@SuppressWarnings("PMD.SignatureDeclareThrowsException") private RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter() throws Exception { RequestHeaderAuthenticationFilter f = new RequestHeaderAuthenticationFilter(); f.setPrincipalRequestHeader("X-Forwarded-User"); f.setCredentialsRequestHeader("X-Forwarded-Access-Token"); f.setAuthenticationManager(authenticationManager()); f.setAuthenticationDetailsSource( (AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) (request) ->new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( request, AuthorityUtils.createAuthorityList("ROLE_AUTHENTICATED") ) ); f.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler()); f.setExceptionIfHeaderMissing(false); return f; }
/** * * @return * @throws Exception */ @Bean public DomainUsernamePasswordAuthenticationFilter domainUsernamePasswordAuthenticationFilter() throws Exception { DomainUsernamePasswordAuthenticationFilter dupaf = new DomainUsernamePasswordAuthenticationFilter( super.authenticationManagerBean()); dupaf.setFilterProcessesUrl("/login"); dupaf.setUsernameParameter("username"); dupaf.setPasswordParameter("password"); dupaf.setAuthenticationSuccessHandler( new SavedRequestAwareAuthenticationSuccessHandler(){{ setDefaultTargetUrl("/default"); }} ); dupaf.setAuthenticationFailureHandler( new SimpleUrlAuthenticationFailureHandler(){{ setDefaultFailureUrl("/login/form?error"); }} ); dupaf.afterPropertiesSet(); return dupaf; }
public GoogleAuthenticationProcessingFilter(GooglePublicKeysManager googlePublicKeysManager, DataService dataService, UserDetailsService userDetailsService, AuthenticationSettings authenticationSettings, UserFactory userFactory, GroupMemberFactory groupMemberFactory) { super(new AntPathRequestMatcher(GOOGLE_AUTHENTICATION_URL, POST.toString())); this.userFactory = requireNonNull(userFactory); this.groupMemberFactory = requireNonNull(groupMemberFactory); setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/login?error")); this.googlePublicKeysManager = requireNonNull(googlePublicKeysManager); this.dataService = requireNonNull(dataService); this.userDetailsService = requireNonNull(userDetailsService); this.authenticationSettings = requireNonNull(authenticationSettings); }
public void init() { System.err.println(" ---------------AuthenticationFilter init--------------- "); this.setUsernameParameter(USERNAME); this.setPasswordParameter(PASSWORD); // 验证成功,跳转的页面 SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setDefaultTargetUrl(successUrl); this.setAuthenticationSuccessHandler(successHandler); // 验证失败,跳转的页面 SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler(); failureHandler.setDefaultFailureUrl(errorUrl); this.setAuthenticationFailureHandler(failureHandler); }
/** * Create a simple authentication filter for REST logins that reads user-credentials from a json-parameter and returns * status 200 instead of redirect after login. * * @return the {@link JsonUsernamePasswordAuthenticationFilter}. * @throws Exception if something goes wrong. */ protected JsonUsernamePasswordAuthenticationFilter getSimpleRestAuthenticationFilter() throws Exception { JsonUsernamePasswordAuthenticationFilter jsonFilter = new JsonUsernamePasswordAuthenticationFilter(new AntPathRequestMatcher("/services/rest/login")); jsonFilter.setPasswordParameter("j_password"); jsonFilter.setUsernameParameter("j_username"); jsonFilter.setAuthenticationManager(authenticationManager()); // set failurehandler that uses no redirect in case of login failure; just HTTP-status: 401 jsonFilter.setAuthenticationManager(authenticationManagerBean()); jsonFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler()); // set successhandler that uses no redirect in case of login success; just HTTP-status: 200 jsonFilter.setAuthenticationSuccessHandler(new AuthenticationSuccessHandlerSendingOkHttpStatusCode()); return jsonFilter; }
@Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .disable(); http .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class) .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/error").permitAll() .antMatchers("/saml/**").permitAll() .antMatchers("/css/**").permitAll() .anyRequest().authenticated(); http .exceptionHandling().accessDeniedHandler(new AccessDeniedHandlerImpl()) .authenticationEntryPoint(getAuthEntryPoint()) .and() .formLogin() .loginProcessingUrl("/authenticate") .usernameParameter("username") .passwordParameter("password") .successHandler(new FormAuthSuccessHandler()) .failureHandler(new SimpleUrlAuthenticationFailureHandler()) .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/") .permitAll(); }
@Bean public SimpleUrlAuthenticationFailureHandler authenticationFailureHandler() { SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler(); failureHandler.setUseForward(true); failureHandler.setDefaultFailureUrl("/login"); return failureHandler; }
@Bean public SimpleUrlAuthenticationFailureHandler failureRedirectHandler() { SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler(); // The precondition on `setDefaultFailureUrl(..)` will cause an exception if the value is null. // So, only set this value if it is not null if (!samlConfigBean().getFailedLoginDefaultUrl().isEmpty()) { failureHandler.setDefaultFailureUrl(samlConfigBean().getFailedLoginDefaultUrl()); } return failureHandler; }
/** * Failed login handler, returning a 401 code instead of a login page * * @return */ @Bean public AuthenticationFailureHandler failureHandler() { return new SimpleUrlAuthenticationFailureHandler() { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { LOG.warn("LOGIN >>> authentication failure"); response.sendError(HttpServletResponse.SC_UNAUTHORIZED, exception.getMessage()); } }; }
@Bean public SimpleUrlAuthenticationFailureHandler authenticationFailureHandler() { SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler(); failureHandler.setUseForward(true); failureHandler.setDefaultFailureUrl("/error"); return failureHandler; }
@Bean public SimpleUrlAuthenticationFailureHandler authenticationFailureHandler() { SimpleUrlAuthenticationFailureHandler handler = new SimpleUrlAuthenticationFailureHandler(); handler.setUseForward(false); //handler.setDefaultFailureUrl("/error"); return handler; }
@Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .exceptionHandling() .authenticationEntryPoint(entryPoint) .and().authorizeRequests() .antMatchers("/api/1/**").authenticated() .and().formLogin() .successHandler(successHandler) .failureHandler(new SimpleUrlAuthenticationFailureHandler()) .and().logout(); }
@Before public void setUp() { SuperflySelectRoleAuthenticationProcessingFilter procFilter = new SuperflySelectRoleAuthenticationProcessingFilter(); procFilter.setAuthenticationManager(authenticationManager); procFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/login-failed")); procFilter.afterPropertiesSet(); filter = procFilter; }
@Before public void setUp() { SuperflyUsernamePasswordAuthenticationProcessingFilter procFilter = new SuperflyUsernamePasswordAuthenticationProcessingFilter(); procFilter.setAuthenticationManager(authenticationManager); procFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/login-failed")); procFilter.setSubsystemIdentifier("my-subsystem"); procFilter.afterPropertiesSet(); filter = procFilter; }
@Before public void setUp() { SuperflySSOAuthenticationProcessingFilter procFilter = new SuperflySSOAuthenticationProcessingFilter(); procFilter.setAuthenticationManager(authenticationManager); procFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/login-failed")); procFilter.afterPropertiesSet(); filter = procFilter; }
@Before public void setUp() { SuperflyHOTPAuthenticationProcessingFilter procFilter = new SuperflyHOTPAuthenticationProcessingFilter(); procFilter.setAuthenticationManager(authenticationManager); procFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/login-failed")); procFilter.afterPropertiesSet(); filter = procFilter; }
@Test public void testAttemptAuthentication() throws Exception { VistaAccessVerifyAuthenticationFilter f = new VistaAccessVerifyAuthenticationFilter(); f.setFilterProcessesUrl("/welcome.jsp"); f.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/authenticationFailed.jsp")); f.setAuthenticationManager(mockAuthenticationManager); f.afterPropertiesSet(); request.addParameter(AbstractVistaAuthenticationProcessingFilter.VISTA_ID_KEY, "9F2A"); request.addParameter(AbstractVistaAuthenticationProcessingFilter.DIVISION_KEY, "500"); request.addParameter(VistaAccessVerifyAuthenticationFilter.ACCESS_CODE_KEY, "10VEHU"); request.addParameter(VistaAccessVerifyAuthenticationFilter.VERIFY_CODE_KEY, "VEHU10"); request.setRemoteAddr("10.0.1.34"); request.setRequestURI(f.getFilterProcessesUrl()); request.setMethod("POST"); VistaAuthenticationToken authRequest = new VistaAuthenticationToken("9F2A", "500", "10VEHU", "VEHU10", "10.0.1.34", "www.example.org"); when(mockAuthenticationManager.authenticate(AuthenticationTokenMatchers.eq(authRequest))).thenReturn(new VistaAuthenticationToken(new VistaUser(new RpcHost("localhost"), "9F2A", "500", "500", "12345", "500:10VEHU;VEHU10", "Vehu,Ten", true, true, true, true, new ArrayList<GrantedAuthority>()), "500:10VEHU;VEHU10", "10.0.1.34", null, new ArrayList<GrantedAuthority>())); f.doFilter(request, response, filterChain); assertNull(filterChain.getRequest()); assertNull(filterChain.getResponse()); ArgumentCaptor<VistaAuthenticationToken> arg = ArgumentCaptor.forClass(VistaAuthenticationToken.class); verify(mockAuthenticationManager).authenticate(arg.capture()); assertThat(arg.getValue().getVistaId(), equalTo("9F2A")); assertThat(arg.getValue().getDivision(), equalTo("500")); assertThat(arg.getValue().getAccessCode(), equalTo("10VEHU")); assertThat(arg.getValue().getVerifyCode(), equalTo("VEHU10")); assertThat(arg.getValue().getNewVerifyCode(), nullValue()); assertThat(arg.getValue().getConfirmVerifyCode(), nullValue()); assertThat(arg.getValue().getRemoteAddress(), equalTo("10.0.1.34")); }
@Test public void testAttemptAuthenticationWithAccessAndVerifySemiColonSeparatedInTheAccess() throws Exception { VistaAccessVerifyAuthenticationFilter f = new VistaAccessVerifyAuthenticationFilter(); f.setFilterProcessesUrl("/welcome.jsp"); f.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/authenticationFailed.jsp")); f.setAuthenticationManager(mockAuthenticationManager); f.afterPropertiesSet(); request.addParameter(AbstractVistaAuthenticationProcessingFilter.VISTA_ID_KEY, "9F2A"); request.addParameter(AbstractVistaAuthenticationProcessingFilter.DIVISION_KEY, "500"); request.addParameter(VistaAccessVerifyAuthenticationFilter.ACCESS_CODE_KEY, "10vehu;vehu10"); request.setRemoteAddr("10.0.1.34"); request.setRequestURI(f.getFilterProcessesUrl()); request.setMethod("POST"); VistaAuthenticationToken authRequest = new VistaAuthenticationToken("9F2A", "500", "10vehu", "vehu10", "10.0.1.34", "www.example.org"); when(mockAuthenticationManager.authenticate(AuthenticationTokenMatchers.eq(authRequest))).thenReturn(new VistaAuthenticationToken(new VistaUser(new RpcHost("localhost"), "9F2A", "500", "500", "12345", "500:10vehu;vehu10", "Vehu,Ten", true, true, true, true, new ArrayList<GrantedAuthority>()), "500:10VEHU;VEHU10", "10.0.1.34", null, new ArrayList<GrantedAuthority>())); f.doFilter(request, response, filterChain); assertNull(filterChain.getRequest()); assertNull(filterChain.getResponse()); ArgumentCaptor<VistaAuthenticationToken> arg = ArgumentCaptor.forClass(VistaAuthenticationToken.class); verify(mockAuthenticationManager).authenticate(arg.capture()); assertThat(arg.getValue().getVistaId(), equalTo("9F2A")); assertThat(arg.getValue().getDivision(), equalTo("500")); assertThat(arg.getValue().getAccessCode(), equalTo("10vehu")); assertThat(arg.getValue().getVerifyCode(), equalTo("vehu10")); assertThat(arg.getValue().getNewVerifyCode(), nullValue()); assertThat(arg.getValue().getConfirmVerifyCode(), nullValue()); assertThat(arg.getValue().getRemoteAddress(), equalTo("10.0.1.34")); }
@Test public void testAttemptChangeVerifyCode() throws Exception { VistaAccessVerifyAuthenticationFilter f = new VistaAccessVerifyAuthenticationFilter(); f.setFilterProcessesUrl("/welcome.jsp"); f.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/authenticationFailed.jsp")); f.setAuthenticationManager(mockAuthenticationManager); f.afterPropertiesSet(); request.addParameter(AbstractVistaAuthenticationProcessingFilter.VISTA_ID_KEY, "9F2A"); request.addParameter(AbstractVistaAuthenticationProcessingFilter.DIVISION_KEY, "500"); request.addParameter(VistaAccessVerifyAuthenticationFilter.ACCESS_CODE_KEY, "10VEHU"); request.addParameter(VistaAccessVerifyAuthenticationFilter.VERIFY_CODE_KEY, "VEHU10"); request.addParameter(VistaAccessVerifyAuthenticationFilter.NEW_VERIFY_CODE_KEY, "10UHEV"); request.addParameter(VistaAccessVerifyAuthenticationFilter.CONFIRM_VERIFY_CODE_KEY, "UHEV10"); request.setRemoteAddr("10.0.1.34"); request.setRequestURI(f.getFilterProcessesUrl()); request.setMethod("POST"); VistaAuthenticationToken authRequest = new VistaAuthenticationToken("9F2A", "500", "10VEHU", "VEHU10", "10UHEV", "UHEV10", "10.0.1.34", "www.example.org"); when(mockAuthenticationManager.authenticate(AuthenticationTokenMatchers.eq(authRequest))).thenReturn(new VistaAuthenticationToken(new VistaUser(new RpcHost("localhost"), null, "500", "500", "12345", "500:10VEHU;VEHU10", "Vehu,Ten", true, true, true, true, new ArrayList<GrantedAuthority>()), "500:10VEHU;VEHU10", "10.0.1.34", null, new ArrayList<GrantedAuthority>())); f.doFilter(request, response, filterChain); assertNull(filterChain.getRequest()); assertNull(filterChain.getResponse()); ArgumentCaptor<VistaAuthenticationToken> arg = ArgumentCaptor.forClass(VistaAuthenticationToken.class); verify(mockAuthenticationManager).authenticate(arg.capture()); assertThat(arg.getValue().getVistaId(), equalTo("9F2A")); assertThat(arg.getValue().getDivision(), equalTo("500")); assertThat(arg.getValue().getAccessCode(), equalTo("10VEHU")); assertThat(arg.getValue().getVerifyCode(), equalTo("VEHU10")); assertThat(arg.getValue().getNewVerifyCode(), equalTo("10UHEV")); assertThat(arg.getValue().getConfirmVerifyCode(), equalTo("UHEV10")); assertThat(arg.getValue().getRemoteAddress(), equalTo("10.0.1.34")); }
@Test public void testAttemptAuthentication() throws Exception { VistaAppHandleAuthenticationFilter f = new VistaAppHandleAuthenticationFilter(); f.setFilterProcessesUrl("/welcome.jsp"); f.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/authenticationFailed.jsp")); f.setAuthenticationManager(mockAuthenticationManager); f.afterPropertiesSet(); request.addParameter(VistaAppHandleAuthenticationFilter.VISTA_ID_KEY, "9F2A"); request.addParameter(VistaAppHandleAuthenticationFilter.DIVISION_KEY, "500"); request.addParameter(VistaAppHandleAuthenticationFilter.APP_HANDLE_KEY, "1AB2C3D4E5F6"); request.setRemoteAddr("10.0.1.34"); request.setRemoteHost("www.example.org"); request.setRequestURI(f.getFilterProcessesUrl()); request.setMethod("POST"); VistaAuthenticationToken authRequest = new VistaAuthenticationToken("9F2A", "500", "1AB2C3D4E5F6", "10.0.1.34", "www.example.org"); when(mockAuthenticationManager.authenticate(AuthenticationTokenMatchers.eq(authRequest))).thenReturn(new VistaAuthenticationToken(new VistaUser(new RpcHost("localhost"), "9F2A", "500", "500", "12345", "500:10VEHU;VEHU10", "Vehu,Ten", true, true, true, true, new ArrayList<GrantedAuthority>()), "500:10VEHU;VEHU10", "10.0.1.34", "www.example.org", new ArrayList<GrantedAuthority>())); f.doFilter(request, response, filterChain); assertNull(filterChain.getRequest()); assertNull(filterChain.getResponse()); ArgumentCaptor<VistaAuthenticationToken> arg = ArgumentCaptor.forClass(VistaAuthenticationToken.class); verify(mockAuthenticationManager).authenticate(arg.capture()); assertThat(arg.getValue().getVistaId(), equalTo("9F2A")); assertThat(arg.getValue().getDivision(), equalTo("500")); assertThat(arg.getValue().getAppHandle(), equalTo("1AB2C3D4E5F6")); assertThat(arg.getValue().getRemoteAddress(), equalTo("10.0.1.34")); assertThat(arg.getValue().getRemoteHostName(), equalTo("www.example.org")); assertThat(arg.getValue().getAccessCode(), nullValue()); assertThat(arg.getValue().getVerifyCode(), nullValue()); assertThat(arg.getValue().getNewVerifyCode(), nullValue()); assertThat(arg.getValue().getConfirmVerifyCode(), nullValue()); }
@Test public void filterUsesConfiguredFailureHandler() throws Exception { final Field failureHandlerField = AbstractAuthenticationProcessingFilter.class.getDeclaredField("failureHandler"); ReflectionUtils.makeAccessible(failureHandlerField); AuthenticationFailureHandler failureHandler = (AuthenticationFailureHandler) ReflectionUtils.getField(failureHandlerField, filter); assertTrue("failure handler should be a simpleUrlFailureHandler", failureHandler instanceof SimpleUrlAuthenticationFailureHandler); final Field failureUrlField = SimpleUrlAuthenticationFailureHandler.class.getDeclaredField("defaultFailureUrl"); ReflectionUtils.makeAccessible(failureUrlField); String failureUrl = (String) ReflectionUtils.getField(failureUrlField, failureHandler); assertEquals("failure URL should be the configured url", "/oauth/confirm_access", failureUrl); }
@Bean public AuthenticationFailureHandler authenticationFailureHandler() { return new SimpleUrlAuthenticationFailureHandler(); }
protected JWTRequestParameterProcessingFilter(AuthenticationManager authenticationManager, String failureUrl) { this.authenticationManager = authenticationManager; failureHandler = new SimpleUrlAuthenticationFailureHandler(failureUrl); }
public void setAuthenticationFailureHandler( SimpleUrlAuthenticationFailureHandler authenticationFailureHandler) { this.authenticationFailureHandler = authenticationFailureHandler; }
@Override public void configure(ServiceProviderBuilder builder) throws Exception { if (successHandler == null) { SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler = createDefaultSuccessHandler(); successRedirectHandler.setDefaultTargetUrl(Optional.ofNullable(defaultSuccessURL).orElseGet(config::getDefaultSuccessUrl)); successHandler = postProcess(successRedirectHandler); } defaultFailureURL = Optional.ofNullable(defaultFailureURL).orElseGet(config::getDefaultFailureUrl); if (failureHandler == null) { SimpleUrlAuthenticationFailureHandler authenticationFailureHandler = createDefaultFailureHandler(); authenticationFailureHandler.setDefaultFailureUrl(defaultFailureURL); failureHandler = postProcess(authenticationFailureHandler); } endpoints.setDefaultFailureURL(defaultFailureURL); SAMLProcessingFilter ssoFilter = createDefaultSamlProcessingFilter(); ssoFilter.setAuthenticationManager(authenticationManager); ssoFilter.setAuthenticationSuccessHandler(successHandler); ssoFilter.setAuthenticationFailureHandler(failureHandler); ssoProcessingURL = Optional.ofNullable(ssoProcessingURL).orElseGet(config::getSsoProcessingUrl); endpoints.setSsoProcessingURL(ssoProcessingURL); ssoFilter.setFilterProcessesUrl(ssoProcessingURL); SAMLWebSSOHoKProcessingFilter ssoHoKFilter = null; if (Optional.ofNullable(enableSsoHoK).orElseGet(config::isEnableSsoHok)) { ssoHoKFilter = createDefaultSamlHoKProcessingFilter(); ssoHoKFilter.setAuthenticationSuccessHandler(successHandler); ssoHoKFilter.setAuthenticationManager(authenticationManager); ssoHoKFilter.setAuthenticationFailureHandler(failureHandler); ssoHoKProcessingURL = Optional.ofNullable(ssoHoKProcessingURL).orElseGet(config::getSsoHokProcessingUrl); endpoints.setSsoHoKProcessingURL(ssoHoKProcessingURL); ssoHoKFilter.setFilterProcessesUrl(ssoHoKProcessingURL); } SAMLDiscovery discoveryFilter = createDefaultSamlDiscoveryFilter(); discoveryProcessingURL = Optional.ofNullable(discoveryProcessingURL).orElseGet(config::getDiscoveryProcessingUrl); endpoints.setDiscoveryProcessingURL(discoveryProcessingURL); discoveryFilter.setFilterProcessesUrl(discoveryProcessingURL); idpSelectionPageURL = Optional.ofNullable(idpSelectionPageURL).orElseGet(config::getIdpSelectionPageUrl); endpoints.setIdpSelectionPageURL(idpSelectionPageURL); discoveryFilter.setIdpSelectionPath(idpSelectionPageURL); SAMLEntryPoint entryPoint = Optional.ofNullable(samlEntryPointBean).orElseGet(this::createDefaultSamlEntryPoint); entryPoint.setDefaultProfileOptions(Optional.ofNullable(profileOptions).orElseGet(this::getProfileOptions)); ssoLoginURL = Optional.ofNullable(ssoLoginURL).orElseGet(config::getSsoLoginUrl); endpoints.setSsoLoginURL(ssoLoginURL); entryPoint.setFilterProcessesUrl(ssoLoginURL); builder.setSharedObject(SAMLProcessingFilter.class, ssoFilter); builder.setSharedObject(SAMLWebSSOHoKProcessingFilter.class, ssoHoKFilter); builder.setSharedObject(SAMLDiscovery.class, discoveryFilter); builder.setSharedObject(SAMLEntryPoint.class, entryPoint); }
@VisibleForTesting protected SimpleUrlAuthenticationFailureHandler createDefaultFailureHandler() { return new SimpleUrlAuthenticationFailureHandler(); }
@Test public void configure_defaults() throws Exception { SSOConfigurer configurer = spy(new SSOConfigurer()); SAMLProcessingFilter ssoFilter = mock(SAMLProcessingFilter.class); when(configurer.createDefaultSamlProcessingFilter()).thenReturn(ssoFilter); SAMLWebSSOHoKProcessingFilter ssoHoKFilter = mock(SAMLWebSSOHoKProcessingFilter.class); when(configurer.createDefaultSamlHoKProcessingFilter()).thenReturn(ssoHoKFilter); SAMLDiscovery discoveryFilter = mock(SAMLDiscovery.class); when(configurer.createDefaultSamlDiscoveryFilter()).thenReturn(discoveryFilter); SAMLEntryPoint entryPoint = mock(SAMLEntryPoint.class); when(configurer.createDefaultSamlEntryPoint()).thenReturn(entryPoint); SavedRequestAwareAuthenticationSuccessHandler successHandler = mock(SavedRequestAwareAuthenticationSuccessHandler.class); when(configurer.createDefaultSuccessHandler()).thenReturn(successHandler); SimpleUrlAuthenticationFailureHandler failureHandler = mock(SimpleUrlAuthenticationFailureHandler.class); when(configurer.createDefaultFailureHandler()).thenReturn(failureHandler); configurer.init(builder); configurer.configure(builder); verify(properties).getDefaultFailureUrl(); verify(properties).getDefaultSuccessUrl(); verify(properties).getDiscoveryProcessingUrl(); verify(properties).getIdpSelectionPageUrl(); verify(properties).getSsoHokProcessingUrl(); verify(properties).getSsoLoginUrl(); verify(properties).getSsoProcessingUrl(); verify(properties).getProfileOptions(); verify(successHandler).setDefaultTargetUrl(eq(properties.getDefaultSuccessUrl())); verify(failureHandler).setDefaultFailureUrl(eq(properties.getDefaultFailureUrl())); verify(ssoFilter).setAuthenticationManager(eq(authenticationManager)); verify(ssoFilter).setAuthenticationSuccessHandler(eq(successHandler)); verify(ssoFilter).setAuthenticationFailureHandler(eq(failureHandler)); verify(ssoFilter).setFilterProcessesUrl(eq(properties.getSsoProcessingUrl())); verify(ssoHoKFilter).setAuthenticationManager(eq(authenticationManager)); verify(ssoHoKFilter).setAuthenticationSuccessHandler(eq(successHandler)); verify(ssoHoKFilter).setAuthenticationFailureHandler(eq(failureHandler)); verify(ssoHoKFilter).setFilterProcessesUrl(eq(properties.getSsoHokProcessingUrl())); verify(serviceProviderEndpoints).setSsoProcessingURL(properties.getSsoProcessingUrl()); verify(serviceProviderEndpoints).setSsoHoKProcessingURL(properties.getSsoHokProcessingUrl()); verify(serviceProviderEndpoints).setDefaultFailureURL(properties.getDefaultFailureUrl()); verify(serviceProviderEndpoints).setDiscoveryProcessingURL(properties.getDiscoveryProcessingUrl()); verify(serviceProviderEndpoints).setIdpSelectionPageURL(properties.getIdpSelectionPageUrl()); verify(serviceProviderEndpoints).setSsoLoginURL(properties.getSsoLoginUrl()); verify(discoveryFilter).setFilterProcessesUrl(eq(properties.getDiscoveryProcessingUrl())); verify(discoveryFilter).setIdpSelectionPath(eq(properties.getIdpSelectionPageUrl())); verify(entryPoint).setFilterProcessesUrl(eq(properties.getSsoLoginUrl())); ArgumentCaptor<WebSSOProfileOptions> optionsCaptor = ArgumentCaptor.forClass(WebSSOProfileOptions.class); verify(entryPoint).setDefaultProfileOptions(optionsCaptor.capture()); WebSSOProfileOptions options = optionsCaptor.getValue(); Assertions.assertThat(options.isAllowCreate()).isEqualTo(properties.getProfileOptions().getAllowCreate()); Assertions.assertThat(options.getAllowedIDPs()).isEqualTo(properties.getProfileOptions().getAllowedIdps()); Assertions.assertThat(options.getAssertionConsumerIndex()).isEqualTo(properties.getProfileOptions().getAssertionConsumerIndex()); Assertions.assertThat(options.getAuthnContextComparison()).isEqualTo(properties.getProfileOptions().getAuthnContextComparison()); Assertions.assertThat(options.getAuthnContexts()).isEqualTo(properties.getProfileOptions().getAuthnContexts()); Assertions.assertThat(options.getBinding()).isEqualTo(properties.getProfileOptions().getBinding()); Assertions.assertThat(options.getForceAuthN()).isEqualTo(properties.getProfileOptions().getForceAuthn()); Assertions.assertThat(options.isIncludeScoping()).isEqualTo(properties.getProfileOptions().getIncludeScoping()); Assertions.assertThat(options.getNameID()).isEqualTo(properties.getProfileOptions().getNameId()); Assertions.assertThat(options.getPassive()).isEqualTo(properties.getProfileOptions().getPassive()); Assertions.assertThat(options.getProviderName()).isEqualTo(properties.getProfileOptions().getProviderName()); Assertions.assertThat(options.getProxyCount()).isEqualTo(properties.getProfileOptions().getProxyCount()); Assertions.assertThat(options.getRelayState()).isEqualTo(properties.getProfileOptions().getRelayState()); verify(builder).setSharedObject(eq(SAMLProcessingFilter.class), eq(ssoFilter)); verify(builder).setSharedObject(eq(SAMLWebSSOHoKProcessingFilter.class), eq(ssoHoKFilter)); verify(builder).setSharedObject(eq(SAMLDiscovery.class), eq(discoveryFilter)); verify(builder).setSharedObject(eq(SAMLEntryPoint.class), eq(entryPoint)); }
@Test public void configure_custom_noHoK() throws Exception { SSOConfigurer configurer = spy(new SSOConfigurer()); SAMLProcessingFilter ssoFilter = mock(SAMLProcessingFilter.class); when(configurer.createDefaultSamlProcessingFilter()).thenReturn(ssoFilter); SAMLWebSSOHoKProcessingFilter ssoHoKFilter = mock(SAMLWebSSOHoKProcessingFilter.class); when(configurer.createDefaultSamlHoKProcessingFilter()).thenReturn(ssoHoKFilter); SAMLDiscovery discoveryFilter = mock(SAMLDiscovery.class); when(configurer.createDefaultSamlDiscoveryFilter()).thenReturn(discoveryFilter); SAMLEntryPoint entryPoint = mock(SAMLEntryPoint.class); when(configurer.createDefaultSamlEntryPoint()).thenReturn(entryPoint); SavedRequestAwareAuthenticationSuccessHandler successHandler = mock(SavedRequestAwareAuthenticationSuccessHandler.class); SimpleUrlAuthenticationFailureHandler failureHandler = mock(SimpleUrlAuthenticationFailureHandler.class); WebSSOProfileOptions profileOptions = mock(WebSSOProfileOptions.class); configurer.init(builder); configurer .defaultSuccessURL("/success") .failureHandler(failureHandler) .successHandler(successHandler) .defaultFailureURL("/failure") .discoveryProcessingURL("/discovery") .enableSsoHoK(false) .idpSelectionPageURL("/idp") .profileOptions(profileOptions) .ssoHoKProcessingURL("/hok") .ssoLoginURL("/login") .ssoProcessingURL("/sso"); configurer.configure(builder); verify(properties, never()).getDefaultFailureUrl(); verify(properties, never()).getDefaultSuccessUrl(); verify(properties, never()).getDiscoveryProcessingUrl(); verify(properties, never()).getIdpSelectionPageUrl(); verify(properties, never()).getSsoHokProcessingUrl(); verify(properties, never()).getSsoLoginUrl(); verify(properties, never()).getSsoProcessingUrl(); verify(properties, never()).getProfileOptions(); verify(successHandler, never()).setDefaultTargetUrl(eq("/success")); verify(failureHandler, never()).setDefaultFailureUrl(eq("/failure")); verify(ssoFilter).setAuthenticationManager(eq(authenticationManager)); verify(ssoFilter).setAuthenticationSuccessHandler(eq(successHandler)); verify(ssoFilter).setAuthenticationFailureHandler(eq(failureHandler)); verify(ssoFilter).setFilterProcessesUrl(eq("/sso")); verify(ssoHoKFilter, never()).setAuthenticationManager(eq(authenticationManager)); verify(ssoHoKFilter, never()).setAuthenticationSuccessHandler(eq(successHandler)); verify(ssoHoKFilter, never()).setAuthenticationFailureHandler(eq(failureHandler)); verify(ssoHoKFilter, never()).setFilterProcessesUrl(eq("/hok")); verify(serviceProviderEndpoints).setSsoProcessingURL("/sso"); verify(serviceProviderEndpoints, never()).setSsoHoKProcessingURL("/hok"); verify(serviceProviderEndpoints).setDefaultFailureURL("/failure"); verify(serviceProviderEndpoints).setDiscoveryProcessingURL("/discovery"); verify(serviceProviderEndpoints).setIdpSelectionPageURL("/idp"); verify(serviceProviderEndpoints).setSsoLoginURL("/login"); verify(discoveryFilter).setFilterProcessesUrl(eq("/discovery")); verify(discoveryFilter).setIdpSelectionPath(eq("/idp")); verify(entryPoint).setFilterProcessesUrl(eq("/login")); verify(entryPoint).setDefaultProfileOptions(eq(profileOptions)); verify(builder).setSharedObject(eq(SAMLProcessingFilter.class), eq(ssoFilter)); verify(builder).setSharedObject(eq(SAMLWebSSOHoKProcessingFilter.class), eq(null)); verify(builder).setSharedObject(eq(SAMLDiscovery.class), eq(discoveryFilter)); verify(builder).setSharedObject(eq(SAMLEntryPoint.class), eq(entryPoint)); }
@Bean public SimpleUrlAuthenticationFailureHandler apiFailuerHandler() { return new SimpleUrlAuthenticationFailureHandler(); }
protected OpenHdsUserCheckFilter(OpenHdsUserDao dao) { super(URL_TO_APPLY_FILTER_TO); setAuthenticationSuccessHandler(successHandler); setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(LOGIN_PAGE)); this.dao = dao; }
@Bean public SimpleUrlAuthenticationFailureHandler pac4jAuthenticationFailureHandler() { return new Pac4jAuthenticationFailureHandler(); }
