forked from community/device-mgt-core
megala21
7 years ago
parent
9c6f15506d
commit
cbaace4e93
@ -0,0 +1,165 @@
|
||||
/*
|
||||
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authenticator;
|
||||
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.commons.pool.impl.GenericObjectPool;
|
||||
import org.apache.tomcat.util.buf.MessageBytes;
|
||||
import org.apache.tomcat.util.http.MimeHeaders;
|
||||
import org.mockito.Mockito;
|
||||
import org.testng.Assert;
|
||||
import org.testng.annotations.BeforeClass;
|
||||
import org.testng.annotations.Test;
|
||||
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
|
||||
import org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub;
|
||||
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2ClientApplicationDTO;
|
||||
import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.BaseWebAppAuthenticatorFrameworkTest;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.impl.RemoteOAuthValidator;
|
||||
|
||||
import java.lang.reflect.Field;
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Properties;
|
||||
|
||||
/**
|
||||
* This is a test case for {@link OAuthAuthenticator}
|
||||
*/
|
||||
public class OauthAuthenticatorTest {
|
||||
private OAuthAuthenticator oAuthAuthenticator;
|
||||
private final String BEARER_HEADER = "bearer ";
|
||||
private Field headersField;
|
||||
private Properties properties;
|
||||
|
||||
@BeforeClass
|
||||
public void setup()
|
||||
throws NoSuchFieldException, NoSuchMethodException, InvocationTargetException, IllegalAccessException {
|
||||
Field instance = org.wso2.carbon.core.security.AuthenticatorsConfiguration.class.getDeclaredField("instance");
|
||||
instance.setAccessible(true);
|
||||
|
||||
AuthenticatorsConfiguration authenticatorsConfiguration = Mockito
|
||||
.mock(AuthenticatorsConfiguration.class, Mockito.CALLS_REAL_METHODS);
|
||||
Method initialize = AuthenticatorsConfiguration.class.getDeclaredMethod("initialize");
|
||||
initialize.setAccessible(true);
|
||||
initialize.invoke(authenticatorsConfiguration);
|
||||
instance.set(null, authenticatorsConfiguration);
|
||||
oAuthAuthenticator = new OAuthAuthenticator();
|
||||
headersField = org.apache.coyote.Request.class.getDeclaredField("headers");
|
||||
headersField.setAccessible(true);
|
||||
}
|
||||
|
||||
@Test(description = "This method tests the successful execution of init method")
|
||||
public void testInit() throws NoSuchFieldException, IllegalAccessException {
|
||||
properties = new Properties();
|
||||
properties.setProperty("TokenValidationEndpointUrl", "test");
|
||||
properties.setProperty("Username", "admin");
|
||||
properties.setProperty("Password", "admin");
|
||||
properties.setProperty("IsRemote", "true");
|
||||
properties.setProperty("MaxConnectionsPerHost", "100");
|
||||
properties.setProperty("MaxTotalConnections", "1000");
|
||||
Assert.assertNull(oAuthAuthenticator.getProperty("test"),
|
||||
"OAuth authenticator is returning the properties that were never set");
|
||||
oAuthAuthenticator.setProperties(properties);
|
||||
oAuthAuthenticator.init();
|
||||
Field tokenValidator = OAuthAuthenticator.class.getDeclaredField("tokenValidator");
|
||||
tokenValidator.setAccessible(true);
|
||||
Assert.assertNotNull(tokenValidator.get(oAuthAuthenticator), "OauthAuthenticator initialization failed");
|
||||
Assert.assertEquals(oAuthAuthenticator.getName(), "OAuth", "Name of the OauthAuthenticator does not match");
|
||||
}
|
||||
|
||||
@Test(description = "This method tests the canHandle method of OAuthAuthenticator")
|
||||
public void testCanHandle() throws IllegalAccessException {
|
||||
Request request = createOauthRequest(BEARER_HEADER);
|
||||
Assert.assertTrue(oAuthAuthenticator.canHandle(request),
|
||||
"The request with the bearer authorization header cannot be handled by OauthAuthenticator");
|
||||
|
||||
request = createOauthRequest("test");
|
||||
Assert.assertFalse(oAuthAuthenticator.canHandle(request),
|
||||
"The request without bearer authorization header can be handled by OauthAuthenticator");
|
||||
}
|
||||
|
||||
@Test(description = "This method tests the authenticate under different parameters",
|
||||
dependsOnMethods = {"testInit"})
|
||||
public void testAuthenticate() throws Exception {
|
||||
Request request = createOauthRequest(BEARER_HEADER);
|
||||
Assert.assertEquals(oAuthAuthenticator.authenticate(request, null).getStatus(),
|
||||
WebappAuthenticator.Status.CONTINUE, "Authentication status mismatched");
|
||||
request = createOauthRequest(BEARER_HEADER + "abc");
|
||||
org.apache.coyote.Request coyoteRequest = request.getCoyoteRequest();
|
||||
Field uriMB = org.apache.coyote.Request.class.getDeclaredField("uriMB");
|
||||
uriMB.setAccessible(true);
|
||||
MessageBytes bytes = MessageBytes.newInstance();
|
||||
bytes.setString("test");
|
||||
uriMB.set(coyoteRequest, bytes);
|
||||
request.setCoyoteRequest(coyoteRequest);
|
||||
Field tokenValidator = OAuthAuthenticator.class.getDeclaredField("tokenValidator");
|
||||
tokenValidator.setAccessible(true);
|
||||
|
||||
GenericObjectPool genericObjectPool = Mockito.mock(GenericObjectPool.class, Mockito.CALLS_REAL_METHODS);
|
||||
RemoteOAuthValidator remoteOAuthValidator = Mockito
|
||||
.mock(RemoteOAuthValidator.class, Mockito.CALLS_REAL_METHODS);
|
||||
tokenValidator.set(oAuthAuthenticator, remoteOAuthValidator);
|
||||
Field stubs = RemoteOAuthValidator.class.getDeclaredField("stubs");
|
||||
stubs.setAccessible(true);
|
||||
stubs.set(remoteOAuthValidator, genericObjectPool);
|
||||
OAuth2TokenValidationResponseDTO oAuth2TokenValidationResponseDTO = new OAuth2TokenValidationResponseDTO();
|
||||
oAuth2TokenValidationResponseDTO.setValid(true);
|
||||
oAuth2TokenValidationResponseDTO.setAuthorizedUser("admin@carbon.super");
|
||||
OAuth2ClientApplicationDTO oAuth2ClientApplicationDTO = Mockito
|
||||
.mock(OAuth2ClientApplicationDTO.class, Mockito.CALLS_REAL_METHODS);
|
||||
Mockito.doReturn(oAuth2TokenValidationResponseDTO).when(oAuth2ClientApplicationDTO)
|
||||
.getAccessTokenValidationResponse();
|
||||
OAuth2TokenValidationServiceStub oAuth2TokenValidationServiceStub = Mockito
|
||||
.mock(OAuth2TokenValidationServiceStub.class, Mockito.CALLS_REAL_METHODS);
|
||||
Mockito.doReturn(oAuth2ClientApplicationDTO).when(oAuth2TokenValidationServiceStub)
|
||||
.findOAuthConsumerIfTokenIsValid(Mockito.any());
|
||||
Mockito.doReturn(oAuth2TokenValidationServiceStub).when(genericObjectPool).borrowObject();
|
||||
oAuthAuthenticator.canHandle(request);
|
||||
AuthenticationInfo authenticationInfo = oAuthAuthenticator.authenticate(request, null);
|
||||
Assert.assertEquals(authenticationInfo.getUsername(), "admin");
|
||||
|
||||
}
|
||||
|
||||
@Test(description = "This method is used to test getProperty method of the OAuthAuthenticator",
|
||||
dependsOnMethods = {"testInit"})
|
||||
public void testGetProperty() {
|
||||
Assert.assertEquals(oAuthAuthenticator.getProperty("Username"), "admin",
|
||||
"Username property of " + "OauthAuthenticator is not matching with the assigned one.");
|
||||
Assert.assertEquals(oAuthAuthenticator.getProperties().size(), properties.size(),
|
||||
"Property list assigned " + "does not match with retrieved list");
|
||||
}
|
||||
|
||||
/**
|
||||
* This will create an OAuth request.
|
||||
*
|
||||
* @param authorizationHeader Authorization Header
|
||||
*/
|
||||
private Request createOauthRequest(String authorizationHeader) throws IllegalAccessException {
|
||||
Request request = new Request();
|
||||
org.apache.coyote.Request coyoteRequest = new org.apache.coyote.Request();
|
||||
MimeHeaders mimeHeaders = new MimeHeaders();
|
||||
MessageBytes bytes = mimeHeaders.addValue(BaseWebAppAuthenticatorFrameworkTest.AUTHORIZATION_HEADER);
|
||||
bytes.setString(authorizationHeader);
|
||||
headersField.set(coyoteRequest, mimeHeaders);
|
||||
request.setCoyoteRequest(coyoteRequest);
|
||||
return request;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,68 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
|
||||
<!--
|
||||
~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
~
|
||||
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||
~ Version 2.0 (the "License"); you may not use this file except
|
||||
~ in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing,
|
||||
~ software distributed under the License is distributed on an
|
||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
~ KIND, either express or implied. See the License for the
|
||||
~ specific language governing permissions and limitations
|
||||
~ under the License.
|
||||
-->
|
||||
|
||||
<!--
|
||||
This is the configuration file for Carbon authenticators. All the authenticator related configurations
|
||||
should go here.
|
||||
-->
|
||||
<Authenticators xmlns="http://wso2.org/projects/carbon/authenticators.xml">
|
||||
|
||||
<!-- authenticator Configurations for OAuthAuthenticator -->
|
||||
<Authenticator name="SignedJWTAuthenticator" disabled="false">
|
||||
<Priority>5</Priority>
|
||||
</Authenticator>
|
||||
|
||||
<!-- authenticator Configurations for TokenUIAuthenticator -->
|
||||
<Authenticator name="TokenUIAuthenticator" disabled="false">
|
||||
<Priority>5</Priority>
|
||||
</Authenticator>
|
||||
|
||||
<!-- Authenticator Configurations for MutualSSLAuthenticator -->
|
||||
<!--Authenticator name="MutualSSLAuthenticator" disabled="false">
|
||||
<Priority>5</Priority>
|
||||
<Config>
|
||||
<Parameter name="UsernameHeader">UserName</Parameter>
|
||||
<Parameter name="WhiteListEnabled">false</Parameter>
|
||||
<Parameter name="WhiteList"/>
|
||||
</Config>
|
||||
</Authenticator-->
|
||||
|
||||
<!-- authenticator Configurations for SAML2SSOAuthenticator -->
|
||||
<Authenticator name="SAML2SSOAuthenticator" disabled="true">
|
||||
<Priority>10</Priority>
|
||||
<Config>
|
||||
<Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter>
|
||||
<Parameter name="ServiceProviderID">carbonServer</Parameter>
|
||||
<Parameter name="IdentityProviderSSOServiceURL">https://localhost:9443/samlsso</Parameter>
|
||||
<Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter>
|
||||
</Config>
|
||||
|
||||
<!-- If this authenticator should skip any URI from authentication, specify it under "SkipAuthentication"
|
||||
<SkipAuthentication>
|
||||
<UrlContains></UrlContains>
|
||||
</SkipAuthentication> -->
|
||||
|
||||
<!-- If this authenticator should skip any URI from session validation, specify it under "SkipAuthentication
|
||||
<SkipSessionValidation>
|
||||
<UrlContains></UrlContains>
|
||||
</SkipSessionValidation> -->
|
||||
</Authenticator>
|
||||
|
||||
</Authenticators>
|
||||
Loading…
Reference in new issue