Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[JENKINS-49274] Run reverse-proxy filter after default filter
- Loading branch information
Tad Fisher
committed
Feb 1, 2018
1 parent
cc98292
commit 85f1a6b
Showing
2 changed files
with
83 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
82 changes: 82 additions & 0 deletions
82
src/test/java/org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealmTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
package org.jenkinsci.plugins.reverse_proxy_auth; | ||
|
||
import hudson.security.SecurityRealm; | ||
import jenkins.model.Jenkins; | ||
import org.acegisecurity.Authentication; | ||
import org.acegisecurity.GrantedAuthority; | ||
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken; | ||
import org.acegisecurity.userdetails.UserDetails; | ||
import org.junit.Assert; | ||
import org.junit.Before; | ||
import org.junit.Rule; | ||
import org.junit.Test; | ||
import org.jvnet.hudson.test.Issue; | ||
import org.jvnet.hudson.test.JenkinsRule; | ||
|
||
import java.util.concurrent.Callable; | ||
|
||
public class ReverseProxySecurityRealmTest { | ||
@Rule | ||
public final JenkinsRule jenkinsRule = new JenkinsRule(); | ||
|
||
private Jenkins jenkins; | ||
|
||
@Before | ||
public void setUp() { | ||
jenkins = jenkinsRule.jenkins; | ||
} | ||
|
||
@Test | ||
public void basicGetUserDetails() { | ||
final ReverseProxySecurityRealm realm = createBasicRealm(); | ||
final UserDetails userDetails = realm.loadUserByUsername("test@example.com"); | ||
Assert.assertEquals("test@example.com", userDetails.getUsername()); | ||
} | ||
|
||
@Test | ||
@Issue("JENKINS-49274") | ||
public void basicAuthenticate() throws Exception { | ||
final ReverseProxySecurityRealm realm = createBasicRealm(); | ||
jenkins.setSecurityRealm(realm); | ||
|
||
final JenkinsRule.WebClient client = jenkinsRule.createWebClient(); | ||
client.addRequestHeader(realm.getForwardedUser(), "test@example.com"); | ||
final Authentication authentication = client.executeOnServer(new Callable<Authentication>() { | ||
@Override | ||
public Authentication call() { | ||
return Jenkins.getAuthentication(); | ||
} | ||
}); | ||
Assert.assertEquals("Authentication should match", | ||
new UsernamePasswordAuthenticationToken( | ||
"test@example.com", | ||
"", | ||
new GrantedAuthority[] { SecurityRealm.AUTHENTICATED_AUTHORITY }), | ||
authentication); | ||
} | ||
|
||
private ReverseProxySecurityRealm createBasicRealm() { | ||
return new ReverseProxySecurityRealm( | ||
"X-Forwarded-User", // forwardedUser | ||
"X-Forwarded-Groups", // headerGroups | ||
"|", // headerGroupsDelimiter | ||
"", // customLogInUrl | ||
"", // customLogOutUrl | ||
"", // server | ||
"", // rootDN | ||
false, // inhibitInferRootDN | ||
"", // userSearchBase | ||
"", // userSearch | ||
"", // groupSearchBase | ||
"", // groupSearchFilter | ||
"", // groupMembershipFilter | ||
"", // groupNameAttribute | ||
"", // managerDN | ||
"", // managerPassword | ||
15, // updateInterval | ||
false, // disableLdapEmailResolver | ||
"", // displayNameLdapAttribute | ||
"" // emailAddressLdapAttribute | ||
); | ||
} | ||
} |