From 1d5992601787c395f23bc82d658fe15adbe9a146 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Tue, 12 Sep 2017 17:05:57 +0200 Subject: SONAR-9740 refactor UserSessionInitializer --- .../authentication/AuthenticationModule.java | 3 +- .../server/authentication/Authenticators.java | 31 ++++++++ .../server/authentication/AuthenticatorsImpl.java | 53 +++++++++++++ .../authentication/UserSessionInitializer.java | 66 ++++++---------- .../java/org/sonar/server/platform/WebServer.java | 2 +- .../authentication/AuthenticationModuleTest.java | 2 +- .../authentication/AuthenticatorsImplTest.java | 89 +++++++++++++++++++++ .../authentication/UserSessionInitializerTest.java | 90 +++------------------- 8 files changed, 213 insertions(+), 123 deletions(-) create mode 100644 server/sonar-server/src/main/java/org/sonar/server/authentication/Authenticators.java create mode 100644 server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticatorsImpl.java create mode 100644 server/sonar-server/src/test/java/org/sonar/server/authentication/AuthenticatorsImplTest.java (limited to 'server') diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticationModule.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticationModule.java index ec0a6e9ab38..e905fe87ed4 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticationModule.java +++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticationModule.java @@ -49,6 +49,7 @@ public class AuthenticationModule extends Module { RealmAuthenticator.class, BasicAuthenticator.class, ValidateAction.class, - SsoAuthenticator.class); + SsoAuthenticator.class, + AuthenticatorsImpl.class); } } diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/Authenticators.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/Authenticators.java new file mode 100644 index 00000000000..150568a605d --- /dev/null +++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/Authenticators.java @@ -0,0 +1,31 @@ +/* + * SonarQube + * Copyright (C) 2009-2017 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.authentication; + +import java.util.Optional; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.sonar.db.user.UserDto; + +public interface Authenticators { + + Optional authenticate(HttpServletRequest request, HttpServletResponse response); + +} diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticatorsImpl.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticatorsImpl.java new file mode 100644 index 00000000000..d338d182797 --- /dev/null +++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/AuthenticatorsImpl.java @@ -0,0 +1,53 @@ +/* + * SonarQube + * Copyright (C) 2009-2017 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.authentication; + +import java.util.Optional; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.sonar.db.user.UserDto; + +public class AuthenticatorsImpl implements Authenticators { + + private final JwtHttpHandler jwtHttpHandler; + private final BasicAuthenticator basicAuthenticator; + private final SsoAuthenticator ssoAuthenticator; + + public AuthenticatorsImpl(JwtHttpHandler jwtHttpHandler, BasicAuthenticator basicAuthenticator, SsoAuthenticator ssoAuthenticator) { + this.jwtHttpHandler = jwtHttpHandler; + this.basicAuthenticator = basicAuthenticator; + this.ssoAuthenticator = ssoAuthenticator; + } + + // Try first to authenticate from SSO, then JWT token, then try from basic http header + @Override + public Optional authenticate(HttpServletRequest request, HttpServletResponse response) { + // SSO authentication should come first in order to update JWT if user from header is not the same is user from JWT + Optional user = ssoAuthenticator.authenticate(request, response); + if (user.isPresent()) { + return user; + } + user = jwtHttpHandler.validateToken(request, response); + if (user.isPresent()) { + return user; + } + return basicAuthenticator.authenticate(request); + } +} diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java index 4cedd539219..0046c09510f 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java +++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/UserSessionInitializer.java @@ -37,6 +37,7 @@ import org.sonar.server.user.UserSession; import org.sonar.server.user.UserSessionFactory; import static java.net.HttpURLConnection.HTTP_UNAUTHORIZED; +import static org.apache.commons.lang.StringUtils.defaultString; import static org.sonar.api.CoreProperties.CORE_FORCE_AUTHENTICATION_PROPERTY; import static org.sonar.api.web.ServletFilter.UrlPattern.Builder.staticResourcePatterns; import static org.sonar.server.authentication.AuthenticationError.handleAuthenticationError; @@ -52,7 +53,7 @@ public class UserSessionInitializer { * in logs/access.log. The pattern to be configured * in property sonar.web.accessLogs.pattern is "%reqAttribute{LOGIN}" */ - public static final String ACCESS_LOG_LOGIN = "LOGIN"; + private static final String ACCESS_LOG_LOGIN = "LOGIN"; // SONAR-6546 these urls should be get from WebService private static final Set SKIPPED_URLS = ImmutableSet.of( @@ -71,33 +72,27 @@ public class UserSessionInitializer { .build(); private final Configuration config; - private final JwtHttpHandler jwtHttpHandler; - private final BasicAuthenticator basicAuthenticator; - private final SsoAuthenticator ssoAuthenticator; private final ThreadLocalUserSession threadLocalSession; private final AuthenticationEvent authenticationEvent; private final UserSessionFactory userSessionFactory; + private final Authenticators authenticators; - public UserSessionInitializer(Configuration config, JwtHttpHandler jwtHttpHandler, BasicAuthenticator basicAuthenticator, - SsoAuthenticator ssoAuthenticator, ThreadLocalUserSession threadLocalSession, AuthenticationEvent authenticationEvent, - UserSessionFactory userSessionFactory) { + public UserSessionInitializer(Configuration config, ThreadLocalUserSession threadLocalSession, AuthenticationEvent authenticationEvent, + UserSessionFactory userSessionFactory, Authenticators authenticators) { this.config = config; - this.jwtHttpHandler = jwtHttpHandler; - this.basicAuthenticator = basicAuthenticator; - this.ssoAuthenticator = ssoAuthenticator; this.threadLocalSession = threadLocalSession; this.authenticationEvent = authenticationEvent; this.userSessionFactory = userSessionFactory; + this.authenticators = authenticators; } public boolean initUserSession(HttpServletRequest request, HttpServletResponse response) { String path = request.getRequestURI().replaceFirst(request.getContextPath(), ""); try { // Do not set user session when url is excluded - if (!URL_PATTERN.matches(path)) { - return true; + if (URL_PATTERN.matches(path)) { + loadUserSession(request, response); } - setUserSession(request, response); return true; } catch (AuthenticationException e) { authenticationEvent.loginFailure(request, e); @@ -120,44 +115,33 @@ public class UserSessionInitializer { return provider != AuthenticationEvent.Provider.LOCAL && provider != AuthenticationEvent.Provider.JWT; } - private void setUserSession(HttpServletRequest request, HttpServletResponse response) { - Optional user = authenticate(request, response); + private void loadUserSession(HttpServletRequest request, HttpServletResponse response) { + UserSession session; + Optional user = authenticators.authenticate(request, response); if (user.isPresent()) { - UserSession session = userSessionFactory.create(user.get()); - threadLocalSession.set(session); - request.setAttribute(ACCESS_LOG_LOGIN, session.getLogin()); + session = userSessionFactory.create(user.get()); } else { - if (config.getBoolean(CORE_FORCE_AUTHENTICATION_PROPERTY).orElse(false)) { - throw AuthenticationException.newBuilder() - .setSource(Source.local(Method.BASIC)) - .setMessage("User must be authenticated") - .build(); - } - threadLocalSession.set(userSessionFactory.createAnonymous()); - request.setAttribute(ACCESS_LOG_LOGIN, "-"); + failIfAuthenticationIsRequired(); + session = userSessionFactory.createAnonymous(); } + threadLocalSession.set(session); + request.setAttribute(ACCESS_LOG_LOGIN, defaultString(session.getLogin(), "-")); } - public void removeUserSession() { - threadLocalSession.unload(); + private void failIfAuthenticationIsRequired() { + if (config.getBoolean(CORE_FORCE_AUTHENTICATION_PROPERTY).orElse(false)) { + throw AuthenticationException.newBuilder() + .setSource(Source.local(Method.BASIC)) + .setMessage("User must be authenticated") + .build(); + } } - // Try first to authenticate from SSO, then JWT token, then try from basic http header - private Optional authenticate(HttpServletRequest request, HttpServletResponse response) { - // SSO authentication should come first in order to update JWT if user from header is not the same is user from JWT - Optional user = ssoAuthenticator.authenticate(request, response); - if (user.isPresent()) { - return user; - } - user = jwtHttpHandler.validateToken(request, response); - if (user.isPresent()) { - return user; - } - return basicAuthenticator.authenticate(request); + public void removeUserSession() { + threadLocalSession.unload(); } private static boolean isWsUrl(String path) { return path.startsWith("/batch/") || path.startsWith("/api/"); } - } diff --git a/server/sonar-server/src/main/java/org/sonar/server/platform/WebServer.java b/server/sonar-server/src/main/java/org/sonar/server/platform/WebServer.java index 367a73c1614..9caff166f49 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/platform/WebServer.java +++ b/server/sonar-server/src/main/java/org/sonar/server/platform/WebServer.java @@ -22,7 +22,7 @@ package org.sonar.server.platform; public interface WebServer { /** - * WebServer is standalone when property {@link org.sonar.process.ProcessProperties#CLUSTER_ENABLED} is {@code false} or + * WebServer is standalone when property {@link org.sonar.cluster.ClusterProperties#CLUSTER_ENABLED} is {@code false} or * undefined. */ boolean isStandalone(); diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/AuthenticationModuleTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/AuthenticationModuleTest.java index 838da6da741..75e5a123ea7 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/authentication/AuthenticationModuleTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/AuthenticationModuleTest.java @@ -30,7 +30,7 @@ public class AuthenticationModuleTest { public void verify_count_of_added_components() { ComponentContainer container = new ComponentContainer(); new AuthenticationModule().configure(container); - assertThat(container.size()).isEqualTo(2 + 20); + assertThat(container.size()).isEqualTo(2 + 21); } } diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/AuthenticatorsImplTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/AuthenticatorsImplTest.java new file mode 100644 index 00000000000..f6a841ab2f1 --- /dev/null +++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/AuthenticatorsImplTest.java @@ -0,0 +1,89 @@ +/* + * SonarQube + * Copyright (C) 2009-2017 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.server.authentication; + +import java.util.Optional; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.junit.Test; +import org.sonar.db.user.UserDto; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Matchers.anyInt; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.sonar.db.user.UserTesting.newUserDto; + +public class AuthenticatorsImplTest { + + private UserDto user = newUserDto(); + private HttpServletRequest request = mock(HttpServletRequest.class); + private HttpServletResponse response = mock(HttpServletResponse.class); + private JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class); + private BasicAuthenticator basicAuthenticator = mock(BasicAuthenticator.class); + private SsoAuthenticator ssoAuthenticator = mock(SsoAuthenticator.class); + private Authenticators underTest = new AuthenticatorsImpl(jwtHttpHandler, basicAuthenticator, ssoAuthenticator); + + @Test + public void authenticate_from_jwt_token() throws Exception { + when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); + when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.of(user)); + + assertThat(underTest.authenticate(request, response)).hasValue(user); + verify(response, never()).setStatus(anyInt()); + } + + @Test + public void authenticate_from_basic_header() throws Exception { + when(basicAuthenticator.authenticate(request)).thenReturn(Optional.of(user)); + when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); + when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty()); + + assertThat(underTest.authenticate(request, response)).hasValue(user); + + verify(jwtHttpHandler).validateToken(request, response); + verify(basicAuthenticator).authenticate(request); + verify(response, never()).setStatus(anyInt()); + } + + @Test + public void authenticate_from_sso() throws Exception { + when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.of(user)); + when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty()); + + assertThat(underTest.authenticate(request, response)).hasValue(user); + + verify(ssoAuthenticator).authenticate(request, response); + verify(jwtHttpHandler, never()).validateToken(request, response); + verify(response, never()).setStatus(anyInt()); + } + + @Test + public void return_empty_if_not_authenticated() throws Exception { + when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty()); + when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); + when(basicAuthenticator.authenticate(request)).thenReturn(Optional.empty()); + + assertThat(underTest.authenticate(request, response)).isEmpty(); + verify(response, never()).setStatus(anyInt()); + } +} diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java index b8fcf9fd7ce..318046092e9 100644 --- a/server/sonar-server/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java +++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/UserSessionInitializerTest.java @@ -37,18 +37,15 @@ import org.sonar.server.authentication.event.AuthenticationEvent; import org.sonar.server.authentication.event.AuthenticationEvent.Method; import org.sonar.server.authentication.event.AuthenticationEvent.Source; import org.sonar.server.authentication.event.AuthenticationException; -import org.sonar.server.user.ServerUserSession; import org.sonar.server.user.TestUserSessionFactory; import org.sonar.server.user.ThreadLocalUserSession; import org.sonar.server.user.UserSession; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyInt; import static org.mockito.Matchers.eq; import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.never; import static org.mockito.Mockito.reset; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyZeroInteractions; @@ -68,18 +65,12 @@ public class UserSessionInitializerTest { private HttpServletRequest request = mock(HttpServletRequest.class); private HttpServletResponse response = mock(HttpServletResponse.class); - - private JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class); - private BasicAuthenticator basicAuthenticator = mock(BasicAuthenticator.class); - private SsoAuthenticator ssoAuthenticator = mock(SsoAuthenticator.class); + private Authenticators authenticators = mock(Authenticators.class); private AuthenticationEvent authenticationEvent = mock(AuthenticationEvent.class); private TestUserSessionFactory userSessionFactory = TestUserSessionFactory.standalone(); private MapSettings settings = new MapSettings(); - private UserDto user = newUserDto(); - - private UserSessionInitializer underTest = new UserSessionInitializer(settings.asConfig(), jwtHttpHandler, basicAuthenticator, - ssoAuthenticator, userSession, authenticationEvent, userSessionFactory); + private UserSessionInitializer underTest = new UserSessionInitializer(settings.asConfig(), userSession, authenticationEvent, userSessionFactory, authenticators); @Before public void setUp() throws Exception { @@ -121,65 +112,11 @@ public class UserSessionInitializerTest { assertPathIsIgnored("/js/jquery.js"); } - @Test - public void validate_session_from_token() throws Exception { - when(userSession.isLoggedIn()).thenReturn(true); - when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); - when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.of(user)); - - assertThat(underTest.initUserSession(request, response)).isTrue(); - - verify(jwtHttpHandler).validateToken(request, response); - verify(response, never()).setStatus(anyInt()); - } - - @Test - public void validate_session_from_basic_authentication() throws Exception { - when(userSession.isLoggedIn()).thenReturn(false).thenReturn(true); - when(basicAuthenticator.authenticate(request)).thenReturn(Optional.of(user)); - when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); - when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty()); - - assertThat(underTest.initUserSession(request, response)).isTrue(); - - verify(jwtHttpHandler).validateToken(request, response); - verify(basicAuthenticator).authenticate(request); - verify(userSession).set(any(ServerUserSession.class)); - verify(response, never()).setStatus(anyInt()); - } - - @Test - public void validate_session_from_sso() throws Exception { - when(userSession.isLoggedIn()).thenReturn(true); - when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.of(user)); - when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty()); - - assertThat(underTest.initUserSession(request, response)).isTrue(); - - verify(ssoAuthenticator).authenticate(request, response); - verify(jwtHttpHandler, never()).validateToken(request, response); - verify(response, never()).setStatus(anyInt()); - } - - @Test - public void return_code_401_when_invalid_token_exception() throws Exception { - when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); - AuthenticationException authenticationException = AuthenticationException.newBuilder().setSource(Source.jwt()).setMessage("Token id hasn't been found").build(); - doThrow(authenticationException).when(jwtHttpHandler).validateToken(request, response); - - assertThat(underTest.initUserSession(request, response)).isTrue(); - - verify(authenticationEvent).loginFailure(request, authenticationException); - verifyZeroInteractions(response, userSession); - } - @Test public void return_code_401_when_not_authenticated_and_with_force_authentication() throws Exception { ArgumentCaptor exceptionArgumentCaptor = ArgumentCaptor.forClass(AuthenticationException.class); when(userSession.isLoggedIn()).thenReturn(false); - when(basicAuthenticator.authenticate(request)).thenReturn(Optional.empty()); - when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); - when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.empty()); + when(authenticators.authenticate(request, response)).thenReturn(Optional.empty()); settings.setProperty("sonar.forceAuthentication", true); assertThat(underTest.initUserSession(request, response)).isTrue(); @@ -197,9 +134,8 @@ public class UserSessionInitializerTest { @Test public void return_401_and_stop_on_ws() throws Exception { when(request.getRequestURI()).thenReturn("/api/issues"); - when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); AuthenticationException authenticationException = AuthenticationException.newBuilder().setSource(Source.jwt()).setMessage("Token id hasn't been found").build(); - doThrow(authenticationException).when(jwtHttpHandler).validateToken(request, response); + doThrow(authenticationException).when(authenticators).authenticate(request, response); assertThat(underTest.initUserSession(request, response)).isFalse(); @@ -211,9 +147,8 @@ public class UserSessionInitializerTest { @Test public void return_401_and_stop_on_batch_ws() throws Exception { when(request.getRequestURI()).thenReturn("/batch/global"); - when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); doThrow(AuthenticationException.newBuilder().setSource(Source.jwt()).setMessage("Token id hasn't been found").build()) - .when(jwtHttpHandler).validateToken(request, response); + .when(authenticators).authenticate(request, response); assertThat(underTest.initUserSession(request, response)).isFalse(); @@ -223,9 +158,8 @@ public class UserSessionInitializerTest { @Test public void return_to_session_unauthorized_when_error_on_from_external_provider() throws Exception { - when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); doThrow(AuthenticationException.newBuilder().setSource(Source.external(newBasicIdentityProvider("failing"))).setPublicMessage("Token id hasn't been found").build()) - .when(jwtHttpHandler).validateToken(request, response); + .when(authenticators).authenticate(request, response); assertThat(underTest.initUserSession(request, response)).isFalse(); @@ -235,9 +169,8 @@ public class UserSessionInitializerTest { @Test public void return_to_session_unauthorized_when_error_on_from_external_provider_with_context_path() throws Exception { when(request.getContextPath()).thenReturn("/sonarqube"); - when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); doThrow(AuthenticationException.newBuilder().setSource(Source.external(newBasicIdentityProvider("failing"))).setPublicMessage("Token id hasn't been found").build()) - .when(jwtHttpHandler).validateToken(request, response); + .when(authenticators).authenticate(request, response); assertThat(underTest.initUserSession(request, response)).isFalse(); @@ -249,19 +182,18 @@ public class UserSessionInitializerTest { assertThat(underTest.initUserSession(request, response)).isTrue(); - verifyZeroInteractions(userSession, jwtHttpHandler, basicAuthenticator); - reset(userSession, jwtHttpHandler, basicAuthenticator); + verifyZeroInteractions(userSession, authenticators); + reset(userSession, authenticators); } private void assertPathIsNotIgnored(String path) { when(request.getRequestURI()).thenReturn(path); - when(ssoAuthenticator.authenticate(request, response)).thenReturn(Optional.empty()); - when(jwtHttpHandler.validateToken(request, response)).thenReturn(Optional.of(user)); + when(authenticators.authenticate(request, response)).thenReturn(Optional.of(user)); assertThat(underTest.initUserSession(request, response)).isTrue(); verify(userSession).set(any(UserSession.class)); - reset(userSession, jwtHttpHandler, basicAuthenticator); + reset(userSession, authenticators); } private static BaseIdentityProvider newBasicIdentityProvider(String name) { -- cgit v1.2.3