityPackage = "Negotiate";
    IWindowsCredentialsHandle clientCredentials = null;
    WindowsSecurityContextImpl clientContext = null;
    try {
      // client credentials handle
      clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
      clientCredentials.initialize();
      // initial client security context
      clientContext = new WindowsSecurityContextImpl();
      clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
      clientContext.setCredentialsHandle(clientCredentials.getHandle());
      clientContext.setSecurityPackage(securityPackage);
      clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
      // negotiate
      boolean authenticated = false;
      final SimpleHttpRequest request = new SimpleHttpRequest();
      while (true) {
        final String clientToken = BaseEncoding.base64().encode(clientContext.getToken());
        request.addHeader("Authorization", securityPackage + " " + clientToken);

        final SimpleHttpResponse response = new SimpleHttpResponse();
        authenticated = this.authenticator.authenticate(request, response);

        if (authenticated) {
          Assert.assertNotNull(request.getUserPrincipal());
          Assert.assertTrue(request.getUserPrincipal() instanceof GenericWindowsPrincipal);
          final GenericWindowsPrincipal windowsPrincipal =
              (GenericWindowsPrincipal) request.getUserPrincipal();
          Assert.assertTrue(windowsPrincipal.getSidString().startsWith("S-"));
          Assertions.assertThat(windowsPrincipal.getSid().length).isGreaterThan(0);
          Assert.assertTrue(windowsPrincipal.getGroups().containsKey("Everyone"));
          Assertions.assertThat(response.getHeaderNames().size()).isLessThanOrEqualTo(1);
          break;
        }

        Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
        Assert.assertEquals("keep-alive", response.getHeader("Connection"));
        Assert.assertEquals(2, response.getHeaderNames().size());
        Assert.assertEquals(401, response.getStatus());
        final String continueToken =
            response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1);
        final byte[] continueTokenBytes = BaseEncoding.base64().decode(continueToken);
        Assertions.assertThat(continueTokenBytes.length).isGreaterThan(0);
        final SecBufferDesc continueTokenBuffer =
            new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes);
        clientContext.initialize(
            clientContext.getHandle(),
            continueTokenBuffer,
            WindowsAccountImpl.getCurrentUsername());
      }
      Assert.assertTrue(authenticated);
    } finally {
      if (clientContext != null) {
        clientContext.dispose();
      }
      if (clientCredentials != null) {
        clientCredentials.dispose();
      }
    }
  }