示例#1
0
  /*
   * (non-Javadoc)
   *
   * @see javax.servlet.http.HttpServletRequestWrapper#getUserPrincipal()
   */
  @Override
  public Principal getUserPrincipal() {
    UserContext userContext = getUserContext();

    if (userContext == null) {
      return null;
    }

    return userContext.getPrincipal();
  }
  @Test
  public void testHttpBasic() throws Exception {
    TestServletRequest req =
        new TestServletRequest(
            new InputStream() {
              @Override
              public int read() throws IOException {
                return 0;
              }
            });

    TestServletResponse resp =
        new TestServletResponse(
            new OutputStream() {

              @Override
              public void write(int b) throws IOException {
                System.out.println(b);
              }
            });

    // Get Positive Authentication
    req.addHeader(PicketBoxConstants.HTTP_AUTHORIZATION_HEADER, "Basic " + getPositive());
    req.setContextPath("/test");
    req.setRequestURI(req.getContextPath() + "/index.html");

    UserContext authenticatedUser =
        this.picketBoxManager.authenticate(
            new HTTPUserContext(req, resp, new HTTPBasicCredential(req, resp)));

    assertNotNull(authenticatedUser);
    Assert.assertTrue(authenticatedUser.isAuthenticated());
    Assert.assertNotNull(authenticatedUser.getAuthenticationResult().getStatus());
    Assert.assertEquals(
        authenticatedUser.getAuthenticationResult().getStatus(), AuthenticationStatus.SUCCESS);

    req.clearHeaders();
    req.getSession().setAttribute(PicketBoxConstants.SUBJECT, null);
    // Get Negative Authentication
    req.addHeader(PicketBoxConstants.HTTP_AUTHORIZATION_HEADER, "Basic " + getNegative());

    authenticatedUser =
        this.picketBoxManager.authenticate(
            new HTTPUserContext(req, resp, new HTTPBasicCredential(req, resp)));

    assertNotNull(authenticatedUser);
    Assert.assertFalse(authenticatedUser.isAuthenticated());
    Assert.assertNotNull(authenticatedUser.getAuthenticationResult().getStatus());
    Assert.assertEquals(
        authenticatedUser.getAuthenticationResult().getStatus(),
        AuthenticationStatus.INVALID_CREDENTIALS);

    String basicHeader = resp.getHeader(PicketBoxConstants.HTTP_WWW_AUTHENTICATE);
    assertTrue(basicHeader.startsWith("basic realm="));
  }
  @Override
  public boolean authorize(Resource resource, UserContext subject) throws AuthorizationException {
    if (stopped) {
      throw PicketBoxMessages.MESSAGES.instanceAlreadyStopped();
    }
    if (!started) {
      throw PicketBoxMessages.MESSAGES.instanceNotStarted();
    }

    for (String role : this.roleNames) {
      if (subject.hasRole(role)) {
        return true;
      }
    }

    return false;
  }
示例#4
0
  /* (non-Javadoc)
   * @see javax.servlet.http.HttpServletRequestWrapper#isUserInRole(java.lang.String)
   */
  @Override
  public boolean isUserInRole(String role) {
    UserContext userContext = getUserContext();

    return userContext != null && userContext.hasRole(role);
  }
 @Test
 public void testNonExistentRole() throws Exception {
   assertFalse(userContext.getRoleNames().contains("guest"));
 }
 @Test
 public void testGetRoleNames() throws Exception {
   assertTrue(userContext.getRoleNames().containsAll(roleNames));
 }
 @Before
 public void setUp() throws Exception {
   userContext.setRoles(buildRoles(roleNames));
 }