Used HeaderAuthentication for getPreAuthenticatedPrincipal. Improved test

quality.

Signed-off-by: Dominik Herbst <dominik.herbst@bosch-si.com>
This commit is contained in:
Dominik Herbst
2016-10-12 15:43:20 +02:00
parent 97ab881d6e
commit 05cebdba54
4 changed files with 26 additions and 37 deletions

View File

@@ -46,12 +46,6 @@ public abstract class AbstractControllerAuthenticationFilter implements PreAuthe
return tenantAware.runAsTenant(secruityToken.getTenant(), configurationKeyTenantRunner); return tenantAware.runAsTenant(secruityToken.getTenant(), configurationKeyTenantRunner);
} }
@Override
public abstract Object getPreAuthenticatedPrincipal(TenantSecurityToken secruityToken);
@Override
public abstract Object getPreAuthenticatedCredentials(TenantSecurityToken secruityToken);
private final class SecurityConfigurationKeyTenantRunner implements TenantAware.TenantRunner<Boolean> { private final class SecurityConfigurationKeyTenantRunner implements TenantAware.TenantRunner<Boolean> {
@Override @Override
public Boolean run() { public Boolean run() {

View File

@@ -77,7 +77,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractCont
} }
@Override @Override
public Object getPreAuthenticatedPrincipal(final TenantSecurityToken secruityToken) { public HeaderAuthentication getPreAuthenticatedPrincipal(final TenantSecurityToken secruityToken) {
// retrieve the common name header and the authority name header from // retrieve the common name header and the authority name header from
// the http request and combine them together // the http request and combine them together
final String commonNameValue = secruityToken.getHeader(caCommonNameHeader); final String commonNameValue = secruityToken.getHeader(caCommonNameHeader);

View File

@@ -36,7 +36,7 @@ public interface PreAuthentificationFilter {
* the secruityToken * the secruityToken
* @return the extracted tenant and controller id * @return the extracted tenant and controller id
*/ */
Object getPreAuthenticatedPrincipal(TenantSecurityToken secruityToken); HeaderAuthentication getPreAuthenticatedPrincipal(TenantSecurityToken secruityToken);
/** /**
* Extract the principal credentials from the current secruityToken. * Extract the principal credentials from the current secruityToken.

View File

@@ -46,10 +46,13 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
private SecurityContextTenantAware tenantAware = new SecurityContextTenantAware(); private SecurityContextTenantAware tenantAware = new SecurityContextTenantAware();
private static final String CA_COMMON_NAME = "ca-cn"; private static final String CA_COMMON_NAME = "ca-cn";
private static final String CA_COMMON_NAME_VALUE = "box1";
private static final String X_SSL_ISSUER_HASH_1 = "X-Ssl-Issuer-Hash-1"; private static final String X_SSL_ISSUER_HASH_1 = "X-Ssl-Issuer-Hash-1";
private static final String SINGLE_HASH = "hash1"; private static final String SINGLE_HASH = "hash1";
private static final String SECOND_HASH = "hash2";
private static final String UNKNOWN_HASH = "unknown";
private static final String MULTI_HASH = "hash1;hash2;hash3"; private static final String MULTI_HASH = "hash1;hash2;hash3";
@@ -69,9 +72,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
@Test @Test
@Description("Tests the filter for issuer hash based authentication with a single known hash") @Description("Tests the filter for issuer hash based authentication with a single known hash")
public void testIssuerHashBasedAuthenticationWithSingleKnownHash() { public void testIssuerHashBasedAuthenticationWithSingleKnownHash() {
// prepare security token final TenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH);
final TenantSecurityToken securityToken = prepareSecurityToken();
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, SINGLE_HASH);
// use single known hash // use single known hash
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
@@ -82,9 +83,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
@Test @Test
@Description("Tests the filter for issuer hash based authentication with multiple known hashes") @Description("Tests the filter for issuer hash based authentication with multiple known hashes")
public void testIssuerHashBasedAuthenticationWithMultipleKnownHashes() { public void testIssuerHashBasedAuthenticationWithMultipleKnownHashes() {
// prepare security token final TenantSecurityToken securityToken = prepareSecurityToken(SINGLE_HASH);
final TenantSecurityToken securityToken = prepareSecurityToken();
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, SINGLE_HASH);
// use multiple known hashes // use multiple known hashes
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
@@ -95,9 +94,7 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
@Test @Test
@Description("Tests the filter for issuer hash based authentication with unknown hash") @Description("Tests the filter for issuer hash based authentication with unknown hash")
public void testIssuerHashBasedAuthenticationWithUnknownHash() { public void testIssuerHashBasedAuthenticationWithUnknownHash() {
// prepare security token final TenantSecurityToken securityToken = prepareSecurityToken(UNKNOWN_HASH);
final TenantSecurityToken securityToken = prepareSecurityToken();
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "unknown");
// use single known hash // use single known hash
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
@@ -108,39 +105,37 @@ public class ControllerPreAuthenticatedSecurityHeaderFilterTest {
@Test @Test
@Description("Tests different values for issuer hash header and inspects the credentials") @Description("Tests different values for issuer hash header and inspects the credentials")
public void useDifferentValuesForIssuerHashHeader() { public void useDifferentValuesForIssuerHashHeader() {
final TenantSecurityToken securityToken1 = prepareSecurityToken(SINGLE_HASH);
final TenantSecurityToken securityToken2 = prepareSecurityToken(SECOND_HASH);
// prepare security token final HeaderAuthentication expected1 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SINGLE_HASH);
TenantSecurityToken securityToken = prepareSecurityToken(); final HeaderAuthentication expected2 = new HeaderAuthentication(CA_COMMON_NAME_VALUE, SECOND_HASH);
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash1");
when(tenantConfigurationManagementMock.getConfigurationValue( when(tenantConfigurationManagementMock.getConfigurationValue(
eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class))) eq(TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME), eq(String.class)))
.thenReturn(CONFIG_VALUE_MULTI_HASH); .thenReturn(CONFIG_VALUE_MULTI_HASH);
HeaderAuthentication expected = new HeaderAuthentication("box1", "hash1"); final Collection<HeaderAuthentication> credentials1 = (Collection<HeaderAuthentication>) underTest
Collection<HeaderAuthentication> credentials = (Collection<HeaderAuthentication>) underTest .getPreAuthenticatedCredentials(securityToken1);
.getPreAuthenticatedCredentials(securityToken); final Collection<HeaderAuthentication> credentials2 = (Collection<HeaderAuthentication>) underTest
assertThat(credentials.contains(expected)).isTrue(); .getPreAuthenticatedCredentials(securityToken2);
Object principal = underTest.getPreAuthenticatedPrincipal(securityToken); Object principal1 = underTest.getPreAuthenticatedPrincipal(securityToken1);
assertEquals("hash1 expected in principal!", expected, principal); Object principal2 = underTest.getPreAuthenticatedPrincipal(securityToken2);
securityToken = prepareSecurityToken(); assertThat(credentials1.contains(expected1)).isTrue();
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, "hash2"); assertThat(credentials2.contains(expected2)).isTrue();
expected = new HeaderAuthentication("box1", "hash2");
credentials = (Collection<HeaderAuthentication>) underTest.getPreAuthenticatedCredentials(securityToken);
assertThat(credentials.contains(expected)).isTrue();
principal = underTest.getPreAuthenticatedPrincipal(securityToken); assertEquals("hash1 expected in principal!", expected1, principal1);
assertEquals("hash2 expected in principal!", expected, principal); assertEquals("hash2 expected in principal!", expected2, principal2);
} }
private static TenantSecurityToken prepareSecurityToken() { private static TenantSecurityToken prepareSecurityToken(String issuerHashHeaderValue) {
final TenantSecurityToken securityToken = new TenantSecurityToken("DEFAULT", "box1", final TenantSecurityToken securityToken = new TenantSecurityToken("DEFAULT", CA_COMMON_NAME_VALUE,
FileResource.createFileResourceBySha1("12345")); FileResource.createFileResourceBySha1("12345"));
securityToken.getHeaders().put(CA_COMMON_NAME, "box1"); securityToken.getHeaders().put(CA_COMMON_NAME, CA_COMMON_NAME_VALUE);
securityToken.getHeaders().put(X_SSL_ISSUER_HASH_1, issuerHashHeaderValue);
return securityToken; return securityToken;
} }