Package net.officefloor.web.security.scheme

Class MockChallengeHttpSecuritySource

java.lang.Object

net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource<MockAuthentication,MockAccessControl,Void,None,None>

net.officefloor.web.security.scheme.MockChallengeHttpSecuritySource

All Implemented Interfaces:

HttpSecurity<MockAuthentication,MockAccessControl,Void,None,None>, HttpSecuritySource<MockAuthentication,MockAccessControl,Void,None,None>

@TestSource
public class MockChallengeHttpSecuritySource
extends AbstractHttpSecuritySource<MockAuthentication,MockAccessControl,Void,None,None>
implements HttpSecurity<MockAuthentication,MockAccessControl,Void,None,None>

Mock HttpSecuritySource to use for testing with challenges.

It provides a MockAuthentication and MockAccessControl by the following Basic authentication scheme, except that:

• authentication is obtained by user name and password being the same
• the MockAccessControl is provided the user name as a role (allows logging in with various roles for testing). Multiple roles can be specified by the user name being a comma separate list.

Author:

Daniel Sagenschneider

Nested Class Summary

Nested classes/interfaces inherited from class net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource

AbstractHttpSecuritySource.DependencyLabeller, AbstractHttpSecuritySource.Labeller, AbstractHttpSecuritySource.MetaDataContext<A,AC extends Serializable,C,O extends Enum<O>,F extends Enum<F>>, AbstractHttpSecuritySource.SpecificationContext

Field Summary

Fields

Modifier and Type	Field	Description
static final String	AUTHENTICATION_SCHEME	Authentication scheme reported to the application via the HttpAccessControl.
static final String	PROPERTY_REALM	Name of Property to configure the realm.

Fields inherited from class net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource

UTF_8

Constructor Summary

Constructors

Constructor	Description
MockChallengeHttpSecuritySource()	Default constructor.
MockChallengeHttpSecuritySource(String realm)	Instantiate with the realm.

Method Summary

Modifier and Type	Method	Description
void	authenticate(Void credentials, AuthenticateContext<MockAccessControl,None,None> context)	Undertakes authentication.
void	challenge(ChallengeContext<None,None> context)	Triggers the authentication challenge to the client.
MockAuthentication	createAuthentication(AuthenticationContext<MockAccessControl,Void> context)	Creates the custom authentication.
static String	getHeaderChallengeValue(String realm)	Obtains the WWW-Authenticate HttpHeader value.
protected void	loadMetaData(AbstractHttpSecuritySource.MetaDataContext<MockAuthentication,MockAccessControl,Void,None,None> context)	Overridden to load meta-data.
protected void	loadSpecification(AbstractHttpSecuritySource.SpecificationContext context)	Overridden to load specifications.
void	logout(LogoutContext<None,None> context)	Logs out.
boolean	ratify(Void credentials, RatifyContext<MockAccessControl> context)	Ratifies whether enough information is available to undertake authentication.
HttpSecurity<MockAuthentication,MockAccessControl,Void,None,None>	sourceHttpSecurity(HttpSecurityContext context)	Sources the HttpSecurity.

Methods inherited from class net.officefloor.web.spi.security.impl.AbstractHttpSecuritySource

getSpecification, init, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

PROPERTY_REALM

public static final String PROPERTY_REALM

Name of Property to configure the realm.

See Also:

• Constant Field Values

AUTHENTICATION_SCHEME

public static final String AUTHENTICATION_SCHEME

Authentication scheme reported to the application via the HttpAccessControl.

See Also:

• Constant Field Values

Constructor Details

MockChallengeHttpSecuritySource

public MockChallengeHttpSecuritySource(String realm)

Instantiate with the realm.

Parameters:

realm - Realm.

MockChallengeHttpSecuritySource

public MockChallengeHttpSecuritySource()

Default constructor.

Method Details

getHeaderChallengeValue

public static String getHeaderChallengeValue(String realm)

Obtains the WWW-Authenticate HttpHeader value.

Parameters:

realm - Realm.

Returns:

WWW-Authenticate HttpHeader value.

loadSpecification

protected void loadSpecification(AbstractHttpSecuritySource.SpecificationContext context)

Description copied from class: AbstractHttpSecuritySource

Overridden to load specifications.

Specified by:

loadSpecification in class AbstractHttpSecuritySource<MockAuthentication,MockAccessControl,Void,None,None>

Parameters:

context - Specifications.

loadMetaData

protected void loadMetaData(AbstractHttpSecuritySource.MetaDataContext<MockAuthentication,MockAccessControl,Void,None,None> context)
                     throws Exception

Description copied from class: AbstractHttpSecuritySource

Overridden to load meta-data.

Specified by:

loadMetaData in class AbstractHttpSecuritySource<MockAuthentication,MockAccessControl,Void,None,None>

Parameters:

context - Meta-data.

Throws:

Exception - If fails to load the meta-data.

sourceHttpSecurity

public HttpSecurity<MockAuthentication,MockAccessControl,Void,None,None> sourceHttpSecurity(HttpSecurityContext context)
                                                                                     throws HttpException

Description copied from interface: HttpSecuritySource

Sources the HttpSecurity.

Specified by:

sourceHttpSecurity in interface HttpSecuritySource<MockAuthentication,MockAccessControl,Void,None,None>

Parameters:

context - HttpSecurity.

Returns:

HttpSecurity.

Throws:

HttpException - If fails to source the HttpSecurity.

createAuthentication

public MockAuthentication createAuthentication(AuthenticationContext<MockAccessControl,Void> context)

Description copied from interface: HttpSecurity

Creates the custom authentication.

Specified by:

createAuthentication in interface HttpSecurity<MockAuthentication,MockAccessControl,Void,None,None>

Parameters:

context - AuthenticateContext.

Returns:

Custom authentication.

ratify

public boolean ratify(Void credentials,
 RatifyContext<MockAccessControl> context)

Description copied from interface: HttpSecurity

Ratifies whether enough information is available to undertake authentication.

As authentication will likely require communication with external services (LDAP store, database, etc), this method allows checking whether enough information is available to undertake the authentication. The purpose is to avoid the ManagedFunction depending on dependencies of authentication subsequently causing execution by different Team. This is especially as the majority of HttpRequest servicing will use the HttpSession to cache details and not require the authentication dependencies causing the swap in Team.

Specified by:

ratify in interface HttpSecurity<MockAuthentication,MockAccessControl,Void,None,None>

Parameters:

credentials - Credentials.

context - RatifyContext.

Returns:

true should enough information be available to undertake authentication. false if not enough information is available for authentication.

authenticate

public void authenticate(Void credentials,
 AuthenticateContext<MockAccessControl,None,None> context)
                  throws HttpException

Description copied from interface: HttpSecurity

Undertakes authentication.

Specified by:

authenticate in interface HttpSecurity<MockAuthentication,MockAccessControl,Void,None,None>

Parameters:

credentials - Credentials.

context - AuthenticateContext.

Throws:

HttpException - If failure in communicating to necessary security services.

challenge

public void challenge(ChallengeContext<None,None> context)
               throws HttpException

Description copied from interface: HttpSecurity

Triggers the authentication challenge to the client.

Specified by:

challenge in interface HttpSecurity<MockAuthentication,MockAccessControl,Void,None,None>

Parameters:

context - ChallengeContext.

Throws:

HttpException - If failure in communicating to necessary security services.

logout

public void logout(LogoutContext<None,None> context)
            throws HttpException

Description copied from interface: HttpSecurity

Logs out.

Specified by:

logout in interface HttpSecurity<MockAuthentication,MockAccessControl,Void,None,None>

Parameters:

context - LogoutContext.

Throws:

HttpException - If failure in communicating to necessary security services.