Add GrantedAuthorities.FACTOR_*_AUTHORITY
Closes gh-17952
This commit is contained in:
Rob Winch
parent
28aad8855c
commit
b2d76dfe66
|
|
@ -38,6 +38,7 @@ import org.springframework.security.authentication.BadCredentialsException;
|
|||
import org.springframework.security.cas.ServiceProperties;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
|
@ -69,7 +70,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
|
|||
|
||||
private static final Log logger = LogFactory.getLog(CasAuthenticationProvider.class);
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_CAS";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_CAS_AUTHORITY;
|
||||
|
||||
@SuppressWarnings("NullAway.Init")
|
||||
private AuthenticationUserDetailsService<CasAssertionAuthenticationToken> authenticationUserDetailsService;
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
|
|||
import org.springframework.security.cas.ServiceProperties;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
||||
|
|
@ -360,7 +361,7 @@ public class CasAuthenticationProviderTests {
|
|||
CasServiceTicketAuthenticationToken token = CasServiceTicketAuthenticationToken.stateful("ST-123");
|
||||
token.setDetails("details");
|
||||
Authentication result = cap.authenticate(token);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_CAS");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_CAS_AUTHORITY);
|
||||
}
|
||||
|
||||
private class MockAuthoritiesPopulator implements AuthenticationUserDetailsService {
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import org.springframework.security.config.Customizer;
|
|||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler;
|
||||
|
|
@ -236,7 +237,7 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
|
|||
AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint();
|
||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.addEntryPointFor(entryPoint, requestMatcher),
|
||||
"FACTOR_PASSWORD");
|
||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.springframework.security.authentication.AuthenticationManager;
|
|||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
|
||||
|
|
@ -195,7 +196,8 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
AuthenticationEntryPoint entryPoint = postProcess(this.authenticationEntryPoint);
|
||||
exceptionHandling.defaultAuthenticationEntryPointFor(entryPoint, preferredMatcher);
|
||||
exceptionHandling.defaultDeniedHandlerForMissingAuthority(
|
||||
(ep) -> ep.addEntryPointFor(entryPoint, preferredMatcher), "FACTOR_PASSWORD");
|
||||
(ep) -> ep.addEntryPointFor(entryPoint, preferredMatcher),
|
||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
}
|
||||
|
||||
private void registerDefaultLogoutSuccessHandler(B http, RequestMatcher preferredMatcher) {
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ import org.springframework.context.ApplicationContext;
|
|||
import org.springframework.http.converter.HttpMessageConverter;
|
||||
import org.springframework.security.authentication.ProviderManager;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.access.intercept.AuthorizationFilter;
|
||||
|
|
@ -159,7 +160,8 @@ public class WebAuthnConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
if (exceptions != null) {
|
||||
AuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/login");
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority(
|
||||
(ep) -> ep.addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE), "FACTOR_WEBAUTHN");
|
||||
(ep) -> ep.addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE),
|
||||
GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.springframework.security.config.Customizer;
|
|||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper;
|
||||
|
|
@ -179,14 +180,16 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>>
|
|||
public void init(H http) {
|
||||
PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
|
||||
authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http));
|
||||
authenticationProvider.setGrantedAuthoritySupplier(() -> AuthorityUtils.createAuthorityList("FACTOR_X509"));
|
||||
authenticationProvider.setGrantedAuthoritySupplier(
|
||||
() -> AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_X509_AUTHORITY));
|
||||
http.authenticationProvider(authenticationProvider)
|
||||
.setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint());
|
||||
ExceptionHandlingConfigurer<H> exceptions = http.getConfigurer(ExceptionHandlingConfigurer.class);
|
||||
if (exceptions != null) {
|
||||
AuthenticationEntryPoint forbidden = new Http403ForbiddenEntryPoint();
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority(
|
||||
(ep) -> ep.addEntryPointFor(forbidden, AnyRequestMatcher.INSTANCE), "FACTOR_X509");
|
||||
(ep) -> ep.addEntryPointFor(forbidden, AnyRequestMatcher.INSTANCE),
|
||||
GrantedAuthorities.FACTOR_X509_AUTHORITY);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ import org.springframework.security.config.annotation.web.configurers.SessionMan
|
|||
import org.springframework.security.context.DelegatingApplicationListener;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
import org.springframework.security.core.session.AbstractSessionEvent;
|
||||
import org.springframework.security.core.session.SessionDestroyedEvent;
|
||||
|
|
@ -566,7 +567,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
if (exceptions != null) {
|
||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority(
|
||||
(ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher), "FACTOR_AUTHORIZATION_CODE");
|
||||
(ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher),
|
||||
GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY);
|
||||
}
|
||||
return loginEntryPoint;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ import org.springframework.security.config.annotation.web.configurers.CsrfConfig
|
|||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder;
|
||||
|
|
@ -328,7 +329,8 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
|
|||
Arrays.asList(this.requestMatcher, X_REQUESTED_WITH, restNotHtmlMatcher, allMatcher));
|
||||
exceptionHandling.defaultAuthenticationEntryPointFor(this.authenticationEntryPoint, preferredMatcher);
|
||||
exceptionHandling.defaultDeniedHandlerForMissingAuthority(
|
||||
(ep) -> ep.addEntryPointFor(this.authenticationEntryPoint, preferredMatcher), "FACTOR_BEARER");
|
||||
(ep) -> ep.addEntryPointFor(this.authenticationEntryPoint, preferredMatcher),
|
||||
GrantedAuthorities.FACTOR_BEARER_AUTHORITY);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractAu
|
|||
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.AuthenticationConverter;
|
||||
|
|
@ -141,7 +142,7 @@ public final class OneTimeTokenLoginConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint();
|
||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.addEntryPointFor(entryPoint, requestMatcher),
|
||||
"FACTOR_OTT");
|
||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ import org.springframework.security.config.annotation.web.configurers.AbstractHt
|
|||
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
|
||||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest;
|
||||
import org.springframework.security.saml2.provider.service.authentication.OpenSaml5AuthenticationProvider;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
|
|
@ -353,7 +354,8 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
if (exceptions != null) {
|
||||
RequestMatcher requestMatcher = getAuthenticationEntryPointMatcher(http);
|
||||
exceptions.defaultDeniedHandlerForMissingAuthority(
|
||||
(ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher), "FACTOR_SAML_RESPONSE");
|
||||
(ep) -> ep.addEntryPointFor(loginEntryPoint, requestMatcher),
|
||||
GrantedAuthorities.FACTOR_SAML_RESPONSE_AUTHORITY);
|
||||
}
|
||||
return loginEntryPoint;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
|||
import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.config.users.AuthenticationTestConfiguration;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.context.SecurityContextChangedListener;
|
||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||
|
|
@ -415,16 +416,21 @@ public class FormLoginConfigurerTests {
|
|||
.with(SecurityMockMvcRequestPostProcessors.csrf()))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("/"));
|
||||
user = PasswordEncodedUser.withUserDetails(user).authorities("profile:read", "FACTOR_OTT").build();
|
||||
user = PasswordEncodedUser.withUserDetails(user)
|
||||
.authorities("profile:read", GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
.build();
|
||||
this.mockMvc.perform(get("/profile").with(user(user)))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/login?factor=password"));
|
||||
user = PasswordEncodedUser.withUserDetails(user).authorities("profile:read", "FACTOR_PASSWORD").build();
|
||||
user = PasswordEncodedUser.withUserDetails(user)
|
||||
.authorities("profile:read", GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
||||
.build();
|
||||
this.mockMvc.perform(get("/profile").with(user(user)))
|
||||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("http://localhost/login?factor=ott"));
|
||||
user = PasswordEncodedUser.withUserDetails(user)
|
||||
.authorities("profile:read", "FACTOR_PASSWORD", "FACTOR_OTT")
|
||||
.authorities("profile:read", GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
.build();
|
||||
this.mockMvc.perform(get("/profile").with(user(user))).andExpect(status().isNotFound());
|
||||
}
|
||||
|
|
@ -447,7 +453,8 @@ public class FormLoginConfigurerTests {
|
|||
.andExpect(status().is3xxRedirection())
|
||||
.andExpect(redirectedUrl("/"));
|
||||
UserDetails authorized = PasswordEncodedUser.withUsername("rod")
|
||||
.authorities("profile:read", "FACTOR_X509", "FACTOR_PASSWORD")
|
||||
.authorities("profile:read", GrantedAuthorities.FACTOR_X509_AUTHORITY,
|
||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
||||
.build();
|
||||
this.mockMvc.perform(get("/profile").with(user(authorized))).andExpect(status().isOk());
|
||||
}
|
||||
|
|
@ -814,7 +821,8 @@ public class FormLoginConfigurerTests {
|
|||
|
||||
@Bean
|
||||
AuthorizationManagerFactory<?> authz() {
|
||||
return new AuthorizationManagerFactory<>("FACTOR_PASSWORD", "FACTOR_OTT");
|
||||
return new AuthorizationManagerFactory<>(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY,
|
||||
GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -840,7 +848,8 @@ public class FormLoginConfigurerTests {
|
|||
|
||||
@Bean
|
||||
AuthorizationManagerFactory<?> authz() {
|
||||
return new AuthorizationManagerFactory<>("FACTOR_X509", "FACTOR_PASSWORD");
|
||||
return new AuthorizationManagerFactory<>(GrantedAuthorities.FACTOR_X509_AUTHORITY,
|
||||
GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ import org.springframework.security.authentication.LockedException;
|
|||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
|
@ -99,7 +100,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
|
|||
|
||||
private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_PASSWORD";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY;
|
||||
|
||||
/**
|
||||
* Allows subclasses to perform any additional checks of a returned (or cached)
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ import org.springframework.security.authentication.jaas.event.JaasAuthentication
|
|||
import org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
|
|
@ -121,7 +122,7 @@ import org.springframework.util.ObjectUtils;
|
|||
public abstract class AbstractJaasAuthenticationProvider implements AuthenticationProvider,
|
||||
ApplicationEventPublisherAware, InitializingBean, ApplicationListener<SessionDestroyedEvent> {
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_PASSWORD";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY;
|
||||
|
||||
private ApplicationEventPublisher applicationEventPublisher = (event) -> {
|
||||
};
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import org.springframework.security.authentication.AuthenticationProvider;
|
|||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
|
@ -40,7 +41,7 @@ import org.springframework.util.Assert;
|
|||
*/
|
||||
public final class OneTimeTokenAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_OTT";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_OTT_AUTHORITY;
|
||||
|
||||
private final OneTimeTokenService oneTimeTokenService;
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,78 @@
|
|||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.core;
|
||||
|
||||
/**
|
||||
* Constants for {@link GrantedAuthority}.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 7.0
|
||||
*/
|
||||
public final class GrantedAuthorities {
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that OAuth2
|
||||
* Authorization Code was used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_AUTHORIZATION_CODE_AUTHORITY = "FACTOR_AUTHORIZATION_CODE";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that bearer
|
||||
* authentication was used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_BEARER_AUTHORITY = "FACTOR_BEARER";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that CAS was
|
||||
* used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_CAS_AUTHORITY = "FACTOR_CAS";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that one time
|
||||
* token was used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_OTT_AUTHORITY = "FACTOR_OTT";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that a password
|
||||
* was used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_PASSWORD_AUTHORITY = "FACTOR_PASSWORD";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that SAML was
|
||||
* used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_SAML_RESPONSE_AUTHORITY = "FACTOR_SAML_RESPONSE";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that WebAuthn
|
||||
* was used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_WEBAUTHN_AUTHORITY = "FACTOR_WEBAUTHN";
|
||||
|
||||
/**
|
||||
* The standard {@link GrantedAuthority#getAuthority()} that indicates that X509 was
|
||||
* used to authenticate.
|
||||
*/
|
||||
public static final String FACTOR_X509_AUTHORITY = "FACTOR_X509";
|
||||
|
||||
private GrantedAuthorities() {
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -38,6 +38,7 @@ import org.springframework.security.authentication.password.CompromisedPasswordC
|
|||
import org.springframework.security.authentication.password.CompromisedPasswordDecision;
|
||||
import org.springframework.security.authentication.password.CompromisedPasswordException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||
|
|
@ -511,7 +512,7 @@ public class DaoAuthenticationProviderTests {
|
|||
DaoAuthenticationProvider provider = new DaoAuthenticationProvider(withUsers(user));
|
||||
Authentication request = new UsernamePasswordAuthenticationToken("user", "password");
|
||||
Authentication result = provider.authenticate(request);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_PASSWORD");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
}
|
||||
|
||||
private UserDetailsService withUsers(UserDetails... users) {
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
|||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
|
|
@ -241,7 +242,7 @@ public class JaasAuthenticationProviderTests {
|
|||
public void authenticateWhenSuccessThenIssuesFactor() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
|
||||
Authentication result = this.jaasProvider.authenticate(token);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_PASSWORD");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
}
|
||||
|
||||
private static class MockLoginContext extends LoginContext {
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.mockito.junit.jupiter.MockitoExtension;
|
|||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.authentication.SecurityAssertions;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
|
|
@ -108,7 +109,7 @@ public class OneTimeTokenAuthenticationProviderTests {
|
|||
OneTimeTokenAuthenticationToken token = new OneTimeTokenAuthenticationToken(TOKEN);
|
||||
|
||||
Authentication authentication = this.provider.authenticate(token);
|
||||
SecurityAssertions.assertThat(authentication).hasAuthority("FACTOR_OTT");
|
||||
SecurityAssertions.assertThat(authentication).hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ import org.springframework.security.config.Customizer;
|
|||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
import org.springframework.web.reactive.config.EnableWebFlux;
|
||||
|
||||
/**
|
||||
*
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||
|
|
@ -51,7 +52,7 @@ public class AuthorizationManagerFactoryTests {
|
|||
MockMvc mockMvc;
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = { "FACTOR_PASSWORD", "FACTOR_OTT" })
|
||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY })
|
||||
void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception {
|
||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire();
|
||||
// @formatter:off
|
||||
|
|
@ -62,7 +63,7 @@ public class AuthorizationManagerFactoryTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = "FACTOR_PASSWORD")
|
||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
||||
void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception {
|
||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire();
|
||||
// @formatter:off
|
||||
|
|
@ -73,7 +74,7 @@ public class AuthorizationManagerFactoryTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = "FACTOR_OTT")
|
||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception {
|
||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration.class, Http200Controller.class).autowire();
|
||||
// @formatter:off
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
|
|
@ -26,8 +27,8 @@ public class ListAuthoritiesEverywhereConfiguration {
|
|||
// @formatter:off
|
||||
http
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers("/admin/**").access(allOf(hasAuthority("FACTOR_PASSWORD"), hasAuthority("FACTOR_OTT"), hasRole("ADMIN"))) // <1>
|
||||
.anyRequest().access(allOf(hasAuthority("FACTOR_PASSWORD"), hasAuthority("FACTOR_OTT")))
|
||||
.requestMatchers("/admin/**").access(allOf(hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY), hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY), hasRole("ADMIN"))) // <1>
|
||||
.anyRequest().access(allOf(hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY), hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY)))
|
||||
)
|
||||
.formLogin(Customizer.withDefaults())
|
||||
.oneTimeTokenLogin(Customizer.withDefaults());
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import org.springframework.security.authorization.DefaultAuthorizationManagerFac
|
|||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
|
|
@ -38,7 +39,7 @@ class UseAuthorizationManagerFactoryConfiguration {
|
|||
@Bean
|
||||
AuthorizationManagerFactory<Object> authz() {
|
||||
return DefaultAuthorizationManagerFactory.builder()
|
||||
.requireAdditionalAuthorities("FACTOR_PASSWORD", "FACTOR_OTT").build();
|
||||
.requireAdditionalAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY).build();
|
||||
}
|
||||
// end::authorizationManagerFactoryBean[]
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.springframework.security.config.Customizer;
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
|
@ -56,8 +57,8 @@ class CustomAuthorizationManagerFactory {
|
|||
MyPrincipal principal = (MyPrincipal) authentication.get().getPrincipal();
|
||||
if (principal.optedIn()) {
|
||||
SecurityExpressionOperations sec = new SecurityExpressionRoot<>(authentication, context) {};
|
||||
return new AuthorityAuthorizationDecision(sec.hasAuthority("FACTOR_OTT"),
|
||||
AuthorityUtils.createAuthorityList("FACTOR_OTT"));
|
||||
return new AuthorityAuthorizationDecision(sec.hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY),
|
||||
AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_OTT_AUTHORITY));
|
||||
}
|
||||
return new AuthorizationDecision(true);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||
|
|
@ -79,7 +80,7 @@ public class CustomAuthorizationManagerFactoryTests {
|
|||
void getWhenOptedAndHasFactorThenAllows() throws Exception {
|
||||
this.spring.register(CustomAuthorizationManagerFactory.class, Http200Controller.class).autowire();
|
||||
UserDetails user = this.users.loadUserByUsername("optedin");
|
||||
TestingAuthenticationToken token = new TestingAuthenticationToken(user, "", "FACTOR_OTT");
|
||||
TestingAuthenticationToken token = new TestingAuthenticationToken(user, "", GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
||||
// @formatter:off
|
||||
this.mockMvc.perform(get("/").with(authentication(token)))
|
||||
.andExpect(status().isOk())
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
|
|
@ -25,7 +26,7 @@ class ListAuthoritiesConfiguration {
|
|||
// @formatter:off
|
||||
http
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().access(allOf(hasAuthority("FACTOR_PASSWORD"), hasAuthority("FACTOR_OTT"))) // <1>
|
||||
.anyRequest().access(allOf(hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY), hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY))) // <1>
|
||||
)
|
||||
.formLogin(Customizer.withDefaults())
|
||||
.oneTimeTokenLogin(Customizer.withDefaults());
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||
|
|
@ -51,7 +52,7 @@ public class MultiFactorAuthenticationTests {
|
|||
MockMvc mockMvc;
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = { "FACTOR_PASSWORD", "FACTOR_OTT" })
|
||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY })
|
||||
void getWhenAuthenticatedWithPasswordAndOttThenPermits() throws Exception {
|
||||
this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire();
|
||||
// @formatter:off
|
||||
|
|
@ -62,7 +63,7 @@ public class MultiFactorAuthenticationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = "FACTOR_PASSWORD")
|
||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
||||
void getWhenAuthenticatedWithPasswordThenRedirectsToOtt() throws Exception {
|
||||
this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire();
|
||||
// @formatter:off
|
||||
|
|
@ -73,7 +74,7 @@ public class MultiFactorAuthenticationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = "FACTOR_OTT")
|
||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
void getWhenAuthenticatedWithOttThenRedirectsToPassword() throws Exception {
|
||||
this.spring.register(ListAuthoritiesConfiguration.class, Http200Controller.class).autowire();
|
||||
// @formatter:off
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import org.springframework.security.config.Customizer;
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
|
||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
|
||||
|
|
@ -53,7 +54,7 @@ class MissingAuthorityConfiguration {
|
|||
// tag::authorizationManagerFactoryBean[]
|
||||
@Bean
|
||||
AuthorizationManagerFactory<RequestAuthorizationContext> authz() {
|
||||
return new FactorAuthorizationManagerFactory(hasAllAuthorities("FACTOR_X509", "FACTOR_AUTHORIZATION_CODE"));
|
||||
return new FactorAuthorizationManagerFactory(hasAllAuthorities(GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY));
|
||||
}
|
||||
// end::authorizationManagerFactoryBean[]
|
||||
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||
|
|
@ -61,7 +62,7 @@ public class ObtainingMoreAuthorizationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = { "FACTOR_X509", "FACTOR_AUTHORIZATION_CODE" })
|
||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY })
|
||||
void profileWhenMissingAuthorityConfigurationThenRedirectsToAuthorizationServer() throws Exception {
|
||||
this.spring.register(MissingAuthorityConfiguration.class, Http200Controller.class).autowire();
|
||||
// @formatter:off
|
||||
|
|
@ -82,7 +83,7 @@ public class ObtainingMoreAuthorizationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = { "FACTOR_X509", "FACTOR_AUTHORIZATION_CODE", "SCOPE_profile:read" })
|
||||
@WithMockUser(authorities = { GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY, "SCOPE_profile:read" })
|
||||
void profileWhenAuthenticatedAndHasScopeThenPermits() throws Exception {
|
||||
this.spring.register(MissingAuthorityConfiguration.class, Http200Controller.class).autowire();
|
||||
// @formatter:off
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.docs.servlet.authentication.servletx509config.CustomX509Configuration;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener;
|
||||
|
|
@ -73,7 +74,7 @@ public class ReauthenticationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = "FACTOR_OTT")
|
||||
@WithMockUser(authorities = GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
void ottWhenRequireOttConfigurationThenAllows() throws Exception {
|
||||
this.spring.register(RequireOttConfiguration.class, Http200Controller.class).autowire();
|
||||
// @formatter:off
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import org.springframework.context.annotation.Configuration;
|
|||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
|
|
@ -22,7 +23,7 @@ public class RequireOttConfiguration {
|
|||
// @formatter:off
|
||||
http
|
||||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.requestMatchers("/profile/**").hasAuthority("FACTOR_OTT") // <1>
|
||||
.requestMatchers("/profile/**").hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY) // <1>
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.formLogin(Customizer.withDefaults())
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
|||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.authentication.ott.OneTimeTokenAuthentication;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
|
||||
|
|
@ -19,10 +20,10 @@ public class CopyAuthoritiesTests {
|
|||
@Test
|
||||
void toBuilderWhenApplyThenCopies() {
|
||||
UsernamePasswordAuthenticationToken previous = new UsernamePasswordAuthenticationToken("alice", "pass",
|
||||
AuthorityUtils.createAuthorityList("FACTOR_PASSWORD"));
|
||||
AuthorityUtils.createAuthorityList( GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY));
|
||||
SecurityContextHolder.getContext().setAuthentication(previous);
|
||||
Authentication latest = new OneTimeTokenAuthentication("bob",
|
||||
AuthorityUtils.createAuthorityList("FACTOR_OTT"));
|
||||
AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_OTT_AUTHORITY));
|
||||
AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
|
||||
given(authenticationManager.authenticate(any())).willReturn(latest);
|
||||
Authentication authenticationRequest = new TestingAuthenticationToken("user", "pass");
|
||||
|
|
@ -35,7 +36,7 @@ public class CopyAuthoritiesTests {
|
|||
.build();
|
||||
}
|
||||
// end::springSecurity[]
|
||||
SecurityAssertions.assertThat(lastestResult).hasAuthorities("FACTOR_PASSWORD", "FACTOR_OTT");
|
||||
SecurityAssertions.assertThat(lastestResult).hasAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY);
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||
import org.springframework.beans.factory.annotation.Autowired
|
||||
import org.springframework.security.config.test.SpringTestContext
|
||||
import org.springframework.security.config.test.SpringTestContextExtension
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.test.context.support.WithMockUser
|
||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
||||
|
|
@ -46,7 +47,7 @@ class AuthorizationManagerFactoryTests {
|
|||
var mockMvc: MockMvc? = null
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = ["FACTOR_PASSWORD", "FACTOR_OTT"])
|
||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
||||
@Throws(Exception::class)
|
||||
fun getWhenAuthenticatedWithPasswordAndOttThenPermits() {
|
||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java)
|
||||
|
|
@ -59,7 +60,7 @@ class AuthorizationManagerFactoryTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = ["FACTOR_PASSWORD"])
|
||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY])
|
||||
@Throws(Exception::class)
|
||||
fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() {
|
||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java)
|
||||
|
|
@ -72,7 +73,7 @@ class AuthorizationManagerFactoryTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = ["FACTOR_OTT"])
|
||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
||||
@Throws(Exception::class)
|
||||
fun getWhenAuthenticatedWithOttThenRedirectsToPassword() {
|
||||
this.spring.register(UseAuthorizationManagerFactoryConfiguration::class.java, Http200Controller::class.java)
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import org.springframework.context.annotation.Configuration
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.config.annotation.web.invoke
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.core.userdetails.User
|
||||
import org.springframework.security.core.userdetails.UserDetailsService
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||
|
|
@ -22,8 +23,8 @@ class ListAuthoritiesEverywhereConfiguration {
|
|||
// @formatter:off
|
||||
http {
|
||||
authorizeHttpRequests {
|
||||
authorize("/admin/**", hasAllAuthorities("FACTOR_PASSWORD", "FACTOR_OTT", "ROLE_ADMIN")) // <1>
|
||||
authorize(anyRequest, hasAllAuthorities("FACTOR_PASSWORD", "FACTOR_OTT"))
|
||||
authorize("/admin/**", hasAllAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY, "ROLE_ADMIN")) // <1>
|
||||
authorize(anyRequest, hasAllAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY))
|
||||
}
|
||||
formLogin { }
|
||||
oneTimeTokenLogin { }
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import org.springframework.security.authorization.DefaultAuthorizationManagerFac
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.config.annotation.web.invoke
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.core.userdetails.User
|
||||
import org.springframework.security.core.userdetails.UserDetailsService
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||
|
|
@ -38,7 +39,7 @@ internal class UseAuthorizationManagerFactoryConfiguration {
|
|||
@Bean
|
||||
fun authz(): AuthorizationManagerFactory<Object> {
|
||||
return DefaultAuthorizationManagerFactory.builder<Object>()
|
||||
.requireAdditionalAuthorities("FACTOR_PASSWORD", "FACTOR_OTT").build()
|
||||
.requireAdditionalAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY).build()
|
||||
}
|
||||
// end::authorizationManagerFactoryBean[]
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
|||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.config.annotation.web.invoke
|
||||
import org.springframework.security.core.Authentication
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.core.GrantedAuthority
|
||||
import org.springframework.security.core.authority.AuthorityUtils
|
||||
import org.springframework.security.core.userdetails.UserDetails
|
||||
|
|
@ -49,8 +50,8 @@ internal class CustomAuthorizationManagerFactory {
|
|||
if (principal!!.optedIn) {
|
||||
val root = object : SecurityExpressionRoot<Object>(authentication, context) { }
|
||||
return AuthorityAuthorizationDecision(
|
||||
root.hasAuthority("FACTOR_OTT"),
|
||||
AuthorityUtils.createAuthorityList("FACTOR_OTT")
|
||||
root.hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY),
|
||||
AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
)
|
||||
}
|
||||
return AuthorizationDecision(true)
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import org.springframework.beans.factory.annotation.Autowired
|
|||
import org.springframework.security.authentication.TestingAuthenticationToken
|
||||
import org.springframework.security.config.test.SpringTestContext
|
||||
import org.springframework.security.config.test.SpringTestContextExtension
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.core.userdetails.UserDetailsService
|
||||
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors
|
||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
||||
|
|
@ -75,7 +76,7 @@ class CustomAuthorizationManagerFactoryTests {
|
|||
fun getWhenOptedAndHasFactorThenAllows() {
|
||||
this.spring.register(CustomAuthorizationManagerFactory::class.java, Http200Controller::class.java).autowire()
|
||||
val user = this.users!!.loadUserByUsername("optedin")
|
||||
val token = TestingAuthenticationToken(user, "", "FACTOR_OTT")
|
||||
val token = TestingAuthenticationToken(user, "", GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
// @formatter:off
|
||||
this.mockMvc!!.perform(MockMvcRequestBuilders.get("/").with(SecurityMockMvcRequestPostProcessors.authentication(token)))
|
||||
.andExpect(MockMvcResultMatchers.status().isOk())
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import org.springframework.context.annotation.Configuration
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.config.annotation.web.invoke
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.core.userdetails.User
|
||||
import org.springframework.security.core.userdetails.UserDetailsService
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||
|
|
@ -22,7 +23,7 @@ internal class ListAuthoritiesConfiguration {
|
|||
// @formatter:off
|
||||
http {
|
||||
authorizeHttpRequests {
|
||||
authorize(anyRequest, hasAllAuthorities("FACTOR_PASSWORD", "FACTOR_OTT"))
|
||||
authorize(anyRequest, hasAllAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY))
|
||||
}
|
||||
formLogin { }
|
||||
oneTimeTokenLogin { }
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||
import org.springframework.beans.factory.annotation.Autowired
|
||||
import org.springframework.security.config.test.SpringTestContext
|
||||
import org.springframework.security.config.test.SpringTestContextExtension
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.test.context.support.WithMockUser
|
||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||
import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
|
||||
|
|
@ -46,7 +47,7 @@ class MultiFactorAuthenticationTests {
|
|||
var mockMvc: MockMvc? = null
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = ["FACTOR_PASSWORD", "FACTOR_OTT"])
|
||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
||||
@Throws(Exception::class)
|
||||
fun getWhenAuthenticatedWithPasswordAndOttThenPermits() {
|
||||
this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||
|
|
@ -58,7 +59,7 @@ class MultiFactorAuthenticationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = ["FACTOR_PASSWORD"])
|
||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY])
|
||||
@Throws(Exception::class)
|
||||
fun getWhenAuthenticatedWithPasswordThenRedirectsToOtt() {
|
||||
this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||
|
|
@ -70,7 +71,7 @@ class MultiFactorAuthenticationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = ["FACTOR_OTT"])
|
||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
||||
@Throws(Exception::class)
|
||||
fun getWhenAuthenticatedWithOttThenRedirectsToPassword() {
|
||||
this.spring.register(ListAuthoritiesConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
|
|||
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer
|
||||
import org.springframework.security.config.annotation.web.invoke
|
||||
import org.springframework.security.core.AuthenticationException
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
|
||||
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository
|
||||
import org.springframework.security.oauth2.client.registration.TestClientRegistrations
|
||||
|
|
@ -58,7 +59,7 @@ internal class MissingAuthorityConfiguration {
|
|||
// tag::authorizationManagerFactoryBean[]
|
||||
@Bean
|
||||
fun authz(): AuthorizationManagerFactory<RequestAuthorizationContext> {
|
||||
return FactorAuthorizationManagerFactory(hasAllAuthorities("FACTOR_X509", "FACTOR_AUTHORIZATION_CODE"))
|
||||
return FactorAuthorizationManagerFactory(hasAllAuthorities(GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY))
|
||||
}
|
||||
// end::authorizationManagerFactoryBean[]
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||
import org.springframework.beans.factory.annotation.Autowired
|
||||
import org.springframework.security.config.test.SpringTestContext
|
||||
import org.springframework.security.config.test.SpringTestContextExtension
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.docs.servlet.authentication.obtainingmoreauthorization.ScopeConfiguration
|
||||
import org.springframework.security.test.context.support.WithMockUser
|
||||
import org.springframework.security.test.context.support.WithSecurityContextTestExecutionListener
|
||||
|
|
@ -58,7 +59,7 @@ class ObtainingMoreAuthorizationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = ["FACTOR_X509", "FACTOR_AUTHORIZATION_CODE"])
|
||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY])
|
||||
@Throws(Exception::class)
|
||||
fun profileWhenMissingAuthorityConfigurationThenRedirectsToAuthorizationServer() {
|
||||
this.spring.register(MissingAuthorityConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||
|
|
@ -81,7 +82,7 @@ class ObtainingMoreAuthorizationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = ["FACTOR_X509", "FACTOR_AUTHORIZATION_CODE", "SCOPE_profile:read"])
|
||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_X509_AUTHORITY, GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY, "SCOPE_profile:read"])
|
||||
@Throws(
|
||||
Exception::class
|
||||
)
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.junit.jupiter.api.extension.ExtendWith
|
|||
import org.springframework.beans.factory.annotation.Autowired
|
||||
import org.springframework.security.config.test.SpringTestContext
|
||||
import org.springframework.security.config.test.SpringTestContextExtension
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.docs.servlet.authentication.reauthentication.RequireOttConfiguration
|
||||
import org.springframework.security.docs.servlet.authentication.reauthentication.SimpleConfiguration
|
||||
import org.springframework.security.test.context.support.WithMockUser
|
||||
|
|
@ -72,7 +73,7 @@ class ReauthenticationTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(authorities = ["FACTOR_OTT"])
|
||||
@WithMockUser(authorities = [GrantedAuthorities.FACTOR_OTT_AUTHORITY])
|
||||
@Throws(Exception::class)
|
||||
fun ottWhenRequireOttConfigurationThenAllows() {
|
||||
this.spring.register(RequireOttConfiguration::class.java, Http200Controller::class.java).autowire()
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import org.springframework.context.annotation.Configuration
|
|||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||
import org.springframework.security.config.annotation.web.invoke
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.core.userdetails.User
|
||||
import org.springframework.security.core.userdetails.UserDetailsService
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager
|
||||
|
|
@ -22,7 +23,7 @@ class RequireOttConfiguration {
|
|||
// @formatter:off
|
||||
http {
|
||||
authorizeHttpRequests {
|
||||
authorize("/profile/**", hasAuthority("FACTOR_OTT")) // <1>
|
||||
authorize("/profile/**", hasAuthority(GrantedAuthorities.FACTOR_OTT_AUTHORITY)) // <1>
|
||||
authorize(anyRequest, authenticated)
|
||||
}
|
||||
formLogin { }
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken
|
|||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
|
||||
import org.springframework.security.authentication.ott.OneTimeTokenAuthentication
|
||||
import org.springframework.security.core.Authentication
|
||||
import org.springframework.security.core.GrantedAuthorities
|
||||
import org.springframework.security.core.authority.AuthorityUtils
|
||||
import org.springframework.security.core.context.SecurityContextHolder
|
||||
|
||||
|
|
@ -17,10 +18,10 @@ class CopyAuthoritiesTests {
|
|||
@Test
|
||||
fun toBuilderWhenApplyThenCopies() {
|
||||
val previous: Authentication = UsernamePasswordAuthenticationToken("alice", "pass",
|
||||
AuthorityUtils.createAuthorityList("FACTOR_PASSWORD"))
|
||||
AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY))
|
||||
SecurityContextHolder.getContext().authentication = previous
|
||||
var latest: Authentication = OneTimeTokenAuthentication("bob",
|
||||
AuthorityUtils.createAuthorityList("FACTOR_OTT"))
|
||||
AuthorityUtils.createAuthorityList(GrantedAuthorities.FACTOR_OTT_AUTHORITY))
|
||||
val authenticationManager: AuthenticationManager = Mockito.mock(AuthenticationManager::class.java)
|
||||
BDDMockito.given(authenticationManager.authenticate(ArgumentMatchers.any())).willReturn(latest)
|
||||
val authenticationRequest: Authentication = TestingAuthenticationToken("user", "pass")
|
||||
|
|
@ -33,7 +34,7 @@ class CopyAuthoritiesTests {
|
|||
}.build()
|
||||
}
|
||||
// end::springSecurity[]
|
||||
SecurityAssertions.assertThat(latestResult).hasAuthorities("FACTOR_PASSWORD", "FACTOR_OTT")
|
||||
SecurityAssertions.assertThat(latestResult).hasAuthorities(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY, GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
SecurityContextHolder.clearContext()
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import org.springframework.security.authentication.BadCredentialsException;
|
|||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
|
@ -52,7 +53,7 @@ import org.springframework.util.StringUtils;
|
|||
*/
|
||||
public abstract class AbstractLdapAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_PASSWORD";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY;
|
||||
|
||||
protected final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import org.springframework.security.authentication.InternalAuthenticationService
|
|||
import org.springframework.security.authentication.SecurityAssertions;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
|
@ -164,7 +165,7 @@ public class LdapAuthenticationProviderTests {
|
|||
LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(authenticator, populator);
|
||||
UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken("ben", "benspassword");
|
||||
Authentication result = ldapProvider.authenticate(request);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_PASSWORD");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY);
|
||||
}
|
||||
|
||||
class MockAuthenticator implements LdapAuthenticator {
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ import java.util.Map;
|
|||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
|
|
@ -69,7 +70,7 @@ import org.springframework.util.Assert;
|
|||
*/
|
||||
public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_AUTHORIZATION_CODE";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY;
|
||||
|
||||
private final OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider;
|
||||
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ import org.mockito.stubbing.Answer;
|
|||
|
||||
import org.springframework.security.authentication.SecurityAssertions;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
|
||||
|
|
@ -219,7 +220,7 @@ public class OAuth2LoginAuthenticationProviderTests {
|
|||
Authentication request = new OAuth2LoginAuthenticationToken(this.clientRegistration,
|
||||
this.authorizationExchange);
|
||||
Authentication result = this.authenticationProvider.authenticate(request);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_AUTHORIZATION_CODE");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_AUTHORIZATION_CODE_AUTHORITY);
|
||||
}
|
||||
|
||||
private OAuth2AccessTokenResponse accessTokenSuccessResponse() {
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import java.util.HashSet;
|
|||
|
||||
import org.springframework.core.convert.converter.Converter;
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
|
|
@ -36,7 +37,7 @@ import org.springframework.util.Assert;
|
|||
*/
|
||||
public class JwtAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_BEARER";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_BEARER_AUTHORITY;
|
||||
|
||||
private Converter<Jwt, Collection<GrantedAuthority>> jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.springframework.security.authentication.AuthenticationProvider;
|
|||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.oauth2.core.OAuth2AccessToken;
|
||||
|
|
@ -74,7 +75,7 @@ import org.springframework.util.Assert;
|
|||
*/
|
||||
public final class OpaqueTokenAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_BEARER";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_BEARER_AUTHORITY;
|
||||
|
||||
private final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.springframework.core.convert.converter.Converter;
|
|||
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
||||
import org.springframework.security.authentication.SecurityAssertions;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.oauth2.jwt.Jwt;
|
||||
|
|
@ -115,7 +116,7 @@ public class JwtAuthenticationConverterTests {
|
|||
public void convertWhenDefaultsThenIssuesFactor() {
|
||||
Jwt jwt = TestJwts.jwt().build();
|
||||
Authentication result = this.jwtAuthenticationConverter.convert(jwt);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_BEARER");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_BEARER_AUTHORITY);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio
|
|||
import org.springframework.security.authentication.SecurityAssertions;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
|
||||
import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
|
||||
|
|
@ -154,7 +155,7 @@ public class OpaqueTokenAuthenticationProviderTests {
|
|||
OpaqueTokenAuthenticationProvider provider = new OpaqueTokenAuthenticationProvider(introspector);
|
||||
Authentication request = new BearerTokenAuthenticationToken("token");
|
||||
Authentication result = provider.authenticate(request);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_BEARER");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_BEARER_AUTHORITY);
|
||||
}
|
||||
|
||||
static Predicate<GrantedAuthority> isScope() {
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
|
|||
import org.springframework.security.authentication.AuthenticationProvider;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
|
@ -113,7 +114,7 @@ import org.springframework.util.StringUtils;
|
|||
*/
|
||||
public final class OpenSaml5AuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_SAML_RESPONSE";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_SAML_RESPONSE_AUTHORITY;
|
||||
|
||||
private final BaseOpenSamlAuthenticationProvider delegate;
|
||||
|
||||
|
|
|
|||
|
|
@ -73,6 +73,7 @@ import org.opensaml.xmlsec.signature.support.SignatureConstants;
|
|||
import org.springframework.core.convert.converter.Converter;
|
||||
import org.springframework.security.authentication.SecurityAssertions;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.jackson2.SecurityJackson2Modules;
|
||||
|
|
@ -990,7 +991,7 @@ public class OpenSaml5AuthenticationProviderTests {
|
|||
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
|
||||
Authentication request = token(response, verifying(registration()));
|
||||
Authentication result = this.provider.authenticate(request);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_SAML_RESPONSE");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_SAML_RESPONSE_AUTHORITY);
|
||||
}
|
||||
|
||||
private <T extends XMLObject> T build(QName qName) {
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
|
@ -67,7 +68,7 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests {
|
|||
List<SimpleGrantedAuthority> grantedAuthorities = new ArrayList<>();
|
||||
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
|
||||
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_SELLER"));
|
||||
grantedAuthorities.add(new SimpleGrantedAuthority("FACTOR_PASSWORD"));
|
||||
grantedAuthorities.add(new SimpleGrantedAuthority(GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY));
|
||||
this.mockMvc.perform(formLogin()).andExpect(authenticated().withAuthorities(grantedAuthorities));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -64,8 +64,8 @@ import org.springframework.util.Assert;
|
|||
*
|
||||
* <code>
|
||||
* AccessDeniedHandler handler = DelegatingMissingAuthorityAccessDeniedHandler.builder()
|
||||
* .addEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), "FACTOR_OTT")
|
||||
* .addEntryPointFor(new MyCustomEntryPoint(), "FACTOR_PASSWORD")
|
||||
* .addEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), GrantedAuthorities.FACTOR_OTT_AUTHORITY)
|
||||
* .addEntryPointFor(new MyCustomEntryPoint(), GrantedAuthorities.FACTOR_PASSWORD_AUTHORITY)
|
||||
* .build();
|
||||
* </code>
|
||||
*
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import org.springframework.security.authentication.AuthenticationProvider;
|
|||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
|
@ -44,7 +45,7 @@ import org.springframework.util.Assert;
|
|||
*/
|
||||
public class WebAuthnAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
private static final String AUTHORITY = "FACTOR_WEBAUTHN";
|
||||
private static final String AUTHORITY = GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY;
|
||||
|
||||
private final WebAuthnRelyingPartyOperations relyingPartyOperations;
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.junit.jupiter.api.Test;
|
|||
|
||||
import org.springframework.security.authentication.SecurityAssertions;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthorities;
|
||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse;
|
||||
|
|
@ -55,7 +56,7 @@ class WebAuthnAuthenticationProviderTests {
|
|||
given(users.loadUserByUsername(any())).willReturn(PasswordEncodedUser.user());
|
||||
given(operations.authenticate(any())).willReturn(TestPublicKeyCredentialUserEntities.userEntity().build());
|
||||
Authentication result = provider.authenticate(request);
|
||||
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_WEBAUTHN");
|
||||
SecurityAssertions.assertThat(result).hasAuthority(GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue