List of usage examples for org.springframework.security.web.authentication.www DigestAuthUtils generateDigest
static String generateDigest(boolean passwordAlreadyEncoded, String username, String realm, String password, String httpMethod, String uri, String qop, String nonce, String nc, String cnonce) throws IllegalArgumentException
response portion of a Digest authentication header. From source file:org.springframework.security.web.authentication.www.DigestAuthenticationFilterTests.java
@Test public void testExpiredNonceReturnsForbiddenWithStaleHeader() throws Exception { String nonce = generateNonce(0); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);/*from w ww. ja va 2 s . c o m*/ request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); Thread.sleep(1000); // ensures token expired MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); String header = response.getHeader("WWW-Authenticate").toString().substring(7); String[] headerEntries = StringUtils.commaDelimitedListToStringArray(header); Map<String, String> headerMap = DigestAuthUtils.splitEachArrayElementAndCreateMap(headerEntries, "=", "\""); assertThat(headerMap.get("stale")).isEqualTo("true"); }
From source file:org.springframework.security.web.authentication.www.DigestAuthenticationFilterTests.java
@Test public void doFilterWhenNonceHasBadKeyThenGeneratesError() throws Exception { String badNonce = generateNonce(60, "badkey"); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, badNonce, NC, CNONCE);//from w w w.j av a 2 s. com request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, badNonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false); assertThat(response.getStatus()).isEqualTo(401); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); }
From source file:org.springframework.security.web.authentication.www.DigestAuthenticationFilterTests.java
@Test public void testNonBase64EncodedNonceReturnsForbidden() throws Exception { String nonce = "NOT_BASE_64_ENCODED"; String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);//from w w w. j a v a 2 s . c o m request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); }
From source file:org.springframework.security.web.authentication.www.DigestAuthenticationFilterTests.java
@Test public void testNonceWithIncorrectSignatureForNumericFieldReturnsForbidden() throws Exception { String nonce = new String(Base64.encodeBase64("123456:incorrectStringPassword".getBytes())); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);// ww w . j a v a2s.c o m request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); }
From source file:org.springframework.security.web.authentication.www.DigestAuthenticationFilterTests.java
@Test public void testNonceWithNonNumericFirstElementReturnsForbidden() throws Exception { String nonce = new String(Base64.encodeBase64("hello:ignoredSecondElement".getBytes())); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);// w ww . j a v a 2 s . co m request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); }
From source file:org.springframework.security.web.authentication.www.DigestAuthenticationFilterTests.java
@Test public void testNonceWithoutTwoColonSeparatedElementsReturnsForbidden() throws Exception { String nonce = new String(Base64.encodeBase64("a base 64 string without a colon".getBytes())); String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, nonce, NC, CNONCE);//from w w w . j a v a2 s. c om request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, nonce, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); }
From source file:org.springframework.security.web.authentication.www.DigestAuthenticationFilterTests.java
@Test public void testNormalOperationWhenPasswordIsAlreadyEncoded() throws Exception { String encodedPassword = DigestAuthUtils.encodePasswordInA1Format(USERNAME, REALM, PASSWORD); String responseDigest = DigestAuthUtils.generateDigest(true, USERNAME, REALM, encodedPassword, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); executeFilterInContainerSimulator(filter, request, true); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat(//from w w w. j av a2s.co m ((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) .isEqualTo(USERNAME); }
From source file:org.springframework.security.web.authentication.www.DigestAuthenticationFilterTests.java
@Test public void testNormalOperationWhenPasswordNotAlreadyEncoded() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);//w w w .ja v a 2 s .co m request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); executeFilterInContainerSimulator(filter, request, true); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat( ((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) .isEqualTo(USERNAME); assertThat(SecurityContextHolder.getContext().getAuthentication().isAuthenticated()).isFalse(); }
From source file:org.springframework.security.web.authentication.www.DigestAuthenticationFilterTests.java
@Test public void testNormalOperationWhenPasswordNotAlreadyEncodedAndWithoutReAuthentication() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);/*from w w w. j a v a2 s.c o m*/ request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); filter.setCreateAuthenticatedToken(true); executeFilterInContainerSimulator(filter, request, true); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); assertThat( ((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername()) .isEqualTo(USERNAME); assertThat(SecurityContextHolder.getContext().getAuthentication().isAuthenticated()).isTrue(); assertThat(SecurityContextHolder.getContext().getAuthentication().getAuthorities()) .isEqualTo(AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO")); }
From source file:org.springframework.security.web.authentication.www.DigestAuthenticationFilterTests.java
@Test public void successfulLoginThenFailedLoginResultsInSessionLosingToken() throws Exception { String responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, PASSWORD, "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE);/*from w ww . j ava2 s . c o m*/ request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); executeFilterInContainerSimulator(filter, request, true); assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull(); // Now retry, giving an invalid nonce responseDigest = DigestAuthUtils.generateDigest(false, USERNAME, REALM, "WRONG_PASSWORD", "GET", REQUEST_URI, QOP, NONCE, NC, CNONCE); request = new MockHttpServletRequest(); request.addHeader("Authorization", createAuthorizationHeader(USERNAME, REALM, NONCE, REQUEST_URI, responseDigest, QOP, NC, CNONCE)); MockHttpServletResponse response = executeFilterInContainerSimulator(filter, request, false); // Check we lost our previous authentication assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull(); assertThat(response.getStatus()).isEqualTo(401); }