/*\r
* Copyright (c) 2019 AT&T Intellectual Property.\r
* Modifications Copyright © 2018 IBM.\r
+ * Modifications Copyright © 2020 Nokia.\r
*\r
* Licensed under the Apache License, Version 2.0 (the "License");\r
* you may not use this file except in compliance with the License.\r
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
* See the License for the specific language governing permissions and\r
* limitations under the License.\r
-*/\r
+ */\r
\r
package org.onap.optf.cmso.aaf;\r
\r
import java.util.ArrayList;\r
+\r
import org.onap.optf.cmso.SpringProfiles;\r
import org.onap.optf.cmso.aaf.AafClientCache.AuthorizationResult;\r
import org.springframework.beans.factory.annotation.Autowired;\r
import org.springframework.security.authentication.AuthenticationProvider;\r
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;\r
import org.springframework.security.core.Authentication;\r
-import org.springframework.security.core.AuthenticationException;\r
import org.springframework.security.web.authentication.WebAuthenticationDetails;\r
import org.springframework.stereotype.Component;\r
\r
@Profile(SpringProfiles.AAF_AUTHENTICATION)\r
public class AafAuthProvider implements AuthenticationProvider {\r
\r
+ public static final Authentication NO_TOKEN_FOR_UNAUTHENTICATED_USER = null;\r
+ public static final String NO_SESSION_FOR_USER = null;\r
@Autowired\r
Environment env;\r
\r
public Authentication authenticate(Authentication authentication) {\r
String name = authentication.getName();\r
String password = authentication.getCredentials().toString();\r
- String sessionId = null;\r
+ String sessionId = getUserSessionId(authentication);\r
+ if (isAafAuthenticationActivate() && isUserNotAuthenticated(name, password, sessionId)) {\r
+ return NO_TOKEN_FOR_UNAUTHENTICATED_USER;\r
+ }\r
+ return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());\r
+\r
+ }\r
+\r
+ private String getUserSessionId(Authentication authentication) {\r
+ String sessionId = NO_SESSION_FOR_USER;\r
Object details = authentication.getDetails();\r
if (details instanceof WebAuthenticationDetails) {\r
WebAuthenticationDetails webAuthDetails = (WebAuthenticationDetails) details;\r
sessionId = webAuthDetails.getRemoteAddress() + ":" + webAuthDetails.getSessionId();\r
}\r
}\r
- if (env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true) && clientCache.authenticate(name, password, sessionId) != AuthorizationResult.Authenticated ) {\r
- return null;\r
- }\r
- return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());\r
+ return sessionId;\r
+ }\r
+\r
+ private boolean isAafAuthenticationActivate() {\r
+ return env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true);\r
+ }\r
\r
+ private boolean isUserNotAuthenticated(String name, String password, String sessionId) {\r
+ return clientCache.authenticate(name, password, sessionId) != AuthorizationResult.Authenticated;\r
}\r
\r
@Override\r
--- /dev/null
+/*
+ * Copyright © 2020 Nokia.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onap.optf.cmso.aaf;
+
+
+import org.assertj.core.api.Assertions;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.springframework.core.env.Environment;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class AafAuthProviderTest {
+
+ public static final String USER_NAME = "someUserName";
+ public static final String SESSION_NOT_EXIST = null;
+ @Mock
+ Environment env;
+
+ @Mock
+ AafClientCache clientCache;
+
+ @InjectMocks
+ AafAuthProvider aafAuthProvider;
+
+ @Mock
+ private Authentication authentication;
+
+ @Mock
+ private WebAuthenticationDetails webAuthenticationDetails;
+
+ @Test
+ public void shouldRejectAuthenticationWhenUserIsUnauthenticated() {
+ // given
+ makeAafAuthenticationActive();
+ String name = USER_NAME;
+ String password = "invalidPass";
+ mockAuthenticationInstance(name, password, null);
+ rejectUserAuthentication(name, password);
+
+ // when/then
+ Assertions.assertThat(aafAuthProvider.authenticate(authentication)).isNull();
+ }
+
+ @Test
+ public void shouldAuthenticateUser() {
+ // given
+ makeAafAuthenticationActive();
+ when(webAuthenticationDetails.getRemoteAddress()).thenReturn("remoteAddress");
+ when(webAuthenticationDetails.getSessionId()).thenReturn("123");
+ String name = USER_NAME;
+ String password = "properPassword";
+ mockAuthenticationInstance(name, password, webAuthenticationDetails);
+ acceptUserAuthentication(name, password);
+ // when/then
+ Assertions.assertThat(aafAuthProvider.authenticate(authentication)).isNotNull();
+ }
+
+ @Test
+ public void shouldSupportUsernamePasswordAuthenticationToken() {
+ // when/then
+ Assertions.assertThat(aafAuthProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
+ }
+
+ private void makeAafAuthenticationActive() {
+ when(env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true)).thenReturn(true);
+ }
+
+ private void rejectUserAuthentication(String name, String password) {
+ when(clientCache.authenticate(name, password, SESSION_NOT_EXIST)).thenReturn(AafClientCache.AuthorizationResult.AuthenticationFailure);
+ }
+
+ private void acceptUserAuthentication(String name, String password) {
+ when(clientCache.authenticate(name, password, "remoteAddress:123")).thenReturn(AafClientCache.AuthorizationResult.Authenticated);
+ }
+
+ private void mockAuthenticationInstance(String name, String password, WebAuthenticationDetails webAuthenticationDetails) {
+ when(authentication.getName()).thenReturn(name);
+ when(authentication.getCredentials()).thenReturn(password);
+ when(authentication.getDetails()).thenReturn(webAuthenticationDetails);
+ }
+
+
+}
Code Review / optf / cmso.git / commitdiff