openuss-svn-commits — Subversion commitments

[Openuss-svn-commits] SF.net SVN: openuss:[4784] branches/openuss-plexus-3.1/plexus/plexus-web/ src/main/java/org/openuss/web/course/AbstractCoursePage.java

[<id...@us...>]

Revision: 4784
          http://openuss.svn.sourceforge.net/openuss/?rev=4784&view=rev
Author:   idueppe
Date:     2008-09-12 18:08:21 +0000 (Fri, 12 Sep 2008)

Log Message:
-----------
code polishing

Modified Paths:
--------------
    branches/openuss-plexus-3.1/plexus/plexus-web/src/main/java/org/openuss/web/course/AbstractCoursePage.java

Modified: branches/openuss-plexus-3.1/plexus/plexus-web/src/main/java/org/openuss/web/course/AbstractCoursePage.java
===================================================================
--- branches/openuss-plexus-3.1/plexus/plexus-web/src/main/java/org/openuss/web/course/AbstractCoursePage.java	2008-09-12 18:06:49 UTC (rev 4783)
+++ branches/openuss-plexus-3.1/plexus/plexus-web/src/main/java/org/openuss/web/course/AbstractCoursePage.java	2008-09-12 18:08:21 UTC (rev 4784)
@@ -70,7 +70,7 @@
 			redirect(Constants.FAILURE);
 			return;
 		} else {
-			if (courseInfo.getCourseTypeId()==null){
+			if (courseInfo.getCourseTypeId() == null){
 				courseInfo = getCourseService().findCourse(courseInfo.getId());
 			}
 			courseTypeInfo = courseTypeService.findCourseType(courseInfo.getCourseTypeId());


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4783] branches/openuss-plexus-3.1/tools/ missing-dependencies/build.xml

[<id...@us...>]

Revision: 4783
          http://openuss.svn.sourceforge.net/openuss/?rev=4783&view=rev
Author:   idueppe
Date:     2008-09-12 18:06:49 +0000 (Fri, 12 Sep 2008)

Log Message:
-----------
removed fck-faces dependency

Modified Paths:
--------------
    branches/openuss-plexus-3.1/tools/missing-dependencies/build.xml

Modified: branches/openuss-plexus-3.1/tools/missing-dependencies/build.xml
===================================================================
--- branches/openuss-plexus-3.1/tools/missing-dependencies/build.xml	2008-09-12 18:04:54 UTC (rev 4782)
+++ branches/openuss-plexus-3.1/tools/missing-dependencies/build.xml	2008-09-12 18:06:49 UTC (rev 4783)
@@ -112,16 +112,6 @@
 			<arg value="-Dpackaging=jar"/>
 		</exec>
 	</target>
-	<target name="fck-faces">
-		<exec executable="${maven.executable}">
-			<arg value="install:install-file"/>
-			<arg value="-Dfile=./fck-faces/fck-faces-1.5.1.jar"/>
-			<arg value="-DgroupId=fck-faces"/>
-			<arg value="-DartifactId=fck-faces"/>
-			<arg value="-Dversion=1.5.1"/>
-			<arg value="-Dpackaging=jar"/>
-		</exec>
-	</target>
 	<target name="jenia4faces">
 		<exec executable="${maven.executable}">
 			<arg value="install:install-file"/>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4781] branches/openuss-plexus-3.1/framework/webdav/pom .xml

[<id...@us...>]

Revision: 4781
          http://openuss.svn.sourceforge.net/openuss/?rev=4781&view=rev
Author:   idueppe
Date:     2008-09-12 17:55:59 +0000 (Fri, 12 Sep 2008)

Log Message:
-----------
removed unused declaration of commons-lang

Modified Paths:
--------------
    branches/openuss-plexus-3.1/framework/webdav/pom.xml

Modified: branches/openuss-plexus-3.1/framework/webdav/pom.xml
===================================================================
--- branches/openuss-plexus-3.1/framework/webdav/pom.xml	2008-09-11 08:03:19 UTC (rev 4780)
+++ branches/openuss-plexus-3.1/framework/webdav/pom.xml	2008-09-12 17:55:59 UTC (rev 4781)
@@ -23,10 +23,6 @@
 			<artifactId>commons-io</artifactId>
 		</dependency>
 		<dependency>
-			<groupId>commons-lang</groupId>
-			<artifactId>commons-lang</artifactId>
-		</dependency>
-		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-web</artifactId>
 		</dependency>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4782] branches/openuss-plexus-3.1/framework/core/src/ main/java/org/openuss/framework/utilities/ImageUtils.java

[<id...@us...>]

Revision: 4782
          http://openuss.svn.sourceforge.net/openuss/?rev=4782&view=rev
Author:   idueppe
Date:     2008-09-12 18:04:54 +0000 (Fri, 12 Sep 2008)

Log Message:
-----------
removed unused dependency

Modified Paths:
--------------
    branches/openuss-plexus-3.1/framework/core/src/main/java/org/openuss/framework/utilities/ImageUtils.java

Modified: branches/openuss-plexus-3.1/framework/core/src/main/java/org/openuss/framework/utilities/ImageUtils.java
===================================================================
--- branches/openuss-plexus-3.1/framework/core/src/main/java/org/openuss/framework/utilities/ImageUtils.java	2008-09-12 17:55:59 UTC (rev 4781)
+++ branches/openuss-plexus-3.1/framework/core/src/main/java/org/openuss/framework/utilities/ImageUtils.java	2008-09-12 18:04:54 UTC (rev 4782)
@@ -111,9 +111,9 @@
 	private static byte[] toByteArray(BufferedImage bufferedImage) throws IOException {
 		ByteArrayOutputStream baos = new ByteArrayOutputStream();
 		MemoryCacheImageOutputStream mos = new MemoryCacheImageOutputStream(baos);
-		Iterator iter = ImageIO.getImageWritersByFormatName("JPG");
+		Iterator<ImageWriter> iter = ImageIO.getImageWritersByFormatName("JPG");
 		if (iter.hasNext()) {
-			ImageWriter writer = (ImageWriter) iter.next();
+			ImageWriter writer = iter.next();
 			writer.setOutput(mos);
 			writer.write(new IIOImage(bufferedImage, null, null));
 		}
@@ -217,9 +217,8 @@
 				throw new UnsupportedOperationException("PNG compression not implemented");
 			}
 
-			Iterator iter = ImageIO.getImageWritersByFormatName("jpg");
-			ImageWriter writer;
-			writer = (ImageWriter) iter.next();
+			Iterator<ImageWriter> iter = ImageIO.getImageWritersByFormatName("jpg");
+			ImageWriter writer = iter.next();
 
 			ImageOutputStream ios = ImageIO.createImageOutputStream(new File(toFileName));
 			writer.setOutput(ios);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4780] branches/openuss-plexus-3.1/tools/andromda/ mappings/MySQLMappings.xml

[<id...@us...>]

Revision: 4780
          http://openuss.svn.sourceforge.net/openuss/?rev=4780&view=rev
Author:   idueppe
Date:     2008-09-11 08:03:19 +0000 (Thu, 11 Sep 2008)

Log Message:
-----------
add mysqlmapping file for andromda.

Added Paths:
-----------
    branches/openuss-plexus-3.1/tools/andromda/mappings/MySQLMappings.xml

Added: branches/openuss-plexus-3.1/tools/andromda/mappings/MySQLMappings.xml
===================================================================
--- branches/openuss-plexus-3.1/tools/andromda/mappings/MySQLMappings.xml	                        (rev 0)
+++ branches/openuss-plexus-3.1/tools/andromda/mappings/MySQLMappings.xml	2008-09-11 08:03:19 UTC (rev 4780)
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!--
+  This is used to map the model types to 
+  MySQL types for generated code.
+-->
+<mappings name="MySQL">
+    <mapping>
+        <from>datatype::String</from>
+        <to>VARCHAR(255) BINARY</to>
+    </mapping>
+    <mapping>
+        <from>datatype::Date</from>
+        <to>DATETIME</to>
+    </mapping>
+    <mapping>
+        <from>datatype::Time</from>
+        <to>BIGINT</to>
+    </mapping>
+    <mapping>
+        <from>datatype::Timestamp</from>
+        <from>datatype::DateTime</from>
+        <to>TIMESTAMP</to>
+    </mapping>
+    <mapping>
+        <from>datatype::char</from>
+        <from>datatype::Character</from>
+        <to>CHAR</to>
+    </mapping>
+    <mapping>
+        <from>datatype::byte</from>
+        <from>datatype::Byte</from>
+        <to>TINYINT</to>
+    </mapping>
+    <mapping>
+        <from>datatype::short</from>
+        <from>datatype::Short</from>
+        <to>SMALLINT</to>
+    </mapping>
+    <mapping>
+        <from>datatype::int</from>
+        <from>datatype::Integer</from>
+        <to>INTEGER</to>
+    </mapping>
+    <mapping>
+        <from>datatype::long</from>
+        <from>datatype::Long</from>
+        <to>BIGINT</to>
+    </mapping>
+    <mapping>
+        <from>datatype::float</from>
+        <from>datatype::Float</from>
+        <to>FLOAT</to>
+    </mapping>
+    <mapping>
+        <from>datatype::double</from>
+        <from>datatype::Double</from>
+        <from>datatype::Money</from>
+        <to>DOUBLE</to>
+    </mapping>
+    <mapping>
+        <from>datatype::boolean</from>
+        <from>datatype::Boolean</from>
+        <to>TINYINT</to>
+    </mapping>
+    <mapping>
+        <from>datatype::Decimal</from>
+        <from>datatype::decimal</from>
+        <to>DECIMAL</to>
+    </mapping>
+    <mapping>
+        <from>datatype::Clob</from>
+        <to>TEXT</to>
+    </mapping>
+    <mapping>
+        <from>datatype::Blob</from>
+        <to>LONGBLOB</to>
+    </mapping>
+</mappings>


Property changes on: branches/openuss-plexus-3.1/tools/andromda/mappings/MySQLMappings.xml
___________________________________________________________________
Added: svn:mime-type
   + text/plain


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4779] trunk/openuss-plexus

[<id...@us...>]

Revision: 4779
          http://openuss.svn.sourceforge.net/openuss/?rev=4779&view=rev
Author:   idueppe
Date:     2008-08-29 14:27:12 +0000 (Fri, 29 Aug 2008)

Log Message:
-----------
bug fixes and version upgrade

Modified Paths:
--------------
    trunk/openuss-plexus/plexus/plexus-core/src/main/data/init.sql
    trunk/openuss-plexus/plexus/plexus-core/src/main/java/org/openuss/lecture/LectureIndex.java
    trunk/openuss-plexus/plexus/plexus-remote/pom.xml
    trunk/openuss-plexus/plexus/plexus-remote/src/test/java/org/openuss/services/LectureWebServiceIntegrationTest.java
    trunk/openuss-plexus/plexus/plexus-web/pom.xml
    trunk/openuss-plexus/pom.xml
    trunk/openuss-plexus/themes/theme-wwu/.settings/org.eclipse.jdt.core.prefs

Modified: trunk/openuss-plexus/plexus/plexus-core/src/main/data/init.sql
===================================================================
--- trunk/openuss-plexus/plexus/plexus-core/src/main/data/init.sql	2008-08-28 07:49:59 UTC (rev 4778)
+++ trunk/openuss-plexus/plexus/plexus-core/src/main/data/init.sql	2008-08-29 14:27:12 UTC (rev 4779)
@@ -25,14 +25,14 @@
 INSERT INTO SYSTEM_PROPERTY (ID, PROP_NAME, PROP_VALUE) VALUES (15, 'mail.smtp.auth', 'true');
 
 
-INSERT INTO SECURITY_AUTHORITY (ID, NAME) VALUES (-10, 'ADMIN');
+INSERT INTO SECURITY_AUTHORITY (ID, NAME) VALUES (-10, 'admin');
 INSERT INTO SECURITY_USER (ID, PWD_HASH, EMAIL, ENABLED, ACCOUNT_EXPIRED, ACCOUNT_LOCKED, CREDENTIALS_EXPIRED, LAST_LOGIN, LOCALE, THEME, TIMEZONE, AGE_GROUP, MATRICULATION, STUDIES, IMAGE_ID, EMAIL_PUBLIC, ADDRESS_PUBLIC, TELEPHONE_PUBLIC, PORTRAIT_PUBLIC, IMAGE_PUBLIC, PROFILE_PUBLIC, PORTRAIT, FIRST_NAME, LAST_NAME, TITLE, PROFESSION, ADDRESS, CITY, COUNTRY, TELEPHONE, POSTCODE, SMS_EMAIL ) VALUES (-10, 'LjMlrJI4ae9Jvdz2mKs0DA==', 'un...@op...', 1, 0, 0, 0, '2007-07-12 13:27:26', 'de', 'plexus', 'Europe/Berlin', NULL, NULL, NULL, NULL, 0, 0, 0, 0, 0, 0,'', 'Admin', 'Administrator', '', '', 'Leonardo-Campus 3', 'M\xFCnster', NULL, '', '48149', '');
 
 INSERT INTO SECURITY_GROUP2AUTHORITY (MEMBERS_FK, GROUPS_FK) VALUES (-10, -4);
 INSERT INTO SECURITY_GROUP2AUTHORITY (MEMBERS_FK, GROUPS_FK) VALUES (-10, -2);
 INSERT INTO SECURITY_OBJECT_IDENTITY (ID, PARENT_FK) VALUES (-10, 0);
 
-INSERT INTO SECURITY_AUTHORITY (ID, NAME) VALUES (-11, 'UNKNOWN');
+INSERT INTO SECURITY_AUTHORITY (ID, NAME) VALUES (-11, 'unknown');
 INSERT INTO SECURITY_USER (ID, PWD_HASH, EMAIL, ENABLED, ACCOUNT_EXPIRED, ACCOUNT_LOCKED, CREDENTIALS_EXPIRED, LAST_LOGIN, LOCALE, THEME, TIMEZONE, AGE_GROUP, MATRICULATION, STUDIES, IMAGE_ID, EMAIL_PUBLIC, ADDRESS_PUBLIC, TELEPHONE_PUBLIC, PORTRAIT_PUBLIC, IMAGE_PUBLIC, PROFILE_PUBLIC, PORTRAIT, FIRST_NAME, LAST_NAME, TITLE, PROFESSION, ADDRESS, CITY, COUNTRY, TELEPHONE, POSTCODE, SMS_EMAIL) VALUES (-11, 'JVTGVQDCb//31Je2jKDaqg==', 'pl...@op...', 0, 0, 1, 0, '2007-07-12 13:27:26', 'de', 'plexus', 'Europe/Berlin', NULL, NULL, NULL, NULL, 0, 0, 0, 0, 0, 0, '', 'UNKNOWN', 'UNKNOWN OR DELETED', '', '', 'N/A', 'N/A', NULL, '', 'N/A', '');
 
 INSERT INTO SECURITY_GROUP2AUTHORITY (MEMBERS_FK, GROUPS_FK) VALUES (-11, -2);

Modified: trunk/openuss-plexus/plexus/plexus-core/src/main/java/org/openuss/lecture/LectureIndex.java
===================================================================
--- trunk/openuss-plexus/plexus/plexus-core/src/main/java/org/openuss/lecture/LectureIndex.java	2008-08-28 07:49:59 UTC (rev 4778)
+++ trunk/openuss-plexus/plexus/plexus-core/src/main/java/org/openuss/lecture/LectureIndex.java	2008-08-29 14:27:12 UTC (rev 4779)
@@ -92,7 +92,11 @@
 				} catch (IOException e) {
 					logger.error(e);
 				} finally {
-					lock.release();
+                    try {
+                        lock.release();
+                    } catch (IOException e) {
+                        logger.error(e);
+                    }
 				}
 			}
 		}		

Modified: trunk/openuss-plexus/plexus/plexus-remote/pom.xml
===================================================================
--- trunk/openuss-plexus/plexus/plexus-remote/pom.xml	2008-08-28 07:49:59 UTC (rev 4778)
+++ trunk/openuss-plexus/plexus/plexus-remote/pom.xml	2008-08-29 14:27:12 UTC (rev 4779)
@@ -71,8 +71,28 @@
 			<groupId>commons-lang</groupId>
 			<artifactId>commons-lang</artifactId>
 		</dependency>
-		
 		<dependency>
+			<groupId>aopalliance</groupId>
+			<artifactId>aopalliance</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>log4j</groupId>
+			<artifactId>log4j</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>javax.xml.bind</groupId>
+			<artifactId>jaxb-api</artifactId>
+            <version>2.0</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.geronimo.specs</groupId>
+			<artifactId>geronimo-ws-metadata_2.0_spec</artifactId>
+            <version>1.1.2</version>
+		</dependency>
+        
+
+<!--		
+		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-aop</artifactId>
 		</dependency>
@@ -88,27 +108,32 @@
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-context</artifactId>
 		</dependency>
-		<dependency>
+	
+    	<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-core</artifactId>
 		</dependency>
+
+-->
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-mock</artifactId>
 			<scope>test</scope>
 		</dependency>		
-
 		<dependency>
 			<groupId>org.apache.cxf</groupId>
 			<artifactId>cxf-rt-frontend-jaxws</artifactId>
+            <scope>runtime</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.cxf</groupId>
 			<artifactId>cxf-rt-transports-http</artifactId>
+            <scope>runtime</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.cxf</groupId>
 			<artifactId>cxf-rt-transports-http-jetty</artifactId>
+            <scope>test</scope>
 		</dependency>		
 	</dependencies>
 	

Modified: trunk/openuss-plexus/plexus/plexus-remote/src/test/java/org/openuss/services/LectureWebServiceIntegrationTest.java
===================================================================
--- trunk/openuss-plexus/plexus/plexus-remote/src/test/java/org/openuss/services/LectureWebServiceIntegrationTest.java	2008-08-28 07:49:59 UTC (rev 4778)
+++ trunk/openuss-plexus/plexus/plexus-remote/src/test/java/org/openuss/services/LectureWebServiceIntegrationTest.java	2008-08-29 14:27:12 UTC (rev 4779)
@@ -146,7 +146,7 @@
 
 	private String unique(String str) {
 		return str + "-" + unique();
-	}
+	}	
 
 	protected String[] getConfigLocations() {
 			setAutowireMode(AUTOWIRE_BY_NAME);

Modified: trunk/openuss-plexus/plexus/plexus-web/pom.xml
===================================================================
--- trunk/openuss-plexus/plexus/plexus-web/pom.xml	2008-08-28 07:49:59 UTC (rev 4778)
+++ trunk/openuss-plexus/plexus/plexus-web/pom.xml	2008-08-29 14:27:12 UTC (rev 4779)
@@ -13,7 +13,7 @@
 	<artifactId>plexus-web</artifactId>
 	<name>Plexus - Web</name>
 	<packaging>war</packaging>
-
+    
 	<dependencies>
 		<dependency>
 			<groupId>org.openuss.themes</groupId>

Modified: trunk/openuss-plexus/pom.xml
===================================================================
--- trunk/openuss-plexus/pom.xml	2008-08-28 07:49:59 UTC (rev 4778)
+++ trunk/openuss-plexus/pom.xml	2008-08-29 14:27:12 UTC (rev 4779)
@@ -14,7 +14,7 @@
 	</description>
 	<url>http://openuss.sf.net/plexus/</url>
 	<prerequisites>
-		<maven>2.0.7</maven>
+		<maven>2.0.9</maven>
 	</prerequisites>
 	<issueManagement>
 		<system>jira</system>
@@ -137,46 +137,6 @@
 					<artifactId>andromda-maven-plugin</artifactId>
 					<version>3.2</version>
 				</plugin>
-				<!-- 
-					<plugin>
-					<artifactId>maven-clover-plugin</artifactId>
-					<executions>
-					<execution>
-					<id>main</id>
-					<phase>verify</phase>
-					<goals>
-					<goal>instrument</goal>
-					<goal>aggregate</goal>
-					<goal>save-history</goal>
-					<goal>log</goal>
-					</goals>
-					</execution>
-					<execution>
-					<id>site</id>
-					<phase>pre-site</phase>
-					<goals>
-					<goal>instrument</goal>
-					<goal>aggregate</goal>
-					<goal>save-history</goal>
-					</goals>
-					</execution>
-					</executions>
-					<configuration>
-					<includesAllSourceRoots>
-					false
-					</includesAllSourceRoots>
-					<generateHistorical>true</generateHistorical>
-					<flushPolicy>threaded</flushPolicy>
-					<flushInterval>100</flushInterval>
-					<jdk>1.5</jdk>
-					<licenseLocation>http://teamopenuss.uni-muenster.de/downloads/clover.license</licenseLocation>
-					
-					<licenseLocation>
-					${clover.license}
-					</licenseLocation>
-					</configuration>
-					</plugin>
-				-->
 			</plugins>
 		</pluginManagement>
 		<plugins>
@@ -271,10 +231,24 @@
 						<goals>
 							<goal>jar</goal>
 						</goals>
+                        <phase>package</phase>
 					</execution>
 				</executions>
 				<inherited>true</inherited>
 			</plugin>
+			<plugin>
+				<artifactId>maven-javadoc-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>attach-javadocs</id>
+						<goals>
+							<goal>jar</goal>
+						</goals>
+                        <phase>package</phase>
+					</execution>
+				</executions>
+				<inherited>true</inherited>
+			</plugin>            
 		</plugins>
 	</build>
 	<modules>
@@ -303,55 +277,11 @@
 			</releases>
 		</repository>
 		<repository>
-			<id>apache.incubation.releases</id>
-			<name>Apache Incubating Release Distribution Repository</name>
-			<url>http://people.apache.org/repo/m2-incubating-repository</url>
-		</repository>
-		<repository>
 			<id>java-net</id>
 			<name>Java.Net</name>
 			<layout>legacy</layout>
 			<url>https://maven-repository.dev.java.net/nonav/repository</url>
 		</repository>		
-<!-- 
-		<repository>
-			<id>java-net</id>
-			<name>Java.Net</name>
-			<layout>legacy</layout>
-			<url>https://maven-repository.dev.java.net/nonav/repository</url>
-		</repository>		
-			<repository>
-			<id>andromda</id>
-			<name>andromda</name>
-			<url>http://team.andromda.org/maven2</url>
-			<snapshots><enabled>false</enabled></snapshots>
-			<releases><enabled>true</enabled></releases>
-			</repository>
-			<repository>
-			<id>apache.snapshots</id>
-			<snapshots>	       <enabled>true</enabled>       </snapshots>
-			<name>Apache Snapshot Repository</name>
-			<url>http://people.apache.org/repo/m2-snapshot-repository</url>
-			</repository>
-			<repository>
-			<releases>
-			<enabled>true</enabled>
-			</releases>
-			<id>myfaces.staging</id>
-			<name>MyFaces Staging Repository</name>
-			<url>http://myfaces.zones.apache.org/dist/maven-repository</url>
-			</repository>
-			<repository>
-			<id>myfaces-114-staging</id>
-			<name>Apache MyFaces Core 1.1.4 Staging Repository</name>
-			<url>http://people.apache.org/builds/myfaces/core-1.1.4/m2-staging-repository</url>
-			</repository>		
-			<repository>
-			<id>apache.snapshots</id>
-			<name>Apache Snapshot Repository</name>
-			<url>http://people.apache.org/maven-snapshot-repository</url>
-			</repository>		
-		-->
 	</repositories>
 	<pluginRepositories>
 		<pluginRepository>
@@ -370,33 +300,6 @@
 			<name>Apache Incubating Release Distribution Repository</name>
 			<url>http://people.apache.org/repo/m2-incubating-repository</url>
 		</pluginRepository>
-		<!--		
-		<pluginRepository>
-			<releases><enabled>true</enabled></releases>
-			<id>central</id>
-			<name>ibiblio</name>
-			<url>http://www.ibiblio.org/maven2</url>
-			</pluginRepository>
-			<pluginRepository>
-			<id>codehaus-plugins</id>
-			<name>codehaus-plugins</name>
-			<url>http://repository.codehaus.org/</url>
-			</pluginRepository>
-			<pluginRepository>
-			<id>andromda</id>
-			<name>andromda</name>
-			<url>http://team.andromda.org/maven2</url>
-			<snapshots><enabled>false</enabled></snapshots>
-			<releases><enabled>true</enabled></releases>
-			</pluginRepository>
-			<pluginRepository>
-			<id>apache-snapshots</id>
-			<name>Apache snapshots</name>
-			<url>
-			http://people.apache.org/maven-snapshot-repository/
-			</url>
-			</pluginRepository>
-		-->
 	</pluginRepositories>
 	<dependencies>
 		<dependency>
@@ -424,93 +327,6 @@
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
-<!--  
-	<reporting>
-		<plugins>
-			<plugin>
-				<artifactId>
-					maven-project-info-reports-plugin
-				</artifactId>
-			</plugin>
-			<plugin>
-		        <groupId>org.apache.maven.plugins</groupId>
-        		<artifactId>maven-javadoc-plugin</artifactId>
-        		<configuration>
-          			<aggregate>true</aggregate>
- 					<reportSets>
-						<reportSet>
-							<id>html</id>
-							<configuration>
-								<minmemory>128</minmemory>
-								<maxmemory>384</maxmemory>
-								<charset>UTF-8</charset>
-								<sourcepath>
-									${project.build.directory}/src;${project.build.directory}/../src/main/java
-								</sourcepath>
-							</configuration>
-							<reports>
-								<report>javadoc</report>
-							</reports>
-						</reportSet>
-					</reportSets>
-		        </configuration>
-			</plugin>
--->
-			<!-- 
-			<plugin>
-				<artifactId>maven-surefire-report-plugin</artifactId>
-				<configuration>
-					<showSuccess>false</showSuccess>
-					<outputDirectory>
-						${project.build.directory}/surefire-reports
-					</outputDirectory>
-				</configuration>
-			</plugin>
-			<plugin>
-				<groupId>org.codehaus.mojo</groupId>
-				<artifactId>findbugs-maven-plugin</artifactId>
-				<configuration>
-					<outputDirectory>target/site</outputDirectory>
-					<threshold>Low</threshold>
-				</configuration>
-			</plugin>
-			<plugin>
-				<artifactId>maven-jxr-plugin</artifactId>
-				<configuration>
-					<aggregate>true</aggregate>
-				</configuration>
-			</plugin>
-			<plugin>
-				<artifactId>maven-checkstyle-plugin</artifactId>
-			</plugin>
-			<plugin>
-				<groupId>org.codehaus.mojo</groupId>
-				<artifactId>jdepend-maven-plugin</artifactId>
-			</plugin>
-			<plugin>
-				<groupId>org.codehaus.mojo</groupId>
-				<artifactId>jxr-maven-plugin</artifactId>
-				<configuration>
-					<aggregate>true</aggregate>
-				</configuration>
-			</plugin>
-			<plugin>
-				<groupId>org.codehaus.mojo</groupId>
-				<artifactId>taglist-maven-plugin</artifactId>
-			</plugin>
-			<plugin>
-				<artifactId>maven-changes-plugin</artifactId>
-				<reportSets>
-					<reportSet>
-						<reports>
-							<report>jira-report</report>
-						</reports>
-					</reportSet>
-				</reportSets>
-			</plugin>
-		</plugins>
-	</reporting>
--->
 	<dependencyManagement>
 		<dependencies>
 			<dependency>
@@ -531,7 +347,7 @@
 			<dependency>
 				<groupId>commons-collections</groupId>
 				<artifactId>commons-collections</artifactId>
-				<version>3.2</version>
+				<version>3.2.1</version>
 			</dependency>
 			<dependency>
 				<groupId>commons-logging</groupId>
@@ -541,27 +357,27 @@
 			<dependency>
 				<groupId>org.hibernate</groupId>
 				<artifactId>hibernate</artifactId>
-				<version>3.2.5.ga</version>
+				<version>${hibernate.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>commons-lang</groupId>
 				<artifactId>commons-lang</artifactId>
-				<version>2.3</version>
+				<version>2.4</version>
 			</dependency>
 			<dependency>
 				<groupId>commons-io</groupId>
 				<artifactId>commons-io</artifactId>
-				<version>1.3.1</version>
+				<version>1.4</version>
 			</dependency>
 			<dependency>
 				<groupId>org.apache.myfaces.core</groupId>
 				<artifactId>myfaces-api</artifactId>
-				<version>1.1.5</version>
+				<version>${myfaces.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>org.apache.myfaces.core</groupId>
 				<artifactId>myfaces-impl</artifactId>
-				<version>1.1.5</version>
+				<version>${myfaces.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>org.apache.myfaces.tomahawk</groupId>
@@ -736,7 +552,7 @@
 			<dependency>
 				<groupId>org.apache.lucene</groupId>
 				<artifactId>lucene-core</artifactId>
-				<version>2.2.0</version>
+				<version>2.3.2</version>
 			</dependency>
 			<dependency>
 				<groupId>org.acegisecurity</groupId>
@@ -769,7 +585,7 @@
 			<dependency>
 				<groupId>net.sf.ehcache</groupId>
 				<artifactId>ehcache</artifactId>
-				<version>1.3.0</version>
+				<version>1.5.0</version>
 			</dependency>
 			<dependency>
 				<groupId>log4j</groupId>
@@ -779,14 +595,14 @@
 			<dependency>
 				<groupId>org.andromda.profiles.uml14</groupId>
 				<artifactId>andromda-profile</artifactId>
-				<version>3.2</version>
+				<version>${andromda.version}</version>
 				<type>xml.zip</type>
 				<scope>runtime</scope>
 			</dependency>
 			<dependency>
 				<groupId>org.andromda</groupId>
 				<artifactId>andromda-core</artifactId>
-				<version>3.2</version>
+				<version>${andromda.version}</version>
 				<exclusions>
 					<exclusion>
 						<artifactId>xml-apis</artifactId>
@@ -809,41 +625,41 @@
 			<dependency>
 				<groupId>org.andromda.translationlibraries</groupId>
 				<artifactId>andromda-ocl-translation-core</artifactId>
-				<version>3.2</version>
+				<version>${andromda.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>org.andromda.translationlibraries</groupId>
 				<artifactId>andromda-ocl-validation-library</artifactId>
-				<version>3.2</version>
+				<version>${andromda.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>org.andromda.cartridges</groupId>
 				<artifactId>andromda-spring-cartridge</artifactId>
-				<version>3.2</version>
+				<version>${andromda.version}</version>
 				<scope>runtime</scope>
 			</dependency>
 			<dependency>
 				<groupId>org.andromda.cartridges</groupId>
 				<artifactId>andromda-hibernate-cartridge</artifactId>
-				<version>3.2</version>
+				<version>${andromda.version}</version>
 				<scope>runtime</scope>
 			</dependency>
 			<dependency>
 				<groupId>org.andromda.cartridges</groupId>
 				<artifactId>andromda-jsf-cartridge</artifactId>
-				<version>3.2</version>
+				<version>${andromda.version}</version>
 				<scope>runtime</scope>
 			</dependency>
 			<dependency>
 				<groupId>org.andromda.cartridges</groupId>
 				<artifactId>andromda-java-cartridge</artifactId>
-				<version>3.2</version>
+				<version>${andromda.version}</version>
 				<scope>runtime</scope>
 			</dependency>
 			<dependency>
 				<groupId>org.andromda.translationlibraries</groupId>
 				<artifactId>andromda-ocl-query-library</artifactId>
-				<version>3.2</version>
+				<version>${andromda.version}</version>
 				<scope>runtime</scope>
 			</dependency>
 			<dependency>
@@ -917,11 +733,6 @@
 				<version>1.6.5</version>
 			</dependency>
 			<dependency>
-				<groupId>commons-logging</groupId>
-				<artifactId>commons-logging</artifactId>
-				<version>1.1</version>
-			</dependency>
-			<dependency>
 				<groupId>aopalliance</groupId>
 				<artifactId>aopalliance</artifactId>
 				<version>1.0</version>
@@ -1004,7 +815,10 @@
 	<properties>
 		<shale.version>1.0.4</shale.version>
 		<spring.version>2.0.8</spring.version>
-		<cxf.version>2.0.4-incubator</cxf.version>
+		<cxf.version>2.0.8</cxf.version>
+        <myfaces.version>1.1.5</myfaces.version>
+        <hibernate.version>3.2.5.GA</hibernate.version>
+        <andromda.version>3.2</andromda.version>
 	<!--
 		<maven.andromda.loggingConfigurationUri>
 		${project.dir}/tools/config/log4j.xml

Modified: trunk/openuss-plexus/themes/theme-wwu/.settings/org.eclipse.jdt.core.prefs
===================================================================
--- trunk/openuss-plexus/themes/theme-wwu/.settings/org.eclipse.jdt.core.prefs	2008-08-28 07:49:59 UTC (rev 4778)
+++ trunk/openuss-plexus/themes/theme-wwu/.settings/org.eclipse.jdt.core.prefs	2008-08-29 14:27:12 UTC (rev 4779)
@@ -1,4 +1,4 @@
-#Thu Feb 28 13:42:01 CET 2008
+#Fri Aug 29 10:34:59 CEST 2008
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.source=1.6


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4778] trunk/openuss-plexus/build.xml

[<id...@us...>]

Revision: 4778
          http://openuss.svn.sourceforge.net/openuss/?rev=4778&view=rev
Author:   idueppe
Date:     2008-08-28 07:49:59 +0000 (Thu, 28 Aug 2008)

Log Message:
-----------
polish build.xml

Modified Paths:
--------------
    trunk/openuss-plexus/build.xml

Modified: trunk/openuss-plexus/build.xml
===================================================================
--- trunk/openuss-plexus/build.xml	2008-08-27 16:15:31 UTC (rev 4777)
+++ trunk/openuss-plexus/build.xml	2008-08-28 07:49:59 UTC (rev 4778)
@@ -37,6 +37,7 @@
 		<delete verbose="true" includeemptydirs="true" failonerror="false">
 			<fileset dir=".">
 				<include name="**/andromda*.log"/>
+                <include name="**/andromda*.exc"/>
 			</fileset>
 		</delete>
 	</target>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4777] trunk/openuss-plexus/plexus/plexus-model/pom.xml

[<id...@us...>]

Revision: 4777
          http://openuss.svn.sourceforge.net/openuss/?rev=4777&view=rev
Author:   idueppe
Date:     2008-08-27 16:15:31 +0000 (Wed, 27 Aug 2008)

Log Message:
-----------
bug fix during migration to maven 2.0.9

Modified Paths:
--------------
    trunk/openuss-plexus/plexus/plexus-model/pom.xml

Modified: trunk/openuss-plexus/plexus/plexus-model/pom.xml
===================================================================
--- trunk/openuss-plexus/plexus/plexus-model/pom.xml	2008-08-26 18:14:58 UTC (rev 4776)
+++ trunk/openuss-plexus/plexus/plexus-model/pom.xml	2008-08-27 16:15:31 UTC (rev 4777)
@@ -84,7 +84,7 @@
 	<properties>
 		<andromda.config>andromda.xml</andromda.config>
 		<model.uri>
-			jar:file:${project.build.sourceDirectory}/plexus.xml.zip!/plexus.xml
+			jar:file:${project.basedir}/src/main/uml/plexus.xml.zip!/plexus.xml
 		</model.uri>
 		<filter></filter>
 		<validation>true</validation>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4776] trunk/openuss-plexus/framework/core/src/main/ java/org/openuss/framework/web/jsf/renderer/LabelRenderer.java

[<id...@us...>]

Revision: 4776
          http://openuss.svn.sourceforge.net/openuss/?rev=4776&view=rev
Author:   idueppe
Date:     2008-08-26 18:14:58 +0000 (Tue, 26 Aug 2008)

Log Message:
-----------
code polishing

Modified Paths:
--------------
    trunk/openuss-plexus/framework/core/src/main/java/org/openuss/framework/web/jsf/renderer/LabelRenderer.java

Modified: trunk/openuss-plexus/framework/core/src/main/java/org/openuss/framework/web/jsf/renderer/LabelRenderer.java
===================================================================
--- trunk/openuss-plexus/framework/core/src/main/java/org/openuss/framework/web/jsf/renderer/LabelRenderer.java	2008-08-26 18:13:50 UTC (rev 4775)
+++ trunk/openuss-plexus/framework/core/src/main/java/org/openuss/framework/web/jsf/renderer/LabelRenderer.java	2008-08-26 18:14:58 UTC (rev 4776)
@@ -7,6 +7,7 @@
 import javax.faces.context.FacesContext;
 import javax.faces.context.ResponseWriter;
 import javax.faces.render.Renderer;
+import java.io.IOException;
 
 /**
  * Custom LabelRenderer component that adds asterisks for required fields. Based
@@ -21,7 +22,7 @@
 		return false;
 	}
 
-	public void encodeBegin(FacesContext context, UIComponent component) throws java.io.IOException {
+	public void encodeBegin(FacesContext context, UIComponent component) throws IOException {
 		ResponseWriter writer = context.getResponseWriter();
 
 		Map<String, String> attrs = component.getAttributes();
@@ -42,7 +43,7 @@
 		writer.write(attrs.get("value"));
 	}
 
-	public void encodeEnd(FacesContext context, UIComponent component) throws java.io.IOException {
+	public void encodeEnd(FacesContext context, UIComponent component) throws IOException {
 		ResponseWriter writer = context.getResponseWriter();
 
 		Map<String, String> attrs = component.getAttributes();


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4775] trunk/openuss-plexus/plexus/plexus-web/src/main/ webapp/views/commons/controls/optionSection.xhtml

[<id...@us...>]

Revision: 4775
          http://openuss.svn.sourceforge.net/openuss/?rev=4775&view=rev
Author:   idueppe
Date:     2008-08-26 18:13:50 +0000 (Tue, 26 Aug 2008)

Log Message:
-----------
bugfix

Modified Paths:
--------------
    trunk/openuss-plexus/plexus/plexus-web/src/main/webapp/views/commons/controls/optionSection.xhtml

Modified: trunk/openuss-plexus/plexus/plexus-web/src/main/webapp/views/commons/controls/optionSection.xhtml
===================================================================
--- trunk/openuss-plexus/plexus/plexus-web/src/main/webapp/views/commons/controls/optionSection.xhtml	2008-08-14 18:18:26 UTC (rev 4774)
+++ trunk/openuss-plexus/plexus/plexus-web/src/main/webapp/views/commons/controls/optionSection.xhtml	2008-08-26 18:13:50 UTC (rev 4775)
@@ -8,7 +8,7 @@
 	<o:block label="#{msg.controls_option_label}">
 		<h:form id="changeLanguageForm">
 			<s:authorize ifNotGranted="ROLE_USER">
-			    <h:outputLabel for="themeSelect" value="${msg.controls_language_label}" styleClass="field_label"/>
+			    <h:outputLabel for="languageSelect" value="${msg.controls_language_label}" styleClass="field_label"/>
 				<h:selectOneListbox id="languageSelect" size="1" styleClass="pulldown_form" value="#{visit.locale}" onchange="this.form.submit();">
 				    <f:selectItems value="#{visit.supportedLocaleItems}"/>
 				</h:selectOneListbox>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4774] branches/openuss-plexus-3.1/pom.xml

[<id...@us...>]

Revision: 4774
          http://openuss.svn.sourceforge.net/openuss/?rev=4774&view=rev
Author:   idueppe
Date:     2008-08-14 18:18:26 +0000 (Thu, 14 Aug 2008)

Log Message:
-----------
To build openuss maven version 2.0.9 is needed!

Modified Paths:
--------------
    branches/openuss-plexus-3.1/pom.xml

Modified: branches/openuss-plexus-3.1/pom.xml
===================================================================
--- branches/openuss-plexus-3.1/pom.xml	2008-08-14 18:16:47 UTC (rev 4773)
+++ branches/openuss-plexus-3.1/pom.xml	2008-08-14 18:18:26 UTC (rev 4774)
@@ -10,7 +10,7 @@
 	</description>
 	<url>http://openuss.sf.net/plexus/</url>
 	<prerequisites>
-		<maven>2.0.7</maven>
+		<maven>2.0.9</maven>
 	</prerequisites>
 	<issueManagement>
 		<system>jira</system>
@@ -111,7 +111,7 @@
 			<extension>
 				<groupId>javax.servlet</groupId>
 				<artifactId>servlet-api</artifactId>
-				<version>2.4</version>
+				<version>2.5</version>
 			</extension>
 		</extensions>
 		<defaultGoal>install</defaultGoal>
@@ -417,7 +417,7 @@
 		<dependency>
 			<groupId>org.apache.shale</groupId>
 			<artifactId>shale-test</artifactId>
-			<version>1.0.4</version>
+			<version>${shale.version}</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
@@ -511,6 +511,11 @@
 	<dependencyManagement>
 		<dependencies>
 			<dependency>
+	    		<groupId>org.apache.velocity</groupId>
+    			<artifactId>velocity</artifactId>
+				<version>1.5</version>
+			</dependency>
+			<dependency>
 				<groupId>commons-beanutils</groupId>
 				<artifactId>commons-beanutils</artifactId>
 				<version>1.7.0</version>
@@ -553,12 +558,12 @@
 			<dependency>
 				<groupId>org.apache.myfaces.core</groupId>
 				<artifactId>myfaces-api</artifactId>
-				<version>1.1.5</version>
+				<version>${myfaces.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>org.apache.myfaces.core</groupId>
 				<artifactId>myfaces-impl</artifactId>
-				<version>1.1.5</version>
+				<version>${myfaces.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>org.apache.myfaces.tomahawk</groupId>
@@ -626,12 +631,6 @@
 				<version>1.0</version>
 			</dependency>
 			<dependency>
-				<groupId>javax.servlet.jsp</groupId>
-				<artifactId>jsp-api</artifactId>
-				<version>2.1</version>
-				<scope>provided</scope>
-			</dependency>			
-			<dependency>
 				<groupId>com.sun.el</groupId>
 				<artifactId>el-ri</artifactId>
 				<version>1.0</version>
@@ -994,6 +993,27 @@
 				<artifactId>cxf-common-utilities</artifactId>
 				<version>${cxf.version}</version>
 			</dependency>
+			
+			<dependency>
+				<groupId>junit</groupId>
+				<artifactId>junit</artifactId>
+				<version>3.8.2</version>
+			</dependency>
+			<dependency>
+				<groupId>org.easymock</groupId>
+				<artifactId>easymock</artifactId>
+				<version>2.2</version>
+			</dependency>
+			<dependency>
+				<groupId>org.easymock</groupId>
+				<artifactId>easymockclassextension</artifactId>
+				<version>2.2</version>
+			</dependency>
+			<dependency>
+				<groupId>org.apache.shale</groupId>
+				<artifactId>shale-test</artifactId>
+				<version>${shale.version}</version>
+			</dependency>			
 		</dependencies>
 	</dependencyManagement>
 	<distributionManagement>
@@ -1014,13 +1034,9 @@
     </reporting>
 
 	<properties>
+		<myfaces.version>1.1.5</myfaces.version>
 		<shale.version>1.0.4</shale.version>
 		<spring.version>2.0.8</spring.version>
 		<cxf.version>2.0.4-incubator</cxf.version>
-	<!--
-		<maven.andromda.loggingConfigurationUri>
-		${project.dir}/tools/config/log4j.xml
-		</maven.andromda.loggingConfigurationUri>
-	-->
 	</properties>
 </project>
\ No newline at end of file


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4773] branches/openuss-plexus-3.1/plexus/plexus-model/ pom.xml

[<id...@us...>]

Revision: 4773
          http://openuss.svn.sourceforge.net/openuss/?rev=4773&view=rev
Author:   idueppe
Date:     2008-08-14 18:16:47 +0000 (Thu, 14 Aug 2008)

Log Message:
-----------
Changed pom.xml configuration due to migration to maven-2.0.9 version. Should also work with older version of maven - but not tested

Modified Paths:
--------------
    branches/openuss-plexus-3.1/plexus/plexus-model/pom.xml

Modified: branches/openuss-plexus-3.1/plexus/plexus-model/pom.xml
===================================================================
--- branches/openuss-plexus-3.1/plexus/plexus-model/pom.xml	2008-08-09 14:18:47 UTC (rev 4772)
+++ branches/openuss-plexus-3.1/plexus/plexus-model/pom.xml	2008-08-14 18:16:47 UTC (rev 4773)
@@ -81,7 +81,7 @@
 	<properties>
 		<andromda.config>andromda.xml</andromda.config>
 		<model.uri>
-			jar:file:${project.build.sourceDirectory}/plexus.xml.zip!/plexus.xml
+			jar:file:${pom.basedir}/src/main/uml/plexus.xml.zip!/plexus.xml
 		</model.uri>
 		<filter />
 		<validation>true</validation>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4772] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ ShibbolethAuthenticationProcessingFilter.java

[<pet...@us...>]

Revision: 4772
          http://openuss.svn.sourceforge.net/openuss/?rev=4772&view=rev
Author:   peterschuh
Date:     2008-08-09 14:18:47 +0000 (Sat, 09 Aug 2008)

Log Message:
-----------
# Initial value of username header key set to Shib-TargetedID to default to a shibbolised authentication without revealing a user's username (for details how the targetedID is derived from user attributes and service provider information see the eduPerson specification).

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java	2008-08-02 01:16:41 UTC (rev 4771)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java	2008-08-09 14:18:47 UTC (rev 4772)
@@ -33,10 +33,10 @@
 
 	/**
 	 * Key of the HTTP header attribute for a user's username.</br>
-	 * Defaults to <i>Shib-Person-commonName</i>.</br> 
+	 * Defaults to <i>Shib-TargetedID</i>.</br> 
 	 * Must not be <code>null</code>.
 	 */
-	protected String shibbolethUsernameHeaderKey = "Shib-Person-commonName";
+	protected String shibbolethUsernameHeaderKey = "Shib-TargetedID";
 	
 	/**
 	 * Key of the HTTP header attribute for a user's firstname.</br> 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4771] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ ShibbolethAuthenticationProcessingFilter.java

[<pet...@us...>]

Revision: 4771
          http://openuss.svn.sourceforge.net/openuss/?rev=4771&view=rev
Author:   peterschuh
Date:     2008-08-02 01:16:41 +0000 (Sat, 02 Aug 2008)

Log Message:
-----------
# Initial values of shibboleth header names adopted to person and inetOrgPerson schema.

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java	2008-07-30 15:40:37 UTC (rev 4770)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java	2008-08-02 01:16:41 UTC (rev 4771)
@@ -32,28 +32,32 @@
 public class ShibbolethAuthenticationProcessingFilter extends AbstractProcessingFilter {
 
 	/**
-	 * Key of the HTTP header attribute for a user's username.</br> 
+	 * Key of the HTTP header attribute for a user's username.</br>
+	 * Defaults to <i>Shib-Person-commonName</i>.</br> 
 	 * Must not be <code>null</code>.
 	 */
-	protected String shibbolethUsernameHeaderKey = "REMOTE_USER";
+	protected String shibbolethUsernameHeaderKey = "Shib-Person-commonName";
 	
 	/**
 	 * Key of the HTTP header attribute for a user's firstname.</br> 
+	 * Defaults to <i>Shib-InetOrgPerson-givenName</i>.</br>
 	 * Must not be <code>null</code>.
 	 */
-	protected String shibbolethFirstNameHeaderKey = "SHIB_FIRSTNAME";
+	protected String shibbolethFirstNameHeaderKey = "Shib-InetOrgPerson-givenName";
 	
 	/**
-	 * Key of the HTTP header attribute for a user's lastname.</br> 
+	 * Key of the HTTP header attribute for a user's lastname.</br>
+	 * Defaults to <i>Shib-Person-surname</i>.</br>
 	 * Must not be <code>null</code>.
 	 */
-	protected String shibbolethLastNameHeaderKey = "SHIB_LASTNAME";
+	protected String shibbolethLastNameHeaderKey = "Shib-Person-surname";
 	
 	/**
-	 * Key of the HTTP header attribute for a user's email address.</br> 
+	 * Key of the HTTP header attribute for a user's email address.</br>
+	 * Defaults to <i>Shib-InetOrgPerson-mail</i>.</br>
 	 * Must not be <code>null</code>.
 	 */
-	protected String shibbolethEmailHeaderKey = "SHIB_MAIL";;
+	protected String shibbolethEmailHeaderKey = "Shib-InetOrgPerson-mail";;
 	
 	/**
      * Indicates, which filter instance has generated the authentication request.</br> 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4770] branches/openuss-plexus-3.1-shibboleth/framework /core/src/main/java/org/openuss/framework/web/acegi/ PlexusExceptionTranslationFilter.java

[<pet...@us...>]

Revision: 4770
          http://openuss.svn.sourceforge.net/openuss/?rev=4770&view=rev
Author:   peterschuh
Date:     2008-07-30 15:40:37 +0000 (Wed, 30 Jul 2008)

Log Message:
-----------
# Reverted PlexusExceptionTranslationFilter to revision 4724.

Revision Links:
--------------
    http://openuss.svn.sourceforge.net/openuss/?rev=4724&view=rev

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/framework/core/src/main/java/org/openuss/framework/web/acegi/PlexusExceptionTranslationFilter.java

Modified: branches/openuss-plexus-3.1-shibboleth/framework/core/src/main/java/org/openuss/framework/web/acegi/PlexusExceptionTranslationFilter.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/framework/core/src/main/java/org/openuss/framework/web/acegi/PlexusExceptionTranslationFilter.java	2008-07-29 23:46:15 UTC (rev 4769)
+++ branches/openuss-plexus-3.1-shibboleth/framework/core/src/main/java/org/openuss/framework/web/acegi/PlexusExceptionTranslationFilter.java	2008-07-30 15:40:37 UTC (rev 4770)
@@ -32,7 +32,6 @@
 import org.acegisecurity.AuthenticationTrustResolver;
 import org.acegisecurity.AuthenticationTrustResolverImpl;
 import org.acegisecurity.InsufficientAuthenticationException;
-import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 import org.acegisecurity.context.SecurityContextHolder;
 import org.acegisecurity.ui.AbstractProcessingFilter;
 import org.acegisecurity.ui.AccessDeniedHandler;
@@ -43,7 +42,6 @@
 import org.acegisecurity.util.PortResolverImpl;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetails;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.util.Assert;
 
@@ -83,7 +81,6 @@
 
     private AccessDeniedHandler accessDeniedHandler = new AccessDeniedHandlerImpl();
     private AuthenticationEntryPoint authenticationEntryPoint;
-    private AuthenticationEntryPoint migrationEntryPoint = null;
     private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
     private PortResolver portResolver = new PortResolverImpl();
     private boolean createSessionAllowed = true;
@@ -110,7 +107,6 @@
 
         try {
             chain.doFilter(request, response);
-            
             if (logger.isDebugEnabled()) {
                 logger.debug("Chain processed normally");
             }
@@ -165,23 +161,12 @@
                 sendStartAuthentication(request, response, chain,
                     new InsufficientAuthenticationException("Full authentication is required to access this resource"));
             } else {
-            	// SendStartMigration, if migration is enabled and necessary.
-            	if (isMigrationEnabled() && hasToMigrate(request)) {
-                    if (logger.isDebugEnabled()) {
-                        logger.debug("Access is denied (user must migrate); redirecting to migration entry point",
-                            exception);
-                    }
+                if (logger.isDebugEnabled()) {
+                    logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler",
+                        exception);
+                }
 
-                    sendStartMigration(request, response, chain,
-                        new InsufficientAuthenticationException("User must migrate before accessing this resource"));
-            	} else {
-            		if (logger.isDebugEnabled()) {
-            			logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler",
-            					exception);
-            		}
-            		
-            		accessDeniedHandler.handle(request, response, (AccessDeniedException) exception);            		
-            	}
+                accessDeniedHandler.handle(request, response, (AccessDeniedException) exception);
             }
         }
     }
@@ -222,38 +207,8 @@
         // SEC-112: Clear the SecurityContextHolder's Authentication, as the
         // existing Authentication is no longer considered valid
         SecurityContextHolder.getContext().setAuthentication(null);
-        
-       	authenticationEntryPoint.commence(httpRequest, (HttpServletResponse) response, reason);
-       
-    }
-    
-    protected boolean isMigrationEnabled() {
-    	return (migrationEntryPoint!=null);
-    }
-    
-    protected boolean hasToMigrate(ServletRequest request) {
-    	return (SecurityContextHolder.getContext().getAuthentication() instanceof PrincipalAcegiUserToken && 
-			SecurityContextHolder.getContext().getAuthentication().getDetails() instanceof ShibbolethUserDetails);
-    }
-    
-    protected void sendStartMigration(ServletRequest request, ServletResponse response, FilterChain chain,
-        AuthenticationException reason) throws ServletException, IOException {
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
 
-        SavedRequest savedRequest = new SavedRequest(httpRequest, portResolver);
-
-        if (logger.isDebugEnabled()) {
-            logger.debug("Migration entry point being called; SavedRequest added to Session: " + savedRequest);
-        }
-
-        if (createSessionAllowed) {
-            // Store the HTTP request itself. Used by AbstractProcessingFilter
-            // for redirection after successful authentication (SEC-29)
-            httpRequest.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, savedRequest);
-        }
-        
-       	migrationEntryPoint.commence(httpRequest, (HttpServletResponse) response, reason);
-       
+        authenticationEntryPoint.commence(httpRequest, (HttpServletResponse) response, reason);
     }
 
     public void setAccessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
@@ -276,12 +231,4 @@
     public void setPortResolver(PortResolver portResolver) {
         this.portResolver = portResolver;
     }
-
-	public AuthenticationEntryPoint getMigrationEntryPoint() {
-		return migrationEntryPoint;
-	}
-
-	public void setMigrationEntryPoint(AuthenticationEntryPoint migrationEntryPoint) {
-		this.migrationEntryPoint = migrationEntryPoint;
-	}
 }


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4769] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src/test/java/org/openuss/security/acegi/shibboleth

[<pet...@us...>]

Revision: 4769
          http://openuss.svn.sourceforge.net/openuss/?rev=4769&view=rev
Author:   peterschuh
Date:     2008-07-29 23:46:15 +0000 (Tue, 29 Jul 2008)

Log Message:
-----------
# Renamed test class for provider, due to cobertura ignores test classes, whose names start with "abstract".

Added Paths:
-----------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java

Removed Paths:
-------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProviderTest.java

Deleted: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProviderTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProviderTest.java	2008-07-29 17:22:17 UTC (rev 4768)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProviderTest.java	2008-07-29 23:46:15 UTC (rev 4769)
@@ -1,915 +0,0 @@
-package org.openuss.security.acegi.shibboleth;
-
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
-
-import java.util.Arrays;
-
-import javax.naming.NamingException;
-
-import junit.framework.TestCase;
-
-import org.acegisecurity.AccountExpiredException;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationServiceException;
-import org.acegisecurity.BadCredentialsException;
-import org.acegisecurity.CredentialsExpiredException;
-import org.acegisecurity.DisabledException;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.LockedException;
-import org.acegisecurity.adapters.PrincipalAcegiUserToken;
-import org.acegisecurity.intercept.InterceptorStatusToken;
-import org.acegisecurity.providers.TestingAuthenticationToken;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
-import org.acegisecurity.providers.cas.CasAuthenticationToken;
-import org.acegisecurity.providers.dao.UserCache;
-import org.acegisecurity.providers.jaas.JaasAuthenticationToken;
-import org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
-import org.acegisecurity.providers.x509.X509AuthenticationToken;
-import org.acegisecurity.runas.RunAsUserToken;
-import org.acegisecurity.userdetails.User;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
-import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
-import org.acegisecurity.userdetails.memory.UserMap;
-import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetails;
-import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetailsImpl;
-import org.springframework.dao.DataAccessResourceFailureException;
-
-/**
- * @author Peter Schuh
- *
- */
-public class AbstractShibbolethAuthenticationProviderTest extends TestCase {
-    
-	private final String KEY = "shib";
-	private final String DEFAULTDOMAINNAME = "shibboleth";
-	private final Long DEFAULTDOMAINID = 42L;
-	private final String DEFAULTROLE = "ROLE_SHIBBOLETH";
-	private final String USERROLE = "ROLE_ACEGIUSER";
-	private final String USERNAME = "test";
-	private final String FIRSTNAME = "Joe";
-	private final String LASTNAME = "Sixpack";
-	private final String EMAIL = "j_s...@ac...";
-	private final String DELIMITER = "\\";
-	private final String PW = "PW";
-	private Authentication authentication;
-	private ShibbolethUserDetails shibbolethUserDetails;
-	private InMemoryDaoImpl userDetailsService;
-	private User unmigratedUser;
-	private User migratedUser;
-	private User migratedUserNoReconciliationNecessary;
-	private User reconciledUser;
-	private User disabledUser;
-	private User lockedUser;
-	private User credentialsExpiredUser;
-	private User accountExpiredUser;
-	
-	private MockShibbolethAuthenticationProvider provider;
-
-	public void setUp() {
-		// Setup authentication request
-		shibbolethUserDetails = new ShibbolethUserDetailsImpl();
-		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.USERNAME_KEY, USERNAME);
-		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.EMAIL_KEY, EMAIL);
-		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.FIRSTNAME_KEY, FIRSTNAME);
-		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.LASTNAME_KEY, LASTNAME);
-		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINNAME_KEY, DEFAULTDOMAINNAME);
-		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINID_KEY, DEFAULTDOMAINID);
-		PrincipalAcegiUserToken auth = new PrincipalAcegiUserToken(KEY, USERNAME, PW, new GrantedAuthority[]{new GrantedAuthorityImpl(DEFAULTROLE)}, USERNAME);
-		auth.setDetails(shibbolethUserDetails);
-		authentication = auth;
-		
-		// Setup users
-		unmigratedUser = new User(USERNAME,PW,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
-		migratedUser = new User(USERNAME,DELIMITER+PW+DELIMITER,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
-		reconciledUser = new User(USERNAME,DELIMITER+"TOBEDIFFERENT"+DELIMITER,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
-		migratedUserNoReconciliationNecessary = new User(USERNAME,DELIMITER+"ACME"+DELIMITER,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
-		disabledUser = new User(USERNAME,PW,false,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
-		accountExpiredUser = new User(USERNAME,PW,true,false,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
-		credentialsExpiredUser = new User(USERNAME,PW,true,true,false,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
-		lockedUser = new User(USERNAME,PW,true,true,true,false,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
-		
-		// Setup userDetailsService
-		UserMap userMap = new UserMap();
-		userDetailsService = new InMemoryDaoImpl();
-		userDetailsService.setUserMap(userMap);
-		
-		// Setup class to test with defaults
-		provider = new MockShibbolethAuthenticationProvider();
-		provider.setUserDetailsService(userDetailsService);
-		provider.setKey(KEY);
-		provider.setMigrationEnabled(false);
-		provider.setReconciliationEnabled(false);
-		provider.setIgnoreDisabledException(false);
-		provider.setForcePrincipalAsString(false);
-		provider.setHideUserNotFoundExceptions(true);
-		// provider needs a userCache mock. This will be configured within each test.
-
-	}
-	
-	public void tearDown() {
-		provider = null;
-	}
-	
-	public void testCacheOutdatedUserLockedMeanwhile() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setIgnoreDisabledException(false);
-		provider.setMigrationEnabled(true);
-		provider.setReconciliationEnabled(true);
-		userDetailsService.getUserMap().addUser(lockedUser);
-		// Test migrate user being unmigrated in cache, but having locked status within userDetailsService.
-		Authentication authResult = null;
-		try {
-			authResult = provider.authenticate(authentication);
-			fail("LockedException expected.");
-		} catch (LockedException e) {
-			// success
-			assertNull(authResult);
-			assertEquals(0, provider.migrateCount);
-		}
-		verify(userCache);
-		
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setMigrationEnabled(false);
-		userDetailsService.getUserMap().addUser(lockedUser);
-		// Test take user from cache. Do not query userDetailsService. Do not try to migrate user.
-		authResult = provider.authenticate(authentication);
-		assertEquals(unmigratedUser, (User)authResult.getPrincipal());
-		verify(userCache);
-	}	
-	
-	public void testCacheOutdatedUserEnabledMeanwhile() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(disabledUser);
-		userCache.putUserInCache(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setIgnoreDisabledException(false);
-		provider.setMigrationEnabled(true);
-		provider.setReconciliationEnabled(true);
-		userDetailsService.getUserMap().addUser(unmigratedUser);
-		// Test
-		Authentication authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		assertEquals(1, provider.migrateCount);
-		verify(userCache);	
-	}
-	
-	public void testReconciliationWithCacheMiss() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(reconciledUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setMigrationEnabled(true);
-		provider.setReconciliationEnabled(true);
-		userDetailsService.getUserMap().addUser(migratedUser);
-		// Test reconciliation.
-		Authentication authResult = provider.authenticate(authentication);
-		assertEquals(reconciledUser, (User)authResult.getPrincipal());
-		assertEquals(1, provider.getReconcileCount());
-		verify(userCache);
-		
-		provider.resetCounters();
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(migratedUserNoReconciliationNecessary);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		UserMap userMap = new UserMap();
-		userMap.addUser(migratedUserNoReconciliationNecessary);
-		userDetailsService.setUserMap(userMap);
-		// Test reconciliation not necessary.
-		authResult = provider.authenticate(authentication);
-		assertEquals(migratedUserNoReconciliationNecessary, (User)authResult.getPrincipal());
-		assertEquals(1, provider.getReconcileCount());
-		verify(userCache);
-	}
-	
-	public void testReconciliationWithCacheHit() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setMigrationEnabled(true);
-		provider.setReconciliationEnabled(true);
-		userDetailsService.getUserMap().addUser(migratedUser);
-		// Test with user from cache. Not reconciled to prevent lost updates, if cache is out-dated.
-		Authentication authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		assertEquals(0, provider.reconcileCount);
-		verify(userCache);
-		
-		provider.resetCounters();
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUserNoReconciliationNecessary);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		userDetailsService.getUserMap().addUser(migratedUserNoReconciliationNecessary);
-		// Test with user from cache. Not reconciled to prevent lost updates, if cache is out-dated.
-		authResult = provider.authenticate(authentication);
-		assertEquals(migratedUserNoReconciliationNecessary, (User)authResult.getPrincipal());
-		assertEquals(0, provider.getReconcileCount());
-		verify(userCache);
-	}
-	
-	public void testSuccessfulAuthenticationForMigratedUserWithCacheMiss() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setMigrationEnabled(true);
-		userDetailsService.getUserMap().addUser(migratedUser);
-		// Test
-		Authentication authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		verify(userCache);		
-	}
-	
-	public void testSuccessfulAuthenticationForMigratedUserWithCacheHit() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setMigrationEnabled(true);
-		// Test
-		Authentication authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		verify(userCache);	
-	}
-	
-	public void testAutomaticMigrationWithCacheMiss() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setMigrationEnabled(true);
-		userDetailsService.getUserMap().addUser(unmigratedUser);
-		// Test enabled, unmigrated user
-		Authentication authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		assertEquals(1, provider.getMigrateCount());
-		verify(userCache);
-		
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setMigrationEnabled(true);
-		provider.setIgnoreDisabledException(true);
-		UserMap userMap = new UserMap();
-		userMap.addUser(disabledUser);
-		userDetailsService.setUserMap(userMap);
-		// Test disabled, unmigrated user
-		authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		assertEquals(2, provider.getMigrateCount());
-		verify(userCache);
-		
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setMigrationEnabled(true);
-		provider.setIgnoreDisabledException(true);
-		userMap = new UserMap();
-		userMap.addUser(migratedUser);
-		userDetailsService.setUserMap(userMap);
-		// Test with migrated user
-		authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		assertEquals(2, provider.getMigrateCount());
-		verify(userCache);
-	}
-
-	public void testAutomaticMigrationWithCacheHit() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
-		userCache.putUserInCache(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setMigrationEnabled(true);
-		provider.resetCounters();
-		userDetailsService.getUserMap().addUser(unmigratedUser);
-		// Test with enabled, unmigrated user within cache and userDetailsService.
-		Authentication authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		assertEquals(1, provider.getMigrateCount());
-		verify(userCache);
-		
-		authResult = null;
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(disabledUser);
-		userCache.putUserInCache(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setIgnoreDisabledException(true);
-		provider.resetCounters();
-		UserMap userMap = new UserMap();
-		userMap.addUser(disabledUser);
-		userDetailsService.setUserMap(userMap);
-		// Test with disabled, unmigrated user
-		authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		assertEquals(1, provider.getMigrateCount());
-		verify(userCache);
-		
-		authResult = null;
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(lockedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setIgnoreDisabledException(true);
-		provider.resetCounters();
-		userMap = new UserMap();
-		userMap.addUser(lockedUser);
-		userDetailsService.setUserMap(userMap);
-		// Test with locked, unmigrated user
-		try {
-			authResult = provider.authenticate(authentication);
-			fail("LockedException expected.");
-		} catch (LockedException e) {
-			assertNull(authResult);
-			assertEquals(0, provider.getMigrateCount());
-		}
-		verify(userCache);
-
-		authResult = null;
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.resetCounters();
-		userMap = new UserMap();
-		userMap.addUser(unmigratedUser);
-		userDetailsService.setUserMap(userMap);
-		// Test with migrated user in cache, but unmigrated within userDetailsService. Impossible case, due to migration cannot be reverted. Do not migrate again.
-		authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		assertEquals(0, provider.getMigrateCount());
-		verify(userCache);
-		
-		authResult = null;
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
-		userCache.putUserInCache(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.resetCounters();
-		userMap = new UserMap();
-		userMap.addUser(migratedUser);
-		userDetailsService.setUserMap(userMap);
-		// Test with unmigrated user in cache, but migrated within userDetailsService. Do not migrate again.
-		authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		assertEquals(0, provider.getMigrateCount());
-		verify(userCache);
-		
-		authResult = null;
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.resetCounters();
-		userMap = new UserMap();
-		userMap.addUser(migratedUser);
-		userDetailsService.setUserMap(userMap);
-		// Test with migrated user in cache and userDetailsService.
-		authResult = provider.authenticate(authentication);
-		assertEquals(migratedUser, (User)authResult.getPrincipal());
-		assertEquals(0, provider.getMigrateCount());
-		verify(userCache);
-	}
-	
-	public void testReturnForManualMigrationOnMigrationPage() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setMigrationEnabled(true);
-		// Test
-		Authentication authResult = provider.authenticate(authentication);
-		assertTrue(authentication.equals(authResult));
-		verify(userCache);
-	}
-
-	public void testAuthenticatesASecondTime() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(unmigratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		userDetailsService.getUserMap().addUser(unmigratedUser);
-		// Test 1st time
-		Authentication authResult = provider.authenticate(authentication);
-		// Test 2nd time
-		try {
-			provider.authenticate(authResult);			
-		} catch (IllegalArgumentException e) {
-			assertEquals("Only PrincipalAcegiUserToken is supported", e.getMessage());
-		}
-		verify(userCache);
-	}
-
-	public void testCreateSuccessAuthentication() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(unmigratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		userDetailsService.getUserMap().addUser(unmigratedUser);		
-		// Test 
-		Authentication authResult = provider.authenticate(authentication);
-		assertEquals(unmigratedUser, (User)authResult.getPrincipal());
-		assertEquals(authentication.getCredentials(), authResult.getCredentials());
-		assertTrue(Arrays.equals(unmigratedUser.getAuthorities(), authResult.getAuthorities()));
-		assertEquals(shibbolethUserDetails, (ShibbolethUserDetails)authResult.getDetails());
-		verify(userCache);
-	}
-	
-	public void testForcePrincipalAsString() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(unmigratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		userDetailsService.getUserMap().addUser(unmigratedUser);		
-		provider.setForcePrincipalAsString(false);
-		// Test principal as object
-		Authentication authResult = provider.authenticate(authentication);
-		assertEquals(unmigratedUser, (User)authResult.getPrincipal());
-		verify(userCache);
-		
-		authResult = null;
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(unmigratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setForcePrincipalAsString(true);
-		// Test principal as string
-		authResult = provider.authenticate(authentication);
-		assertEquals(USERNAME, (String)authResult.getPrincipal());
-		verify(userCache);		
-	}
-
-	
-	public void testDisabledUser() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(disabledUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		userDetailsService.getUserMap().addUser(disabledUser);
-		provider.setIgnoreDisabledException(false);
-		// Test not ignoring disabled user status for not yet migrated users.
-		try {
-			provider.authenticate(authentication);
-			fail("DisabledException expected.");
-		} catch (DisabledException e) {
-			// success
-		}
-		verify(userCache);		
-	
-		provider.setIgnoreDisabledException(true);
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(disabledUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		Authentication authResult = null;
-		// Test ignoring disabled status for not yet migrated users.
-		try {
-			authResult = provider.authenticate(authentication);
-			assertTrue((authResult instanceof UsernamePasswordAuthenticationToken) && (((User)authResult.getPrincipal()).equals(disabledUser)));
-		} catch (DisabledException e) {
-			fail("Unexpected DisabledException.");
-		}
-		verify(userCache);
-	
-		authResult = null;
-		provider.setIgnoreDisabledException(true);
-		UserMap userMap = new UserMap();
-		userMap.addUser(migratedUser);
-		userDetailsService.setUserMap(userMap);
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		userCache.putUserInCache(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		// Test not ignoring disabled status for migrated users. Test with enabled, migrated user.
-		try {
-			authResult = provider.authenticate(authentication);
-			assertTrue((authResult instanceof UsernamePasswordAuthenticationToken) && (((User)authResult.getPrincipal()).equals(migratedUser)));
-		} catch (DisabledException e) {
-			fail("Unexpected DisabledException.");
-		}
-		verify(userCache);
-	
-		authResult = null;
-		migratedUser = new User(USERNAME,DELIMITER+PW+DELIMITER,false,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
-		userMap = new UserMap();
-		userMap.addUser(migratedUser);
-		userDetailsService.setUserMap(userMap);
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setIgnoreDisabledException(true);
-		// Test not ignoring disabled status for migrated users. Test with disabled, migrated user.
-		try {
-			provider.authenticate(authentication);
-			fail("DisabledException expected.");
-		} catch (DisabledException e) {
-			// success
-		}
-		verify(userCache);
-		
-		authResult = null;
-		migratedUser = new User(USERNAME,DELIMITER+PW+DELIMITER,false,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
-		userMap = new UserMap();
-		userMap.addUser(migratedUser);
-		userDetailsService.setUserMap(userMap);
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setIgnoreDisabledException(false);
-		// Test not ignoring disabled status for migrated users. Test with disabled, migrated user.
-		try {
-			provider.authenticate(authentication);
-			fail("DisabledException expected.");
-		} catch (DisabledException e) {
-			// success
-		}
-		verify(userCache);
-	}
-
-
-	public void testLockedUser() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		userDetailsService.getUserMap().addUser(lockedUser);
-		// Test
-		try {
-			provider.authenticate(authentication);
-			fail("LockedException expected.");
-		} catch (LockedException e) {
-			// success
-		}
-		verify(userCache);		
-	}
-	
-	
-	public void testAccountExpired() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		userDetailsService.getUserMap().addUser(accountExpiredUser);
-		// Test
-		try {
-			provider.authenticate(authentication);
-			fail("AccountExpiredException expected.");
-		} catch (AccountExpiredException e) {
-			// success
-		}
-		verify(userCache);
-	}
-
-	
-	public void testCredentialsExpired() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		userDetailsService.getUserMap().addUser(credentialsExpiredUser);
-		// Test
-		try {
-			provider.authenticate(authentication);
-			fail("CredentialsExpiredException expected.");
-		} catch (CredentialsExpiredException e) {
-			// success
-		}
-		verify(userCache);		
-	}
-	
-	
-	public void testHideUserNotFoundExceptions() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setHideUserNotFoundExceptions(true);
-		// Test
-		try {
-			provider.authenticate(authentication);
-			fail("BadCredentialsException expected.");
-		} catch (BadCredentialsException e) {
-			// success
-		}
-		verify(userCache);
-		
-		userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setHideUserNotFoundExceptions(false);
-		// Test
-		try {
-			provider.authenticate(authentication);
-			fail("UsernameNotFoundException expected.");
-		} catch (UsernameNotFoundException e) {
-			// success
-		}
-		verify(userCache);		
-	}
-
-	
-	public void testWrongKey(){
-		UserCache userCache = createMock(UserCache.class);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		provider.setKey("WrongKey");
-		try {
-			provider.authenticate(authentication);
-			fail("AuthenticationException expected, due to wrong key.");
-		} catch (AuthenticationException e) {
-			assertEquals("An authentication was presented, that was not generated by the corresponding shibboleth filter and is thus not supported.", e.getMessage());
-		}
-		verify(userCache);
-	}
-
-	
-	public void testCannotCreateUsernameFromAuthentication() {
-		UserCache userCache = createMock(UserCache.class);
-		expect(userCache.getUserFromCache("NONE_PROVIDED")).andReturn(null);
-		replay(userCache);
-		provider = new MockShibbolethAuthenticationProvider() {
-			@Override
-			protected String generateUsernameFromAuthentication(Authentication authentication) {
-				return null;
-			}
-		};
-		provider.setUserDetailsService(userDetailsService);
-		provider.setKey(KEY);
-		provider.setMigrationEnabled(false);
-		provider.setReconciliationEnabled(false);
-		provider.setIgnoreDisabledException(false);
-		provider.setForcePrincipalAsString(false);
-		provider.setHideUserNotFoundExceptions(false);
-		provider.setUserCache(userCache);
-		// Test
-		try {
-			provider.authenticate(authentication);
-			fail("UsernameNotFoundException expected.");
-		} catch (UsernameNotFoundException e) {
-			// success
-		}
-		verify(userCache);
-	}
-	
-	public void testEmptyUsername() {
-		UserDetails user = null;
-		try {
-			user = provider.retrieveUser("", (PrincipalAcegiUserToken)authentication);
-			fail("UserNotFoundException expected. Instead "+user.getUsername()+" was loaded.");
-		} catch (UsernameNotFoundException e) {
-			// success
-		}
-		
-		user = null;
-		try {
-			user = provider.retrieveUser(null, (PrincipalAcegiUserToken)authentication);
-			fail("NullPointerException expected.");
-		} catch (NullPointerException e) {
-			// success
-		}		
-	}
-
-	
-	public void testBackendFailure() {
-		// Setup
-		String message = "Something went wrong.";
-		UserDetailsService userDetailsService = createMock(UserDetailsService.class);
-		expect(userDetailsService.loadUserByUsername(USERNAME)).andThrow(new DataAccessResourceFailureException(message));
-		replay(userDetailsService);
-		provider.setUserDetailsService(userDetailsService);
-		
-		// Test
-		try {
-			UserDetails user = provider.retrieveUser(USERNAME, (PrincipalAcegiUserToken)authentication);
-			fail("User "+user.getUsername()+" was not expected to be loaded.");			
-		} catch (AuthenticationServiceException ase) {
-			assertTrue(ase.getMessage().contains(message));
-		}
-		
-		// Setup
-		userDetailsService = createMock(UserDetailsService.class);
-		expect(userDetailsService.loadUserByUsername(USERNAME)).andReturn(null);
-		replay(userDetailsService);
-		provider.setUserDetailsService(userDetailsService);
-
-		// Test
-		try {
-			UserDetails user = provider.retrieveUser(USERNAME, (PrincipalAcegiUserToken)authentication);
-			fail("User "+user.getUsername()+" was not expected to be loaded.");			
-		} catch (AuthenticationServiceException ase) {
-			assertEquals("UserDetailsService returned null, which is an interface contract violation", ase.getMessage());
-		}
-	}
-	
-	
-	public void testAfterPropertiesSet() {
-		MockShibbolethAuthenticationProvider provider = new MockShibbolethAuthenticationProvider();
-		UserCache userCache = createMock(UserCache.class);
-		replay(userCache);
-		
-		// Setup working provider.
-		provider.setUserDetailsService(userDetailsService);
-		provider.setKey(KEY);
-		provider.setUserCache(userCache);
-		// Test
-		try {
-			provider.afterPropertiesSet();
-		} catch (IllegalArgumentException e) {
-			fail("Unexpected IllegalArgumentException");
-		} catch (Exception e) {
-			fail("Unexpected Exception");
-		}
-		
-		// Setup provider without UserDetailsService.
-		provider.setUserDetailsService(null);
-		provider.setKey(KEY);
-		provider.setUserCache(userCache);
-		// Test
-		try {
-			provider.afterPropertiesSet();
-		} catch (IllegalArgumentException e) {
-			assertTrue(e.getMessage().contains("A UserDetailsService must be set"));
-		} catch (Exception e) {
-			fail ("IllegalArgumentException expected.");
-		}
-
-		// Setup provider without Key.		
-		provider.setUserDetailsService(userDetailsService);
-		provider.setKey(null);
-		provider.setUserCache(userCache);
-		// Test
-		try {
-			provider.afterPropertiesSet();
-		} catch (IllegalArgumentException e) {
-			assertTrue(e.getMessage().contains("A key must be set"));
-		} catch (Exception e) {
-			fail ("IllegalArgumentException expected.");
-		}
-
-		// Setup provider without UserCache.
-		provider.setUserDetailsService(userDetailsService);
-		provider.setKey(KEY);
-		provider.setUserCache(null);
-		// Test
-		try {
-			provider.afterPropertiesSet();
-		} catch (IllegalArgumentException e) {
-			assertTrue(e.getMessage().contains("A user cache must be set"));
-		} catch (Exception e) {
-			fail ("IllegalArgumentException expected.");
-		}
-		verify(userCache);
-	}
-	
-	
-	public void testSupports() {
-		assertTrue(provider.supports(PrincipalAcegiUserToken.class));
-		assertFalse(provider.supports(UsernamePasswordAuthenticationToken.class));
-		assertFalse(provider.supports(AnonymousAuthenticationToken.class));
-		assertFalse(provider.supports(RememberMeAuthenticationToken.class));
-		assertFalse(provider.supports(TestingAuthenticationToken.class));
-		assertFalse(provider.supports(RunAsUserToken.class));
-		assertFalse(provider.supports(JaasAuthenticationToken.class));
-		assertFalse(provider.supports(X509AuthenticationToken.class));
-		assertFalse(provider.supports(CasAuthenticationToken.class));
-		assertFalse(provider.supports(InterceptorStatusToken.class));
-	}
-	
-	
-	public void testGettersSetters() {
-		UserCache userCache = createMock(UserCache.class);
-		replay(userCache);
-		provider.setUserCache(userCache);
-		assertEquals(userCache, provider.getUserCache());
-				
-		provider.setUserDetailsService(userDetailsService);
-		assertEquals(userDetailsService, provider.getUserDetailsService());
-		
-		provider.setKey(KEY);
-		assertEquals(KEY, provider.getKey());
-		
-		boolean migrationEnabled = true;
-		provider.setMigrationEnabled(migrationEnabled);
-		assertTrue(provider.isMigrationEnabled());
-
-		boolean reconciliationEnabled = true;
-		provider.setReconciliationEnabled(reconciliationEnabled);
-		assertTrue(provider.isReconciliationEnabled());
-		
-		boolean ignoreDisabledException = true;
-		provider.setIgnoreDisabledException(ignoreDisabledException);
-		assertTrue(provider.isIgnoreDisabledException());
-		
-		boolean forcePrincipalAsString = true;
-		provider.setForcePrincipalAsString(forcePrincipalAsString);
-		assertTrue(provider.isForcePrincipalAsString());
-		
-		boolean hideUserNotFoundExceptions = false;
-		provider.setHideUserNotFoundExceptions(hideUserNotFoundExceptions);
-		assertFalse(provider.isHideUserNotFoundExceptions());
-		
-		verify(userCache);
-	}
-	
-	
-	private class MockShibbolethAuthenticationProvider extends AbstractShibbolethAuthenticationProvider {
-		private int reconcileCount = 0;
-		private int migrateCount = 0;
-		
-		@Override
-		protected String generateUsernameFromAuthentication(Authentication authentication) {
-			String username = "";
-			try {
-				username = (String)((ShibbolethUserDetails)authentication.getDetails()).getAttributes().get(ShibbolethUserDetailsImpl.USERNAME_KEY).get();
-			} catch (NamingException e) {
-				e.printStackTrace();
-			}
-			return username;
-		}
-
-		@Override
-		protected boolean isAlreadyMigrated(UserDetails user, Authentication authentication) {
-			return user.getPassword().contains(DELIMITER);
-		}
-
-		@Override
-		protected boolean reconcile(UserDetails user, Authentication authentication) {
-			reconcileCount++;
-			if (user.equals(migratedUserNoReconciliationNecessary)) {
-				return false;
-			}
-			else {
-				UserMap userMap = new UserMap();
-				userMap.addUser(reconciledUser);
-				AbstractShibbolethAuthenticationProviderTest.this.userDetailsService.setUserMap(userMap);
-				return true;
-			}
-		}
-		
-		@Override
-		protected void migrate(UserDetails user, Authentication authentication) {
-			migrateCount++;
-			UserMap userMap = new UserMap();
-			userMap.addUser(migratedUser);
-			AbstractShibbolethAuthenticationProviderTest.this.userDetailsService.setUserMap(userMap);
-		}
-
-		public int getReconcileCount() {
-			return reconcileCount;
-		}
-
-		public void setReconcileCount(int reconcileCount) {
-			this.reconcileCount = reconcileCount;
-		}
-
-		public int getMigrateCount() {
-			return migrateCount;
-		}
-
-		public void setMigrateCount(int migrateCount) {
-			this.migrateCount = migrateCount;
-		}
-		
-		public void resetCounters() {
-			setMigrateCount(0);
-			setReconcileCount(0);
-		}
-		
-	}
-}

Added: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java	                        (rev 0)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java	2008-07-29 23:46:15 UTC (rev 4769)
@@ -0,0 +1,915 @@
+package org.openuss.security.acegi.shibboleth;
+
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
+import java.util.Arrays;
+
+import javax.naming.NamingException;
+
+import junit.framework.TestCase;
+
+import org.acegisecurity.AccountExpiredException;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.AuthenticationServiceException;
+import org.acegisecurity.BadCredentialsException;
+import org.acegisecurity.CredentialsExpiredException;
+import org.acegisecurity.DisabledException;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.GrantedAuthorityImpl;
+import org.acegisecurity.LockedException;
+import org.acegisecurity.adapters.PrincipalAcegiUserToken;
+import org.acegisecurity.intercept.InterceptorStatusToken;
+import org.acegisecurity.providers.TestingAuthenticationToken;
+import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
+import org.acegisecurity.providers.cas.CasAuthenticationToken;
+import org.acegisecurity.providers.dao.UserCache;
+import org.acegisecurity.providers.jaas.JaasAuthenticationToken;
+import org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
+import org.acegisecurity.providers.x509.X509AuthenticationToken;
+import org.acegisecurity.runas.RunAsUserToken;
+import org.acegisecurity.userdetails.User;
+import org.acegisecurity.userdetails.UserDetails;
+import org.acegisecurity.userdetails.UserDetailsService;
+import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
+import org.acegisecurity.userdetails.memory.UserMap;
+import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetails;
+import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetailsImpl;
+import org.springframework.dao.DataAccessResourceFailureException;
+
+/**
+ * @author Peter Schuh
+ *
+ */
+public class ShibbolethAuthenticationProviderTest extends TestCase {
+    
+	private final String KEY = "shib";
+	private final String DEFAULTDOMAINNAME = "shibboleth";
+	private final Long DEFAULTDOMAINID = 42L;
+	private final String DEFAULTROLE = "ROLE_SHIBBOLETH";
+	private final String USERROLE = "ROLE_ACEGIUSER";
+	private final String USERNAME = "test";
+	private final String FIRSTNAME = "Joe";
+	private final String LASTNAME = "Sixpack";
+	private final String EMAIL = "j_s...@ac...";
+	private final String DELIMITER = "\\";
+	private final String PW = "PW";
+	private Authentication authentication;
+	private ShibbolethUserDetails shibbolethUserDetails;
+	private InMemoryDaoImpl userDetailsService;
+	private User unmigratedUser;
+	private User migratedUser;
+	private User migratedUserNoReconciliationNecessary;
+	private User reconciledUser;
+	private User disabledUser;
+	private User lockedUser;
+	private User credentialsExpiredUser;
+	private User accountExpiredUser;
+	
+	private MockShibbolethAuthenticationProvider provider;
+
+	public void setUp() {
+		// Setup authentication request
+		shibbolethUserDetails = new ShibbolethUserDetailsImpl();
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.USERNAME_KEY, USERNAME);
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.EMAIL_KEY, EMAIL);
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.FIRSTNAME_KEY, FIRSTNAME);
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.LASTNAME_KEY, LASTNAME);
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINNAME_KEY, DEFAULTDOMAINNAME);
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINID_KEY, DEFAULTDOMAINID);
+		PrincipalAcegiUserToken auth = new PrincipalAcegiUserToken(KEY, USERNAME, PW, new GrantedAuthority[]{new GrantedAuthorityImpl(DEFAULTROLE)}, USERNAME);
+		auth.setDetails(shibbolethUserDetails);
+		authentication = auth;
+		
+		// Setup users
+		unmigratedUser = new User(USERNAME,PW,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		migratedUser = new User(USERNAME,DELIMITER+PW+DELIMITER,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		reconciledUser = new User(USERNAME,DELIMITER+"TOBEDIFFERENT"+DELIMITER,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		migratedUserNoReconciliationNecessary = new User(USERNAME,DELIMITER+"ACME"+DELIMITER,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		disabledUser = new User(USERNAME,PW,false,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		accountExpiredUser = new User(USERNAME,PW,true,false,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		credentialsExpiredUser = new User(USERNAME,PW,true,true,false,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		lockedUser = new User(USERNAME,PW,true,true,true,false,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		
+		// Setup userDetailsService
+		UserMap userMap = new UserMap();
+		userDetailsService = new InMemoryDaoImpl();
+		userDetailsService.setUserMap(userMap);
+		
+		// Setup class to test with defaults
+		provider = new MockShibbolethAuthenticationProvider();
+		provider.setUserDetailsService(userDetailsService);
+		provider.setKey(KEY);
+		provider.setMigrationEnabled(false);
+		provider.setReconciliationEnabled(false);
+		provider.setIgnoreDisabledException(false);
+		provider.setForcePrincipalAsString(false);
+		provider.setHideUserNotFoundExceptions(true);
+		// provider needs a userCache mock. This will be configured within each test.
+
+	}
+	
+	public void tearDown() {
+		provider = null;
+	}
+	
+	public void testCacheOutdatedUserLockedMeanwhile() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(false);
+		provider.setMigrationEnabled(true);
+		provider.setReconciliationEnabled(true);
+		userDetailsService.getUserMap().addUser(lockedUser);
+		// Test migrate user being unmigrated in cache, but having locked status within userDetailsService.
+		Authentication authResult = null;
+		try {
+			authResult = provider.authenticate(authentication);
+			fail("LockedException expected.");
+		} catch (LockedException e) {
+			// success
+			assertNull(authResult);
+			assertEquals(0, provider.migrateCount);
+		}
+		verify(userCache);
+		
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(false);
+		userDetailsService.getUserMap().addUser(lockedUser);
+		// Test take user from cache. Do not query userDetailsService. Do not try to migrate user.
+		authResult = provider.authenticate(authentication);
+		assertEquals(unmigratedUser, (User)authResult.getPrincipal());
+		verify(userCache);
+	}	
+	
+	public void testCacheOutdatedUserEnabledMeanwhile() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(disabledUser);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(false);
+		provider.setMigrationEnabled(true);
+		provider.setReconciliationEnabled(true);
+		userDetailsService.getUserMap().addUser(unmigratedUser);
+		// Test
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(1, provider.migrateCount);
+		verify(userCache);	
+	}
+	
+	public void testReconciliationWithCacheMiss() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(reconciledUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		provider.setReconciliationEnabled(true);
+		userDetailsService.getUserMap().addUser(migratedUser);
+		// Test reconciliation.
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(reconciledUser, (User)authResult.getPrincipal());
+		assertEquals(1, provider.getReconcileCount());
+		verify(userCache);
+		
+		provider.resetCounters();
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUserNoReconciliationNecessary);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		UserMap userMap = new UserMap();
+		userMap.addUser(migratedUserNoReconciliationNecessary);
+		userDetailsService.setUserMap(userMap);
+		// Test reconciliation not necessary.
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUserNoReconciliationNecessary, (User)authResult.getPrincipal());
+		assertEquals(1, provider.getReconcileCount());
+		verify(userCache);
+	}
+	
+	public void testReconciliationWithCacheHit() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		provider.setReconciliationEnabled(true);
+		userDetailsService.getUserMap().addUser(migratedUser);
+		// Test with user from cache. Not reconciled to prevent lost updates, if cache is out-dated.
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(0, provider.reconcileCount);
+		verify(userCache);
+		
+		provider.resetCounters();
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUserNoReconciliationNecessary);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(migratedUserNoReconciliationNecessary);
+		// Test with user from cache. Not reconciled to prevent lost updates, if cache is out-dated.
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUserNoReconciliationNecessary, (User)authResult.getPrincipal());
+		assertEquals(0, provider.getReconcileCount());
+		verify(userCache);
+	}
+	
+	public void testSuccessfulAuthenticationForMigratedUserWithCacheMiss() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		userDetailsService.getUserMap().addUser(migratedUser);
+		// Test
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		verify(userCache);		
+	}
+	
+	public void testSuccessfulAuthenticationForMigratedUserWithCacheHit() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		// Test
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		verify(userCache);	
+	}
+	
+	public void testAutomaticMigrationWithCacheMiss() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		userDetailsService.getUserMap().addUser(unmigratedUser);
+		// Test enabled, unmigrated user
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(1, provider.getMigrateCount());
+		verify(userCache);
+		
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		provider.setIgnoreDisabledException(true);
+		UserMap userMap = new UserMap();
+		userMap.addUser(disabledUser);
+		userDetailsService.setUserMap(userMap);
+		// Test disabled, unmigrated user
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(2, provider.getMigrateCount());
+		verify(userCache);
+		
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		provider.setIgnoreDisabledException(true);
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with migrated user
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(2, provider.getMigrateCount());
+		verify(userCache);
+	}
+
+	public void testAutomaticMigrationWithCacheHit() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		provider.resetCounters();
+		userDetailsService.getUserMap().addUser(unmigratedUser);
+		// Test with enabled, unmigrated user within cache and userDetailsService.
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(1, provider.getMigrateCount());
+		verify(userCache);
+		
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(disabledUser);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(true);
+		provider.resetCounters();
+		UserMap userMap = new UserMap();
+		userMap.addUser(disabledUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with disabled, unmigrated user
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(1, provider.getMigrateCount());
+		verify(userCache);
+		
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(lockedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(true);
+		provider.resetCounters();
+		userMap = new UserMap();
+		userMap.addUser(lockedUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with locked, unmigrated user
+		try {
+			authResult = provider.authenticate(authentication);
+			fail("LockedException expected.");
+		} catch (LockedException e) {
+			assertNull(authResult);
+			assertEquals(0, provider.getMigrateCount());
+		}
+		verify(userCache);
+
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.resetCounters();
+		userMap = new UserMap();
+		userMap.addUser(unmigratedUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with migrated user in cache, but unmigrated within userDetailsService. Impossible case, due to migration cannot be reverted. Do not migrate again.
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(0, provider.getMigrateCount());
+		verify(userCache);
+		
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.resetCounters();
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with unmigrated user in cache, but migrated within userDetailsService. Do not migrate again.
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(0, provider.getMigrateCount());
+		verify(userCache);
+		
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.resetCounters();
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with migrated user in cache and userDetailsService.
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(0, provider.getMigrateCount());
+		verify(userCache);
+	}
+	
+	public void testReturnForManualMigrationOnMigrationPage() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		// Test
+		Authentication authResult = provider.authenticate(authentication);
+		assertTrue(authentication.equals(authResult));
+		verify(userCache);
+	}
+
+	public void testAuthenticatesASecondTime() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(unmigratedUser);
+		// Test 1st time
+		Authentication authResult = provider.authenticate(authentication);
+		// Test 2nd time
+		try {
+			provider.authenticate(authResult);			
+		} catch (IllegalArgumentException e) {
+			assertEquals("Only PrincipalAcegiUserToken is supported", e.getMessage());
+		}
+		verify(userCache);
+	}
+
+	public void testCreateSuccessAuthentication() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(unmigratedUser);		
+		// Test 
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(unmigratedUser, (User)authResult.getPrincipal());
+		assertEquals(authentication.getCredentials(), authResult.getCredentials());
+		assertTrue(Arrays.equals(unmigratedUser.getAuthorities(), authResult.getAuthorities()));
+		assertEquals(shibbolethUserDetails, (ShibbolethUserDetails)authResult.getDetails());
+		verify(userCache);
+	}
+	
+	public void testForcePrincipalAsString() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(unmigratedUser);		
+		provider.setForcePrincipalAsString(false);
+		// Test principal as object
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(unmigratedUser, (User)authResult.getPrincipal());
+		verify(userCache);
+		
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setForcePrincipalAsString(true);
+		// Test principal as string
+		authResult = provider.authenticate(authentication);
+		assertEquals(USERNAME, (String)authResult.getPrincipal());
+		verify(userCache);		
+	}
+
+	
+	public void testDisabledUser() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(disabledUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(disabledUser);
+		provider.setIgnoreDisabledException(false);
+		// Test not ignoring disabled user status for not yet migrated users.
+		try {
+			provider.authenticate(authentication);
+			fail("DisabledException expected.");
+		} catch (DisabledException e) {
+			// success
+		}
+		verify(userCache);		
+	
+		provider.setIgnoreDisabledException(true);
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(disabledUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		Authentication authResult = null;
+		// Test ignoring disabled status for not yet migrated users.
+		try {
+			authResult = provider.authenticate(authentication);
+			assertTrue((authResult instanceof UsernamePasswordAuthenticationToken) && (((User)authResult.getPrincipal()).equals(disabledUser)));
+		} catch (DisabledException e) {
+			fail("Unexpected DisabledException.");
+		}
+		verify(userCache);
+	
+		authResult = null;
+		provider.setIgnoreDisabledException(true);
+		UserMap userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		// Test not ignoring disabled status for migrated users. Test with enabled, migrated user.
+		try {
+			authResult = provider.authenticate(authentication);
+			assertTrue((authResult instanceof UsernamePasswordAuthenticationToken) && (((User)authResult.getPrincipal()).equals(migratedUser)));
+		} catch (DisabledException e) {
+			fail("Unexpected DisabledException.");
+		}
+		verify(userCache);
+	
+		authResult = null;
+		migratedUser = new User(USERNAME,DELIMITER+PW+DELIMITER,false,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(true);
+		// Test not ignoring disabled status for migrated users. Test with disabled, migrated user.
+		try {
+			provider.authenticate(authentication);
+			fail("DisabledException expected.");
+		} catch (DisabledException e) {
+			// success
+		}
+		verify(userCache);
+		
+		authResult = null;
+		migratedUser = new User(USERNAME,DELIMITER+PW+DELIMITER,false,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		userCache = createMock(UserCache...
 
[truncated message content]

[Openuss-svn-commits] SF.net SVN: openuss:[4768] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ AbstractShibbolethAuthenticationProvider.java

[<pet...@us...>]

Revision: 4768
          http://openuss.svn.sourceforge.net/openuss/?rev=4768&view=rev
Author:   peterschuh
Date:     2008-07-29 17:22:17 +0000 (Tue, 29 Jul 2008)

Log Message:
-----------
# code polishing.

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProvider.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProvider.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProvider.java	2008-07-29 16:46:24 UTC (rev 4767)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProvider.java	2008-07-29 17:22:17 UTC (rev 4768)
@@ -56,7 +56,6 @@
 	 */
 	protected boolean ignoreDisabledException = false;
 	
-	@SuppressWarnings("unchecked")
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 	    Assert.isTrue(supports(authentication.getClass()), messages.getMessage("ShibbolethAuthenticationProvider.onlySupports",
 	            "Only PrincipalAcegiUserToken is supported"));


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4767] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src

[<pet...@us...>]

Revision: 4767
          http://openuss.svn.sourceforge.net/openuss/?rev=4767&view=rev
Author:   peterschuh
Date:     2008-07-29 16:46:24 +0000 (Tue, 29 Jul 2008)

Log Message:
-----------
Code polishing according to PMD and FindBugs.

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/migration/UserMigrationUtilityImpl.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProvider.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java

Added Paths:
-----------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProvider.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProviderTest.java

Removed Paths:
-------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/migration/UserMigrationUtilityImpl.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/migration/UserMigrationUtilityImpl.java	2008-07-29 14:31:27 UTC (rev 4766)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/migration/UserMigrationUtilityImpl.java	2008-07-29 16:46:24 UTC (rev 4767)
@@ -46,12 +46,8 @@
 		
 		// Remove temporary authentication, due to it was only necessary for SecurityService.
 		SecurityContextHolder.getContext().setAuthentication(preservedAuthentication);
-	
-		try {
-			sendMigrationNotificationEmail(user, centralUserData.getAuthenticationDomainName());
-		} catch (Exception e) {
-			throw new RuntimeException(e.getMessage(),e);
-		}
+		
+		sendMigrationNotificationEmail(user, centralUserData.getAuthenticationDomainName());		
 	}
 
 	public boolean reconcile(UserInfo user, CentralUserData centralUserData, boolean haveToSave) {
@@ -86,7 +82,7 @@
 	 * @param domainname
 	 * @throws MessageServiceException
 	 */
-	private void sendMigrationNotificationEmail(UserInfo user, String authenticationDomainName) throws Exception {		
+	private void sendMigrationNotificationEmail(UserInfo user, String authenticationDomainName) throws MessageServiceException {		
 		String username = SecurityDomainUtility.extractUsername(user.getUsername());
 
 		Map<String, Object> parameters = new HashMap<String, Object>();

Added: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProvider.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProvider.java	                        (rev 0)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProvider.java	2008-07-29 16:46:24 UTC (rev 4767)
@@ -0,0 +1,303 @@
+package org.openuss.security.acegi.shibboleth;
+
+import org.acegisecurity.AccountExpiredException;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.AuthenticationServiceException;
+import org.acegisecurity.BadCredentialsException;
+import org.acegisecurity.DisabledException;
+import org.acegisecurity.LockedException;
+import org.acegisecurity.adapters.PrincipalAcegiUserToken;
+import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
+import org.acegisecurity.userdetails.UserDetails;
+import org.acegisecurity.userdetails.UserDetailsService;
+import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.springframework.dao.DataAccessException;
+import org.springframework.util.Assert;
+
+/**
+ * @author Peter Schuh
+ *
+ */
+public abstract class AbstractShibbolethAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
+
+	//~ Instance fields ================================================================================================
+
+    /**
+     * Our user details service (which does the real work of checking the user against a back-end user store).</br>
+     * Must not be <code>null</code>.
+     */
+    protected UserDetailsService userDetailsService;
+    /**
+     * Indicates, which filter has generated the authentication request.</br> 
+     * Only <code>PrincipalAcegiUserToken</code> with proper key will be processed.</br>
+     * Assure setting the key according to the key property of the corresponding <code>ShibbolethAuthenticationProcessingFilter</code>.</br>
+     * Must not be <code>null</code>.
+     */
+    protected String key;
+    
+	/**
+	 * Enables migration, i. e. either automatic migration, if a user can be found, or manual migration by redirecting the user to a specific migration page.</br> 
+	 * Defaults to <code>false</code>.
+	 */
+	protected boolean migrationEnabled = false;
+	
+	/**
+	 * Enables reconciliation, i. e. application specific updating of locally stored user details with data received from shibboleth identity provider.</br>
+	 * Defaults to <code>false</code>.
+	 */
+	protected boolean reconciliationEnabled = false;
+
+	/**
+	 * Possibly useful for automatic migration of disabled or not yet enabled users, e. g. if user has registered, but not yet verified his email address.</br>
+	 * Nevertheless <code>DisabledException</code> will be thrown for migrated users.</br>
+	 * Defaults to <code>false</code>.
+	 */
+	protected boolean ignoreDisabledException = false;
+	
+	@SuppressWarnings("unchecked")
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+	    Assert.isTrue(supports(authentication.getClass()), messages.getMessage("ShibbolethAuthenticationProvider.onlySupports",
+	            "Only PrincipalAcegiUserToken is supported"));
+	    if (!(((PrincipalAcegiUserToken)authentication).getKeyHash() == getKey().hashCode())) {
+	    	throw new BadCredentialsException("An authentication was presented, that was not generated by the corresponding shibboleth filter and is thus not supported.");
+	    }
+	    
+	    // Determine username
+	    String username = generateUsernameFromAuthentication(authentication);
+	    if (username == null) {
+	    	username = "NONE_PROVIDED";
+	    }
+	
+	    boolean cacheWasUsed = true;
+	    UserDetails user = getUserCache().getUserFromCache(username);
+	
+	    if (user == null) {
+	        cacheWasUsed = false;
+	
+	        try {
+	            user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
+	        } catch (UsernameNotFoundException notFound) {
+	        	if (isMigrationEnabled()) {
+	        		// Return authentication request, so that new user or user, that cannot be migrated automatically, 
+	        		// can be redirected to a MigrationEntryPoint within an extended ExceptionTranslationFilter 
+	        		return authentication;
+	        	}	            
+	            if (isHideUserNotFoundExceptions()) {
+	                throw new BadCredentialsException(messages.getMessage(
+	                        "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
+	            }
+	            else {
+	                throw notFound;
+	            }
+	        }
+	    }
+	
+	    // User details found
+	    try {
+	        additionalAuthenticationChecks(user, (PrincipalAcegiUserToken) authentication);
+	    } catch (AuthenticationException exception) {
+	        if (cacheWasUsed) {
+	            // There was a problem, so try again after checking
+	            // we're using latest data (ie not from the cache)
+	            cacheWasUsed = false;
+	            user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
+	            additionalAuthenticationChecks(user, (PrincipalAcegiUserToken) authentication);
+	        } else {
+	            throw exception;
+	        }
+	    }
+	
+	    getPostAuthenticationChecks().check(user);
+	    
+	    
+	    // Automatic migration
+	    if (isMigrationEnabled() && !isAlreadyMigrated(user, authentication)) {
+	    	if (cacheWasUsed) {
+	    		// Reload user to get latest data (i. e. not from cache).
+	    		// Do additional authentication checks, due to cache may be out-dated.
+	    		user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
+	    		additionalAuthenticationChecks(user, (PrincipalAcegiUserToken) authentication);
+	    		// Force cache update
+	    		cacheWasUsed = false;
+	    	}
+	    	// Cache could have been out-dated regarding the need for migration.
+	    	// Possibly user has been migrated otherwise, meanwhile.
+	    	if (!isAlreadyMigrated(user, authentication)) {
+		    	migrate(user, authentication);
+		    	// Reload user
+		    	user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
+	    	}
+	    }
+	    else if (!cacheWasUsed && isReconciliationEnabled() && isAlreadyMigrated(user, authentication)) {
+	    	 	// Only do reconciliation of centrally administered user details and locally saved ones, 
+	    		// if local user details came from user details service, to preserve user details being 
+	    		// updated with out-dated data from cache.
+	    		boolean userWasUpdated = false;
+	    		userWasUpdated = reconcile(user, authentication);
+		    	if (userWasUpdated) {
+		    		// Reload user
+			    	user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
+		    	}
+	    }
+	
+	    if (!cacheWasUsed) {
+	        getUserCache().putUserInCache(user);
+	    }
+	
+	    Object principalToReturn = user;
+	
+	    if (isForcePrincipalAsString()) {
+	        principalToReturn = user.getUsername();
+	    }
+	
+	    return createSuccessAuthentication(principalToReturn, authentication, user);
+	}
+
+	
+	
+	protected void doAfterPropertiesSet() throws Exception {
+		Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
+		Assert.hasLength(key, "A key must be set");
+	}
+	
+	
+	/**
+	 * Enables application specific derivation of usernames.
+	 * @param authentication
+	 * @return
+	 */
+	protected abstract String generateUsernameFromAuthentication(Authentication authentication);
+	
+	/* (non-Javadoc)
+	 * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#supports(java.lang.Class)
+	 */
+	@Override
+	public boolean supports(Class authentication) {
+		return PrincipalAcegiUserToken.class.isAssignableFrom(authentication);
+	}
+	
+    /**
+     * Retrieves user by username using a <code>UserDetailsService</code> implementation, that has to be assigned as a property.
+     * @param username
+     * @param authentication
+     * @return
+     * @throws AuthenticationException
+     */
+    protected UserDetails retrieveUser(String username, PrincipalAcegiUserToken authentication) throws AuthenticationException {
+
+        UserDetails loadedUser;
+
+        try {
+			loadedUser = this.getUserDetailsService().loadUserByUsername(username);
+        } catch (DataAccessException repositoryProblem) {
+            throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
+        }
+
+        if (loadedUser == null) {
+            throw new AuthenticationServiceException("UserDetailsService returned null, which is an interface contract violation");
+        }
+
+        return loadedUser;
+    }
+    
+    /**
+     * Application specific migration for users, e. g. set authentication mechanism for user to shibboleth.
+     * @param user
+     * @param authentication
+     */
+    protected void migrate(UserDetails user, Authentication authentication) {}
+    
+    /**
+     * Application specific reconciliation of user details, e. g. updating of locally stored user details with data received by the corresponding shibboleth filter.
+     * @param user
+     * @param authentication
+     * @return reconciliation status: <code>true</code>, if locally stored user details had to be updated.
+     */
+    protected abstract boolean reconcile(UserDetails user, Authentication authentication);
+
+    /**
+     * Check user migration status.
+     * @param user
+     * @param authentication
+     * @return migration status
+     */
+    protected abstract boolean isAlreadyMigrated(UserDetails user, Authentication authentication);
+	
+	protected void additionalAuthenticationChecks(UserDetails user, PrincipalAcegiUserToken authentication) throws AuthenticationException {
+		// No password checking necessary, since this was done by the shibboleth identity provider, already.
+		if ((!user.isEnabled() && !isIgnoreDisabledException() && !isAlreadyMigrated(user, authentication)) || 
+			(!user.isEnabled() && isAlreadyMigrated(user, authentication))) {
+			throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
+			"User is disabled"), user);
+		}
+
+		if (!user.isAccountNonLocked()) {
+            throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
+                    "User account is locked"), user);
+        }
+
+        if (!user.isAccountNonExpired()) {
+            throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
+                    "User account has expired"), user);
+        }
+	}
+
+	public boolean isMigrationEnabled() {
+		return migrationEnabled;
+	}
+	
+	public void setMigrationEnabled(boolean migrationEnabled) {
+		this.migrationEnabled = migrationEnabled;
+	}
+	
+	/* (non-Javadoc)
+	 * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#additionalAuthenticationChecks(org.acegisecurity.userdetails.UserDetails, org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
+	 */
+	@Override
+	protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
+		// This method must be implemented, due to inheritance, but is never used, since we use a PrincipalAcegiUserToken.
+	}
+
+	/* (non-Javadoc)
+	 * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
+	 */
+	@Override
+	protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
+		// This method must be implemented, due to inheritance, but is never used, since we use a PrincipalAcegiUserToken.
+		return null;
+	}
+
+	public UserDetailsService getUserDetailsService() {
+		return userDetailsService;
+	}
+
+	public void setUserDetailsService(UserDetailsService userDetailsService) {
+		this.userDetailsService = userDetailsService;
+	}
+
+	public boolean isIgnoreDisabledException() {
+		return ignoreDisabledException;
+	}
+
+	public void setIgnoreDisabledException(boolean ignoreDisabledException) {
+		this.ignoreDisabledException = ignoreDisabledException;
+	}
+
+	public String getKey() {
+		return key;
+	}
+
+	public void setKey(String key) {
+		this.key = key;
+	}
+
+	public boolean isReconciliationEnabled() {
+		return reconciliationEnabled;
+	}
+
+	public void setReconciliationEnabled(boolean reconciliationEnabled) {
+		this.reconciliationEnabled = reconciliationEnabled;
+	}
+}
\ No newline at end of file

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProvider.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProvider.java	2008-07-29 14:31:27 UTC (rev 4766)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProvider.java	2008-07-29 16:46:24 UTC (rev 4767)
@@ -21,7 +21,7 @@
  * @author Peter Schuh
  *
  */
-public class PlexusShibbolethAuthenticationProvider extends ShibbolethAuthenticationProvider {
+public class PlexusShibbolethAuthenticationProvider extends AbstractShibbolethAuthenticationProvider {
 	private UserMigrationUtility userMigrationUtility;
 	
 	@Override
@@ -83,7 +83,7 @@
 	 * @param authentication
 	 */
 	private void markUserAsMigratedOne(UserDetails user, Authentication authentication) {
-		((ShibbolethUserDetails)authentication.getDetails()).getAttributes().put(SecurityDomainUtility.USER_MIGRATION_INDICATOR_KEY, new Boolean(true));
+		((ShibbolethUserDetails)authentication.getDetails()).getAttributes().put(SecurityDomainUtility.USER_MIGRATION_INDICATOR_KEY, Boolean.valueOf(true));
 	}
 	
 	@Override

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java	2008-07-29 14:31:27 UTC (rev 4766)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java	2008-07-29 16:46:24 UTC (rev 4767)
@@ -1,6 +1,7 @@
 package org.openuss.security.acegi.shibboleth;
 
 import java.io.IOException;
+import java.util.Locale;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -20,8 +21,6 @@
 import org.acegisecurity.ui.AbstractProcessingFilter;
 import org.acegisecurity.ui.AuthenticationDetailsSource;
 import org.acegisecurity.ui.webapp.AuthenticationProcessingFilter;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetails;
 import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetailsImpl;
 import org.springframework.util.Assert;
@@ -37,16 +36,19 @@
 	 * Must not be <code>null</code>.
 	 */
 	protected String shibbolethUsernameHeaderKey = "REMOTE_USER";
+	
 	/**
 	 * Key of the HTTP header attribute for a user's firstname.</br> 
 	 * Must not be <code>null</code>.
 	 */
 	protected String shibbolethFirstNameHeaderKey = "SHIB_FIRSTNAME";
+	
 	/**
 	 * Key of the HTTP header attribute for a user's lastname.</br> 
 	 * Must not be <code>null</code>.
 	 */
 	protected String shibbolethLastNameHeaderKey = "SHIB_LASTNAME";
+	
 	/**
 	 * Key of the HTTP header attribute for a user's email address.</br> 
 	 * Must not be <code>null</code>.
@@ -170,9 +172,11 @@
 	 */
 	protected boolean returnAfterSuccessfulAuthentication = false;
 	
-	protected final Log logger = LogFactory.getLog(this.getClass());
-	protected AuthenticationDetailsSource authenticationDetailsSource = new ShibbolethAuthenticationDetailsSource();
-	
+	public ShibbolethAuthenticationProcessingFilter() {
+		super();
+		super.setAuthenticationDetailsSource(new ShibbolethAuthenticationDetailsSource());
+	}
+
 	public void afterPropertiesSet() throws Exception {
 		super.afterPropertiesSet();
 		Assert.hasLength(shibbolethUsernameHeaderKey, "shibbolethUsernameHeaderKey must be specified");
@@ -385,7 +389,7 @@
      * @param authRequest the authentication request object that should have its details set
      */
 	protected void setDetails(HttpServletRequest request, PrincipalAcegiUserToken authRequest) {        
-    	authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
+    	authRequest.setDetails(getAuthenticationDetailsSource().buildDetails(request));
     }
     
 	public class ShibbolethAuthenticationDetailsSource implements AuthenticationDetailsSource {
@@ -394,7 +398,7 @@
 			shibbolethUserDetails = new ShibbolethUserDetailsImpl();
             shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.USERNAME_KEY, request.getHeader(shibbolethUsernameHeaderKey));
 			if (request.getHeader(shibbolethEmailHeaderKey)!=null) {
-				shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.EMAIL_KEY, ((String) request.getHeader(shibbolethEmailHeaderKey)).toLowerCase());
+				shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.EMAIL_KEY, ((String) request.getHeader(shibbolethEmailHeaderKey)).toLowerCase(Locale.ENGLISH));
 			}
 			if (request.getHeader(shibbolethFirstNameHeaderKey)!=null) {
 				shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.FIRSTNAME_KEY, request.getHeader(shibbolethFirstNameHeaderKey));
@@ -420,9 +424,11 @@
 	
 	
 	public void setDefaultRole(String defaultRole) {
-		if (defaultRole.toLowerCase().startsWith(defaultRolePrefix.toLowerCase())) { 
+		if (defaultRole.toLowerCase(Locale.ENGLISH).startsWith(defaultRolePrefix.toLowerCase(Locale.ENGLISH))) { 
 			this.defaultRole = defaultRole;
-		} else this.defaultRole = getDefaultRolePrefix()+defaultRole;
+		} else {
+			this.defaultRole = getDefaultRolePrefix()+defaultRole;
+		}
 	}
 	
 	public String getShibbolethUsernameHeaderKey() {
@@ -489,15 +495,6 @@
 		this.defaultDomainId = defaultDomainId;
 	}
 
-	public AuthenticationDetailsSource getAuthenticationDetailsSource() {
-		return authenticationDetailsSource;
-	}
-
-	public void setAuthenticationDetailsSource(
-			AuthenticationDetailsSource authenticationDetailsSource) {
-		this.authenticationDetailsSource = authenticationDetailsSource;
-	}
-
 	public boolean isReturnAfterUnsuccessfulAuthentication() {
 		return returnAfterUnsuccessfulAuthentication;
 	}

Deleted: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java	2008-07-29 14:31:27 UTC (rev 4766)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java	2008-07-29 16:46:24 UTC (rev 4767)
@@ -1,302 +0,0 @@
-package org.openuss.security.acegi.shibboleth;
-
-import org.acegisecurity.AccountExpiredException;
-import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
-import org.acegisecurity.AuthenticationServiceException;
-import org.acegisecurity.BadCredentialsException;
-import org.acegisecurity.DisabledException;
-import org.acegisecurity.LockedException;
-import org.acegisecurity.adapters.PrincipalAcegiUserToken;
-import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
-import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
-import org.acegisecurity.userdetails.UserDetails;
-import org.acegisecurity.userdetails.UserDetailsService;
-import org.acegisecurity.userdetails.UsernameNotFoundException;
-import org.springframework.dao.DataAccessException;
-import org.springframework.util.Assert;
-
-/**
- * @author Peter Schuh
- *
- */
-public abstract class ShibbolethAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
-
-	//~ Instance fields ================================================================================================
-
-    /**
-     * Our user details service (which does the real work of checking the user against a back-end user store).</br>
-     * Must not be <code>null</code>.
-     */
-    protected UserDetailsService userDetailsService;
-    /**
-     * Indicates, which filter has generated the authentication request.</br> 
-     * Only <code>PrincipalAcegiUserToken</code> with proper key will be processed.</br>
-     * Assure setting the key according to the key property of the corresponding <code>ShibbolethAuthenticationProcessingFilter</code>.</br>
-     * Must not be <code>null</code>.
-     */
-    protected String key;
-    
-	/**
-	 * Enables migration, i. e. either automatic migration, if a user can be found, or manual migration by redirecting the user to a specific migration page.</br> 
-	 * Defaults to <code>false</code>.
-	 */
-	protected boolean migrationEnabled = false;
-	
-	/**
-	 * Enables reconciliation, i. e. application specific updating of locally stored user details with data received from shibboleth identity provider.</br>
-	 * Defaults to <code>false</code>.
-	 */
-	protected boolean reconciliationEnabled = false;
-
-	/**
-	 * Possibly useful for automatic migration of disabled or not yet enabled users, e. g. if user has registered, but not yet verified his email address.</br>
-	 * Nevertheless <code>DisabledException</code> will be thrown for migrated users.</br>
-	 * Defaults to <code>false</code>.
-	 */
-	protected boolean ignoreDisabledException = false;
-	
-    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-	    Assert.isTrue(supports(authentication.getClass()), messages.getMessage("ShibbolethAuthenticationProvider.onlySupports",
-	            "Only PrincipalAcegiUserToken is supported"));
-	    if (!(((PrincipalAcegiUserToken)authentication).getKeyHash() == getKey().hashCode())) {
-	    	throw new BadCredentialsException("An authentication was presented, that was not generated by the corresponding shibboleth filter and is thus not supported.");
-	    }
-	    
-	    // Determine username
-	    String username = generateUsernameFromAuthentication(authentication);
-	    if (username == null) {
-	    	username = "NONE_PROVIDED";
-	    }
-	
-	    boolean cacheWasUsed = true;
-	    UserDetails user = getUserCache().getUserFromCache(username);
-	
-	    if (user == null) {
-	        cacheWasUsed = false;
-	
-	        try {
-	            user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
-	        } catch (UsernameNotFoundException notFound) {
-	        	if (isMigrationEnabled()) {
-	        		// Return authentication request, so that new user or user, that cannot be migrated automatically, 
-	        		// can be redirected to a MigrationEntryPoint within an extended ExceptionTranslationFilter 
-	        		return authentication;
-	        	}	            
-	            if (isHideUserNotFoundExceptions()) {
-	                throw new BadCredentialsException(messages.getMessage(
-	                        "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
-	            }
-	            else {
-	                throw notFound;
-	            }
-	        }
-	    }
-	
-	    // User details found
-	    try {
-	        additionalAuthenticationChecks(user, (PrincipalAcegiUserToken) authentication);
-	    } catch (AuthenticationException exception) {
-	        if (cacheWasUsed) {
-	            // There was a problem, so try again after checking
-	            // we're using latest data (ie not from the cache)
-	            cacheWasUsed = false;
-	            user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
-	            additionalAuthenticationChecks(user, (PrincipalAcegiUserToken) authentication);
-	        } else {
-	            throw exception;
-	        }
-	    }
-	
-	    getPostAuthenticationChecks().check(user);
-	    
-	    
-	    // Automatic migration
-	    if (isMigrationEnabled() && !isAlreadyMigrated(user, authentication)) {
-	    	if (cacheWasUsed) {
-	    		// Reload user to get latest data (i. e. not from cache).
-	    		// Do additional authentication checks, due to cache may be out-dated.
-	    		user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
-	    		additionalAuthenticationChecks(user, (PrincipalAcegiUserToken) authentication);
-	    		// Force cache update
-	    		cacheWasUsed = false;
-	    	}
-	    	// Cache could have been out-dated regarding the need for migration.
-	    	// Possibly user has been migrated otherwise, meanwhile.
-	    	if (!isAlreadyMigrated(user, authentication)) {
-		    	migrate(user, authentication);
-		    	// Reload user
-		    	user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
-	    	}
-	    }
-	    else if (!cacheWasUsed && isReconciliationEnabled() && isAlreadyMigrated(user, authentication)) {
-	    	 	// Only do reconciliation of centrally administered user details and locally saved ones, 
-	    		// if local user details came from user details service, to preserve user details being 
-	    		// updated with out-dated data from cache.
-	    		boolean userWasUpdated = false;
-	    		userWasUpdated = reconcile(user, authentication);
-		    	if (userWasUpdated) {
-		    		// Reload user
-			    	user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
-		    	}
-	    }
-	
-	    if (!cacheWasUsed) {
-	        getUserCache().putUserInCache(user);
-	    }
-	
-	    Object principalToReturn = user;
-	
-	    if (isForcePrincipalAsString()) {
-	        principalToReturn = user.getUsername();
-	    }
-	
-	    return createSuccessAuthentication(principalToReturn, authentication, user);
-	}
-
-	
-	
-	protected void doAfterPropertiesSet() throws Exception {
-		Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
-		Assert.hasLength(key, "A key must be set");
-	}
-	
-	
-	/**
-	 * Enables application specific derivation of usernames.
-	 * @param authentication
-	 * @return
-	 */
-	protected abstract String generateUsernameFromAuthentication(Authentication authentication);
-	
-	/* (non-Javadoc)
-	 * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#supports(java.lang.Class)
-	 */
-	@Override
-	public boolean supports(Class authentication) {
-		return (PrincipalAcegiUserToken.class.isAssignableFrom(authentication));
-	}
-	
-    /**
-     * Retrieves user by username using a <code>UserDetailsService</code> implementation, that has to be assigned as a property.
-     * @param username
-     * @param authentication
-     * @return
-     * @throws AuthenticationException
-     */
-    protected UserDetails retrieveUser(String username, PrincipalAcegiUserToken authentication) throws AuthenticationException {
-
-        UserDetails loadedUser;
-
-        try {
-			loadedUser = this.getUserDetailsService().loadUserByUsername(username);
-        } catch (DataAccessException repositoryProblem) {
-            throw new AuthenticationServiceException(repositoryProblem.getMessage(), repositoryProblem);
-        }
-
-        if (loadedUser == null) {
-            throw new AuthenticationServiceException("UserDetailsService returned null, which is an interface contract violation");
-        }
-
-        return loadedUser;
-    }
-    
-    /**
-     * Application specific migration for users, e. g. set authentication mechanism for user to shibboleth.
-     * @param user
-     * @param authentication
-     */
-    protected void migrate(UserDetails user, Authentication authentication) {}
-    
-    /**
-     * Application specific reconciliation of user details, e. g. updating of locally stored user details with data received by the corresponding shibboleth filter.
-     * @param user
-     * @param authentication
-     * @return reconciliation status: <code>true</code>, if locally stored user details had to be updated.
-     */
-    protected abstract boolean reconcile(UserDetails user, Authentication authentication);
-
-    /**
-     * Check user migration status.
-     * @param user
-     * @param authentication
-     * @return migration status
-     */
-    protected abstract boolean isAlreadyMigrated(UserDetails user, Authentication authentication);
-	
-	protected void additionalAuthenticationChecks(UserDetails user, PrincipalAcegiUserToken authentication) throws AuthenticationException {
-		// No password checking necessary, since this was done by the shibboleth identity provider, already.
-		if ((!user.isEnabled() && !isIgnoreDisabledException() && !isAlreadyMigrated(user, authentication)) || 
-			(!user.isEnabled() && isAlreadyMigrated(user, authentication))) {
-			throw new DisabledException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled",
-			"User is disabled"), user);
-		}
-
-		if (!user.isAccountNonLocked()) {
-            throw new LockedException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked",
-                    "User account is locked"), user);
-        }
-
-        if (!user.isAccountNonExpired()) {
-            throw new AccountExpiredException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired",
-                    "User account has expired"), user);
-        }
-	}
-
-	public boolean isMigrationEnabled() {
-		return migrationEnabled;
-	}
-	
-	public void setMigrationEnabled(boolean migrationEnabled) {
-		this.migrationEnabled = migrationEnabled;
-	}
-	
-	/* (non-Javadoc)
-	 * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#additionalAuthenticationChecks(org.acegisecurity.userdetails.UserDetails, org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
-	 */
-	@Override
-	protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
-		// This method must be implemented, due to inheritance, but is never used, since we use a PrincipalAcegiUserToken.
-	}
-
-	/* (non-Javadoc)
-	 * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
-	 */
-	@Override
-	protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
-		// This method must be implemented, due to inheritance, but is never used, since we use a PrincipalAcegiUserToken.
-		return null;
-	}
-
-	public UserDetailsService getUserDetailsService() {
-		return userDetailsService;
-	}
-
-	public void setUserDetailsService(UserDetailsService userDetailsService) {
-		this.userDetailsService = userDetailsService;
-	}
-
-	public boolean isIgnoreDisabledException() {
-		return ignoreDisabledException;
-	}
-
-	public void setIgnoreDisabledException(boolean ignoreDisabledException) {
-		this.ignoreDisabledException = ignoreDisabledException;
-	}
-
-	public String getKey() {
-		return key;
-	}
-
-	public void setKey(String key) {
-		this.key = key;
-	}
-
-	public boolean isReconciliationEnabled() {
-		return reconciliationEnabled;
-	}
-
-	public void setReconciliationEnabled(boolean reconciliationEnabled) {
-		this.reconciliationEnabled = reconciliationEnabled;
-	}
-}
\ No newline at end of file

Added: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProviderTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProviderTest.java	                        (rev 0)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/AbstractShibbolethAuthenticationProviderTest.java	2008-07-29 16:46:24 UTC (rev 4767)
@@ -0,0 +1,915 @@
+package org.openuss.security.acegi.shibboleth;
+
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.easymock.EasyMock.verify;
+
+import java.util.Arrays;
+
+import javax.naming.NamingException;
+
+import junit.framework.TestCase;
+
+import org.acegisecurity.AccountExpiredException;
+import org.acegisecurity.Authentication;
+import org.acegisecurity.AuthenticationException;
+import org.acegisecurity.AuthenticationServiceException;
+import org.acegisecurity.BadCredentialsException;
+import org.acegisecurity.CredentialsExpiredException;
+import org.acegisecurity.DisabledException;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.GrantedAuthorityImpl;
+import org.acegisecurity.LockedException;
+import org.acegisecurity.adapters.PrincipalAcegiUserToken;
+import org.acegisecurity.intercept.InterceptorStatusToken;
+import org.acegisecurity.providers.TestingAuthenticationToken;
+import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
+import org.acegisecurity.providers.cas.CasAuthenticationToken;
+import org.acegisecurity.providers.dao.UserCache;
+import org.acegisecurity.providers.jaas.JaasAuthenticationToken;
+import org.acegisecurity.providers.rememberme.RememberMeAuthenticationToken;
+import org.acegisecurity.providers.x509.X509AuthenticationToken;
+import org.acegisecurity.runas.RunAsUserToken;
+import org.acegisecurity.userdetails.User;
+import org.acegisecurity.userdetails.UserDetails;
+import org.acegisecurity.userdetails.UserDetailsService;
+import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.acegisecurity.userdetails.memory.InMemoryDaoImpl;
+import org.acegisecurity.userdetails.memory.UserMap;
+import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetails;
+import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetailsImpl;
+import org.springframework.dao.DataAccessResourceFailureException;
+
+/**
+ * @author Peter Schuh
+ *
+ */
+public class AbstractShibbolethAuthenticationProviderTest extends TestCase {
+    
+	private final String KEY = "shib";
+	private final String DEFAULTDOMAINNAME = "shibboleth";
+	private final Long DEFAULTDOMAINID = 42L;
+	private final String DEFAULTROLE = "ROLE_SHIBBOLETH";
+	private final String USERROLE = "ROLE_ACEGIUSER";
+	private final String USERNAME = "test";
+	private final String FIRSTNAME = "Joe";
+	private final String LASTNAME = "Sixpack";
+	private final String EMAIL = "j_s...@ac...";
+	private final String DELIMITER = "\\";
+	private final String PW = "PW";
+	private Authentication authentication;
+	private ShibbolethUserDetails shibbolethUserDetails;
+	private InMemoryDaoImpl userDetailsService;
+	private User unmigratedUser;
+	private User migratedUser;
+	private User migratedUserNoReconciliationNecessary;
+	private User reconciledUser;
+	private User disabledUser;
+	private User lockedUser;
+	private User credentialsExpiredUser;
+	private User accountExpiredUser;
+	
+	private MockShibbolethAuthenticationProvider provider;
+
+	public void setUp() {
+		// Setup authentication request
+		shibbolethUserDetails = new ShibbolethUserDetailsImpl();
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.USERNAME_KEY, USERNAME);
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.EMAIL_KEY, EMAIL);
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.FIRSTNAME_KEY, FIRSTNAME);
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.LASTNAME_KEY, LASTNAME);
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINNAME_KEY, DEFAULTDOMAINNAME);
+		shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINID_KEY, DEFAULTDOMAINID);
+		PrincipalAcegiUserToken auth = new PrincipalAcegiUserToken(KEY, USERNAME, PW, new GrantedAuthority[]{new GrantedAuthorityImpl(DEFAULTROLE)}, USERNAME);
+		auth.setDetails(shibbolethUserDetails);
+		authentication = auth;
+		
+		// Setup users
+		unmigratedUser = new User(USERNAME,PW,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		migratedUser = new User(USERNAME,DELIMITER+PW+DELIMITER,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		reconciledUser = new User(USERNAME,DELIMITER+"TOBEDIFFERENT"+DELIMITER,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		migratedUserNoReconciliationNecessary = new User(USERNAME,DELIMITER+"ACME"+DELIMITER,true,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		disabledUser = new User(USERNAME,PW,false,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		accountExpiredUser = new User(USERNAME,PW,true,false,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		credentialsExpiredUser = new User(USERNAME,PW,true,true,false,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		lockedUser = new User(USERNAME,PW,true,true,true,false,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		
+		// Setup userDetailsService
+		UserMap userMap = new UserMap();
+		userDetailsService = new InMemoryDaoImpl();
+		userDetailsService.setUserMap(userMap);
+		
+		// Setup class to test with defaults
+		provider = new MockShibbolethAuthenticationProvider();
+		provider.setUserDetailsService(userDetailsService);
+		provider.setKey(KEY);
+		provider.setMigrationEnabled(false);
+		provider.setReconciliationEnabled(false);
+		provider.setIgnoreDisabledException(false);
+		provider.setForcePrincipalAsString(false);
+		provider.setHideUserNotFoundExceptions(true);
+		// provider needs a userCache mock. This will be configured within each test.
+
+	}
+	
+	public void tearDown() {
+		provider = null;
+	}
+	
+	public void testCacheOutdatedUserLockedMeanwhile() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(false);
+		provider.setMigrationEnabled(true);
+		provider.setReconciliationEnabled(true);
+		userDetailsService.getUserMap().addUser(lockedUser);
+		// Test migrate user being unmigrated in cache, but having locked status within userDetailsService.
+		Authentication authResult = null;
+		try {
+			authResult = provider.authenticate(authentication);
+			fail("LockedException expected.");
+		} catch (LockedException e) {
+			// success
+			assertNull(authResult);
+			assertEquals(0, provider.migrateCount);
+		}
+		verify(userCache);
+		
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(false);
+		userDetailsService.getUserMap().addUser(lockedUser);
+		// Test take user from cache. Do not query userDetailsService. Do not try to migrate user.
+		authResult = provider.authenticate(authentication);
+		assertEquals(unmigratedUser, (User)authResult.getPrincipal());
+		verify(userCache);
+	}	
+	
+	public void testCacheOutdatedUserEnabledMeanwhile() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(disabledUser);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(false);
+		provider.setMigrationEnabled(true);
+		provider.setReconciliationEnabled(true);
+		userDetailsService.getUserMap().addUser(unmigratedUser);
+		// Test
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(1, provider.migrateCount);
+		verify(userCache);	
+	}
+	
+	public void testReconciliationWithCacheMiss() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(reconciledUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		provider.setReconciliationEnabled(true);
+		userDetailsService.getUserMap().addUser(migratedUser);
+		// Test reconciliation.
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(reconciledUser, (User)authResult.getPrincipal());
+		assertEquals(1, provider.getReconcileCount());
+		verify(userCache);
+		
+		provider.resetCounters();
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUserNoReconciliationNecessary);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		UserMap userMap = new UserMap();
+		userMap.addUser(migratedUserNoReconciliationNecessary);
+		userDetailsService.setUserMap(userMap);
+		// Test reconciliation not necessary.
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUserNoReconciliationNecessary, (User)authResult.getPrincipal());
+		assertEquals(1, provider.getReconcileCount());
+		verify(userCache);
+	}
+	
+	public void testReconciliationWithCacheHit() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		provider.setReconciliationEnabled(true);
+		userDetailsService.getUserMap().addUser(migratedUser);
+		// Test with user from cache. Not reconciled to prevent lost updates, if cache is out-dated.
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(0, provider.reconcileCount);
+		verify(userCache);
+		
+		provider.resetCounters();
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUserNoReconciliationNecessary);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(migratedUserNoReconciliationNecessary);
+		// Test with user from cache. Not reconciled to prevent lost updates, if cache is out-dated.
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUserNoReconciliationNecessary, (User)authResult.getPrincipal());
+		assertEquals(0, provider.getReconcileCount());
+		verify(userCache);
+	}
+	
+	public void testSuccessfulAuthenticationForMigratedUserWithCacheMiss() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		userDetailsService.getUserMap().addUser(migratedUser);
+		// Test
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		verify(userCache);		
+	}
+	
+	public void testSuccessfulAuthenticationForMigratedUserWithCacheHit() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		// Test
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		verify(userCache);	
+	}
+	
+	public void testAutomaticMigrationWithCacheMiss() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		userDetailsService.getUserMap().addUser(unmigratedUser);
+		// Test enabled, unmigrated user
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(1, provider.getMigrateCount());
+		verify(userCache);
+		
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		provider.setIgnoreDisabledException(true);
+		UserMap userMap = new UserMap();
+		userMap.addUser(disabledUser);
+		userDetailsService.setUserMap(userMap);
+		// Test disabled, unmigrated user
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(2, provider.getMigrateCount());
+		verify(userCache);
+		
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		provider.setIgnoreDisabledException(true);
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with migrated user
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(2, provider.getMigrateCount());
+		verify(userCache);
+	}
+
+	public void testAutomaticMigrationWithCacheHit() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		provider.resetCounters();
+		userDetailsService.getUserMap().addUser(unmigratedUser);
+		// Test with enabled, unmigrated user within cache and userDetailsService.
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(1, provider.getMigrateCount());
+		verify(userCache);
+		
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(disabledUser);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(true);
+		provider.resetCounters();
+		UserMap userMap = new UserMap();
+		userMap.addUser(disabledUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with disabled, unmigrated user
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(1, provider.getMigrateCount());
+		verify(userCache);
+		
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(lockedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(true);
+		provider.resetCounters();
+		userMap = new UserMap();
+		userMap.addUser(lockedUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with locked, unmigrated user
+		try {
+			authResult = provider.authenticate(authentication);
+			fail("LockedException expected.");
+		} catch (LockedException e) {
+			assertNull(authResult);
+			assertEquals(0, provider.getMigrateCount());
+		}
+		verify(userCache);
+
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.resetCounters();
+		userMap = new UserMap();
+		userMap.addUser(unmigratedUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with migrated user in cache, but unmigrated within userDetailsService. Impossible case, due to migration cannot be reverted. Do not migrate again.
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(0, provider.getMigrateCount());
+		verify(userCache);
+		
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(unmigratedUser);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.resetCounters();
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with unmigrated user in cache, but migrated within userDetailsService. Do not migrate again.
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(0, provider.getMigrateCount());
+		verify(userCache);
+		
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.resetCounters();
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		// Test with migrated user in cache and userDetailsService.
+		authResult = provider.authenticate(authentication);
+		assertEquals(migratedUser, (User)authResult.getPrincipal());
+		assertEquals(0, provider.getMigrateCount());
+		verify(userCache);
+	}
+	
+	public void testReturnForManualMigrationOnMigrationPage() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setMigrationEnabled(true);
+		// Test
+		Authentication authResult = provider.authenticate(authentication);
+		assertTrue(authentication.equals(authResult));
+		verify(userCache);
+	}
+
+	public void testAuthenticatesASecondTime() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(unmigratedUser);
+		// Test 1st time
+		Authentication authResult = provider.authenticate(authentication);
+		// Test 2nd time
+		try {
+			provider.authenticate(authResult);			
+		} catch (IllegalArgumentException e) {
+			assertEquals("Only PrincipalAcegiUserToken is supported", e.getMessage());
+		}
+		verify(userCache);
+	}
+
+	public void testCreateSuccessAuthentication() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(unmigratedUser);		
+		// Test 
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(unmigratedUser, (User)authResult.getPrincipal());
+		assertEquals(authentication.getCredentials(), authResult.getCredentials());
+		assertTrue(Arrays.equals(unmigratedUser.getAuthorities(), authResult.getAuthorities()));
+		assertEquals(shibbolethUserDetails, (ShibbolethUserDetails)authResult.getDetails());
+		verify(userCache);
+	}
+	
+	public void testForcePrincipalAsString() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(unmigratedUser);		
+		provider.setForcePrincipalAsString(false);
+		// Test principal as object
+		Authentication authResult = provider.authenticate(authentication);
+		assertEquals(unmigratedUser, (User)authResult.getPrincipal());
+		verify(userCache);
+		
+		authResult = null;
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(unmigratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setForcePrincipalAsString(true);
+		// Test principal as string
+		authResult = provider.authenticate(authentication);
+		assertEquals(USERNAME, (String)authResult.getPrincipal());
+		verify(userCache);		
+	}
+
+	
+	public void testDisabledUser() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(disabledUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(disabledUser);
+		provider.setIgnoreDisabledException(false);
+		// Test not ignoring disabled user status for not yet migrated users.
+		try {
+			provider.authenticate(authentication);
+			fail("DisabledException expected.");
+		} catch (DisabledException e) {
+			// success
+		}
+		verify(userCache);		
+	
+		provider.setIgnoreDisabledException(true);
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(disabledUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		Authentication authResult = null;
+		// Test ignoring disabled status for not yet migrated users.
+		try {
+			authResult = provider.authenticate(authentication);
+			assertTrue((authResult instanceof UsernamePasswordAuthenticationToken) && (((User)authResult.getPrincipal()).equals(disabledUser)));
+		} catch (DisabledException e) {
+			fail("Unexpected DisabledException.");
+		}
+		verify(userCache);
+	
+		authResult = null;
+		provider.setIgnoreDisabledException(true);
+		UserMap userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		userCache.putUserInCache(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		// Test not ignoring disabled status for migrated users. Test with enabled, migrated user.
+		try {
+			authResult = provider.authenticate(authentication);
+			assertTrue((authResult instanceof UsernamePasswordAuthenticationToken) && (((User)authResult.getPrincipal()).equals(migratedUser)));
+		} catch (DisabledException e) {
+			fail("Unexpected DisabledException.");
+		}
+		verify(userCache);
+	
+		authResult = null;
+		migratedUser = new User(USERNAME,DELIMITER+PW+DELIMITER,false,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(true);
+		// Test not ignoring disabled status for migrated users. Test with disabled, migrated user.
+		try {
+			provider.authenticate(authentication);
+			fail("DisabledException expected.");
+		} catch (DisabledException e) {
+			// success
+		}
+		verify(userCache);
+		
+		authResult = null;
+		migratedUser = new User(USERNAME,DELIMITER+PW+DELIMITER,false,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(false);
+		// Test not ignoring disabled status for migrated users. Test with disabled, migrated user.
+		try {
+			provider.authenticate(authentication);
+			fail("DisabledException expected.");
+		} catch (DisabledException e) {
+			// success
+		}
+		verify(userCache);
+	}
+
+
+	public void testLockedUser() {
+		UserCache userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(null);
+		replay(userCache);
+		provider.setUserCache(userCache);
+		userDetailsService.getUserMap().addUser(lockedUser);
+		// Test
+		try {
+			provider.authenticate(authentication);
+			fail("LockedException expected.");
+		} catch (LockedException e) {
+			// success
+		}
+		verify(userCache);		
+	}
+	
+	
+	public void testAccount...
 
[truncated message content]

[Openuss-svn-commits] SF.net SVN: openuss:[4766] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src

[<pet...@us...>]

Revision: 4766
          http://openuss.svn.sourceforge.net/openuss/?rev=4766&view=rev
Author:   peterschuh
Date:     2008-07-29 14:31:27 +0000 (Tue, 29 Jul 2008)

Log Message:
-----------
# PlexusShibbolethIntegrationTest: 
Added assertion for migration mark within corresponding tests.
Reduced application context for tests to accelerate its instantiation.
+ JavaDoc comments.

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProcessingFilter.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProvider.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilterTest.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProcessingFilter.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProcessingFilter.java	2008-07-29 00:37:09 UTC (rev 4765)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProcessingFilter.java	2008-07-29 14:31:27 UTC (rev 4766)
@@ -2,6 +2,10 @@
 
 import org.springframework.util.Assert;
 
+/**
+ * @author Peter Schuh
+ *
+ */
 public class PlexusShibbolethAuthenticationProcessingFilter extends ShibbolethAuthenticationProcessingFilter {
 		
 	protected void doAfterPropertiesSet() throws Exception {

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProvider.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProvider.java	2008-07-29 00:37:09 UTC (rev 4765)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethAuthenticationProvider.java	2008-07-29 14:31:27 UTC (rev 4766)
@@ -17,6 +17,10 @@
 import org.springframework.dao.DataAccessException;
 import org.springframework.util.Assert;
 
+/**
+ * @author Peter Schuh
+ *
+ */
 public class PlexusShibbolethAuthenticationProvider extends ShibbolethAuthenticationProvider {
 	private UserMigrationUtility userMigrationUtility;
 	
@@ -72,6 +76,12 @@
 		markUserAsMigratedOne(user, authentication);
     }
 
+	
+	/**
+	 * Sets a marker for a migrated user. This marker is used within frontend to decide whether to show an appropriate message.
+	 * @param user
+	 * @param authentication
+	 */
 	private void markUserAsMigratedOne(UserDetails user, Authentication authentication) {
 		((ShibbolethUserDetails)authentication.getDetails()).getAttributes().put(SecurityDomainUtility.USER_MIGRATION_INDICATOR_KEY, new Boolean(true));
 	}

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java	2008-07-29 00:37:09 UTC (rev 4765)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java	2008-07-29 14:31:27 UTC (rev 4766)
@@ -1,17 +1,3 @@
-/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 package org.openuss.security.acegi.shibboleth;
 
 import java.io.IOException;
@@ -40,35 +26,150 @@
 import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetailsImpl;
 import org.springframework.util.Assert;
 
+/**
+ * @author Peter Schuh
+ *
+ */
 public class ShibbolethAuthenticationProcessingFilter extends AbstractProcessingFilter {
 
+	/**
+	 * Key of the HTTP header attribute for a user's username.</br> 
+	 * Must not be <code>null</code>.
+	 */
 	protected String shibbolethUsernameHeaderKey = "REMOTE_USER";
+	/**
+	 * Key of the HTTP header attribute for a user's firstname.</br> 
+	 * Must not be <code>null</code>.
+	 */
 	protected String shibbolethFirstNameHeaderKey = "SHIB_FIRSTNAME";
+	/**
+	 * Key of the HTTP header attribute for a user's lastname.</br> 
+	 * Must not be <code>null</code>.
+	 */
 	protected String shibbolethLastNameHeaderKey = "SHIB_LASTNAME";
+	/**
+	 * Key of the HTTP header attribute for a user's email address.</br> 
+	 * Must not be <code>null</code>.
+	 */
 	protected String shibbolethEmailHeaderKey = "SHIB_MAIL";;
+	
+	/**
+     * Indicates, which filter instance has generated the authentication request.</br> 
+     * Only <code>PrincipalAcegiUserToken</code> with proper key will be processed by a corresponding <code>ShibbolethAuthenticationProvider</code> implementation.</br>
+     * Assure setting the key according to the key property of the corresponding <code>ShibbolethAuthenticationProvider</code> instance.</br>
+     * Must not be <code>null</code>.
+     */
+	protected String key = null;
+
 	protected ShibbolethUserDetails shibbolethUserDetails;
-	protected String key = null;
+	
+	/**
+	 * Default role prefix of a default role. If default role is automatically prefixed, if prefix is missing.</br>
+	 * Defaults to <code>ROLE_</code>.</br>
+	 * Must not be <code>null</code>.
+	 */
 	protected String defaultRolePrefix = "ROLE_";
+	
+	/**
+	 * Default role, that is assigned to a shibboleth user for an authentication request, that is processed by the corresponding <code>ShibbolethAuthenticationProvider</code>.</br>
+	 * Must not be <code>null</code>.
+	 */
 	protected String defaultRole = "ROLE_SHIBUSER";
+	
+	/**
+	 * Name of the default domain, that is assigned to a shibboleth user's details of an authentication request, that is processed by the corresponding <code>ShibbolethAuthenticationProvider</code>.
+	 */
 	protected String defaultDomainName = null;
+
+	/**
+	 * ID of the default domain, that is assigned to a shibboleth user's details of an authentication request, that is processed by the corresponding <code>ShibbolethAuthenticationProvider</code>.
+	 */
 	protected Long defaultDomainId;
 	
 	/**
-	 * Enables migration. Defaults to <code>false</code>. Gets <code>true</code> by setting a <code>migrationTargetUrl</code>.
+	 * Enables migration.</br> 
+	 * Gets <code>true</code> by setting a <code>migrationTargetUrl</code>.</br>
+	 * Take care to also enable migration within corresponding <code>shibbolethAuthenticationProvider</code>!</br>
+	 * Defaults to <code>false</code>.
+	 */
+	protected boolean migrationEnabled = false;
+	
+	/**
+	 * Url the user gets redirected to, if manual migration is necessary.</br>
 	 * Take care to also enable migration within corresponding <code>shibbolethAuthenticationProvider</code>!
 	 */
-	protected boolean migrationEnabled = false;
 	protected String migrationTargetUrl = null;
+	
 	protected boolean migrationNecessary = false;
+	
+	/**
+	 * Enables HTTP redirect in case of a successful authentication.</br>
+	 * Defaults to <code>true</code>.
+	 */
 	protected boolean redirectOnAuthenticationSuccessEnabled = true;
+
+	/**
+	 * Enables HTTP redirect in case of a successful authentication.</br>
+	 * Defaults to <code>true</code>.
+	 */
 	protected boolean redirectOnAuthenticationFailureEnabled = true;
 	
+	/**
+	 * Defines, when an authentication is required.</br>
+	 * Behaviour depends on both <code>processEachUrlEnabled</code> <b>and</b> <code>onlyProcessFilterProcessesUrlEnabled</code>.</br>
+	 * <p>
+	 * <u>Possible four combinations:</u></br>
+	 * </p>
+	 * <p>
+	 * processEachUrlEnabled: <code>false</code></br>
+	 * onlyProcessFilterProcessesUrlEnabled: <code>false</code></br>
+	 * Results in:</br>
+	 * Authentication is required, if and only if current authentication is <code>null</code> or an instance of an <code>AnonymousAuthenticationToken</code> <b>and</b> url of request matches the url, that the filter is set to process.
+	 * </p>
+	 * <p>
+	 * processEachUrlEnabled: <code>true</code></br>
+	 * onlyProcessFilterProcessesUrlEnabled: <code>false</code></br>
+	 * Results in:</br>
+	 * Authentication is required, if current authentication is <code>null</code> or an instance of an <code>AnonymousAuthenticationToken</code>.
+	 * </p>
+	 * <p>
+	 * processEachUrlEnabled: <code>false</code></br>
+	 * onlyProcessFilterProcessesUrlEnabled: <code>true</code></br>
+	 * Results in:</br>
+	 * Authentication is required, if url of request matches the url, that the filter is configured to process.
+	 * </p>
+	 * <p>
+	 * processEachUrlEnabled: <code>true</code></br>
+	 * onlyProcessFilterProcessesUrlEnabled: <code>true</code></br>
+	 * Results in:</br>
+	 * Authentication is required, if current authentication is <code>null</code> or an instance of an <code>AnonymousAuthenticationToken</code> <b>or</b> url of request matches the url, that the filter is set to process.
+	 * </p>
+	 * <p>
+	 * <u>Default behaviour:</u>
+	 * </p>
+	 * processEachUrlEnabled: <code>false</code></br>
+	 * onlyProcessFilterProcessesUrlEnabled: <code>true</code>
+	 */
 	protected boolean processEachUrlEnabled = false;
 	
+	/**
+	 * @see #processEachUrlEnabled
+	 * 
+	 */
 	protected boolean onlyProcessFilterProcessesUrlEnabled = true;
 	
+	/**
+	 * Enables filter to return after unsuccessful authentication instead of continuing filter chain.</br>
+	 * Defaults to <code>false</code>, i. e. proceeding filter chain.
+	 */
 	protected boolean returnAfterUnsuccessfulAuthentication = false;
+
+	/**
+	 * Enables filter to return after successful authentication instead of continuing filter chain.</br>
+	 * Defaults to <code>false</code>, i. e. proceeding filter chain.
+	 */
 	protected boolean returnAfterSuccessfulAuthentication = false;
+	
 	protected final Log logger = LogFactory.getLog(this.getClass());
 	protected AuthenticationDetailsSource authenticationDetailsSource = new ShibbolethAuthenticationDetailsSource();
 	

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java	2008-07-29 00:37:09 UTC (rev 4765)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java	2008-07-29 14:31:27 UTC (rev 4766)
@@ -25,32 +25,33 @@
 	//~ Instance fields ================================================================================================
 
     /**
-     * Our user details service (which does the real work of checking the user against a back-end user store).
+     * Our user details service (which does the real work of checking the user against a back-end user store).</br>
+     * Must not be <code>null</code>.
      */
     protected UserDetailsService userDetailsService;
     /**
-     * Indicates, which filter has generated the authentication request. 
-     * Only PrincipalAcegiUserToken with proper key will be processed.
-     * Assure setting the key according to the key property of the corresponding <code>ShibbolethAuthenticationProcessingFilter</code>.
+     * Indicates, which filter has generated the authentication request.</br> 
+     * Only <code>PrincipalAcegiUserToken</code> with proper key will be processed.</br>
+     * Assure setting the key according to the key property of the corresponding <code>ShibbolethAuthenticationProcessingFilter</code>.</br>
+     * Must not be <code>null</code>.
      */
     protected String key;
     
 	/**
-	 * Enables migration, i. e. either automatic migration, if a user can be found, or manual migration by redirecting the user to a specific migration page. 
+	 * Enables migration, i. e. either automatic migration, if a user can be found, or manual migration by redirecting the user to a specific migration page.</br> 
 	 * Defaults to <code>false</code>.
 	 */
 	protected boolean migrationEnabled = false;
 	
 	/**
-	 * Enables reconciliation, i. e. application specific updating of locally stored user details with data received from shibboleth identity provider.
+	 * Enables reconciliation, i. e. application specific updating of locally stored user details with data received from shibboleth identity provider.</br>
 	 * Defaults to <code>false</code>.
 	 */
 	protected boolean reconciliationEnabled = false;
 
-	
 	/**
-	 * Possibly useful for automatic migration of disabled or not yet enabled users, e. g. if user has registered, but not yet verified his email address.
-	 * Nevertheless <code>DisabledException</code> will be thrown for migrated users.
+	 * Possibly useful for automatic migration of disabled or not yet enabled users, e. g. if user has registered, but not yet verified his email address.</br>
+	 * Nevertheless <code>DisabledException</code> will be thrown for migrated users.</br>
 	 * Defaults to <code>false</code>.
 	 */
 	protected boolean ignoreDisabledException = false;
@@ -168,11 +169,21 @@
 	 */
 	protected abstract String generateUsernameFromAuthentication(Authentication authentication);
 	
+	/* (non-Javadoc)
+	 * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#supports(java.lang.Class)
+	 */
 	@Override
 	public boolean supports(Class authentication) {
 		return (PrincipalAcegiUserToken.class.isAssignableFrom(authentication));
 	}
 	
+    /**
+     * Retrieves user by username using a <code>UserDetailsService</code> implementation, that has to be assigned as a property.
+     * @param username
+     * @param authentication
+     * @return
+     * @throws AuthenticationException
+     */
     protected UserDetails retrieveUser(String username, PrincipalAcegiUserToken authentication) throws AuthenticationException {
 
         UserDetails loadedUser;
@@ -198,8 +209,7 @@
     protected void migrate(UserDetails user, Authentication authentication) {}
     
     /**
-     * Application specific reconciliation of user details, e. g. updating of locally stored user details with 
-     * data received by the corresponding shibboleth filter.
+     * Application specific reconciliation of user details, e. g. updating of locally stored user details with data received by the corresponding shibboleth filter.
      * @param user
      * @param authentication
      * @return reconciliation status: <code>true</code>, if locally stored user details had to be updated.
@@ -214,14 +224,6 @@
      */
     protected abstract boolean isAlreadyMigrated(UserDetails user, Authentication authentication);
 	
-	public boolean isMigrationEnabled() {
-		return migrationEnabled;
-	}
-
-	public void setMigrationEnabled(boolean migrationEnabled) {
-		this.migrationEnabled = migrationEnabled;
-	}
-
 	protected void additionalAuthenticationChecks(UserDetails user, PrincipalAcegiUserToken authentication) throws AuthenticationException {
 		// No password checking necessary, since this was done by the shibboleth identity provider, already.
 		if ((!user.isEnabled() && !isIgnoreDisabledException() && !isAlreadyMigrated(user, authentication)) || 
@@ -241,11 +243,25 @@
         }
 	}
 
+	public boolean isMigrationEnabled() {
+		return migrationEnabled;
+	}
+	
+	public void setMigrationEnabled(boolean migrationEnabled) {
+		this.migrationEnabled = migrationEnabled;
+	}
+	
+	/* (non-Javadoc)
+	 * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#additionalAuthenticationChecks(org.acegisecurity.userdetails.UserDetails, org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
+	 */
 	@Override
 	protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
 		// This method must be implemented, due to inheritance, but is never used, since we use a PrincipalAcegiUserToken.
 	}
 
+	/* (non-Javadoc)
+	 * @see org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider#retrieveUser(java.lang.String, org.acegisecurity.providers.UsernamePasswordAuthenticationToken)
+	 */
 	@Override
 	protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
 		// This method must be implemented, due to inheritance, but is never used, since we use a PrincipalAcegiUserToken.

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java	2008-07-29 00:37:09 UTC (rev 4765)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java	2008-07-29 14:31:27 UTC (rev 4766)
@@ -19,6 +19,7 @@
 import org.acegisecurity.util.PortResolverImpl;
 import org.hibernate.SessionFactory;
 import org.openuss.TestUtility;
+import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetails;
 import org.openuss.security.SecurityDomainUtility;
 import org.openuss.security.SecurityService;
 import org.openuss.security.UserInfo;
@@ -26,6 +27,10 @@
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.test.AbstractTransactionalDataSourceSpringContextTests;
 
+/**
+ * @author Peter Schuh
+ *
+ */
 public class PlexusShibbolethIntegrationTest extends AbstractTransactionalDataSourceSpringContextTests {
     private final String SHIBBOLETHUSERNAMEHEADERKEY = "SHIB_REMOTE_USER";
 	private final String SHIBBOLETHFIRSTNAMEHEADERKEY = "Shib-Person-givenname";
@@ -339,12 +344,7 @@
         assertNull(response.getHeader("WWW-Authenticate"));
         assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
         assertEquals(1, chain.getCount());        
-    }
-    
-    
-    
-//        String savedRequestUrl = ((SavedRequest)request.getSession().getAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY)).getFullRequestUrl();
-//        String redirectUrl = response.getRedirectedUrl();
+    }    
 
     public void testSuccessfulAuthenticationWithoutReconciliationForEnabledMigratedUser() throws Exception {
     	generateMigratedEnabledUserNoReconcilationNecessary();
@@ -511,6 +511,7 @@
         securityFilterChainProxy.doFilter(request, response, chain);
 	    assertEquals(request.getContextPath()+DEFAULTTARGETURL, response.getRedirectedUrl());
 	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertNotNull(((ShibbolethUserDetails)((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication().getDetails()).getAttributes().get(SecurityDomainUtility.USER_MIGRATION_INDICATOR_KEY));
 	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
 	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
 	    assertTrue(((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).isEnabled());
@@ -533,6 +534,7 @@
         securityFilterChainProxy.doFilter(request, response, chain);
 	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
 	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertNotNull(((ShibbolethUserDetails)((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication().getDetails()).getAttributes().get(SecurityDomainUtility.USER_MIGRATION_INDICATOR_KEY));
 	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
 	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
 	    assertTrue(((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).isEnabled());
@@ -555,6 +557,7 @@
         securityFilterChainProxy.doFilter(request, response, chain);
 	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
 	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertNotNull(((ShibbolethUserDetails)((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication().getDetails()).getAttributes().get(SecurityDomainUtility.USER_MIGRATION_INDICATOR_KEY));
 	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
 	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
 	    assertTrue(((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).isEnabled());
@@ -607,6 +610,7 @@
         securityFilterChainProxy.doFilter(request, response, chain);
 	    assertEquals(request.getContextPath()+DEFAULTTARGETURL, response.getRedirectedUrl());
 	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertNotNull(((ShibbolethUserDetails)((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication().getDetails()).getAttributes().get(SecurityDomainUtility.USER_MIGRATION_INDICATOR_KEY));
 	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
 	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
 	    assertEquals(0, chain.getCount());
@@ -628,6 +632,7 @@
         securityFilterChainProxy.doFilter(request, response, chain);
 	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
 	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertNotNull(((ShibbolethUserDetails)((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication().getDetails()).getAttributes().get(SecurityDomainUtility.USER_MIGRATION_INDICATOR_KEY));
 	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
 	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
 	    assertEquals(0, chain.getCount());
@@ -649,6 +654,7 @@
         securityFilterChainProxy.doFilter(request, response, chain);
 	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
 	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertNotNull(((ShibbolethUserDetails)((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication().getDetails()).getAttributes().get(SecurityDomainUtility.USER_MIGRATION_INDICATOR_KEY));
 	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
 	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
 	    assertEquals(0, chain.getCount());
@@ -956,14 +962,17 @@
 	}
 	
 	protected String[] getConfigLocations() {
+		// Nonessential configuration files were commented out to accelerate instantiation of application context.
+		// If tests fail, add them again.
 		return new String[] { 
-				"classpath*:applicationContext.xml", 
-				"classpath*:applicationContext-beans.xml",
+				"classpath*:applicationContext.xml",
+//				"classpath*:applicationContext-beans.xml",
 				"classpath*:applicationContext-lucene.xml",
 				"classpath*:applicationContext-cache.xml", 
-				"classpath*:applicationContext-messaging.xml",
-				"classpath*:applicationContext-resources.xml",
-				"classpath*:applicationContext-events.xml",
+//				"classpath*:applicationContext-messaging.xml",
+//				"classpath*:applicationContext-resources.xml",
+//				"classpath*:applicationContext-aop.xml",
+//				"classpath*:applicationContext-events.xml",
 				"classpath*:testContext.xml", 
 				"classpath*:testDataSource.xml",
 				"classpath*:testShibbolethSecurity.xml"};

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilterTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilterTest.java	2008-07-29 00:37:09 UTC (rev 4765)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilterTest.java	2008-07-29 14:31:27 UTC (rev 4766)
@@ -36,6 +36,10 @@
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 
+/**
+ * @author Peter Schuh
+ *
+ */
 public class ShibbolethAuthenticationProcessingFilterTest extends TestCase {
 	
     private final String SHIBBOLETHUSERNAMEHEADERKEY = "REMOTE_USER";

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java	2008-07-29 00:37:09 UTC (rev 4765)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java	2008-07-29 14:31:27 UTC (rev 4766)
@@ -42,6 +42,10 @@
 import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetailsImpl;
 import org.springframework.dao.DataAccessResourceFailureException;
 
+/**
+ * @author Peter Schuh
+ *
+ */
 public class ShibbolethAuthenticationProviderTest extends TestCase {
     
 	private final String KEY = "shib";


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4765] branches/openuss-plexus-3.1-shibboleth/plexus

[<pet...@us...>]

Revision: 4765
          http://openuss.svn.sourceforge.net/openuss/?rev=4765&view=rev
Author:   peterschuh
Date:     2008-07-29 00:37:09 +0000 (Tue, 29 Jul 2008)

Log Message:
-----------
# Integration Tests
# AuthenticationController: Reloading for reconciled users.
# ShibbolethAuthenticationProvider: Reconcilation only for already migrated users.

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-web/src/main/java/org/openuss/web/security/AuthenticationController.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java	2008-07-28 13:39:55 UTC (rev 4764)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProvider.java	2008-07-29 00:37:09 UTC (rev 4765)
@@ -128,7 +128,7 @@
 		    	user = retrieveUser(username, (PrincipalAcegiUserToken) authentication);
 	    	}
 	    }
-	    else if (!cacheWasUsed && isReconciliationEnabled()) {
+	    else if (!cacheWasUsed && isReconciliationEnabled() && isAlreadyMigrated(user, authentication)) {
 	    	 	// Only do reconciliation of centrally administered user details and locally saved ones, 
 	    		// if local user details came from user details service, to preserve user details being 
 	    		// updated with out-dated data from cache.

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java	2008-07-28 13:39:55 UTC (rev 4764)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java	2008-07-29 00:37:09 UTC (rev 4765)
@@ -1,11 +1,5 @@
 package org.openuss.security.acegi.shibboleth;
 
-import static org.easymock.EasyMock.createMock;
-import static org.easymock.EasyMock.createNiceMock;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.verify;
-
 import java.io.IOException;
 import java.util.TimeZone;
 
@@ -14,47 +8,30 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
 
-import org.acegisecurity.AuthenticationManager;
-import org.acegisecurity.GrantedAuthority;
-import org.acegisecurity.GrantedAuthorityImpl;
-import org.acegisecurity.MockAuthenticationManager;
+import org.acegisecurity.adapters.PrincipalAcegiUserToken;
 import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
 import org.acegisecurity.context.SecurityContext;
-import org.acegisecurity.context.SecurityContextHolder;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.acegisecurity.ui.AbstractProcessingFilter;
-import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
 import org.acegisecurity.ui.savedrequest.SavedRequest;
 import org.acegisecurity.util.FilterChainProxy;
 import org.acegisecurity.util.PortResolverImpl;
 import org.hibernate.SessionFactory;
 import org.openuss.TestUtility;
-import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetails;
-import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetailsImpl;
-import org.openuss.messaging.MessageService;
-import org.openuss.migration.UserMigrationUtility;
-import org.openuss.migration.UserMigrationUtilityImpl;
 import org.openuss.security.SecurityDomainUtility;
 import org.openuss.security.SecurityService;
 import org.openuss.security.UserInfo;
-import org.springframework.mock.web.MockFilterConfig;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.test.AbstractTransactionalDataSourceSpringContextTests;
 
-import junit.framework.TestCase;
-
 public class PlexusShibbolethIntegrationTest extends AbstractTransactionalDataSourceSpringContextTests {
     private final String SHIBBOLETHUSERNAMEHEADERKEY = "SHIB_REMOTE_USER";
 	private final String SHIBBOLETHFIRSTNAMEHEADERKEY = "Shib-Person-givenname";
 	private final String SHIBBOLETHLASTNAMEHEADERKEY = "Shib-Person-sn";
 	private final String SHIBBOLETHEMAILHEADERKEY = "Shib-Person-mail";
-	private final String KEY = "shibboleth";
 	private final String DEFAULTDOMAINNAME = "wwu";
-	private final Long DEFAULTDOMAINID = 1006L;
-	private final String DEFAULTROLE = "ROLE_SHIBBOLETHUSER";
 	private final String USERNAME = "test";
 	private final String FIRSTNAME = "Joe";
 	private final String LASTNAME = "Sixpack";
@@ -74,60 +51,9 @@
 	private final String SAVEDREQUESTKEY = AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY;
 	
 	private MockHttpServletRequest request;
-	private MockFilterConfig config;
 	private MockHttpServletResponse response;
-	
-//	private PlexusShibbolethAuthenticationProcessingFilter filter = new PlexusShibbolethAuthenticationProcessingFilter();
-//	private PlexusShibbolethAuthenticationProvider provider = new PlexusShibbolethAuthenticationProvider();
-//
-//	private PlexusShibbolethAuthenticationProcessingFilter filterWithoutMigration = new PlexusShibbolethAuthenticationProcessingFilter();
-//	private PlexusShibbolethAuthenticationProvider providerWithoutMigration = new PlexusShibbolethAuthenticationProvider();
-
-//	public void setUp() {
-//		SecurityContextHolder.clearContext();
-//		// Setup plexus shibboleth configuration
-////		filter.setAuthenticationManager(authenticationManager);
-//		filter.setKey(KEY);
-//		filter.setShibbolethUsernameHeaderKey(SHIBBOLETHUSERNAMEHEADERKEY);
-//		filter.setShibbolethFirstNameHeaderKey(SHIBBOLETHFIRSTNAMEHEADERKEY);
-//		filter.setShibbolethLastNameHeaderKey(SHIBBOLETHLASTNAMEHEADERKEY);
-//		filter.setShibbolethEmailHeaderKey(SHIBBOLETHEMAILHEADERKEY);
-//		filter.setDefaultDomainId(DEFAULTDOMAINID);
-//		filter.setDefaultDomainName(DEFAULTDOMAINNAME);
-//		filter.setDefaultRole(DEFAULTROLE);
-//		filter.setOnlyProcessFilterProcessesUrlEnabled(false);
-//		filter.setProcessEachUrlEnabled(true);
-//		filter.setReturnAfterSuccessfulAuthentication(true);
-//		filter.setReturnAfterUnsuccessfulAuthentication(false);
-//		filter.setRedirectOnAuthenticationSuccessEnabled(true);
-//		filter.setRedirectOnAuthenticationFailureEnabled(false);
-//		filter.setUseRelativeContext(false);
-//		filter.setDefaultTargetUrl(DEFAULTTARGETURL);
-//		filter.setMigrationTargetUrl(MIGRATIONTARGETURL);
-//		filter.setAuthenticationFailureUrl("/nothing, filter is configured not to redirect on authentication failure.");
-//
-//
-////		filterWithoutMigration.setAuthenticationManager(authenticationManager);
-//		filterWithoutMigration.setKey(KEY);
-//		filterWithoutMigration.setShibbolethUsernameHeaderKey(SHIBBOLETHUSERNAMEHEADERKEY);
-//		filterWithoutMigration.setShibbolethFirstNameHeaderKey(SHIBBOLETHFIRSTNAMEHEADERKEY);
-//		filterWithoutMigration.setShibbolethLastNameHeaderKey(SHIBBOLETHLASTNAMEHEADERKEY);
-//		filterWithoutMigration.setShibbolethEmailHeaderKey(SHIBBOLETHEMAILHEADERKEY);
-//		filterWithoutMigration.setDefaultDomainId(DEFAULTDOMAINID);
-//		filterWithoutMigration.setDefaultDomainName(DEFAULTDOMAINNAME);
-//		filterWithoutMigration.setDefaultRole(DEFAULTROLE);
-//		filterWithoutMigration.setOnlyProcessFilterProcessesUrlEnabled(false);
-//		filterWithoutMigration.setProcessEachUrlEnabled(true);
-//		filterWithoutMigration.setReturnAfterSuccessfulAuthentication(false);
-//		filterWithoutMigration.setReturnAfterUnsuccessfulAuthentication(false);
-//		filterWithoutMigration.setRedirectOnAuthenticationSuccessEnabled(false);
-//		filterWithoutMigration.setRedirectOnAuthenticationFailureEnabled(false);
-//		filterWithoutMigration.setDefaultTargetUrl("/nothing, filter is configured not to redirect on authentication success.");
-//		filterWithoutMigration.setAuthenticationFailureUrl("/nothing, filter is configured not to redirect on authentication failure.");
-//
-//	}
-	// Tests for plexus configuration
-	
+	private SavedRequest savedRequest;
+		
 	protected SecurityService securityService;
 	protected SessionFactory sessionFactory;
 	protected TestUtility testUtility;
@@ -182,17 +108,22 @@
     private void generateUnmigratedDisabledUser() {
 		securityService.createUser(createUserInfo());
 	}
-	
+    
+    private void generateUnmigratedDisabledUserNotFindableByEmail() {
+    	UserInfo user = createUserInfo();
+    	user.setEmail("ac...@ac...");
+		securityService.createUser(user);
+    }
+    
 	private void generateUnmigratedEnabledUser() {
 		UserInfo user = createUserInfo();
 		user.setEnabled(true);
 		securityService.createUser(user);
 	}
-	
-	private void generateMigratedDisabledUser() {
-		UserInfo user = createUserInfo();
-		securityService.createUser(user);
-		user = securityService.getUserByName(USERNAME);
+
+	private void generateMigratedDisabledUserNoReconcilationNecessary() {
+		securityService.createUser(createUserInfo());
+		UserInfo user = securityService.getUserByName(USERNAME);
 		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
 		securityService.saveUser(user);
 	}
@@ -208,7 +139,6 @@
 
 	private void generateMigratedEnabledUserToBeReconciled() {
 		UserInfo user = createUserInfo();
-		user.setEmail("ac...@ac...");
 		user.setFirstName("John");
 		user.setLastName("Doe");
 		user.setEnabled(true);
@@ -264,6 +194,8 @@
 		assertTrue(user.isCentralUser());
 	}
 	
+	//~ Tests for OpenUSS Plexus configuration
+
     public void testShibbolethRequestHeadersNotPresent() throws Exception {
         chain.resetCount();
     	request = new MockHttpServletRequest();
@@ -416,27 +348,24 @@
 
     public void testSuccessfulAuthenticationWithoutReconciliationForEnabledMigratedUser() throws Exception {
     	generateMigratedEnabledUserNoReconcilationNecessary();
-//        chain.resetCount();
-//    	request = createMockRequest(SECUREDVIEWSURL);
-//    	response = new MockHttpServletResponse();
-//        // Test DEFAULTTARGETURL. Application filter chain is not invoked, due to redirect to defaultTargetUrl, since there is no saved request.
-//        securityFilterChainProxy.doFilter(request, response, chain);
-//	    assertEquals(request.getContextPath()+DEFAULTTARGETURL, response.getRedirectedUrl());
-//	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
-//	    assertEquals(0, chain.getCount());
-//    	response = new MockHttpServletResponse();
-//    	// Test DEFAULTTARGETURL. Application filter chain invoked, after redirect and with authentication present within security context.
-//        securityFilterChainProxy.doFilter(request, response, chain);
-//        assertNull(response.getRedirectedUrl());
-//	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
-//	    assertEquals(1, chain.getCount());
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+    	response = new MockHttpServletResponse();
+        // Test DEFAULTTARGETURL. Application filter chain is not invoked, due to redirect to defaultTargetUrl, since there is no saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(request.getContextPath()+DEFAULTTARGETURL, response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test DEFAULTTARGETURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
 	    	    
     	request = createMockRequest(DEFAULTTARGETURL);
-    	SavedRequest savedRequest = makeSavedRequestForUrl(SECUREDVIEWSURL);
+    	savedRequest = makeSavedRequestForUrl(SECUREDVIEWSURL);
         request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);
-        assertNotNull(request.getSession());
-        assertNotNull(request.getSession().getAttribute(SAVEDREQUESTKEY));
-        assertEquals(SECUREDVIEWSURL, ((SavedRequest)request.getSession().getAttribute(SAVEDREQUESTKEY)).getServletPath());
         chain.resetCount();
     	response = new MockHttpServletResponse();
         // Test SECUREDVIEWSURL. Application filter chain is not invoked, due to redirect to url of saved request.
@@ -451,108 +380,575 @@
 	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
 	    assertEquals(1, chain.getCount());
 	    
-	    
+    	request = createMockRequest(DEFAULTTARGETURL);
+    	savedRequest = makeSavedRequestForUrl(NOTSECUREDVIEWSURL);
+        request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);
+        chain.resetCount();
+    	response = new MockHttpServletResponse();
+        // Test NOTSECUREDVIEWSURL. Application filter chain is not invoked, due to redirect to url of saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test NOTSECUREDVIEWSURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
 
-//	    
-//	    SecurityContextHolder.clearContext();
-//	    response = new MockHttpServletResponse();
-//        // Setup our HTTP request
-//    	request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
-//	    // Setup our test object, to grant access and redirect migrated user to url within SavedRequest.
-//    	boolean alwaysUseDefaultTargetUrl = false;
-//    	filter.setAlwaysUseDefaultTargetUrl(alwaysUseDefaultTargetUrl);
-//	    // Test
-//	    executeFilterInContainerSimulator(config, filter, request, response, chain);
-//	    assertEquals(makeSavedRequestForUrl().getFullRequestUrl(), response.getRedirectedUrl());
-//	    assertTrue(SecurityContextHolder.getContext().getAuthentication() instanceof UsernamePasswordAuthenticationToken);
-	    
-	    // Test for other URLs -> unsecured view, (un)secured rss
+	    request = createMockRequest(SECUREDRSSFEEDURL);
+        chain.resetCount();
+    	response = new MockHttpServletResponse();
+    	// Test SECUREDRSSFEEDURL. Application filter chain invoked.
+    	securityFilterChainProxy.doFilter(request, response, chain);
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
 
+    	request = createMockRequest(NOTSECUREDRSSFEEDURL);
+        chain.resetCount();
+    	response = new MockHttpServletResponse();
+    	// Test NOTSECUREDRSSFEEDURL. Application filter chain invoked.
+    	securityFilterChainProxy.doFilter(request, response, chain);
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
     }
     
     public void testSuccessfulAuthenticationWithReconciliationForEnabledMigratedUser() throws Exception {
     	generateMigratedEnabledUserToBeReconciled();
-    }
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+    	response = new MockHttpServletResponse();
+        // Test DEFAULTTARGETURL. Application filter chain is not invoked, due to redirect to defaultTargetUrl, since there is no saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(request.getContextPath()+DEFAULTTARGETURL, response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test DEFAULTTARGETURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
 
-/*
-    public void testSuccessfulAuthenticationWithoutRedirectButContinuedProcessingOfFilterChain() throws Exception {
-		
-	    // Setup not to return, but to continue chain.
-	    boolean returnAfterSuccessfulAuthentication = false;
-	    // Setup our expectation that the filter chain will be invoked.
-	    MockFilterChain chain = new MockFilterChain(!returnAfterSuccessfulAuthentication);
+	    rollback();
+	    generateMigratedEnabledUserToBeReconciled();
+        chain.resetCount();
+    	request = createMockRequest(DEFAULTTARGETURL);
+    	savedRequest = makeSavedRequestForUrl(SECUREDVIEWSURL);
+        request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);
+    	response = new MockHttpServletResponse();
+        // Test SECUREDVIEWSURL. Application filter chain is not invoked, due to redirect to url of saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test SECUREDVIEWSURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
+
+	    rollback();
+	    generateMigratedEnabledUserToBeReconciled();
+        chain.resetCount();
+    	request = createMockRequest(DEFAULTTARGETURL);
+    	savedRequest = makeSavedRequestForUrl(NOTSECUREDVIEWSURL);
+        request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);
+    	response = new MockHttpServletResponse();
+        // Test NOTSECUREDVIEWSURL. Application filter chain is not invoked, due to redirect to url of saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test NOTSECUREDVIEWSURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
+
+	    rollback();
+    	generateMigratedEnabledUserToBeReconciled();
+    	request = createMockRequest(SECUREDRSSFEEDURL);
+        chain.resetCount();
+    	response = new MockHttpServletResponse();
+    	// Test SECUREDRSSFEEDURL. Application filter chain invoked.
+    	securityFilterChainProxy.doFilter(request, response, chain);
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertNull(response.getRedirectedUrl());
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
+	    assertEquals(1, chain.getCount());
 	    
-	    // Setup our test object, to grant access
-	    filter.setFilterProcessesUrl("/j_mock_post");
-	    filter.setDefaultTargetUrl("/foobar");
-	    filter.setAuthenticationManager(new MockAuthenticationManager(true));
-	    filter.setReturnAfterSuccessfulAuthentication(returnAfterSuccessfulAuthentication);
-		filter.setRedirectOnAuthenticationSuccessEnabled(false);
-	    // Test
-	    executeFilterInContainerSimulator(config, filter, request, response, chain);
+	    rollback();
+    	generateMigratedEnabledUserToBeReconciled();
+    	request = createMockRequest(NOTSECUREDRSSFEEDURL);
+        chain.resetCount();
+    	response = new MockHttpServletResponse();
+    	// Test NOTSECUREDRSSFEEDURL. Application filter chain invoked.
+    	securityFilterChainProxy.doFilter(request, response, chain);
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
 	    assertNull(response.getRedirectedUrl());
-	    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
-	    assertTrue(SecurityContextHolder.getContext().getAuthentication().getDetails() instanceof ShibbolethUserDetails);
-	    ShibbolethUserDetails sud = (ShibbolethUserDetails)SecurityContextHolder.getContext().getAuthentication().getDetails();
-	    assertEquals(USERNAME,(String)sud.getAttributes().get(ShibbolethUserDetailsImpl.USERNAME_KEY).get());
-	    assertEquals(FIRSTNAME,(String)sud.getAttributes().get(ShibbolethUserDetailsImpl.FIRSTNAME_KEY).get());
-	    assertEquals(LASTNAME,(String)sud.getAttributes().get(ShibbolethUserDetailsImpl.LASTNAME_KEY).get());
-	    assertEquals(EMAIL,(String)sud.getAttributes().get(ShibbolethUserDetailsImpl.EMAIL_KEY).get());
-	    assertEquals(DEFAULTDOMAINNAME,(String)sud.getAttributes().get(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINNAME_KEY).get());
-	    assertEquals(DEFAULTDOMAINID,(Long)sud.getAttributes().get(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINID_KEY).get());
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
 	    assertEquals(1, chain.getCount());
-	}
+    }
+    
+    public void testSuccessfulAuthenticationWithAutomaticMigration() throws Exception {
+    	generateUnmigratedDisabledUser();
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+    	response = new MockHttpServletResponse();
+        // Test DEFAULTTARGETURL. Application filter chain is not invoked, due to redirect to defaultTargetUrl, since there is no saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(request.getContextPath()+DEFAULTTARGETURL, response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
+	    assertTrue(((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).isEnabled());
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test DEFAULTTARGETURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
 
-    public void testUnsuccessfulAuthenticationWithoutRedirectButContinuedProcessingOfFilterChain() throws Exception {
-	    // Setup not to return, but to continue chain.
-	    boolean returnAfterUnsuccessfulAuthentication = false;
-	    // Setup our expectation that the filter chain will be invoked.
-	    MockFilterChain chain = new MockFilterChain(!returnAfterUnsuccessfulAuthentication);
-	
-	    // Setup our test object, to grant access
-	    filter.setFilterProcessesUrl("/j_mock_post");
-	    filter.setDefaultTargetUrl("/foobar");
-	    filter.setAuthenticationManager(new MockAuthenticationManager(false));
-	    filter.setReturnAfterSuccessfulAuthentication(returnAfterUnsuccessfulAuthentication);
-		filter.setRedirectOnAuthenticationFailureEnabled(false);
-	    // Test
-	    executeFilterInContainerSimulator(config, filter, request, response, chain);
-	    assertNull(response.getRedirectedUrl());
-	    assertNull(SecurityContextHolder.getContext().getAuthentication());
+	    rollback();
+	    generateUnmigratedDisabledUser();
+        chain.resetCount();
+    	request = createMockRequest(DEFAULTTARGETURL);
+    	savedRequest = makeSavedRequestForUrl(SECUREDVIEWSURL);
+        request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);
+    	response = new MockHttpServletResponse();
+        // Test SECUREDVIEWSURL. Application filter chain is not invoked, due to redirect to url of saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
+	    assertTrue(((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).isEnabled());
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test SECUREDVIEWSURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
 	    assertEquals(1, chain.getCount());
+
+	    rollback();
+	    generateUnmigratedDisabledUser();
+        chain.resetCount();
+    	request = createMockRequest(DEFAULTTARGETURL);
+    	savedRequest = makeSavedRequestForUrl(NOTSECUREDVIEWSURL);
+        request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);
+    	response = new MockHttpServletResponse();
+        // Test NOTSECUREDVIEWSURL. Application filter chain is not invoked, due to redirect to url of saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
+	    assertTrue(((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).isEnabled());
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test NOTSECUREDVIEWSURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
+
+	    rollback();
+    	generateUnmigratedDisabledUser();
+    	request = createMockRequest(SECUREDRSSFEEDURL);
+        chain.resetCount();
+    	response = new MockHttpServletResponse();
+    	// Test SECUREDRSSFEEDURL. Application filter chain invoked.
+    	securityFilterChainProxy.doFilter(request, response, chain);
+	    assertNull(request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY));
+	    assertNotNull(response.getHeader("WWW-Authenticate"));
+	    assertEquals("Full authentication is required to access this resource", response.getErrorMessage());
+	    assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
+	    assertNotNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(USERNAME)).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(USERNAME)).getLastName());
+	    assertFalse(((UserInfo)securityService.getUserByName(USERNAME)).isEnabled());
+        assertEquals(0, chain.getCount());	    
+
+        rollback();
+    	generateUnmigratedDisabledUser();
+    	request = createMockRequest(NOTSECUREDRSSFEEDURL);
+        chain.resetCount();
+    	response = new MockHttpServletResponse();
+    	// Test NOTSECUREDRSSFEEDURL. Application filter chain invoked.
+    	securityFilterChainProxy.doFilter(request, response, chain);
+	    assertNull(request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY));
+        assertNull(response.getHeader("WWW-Authenticate"));
+        assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(USERNAME)).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(USERNAME)).getLastName());
+	    assertFalse(((UserInfo)securityService.getUserByName(USERNAME)).isEnabled());
+        assertEquals(1, chain.getCount());	    
+    
+        rollback();
+    	generateUnmigratedEnabledUser();
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+    	response = new MockHttpServletResponse();
+        // Test DEFAULTTARGETURL. Application filter chain is not invoked, due to redirect to defaultTargetUrl, since there is no saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(request.getContextPath()+DEFAULTTARGETURL, response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test DEFAULTTARGETURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
+
+	    rollback();
+	    generateUnmigratedEnabledUser();
+        chain.resetCount();
+    	request = createMockRequest(DEFAULTTARGETURL);
+    	savedRequest = makeSavedRequestForUrl(SECUREDVIEWSURL);
+        request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);
+    	response = new MockHttpServletResponse();
+        // Test SECUREDVIEWSURL. Application filter chain is not invoked, due to redirect to url of saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test SECUREDVIEWSURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
+
+	    rollback();
+	    generateUnmigratedEnabledUser();
+        chain.resetCount();
+    	request = createMockRequest(DEFAULTTARGETURL);
+    	savedRequest = makeSavedRequestForUrl(NOTSECUREDVIEWSURL);
+        request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);
+    	response = new MockHttpServletResponse();
+        // Test NOTSECUREDVIEWSURL. Application filter chain is not invoked, due to redirect to url of saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME))).getLastName());
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test SECUREDVIEWSURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
+	    
+	    rollback();
+    	generateUnmigratedEnabledUser();
+    	request = createMockRequest(SECUREDRSSFEEDURL);
+        chain.resetCount();
+    	response = new MockHttpServletResponse();
+    	// Test SECUREDRSSFEEDURL. Application filter chain invoked.
+    	securityFilterChainProxy.doFilter(request, response, chain);
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(USERNAME)).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(USERNAME)).getLastName());
+        assertEquals(1, chain.getCount());	    
+
+        rollback();
+    	generateUnmigratedEnabledUser();
+    	request = createMockRequest(NOTSECUREDRSSFEEDURL);
+        chain.resetCount();
+    	response = new MockHttpServletResponse();
+    	// Test NOTSECUREDRSSFEEDURL. Application filter chain invoked.
+    	securityFilterChainProxy.doFilter(request, response, chain);
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));
+	    assertEquals(FIRSTNAME, ((UserInfo)securityService.getUserByName(USERNAME)).getFirstName());
+	    assertEquals(LASTNAME, ((UserInfo)securityService.getUserByName(USERNAME)).getLastName());
+        assertEquals(1, chain.getCount());	    
+    }    
+    
+    public void testSuccessfulAuthenticationAndRedirectToMigrationPage() throws Exception {
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+    	response = new MockHttpServletResponse();
+        // Test DEFAULTTARGETURL. Application filter chain is not invoked, due to redirect to defaultTargetUrl, since there is no saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertEquals(request.getContextPath()+MIGRATIONTARGETURL, response.getRedirectedUrl());
+        assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof PrincipalAcegiUserToken);
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test DEFAULTTARGETURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        // Simulate redirect.
+    	request.setServletPath(MIGRATIONTARGETURL);
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
+    	securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertEquals(1, chain.getCount());
+	    
+	    generateUnmigratedDisabledUserNotFindableByEmail();
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+    	response = new MockHttpServletResponse();
+        // Test DEFAULTTARGETURL. Application filter chain is not invoked, due to redirect to defaultTargetUrl, since there is no saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertEquals(request.getContextPath()+MIGRATIONTARGETURL, response.getRedirectedUrl());
+        assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof PrincipalAcegiUserToken);
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test DEFAULTTARGETURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        // Simulate redirect.
+    	request.setServletPath(MIGRATIONTARGETURL);
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
+    	securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertEquals(1, chain.getCount());
+	    
+	    rollback();
+    	request = createMockRequest(DEFAULTTARGETURL);
+    	savedRequest = makeSavedRequestForUrl(SECUREDVIEWSURL);
+        request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+    	response = new MockHttpServletResponse();
+        // Test DEFAULTTARGETURL. Application filter chain is not invoked, due to redirect to defaultTargetUrl, since there is no saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertEquals(request.getContextPath()+MIGRATIONTARGETURL, response.getRedirectedUrl());
+        assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof PrincipalAcegiUserToken);
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test DEFAULTTARGETURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        // Simulate redirect.
+    	request.setServletPath(MIGRATIONTARGETURL);
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
+    	securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertEquals(1, chain.getCount());
+
+	    rollback();
+	    generateUnmigratedDisabledUserNotFindableByEmail();
+    	savedRequest = makeSavedRequestForUrl(SECUREDVIEWSURL);
+        request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);	    
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+    	response = new MockHttpServletResponse();
+        // Test DEFAULTTARGETURL. Application filter chain is not invoked, due to redirect to defaultTargetUrl, since there is no saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertEquals(request.getContextPath()+MIGRATIONTARGETURL, response.getRedirectedUrl());
+        assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof PrincipalAcegiUserToken);
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test DEFAULTTARGETURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        // Simulate redirect.
+    	request.setServletPath(MIGRATIONTARGETURL);
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
+    	securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertEquals(1, chain.getCount());
     }
- */
+    
+    public void testUnsuccessfulAuthenticationDueToLockedUserStatus() throws Exception {
+    	generateLockedUser();
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDVIEWSURL. Application filter chain is not invoked, since we redirect to login form url.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertEquals(SCHEME+"://"+SERVERNAME+CONTEXTPATH+LOGINFORMURL, response.getRedirectedUrl());
+        assertEquals(request.getScheme()+"://"+request.getServerName()+request.getRequestURI(), ((SavedRequest)request.getSession().getAttribute(SAVEDREQUESTKEY)).getFullRequestUrl());
+        assertEquals(0, chain.getCount());
+        
+        chain.resetCount();
+    	request = createMockRequest(NOTSECUREDVIEWSURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDVIEWSURL. Application filter chain is not invoked, since we redirect to login form url.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+        assertEquals(1, chain.getCount());
+
+        chain.resetCount();
+    	request = createMockRequest(SECUREDRSSFEEDURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDRSSFEEDURL. Application filter chain is not invoked. Basic Authentication is requested.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNotNull(response.getHeader("WWW-Authenticate"));
+        assertEquals("Full authentication is required to access this resource", response.getErrorMessage());
+        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
+        assertNotNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(0, chain.getCount());
+
+        chain.resetCount();
+    	request = createMockRequest(NOTSECUREDRSSFEEDURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDRSSFEEDURL. Application filter chain is invoked, since access is granted.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getHeader("WWW-Authenticate"));
+        assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(1, chain.getCount());                
+    }
+
+    public void testUnsuccessfulAuthenticationDueToAccountExpiredUserStatus() throws Exception {
+    	generateAccountExpiredUser();
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDVIEWSURL. Application filter chain is not invoked, since we redirect to login form url.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertEquals(SCHEME+"://"+SERVERNAME+CONTEXTPATH+LOGINFORMURL, response.getRedirectedUrl());
+        assertEquals(request.getScheme()+"://"+request.getServerName()+request.getRequestURI(), ((SavedRequest)request.getSession().getAttribute(SAVEDREQUESTKEY)).getFullRequestUrl());
+        assertEquals(0, chain.getCount());
+        
+        chain.resetCount();
+    	request = createMockRequest(NOTSECUREDVIEWSURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDVIEWSURL. Application filter chain is not invoked, since we redirect to login form url.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+        assertEquals(1, chain.getCount());
+
+        chain.resetCount();
+    	request = createMockRequest(SECUREDRSSFEEDURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDRSSFEEDURL. Application filter chain is not invoked. Basic Authentication is requested.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNotNull(response.getHeader("WWW-Authenticate"));
+        assertEquals("Full authentication is required to access this resource", response.getErrorMessage());
+        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
+        assertNotNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(0, chain.getCount());
+
+        chain.resetCount();
+    	request = createMockRequest(NOTSECUREDRSSFEEDURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDRSSFEEDURL. Application filter chain is invoked, since access is granted.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getHeader("WWW-Authenticate"));
+        assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(1, chain.getCount());                
+    }    
+
+    public void testUnsuccessfulAuthenticationDueToCredentialsExpiredUserStatus() throws Exception {
+    	generateCredentialsExpiredUser();
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDVIEWSURL. Application filter chain is not invoked, since we redirect to login form url.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertEquals(SCHEME+"://"+SERVERNAME+CONTEXTPATH+LOGINFORMURL, response.getRedirectedUrl());
+        assertEquals(request.getScheme()+"://"+request.getServerName()+request.getRequestURI(), ((SavedRequest)request.getSession().getAttribute(SAVEDREQUESTKEY)).getFullRequestUrl());
+        assertEquals(0, chain.getCount());
+        
+        chain.resetCount();
+    	request = createMockRequest(NOTSECUREDVIEWSURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDVIEWSURL. Application filter chain is not invoked, since we redirect to login form url.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+        assertEquals(1, chain.getCount());
+
+        chain.resetCount();
+    	request = createMockRequest(SECUREDRSSFEEDURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDRSSFEEDURL. Application filter chain is not invoked. Basic Authentication is requested.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNotNull(response.getHeader("WWW-Authenticate"));
+        assertEquals("Full authentication is required to access this resource", response.getErrorMessage());
+        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
+        assertNotNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(0, chain.getCount());
+
+        chain.resetCount();
+    	request = createMockRequest(NOTSECUREDRSSFEEDURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDRSSFEEDURL. Application filter chain is invoked, since access is granted.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getHeader("WWW-Authenticate"));
+        assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(1, chain.getCount());                
+    }
+
+    public void testUnsuccessfulAuthenticationDueToDisabledStatusOfMigratedUser() throws Exception {
+    	generateMigratedDisabledUserNoReconcilationNecessary();
+        chain.resetCount();
+    	request = createMockRequest(SECUREDVIEWSURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDVIEWSURL. Application filter chain is not invoked, since we redirect to login form url.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertEquals(SCHEME+"://"+SERVERNAME+CONTEXTPATH+LOGINFORMURL, response.getRedirectedUrl());
+        assertEquals(request.getScheme()+"://"+request.getServerName()+request.getRequestURI(), ((SavedRequest)request.getSession().getAttribute(SAVEDREQUESTKEY)).getFullRequestUrl());
+        assertEquals(0, chain.getCount());
+        
+        chain.resetCount();
+    	request = createMockRequest(NOTSECUREDVIEWSURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDVIEWSURL. Application filter chain is not invoked, since we redirect to login form url.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+        assertEquals(1, chain.getCount());
+
+        chain.resetCount();
+    	request = createMockRequest(SECUREDRSSFEEDURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDRSSFEEDURL. Application filter chain is not invoked. Basic Authentication is requested.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNotNull(response.getHeader("WWW-Authenticate"));
+        assertEquals("Full authentication is required to access this resource", response.getErrorMessage());
+        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
+        assertNotNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(0, chain.getCount());
+
+        chain.resetCount();
+    	request = createMockRequest(NOTSECUREDRSSFEEDURL);
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDRSSFEEDURL. Application filter chain is invoked, since access is granted.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getHeader("WWW-Authenticate"));
+        assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(1, chain.getCount());                
+    }    
+ 
+	protected void rollback() {
+		endTransaction();
+	    startNewTransaction();
+	}	
 	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
-	
 	protected void commit() {
 		setComplete();
-		endTransaction();
-		startNewTransaction();
+		rollback();
 	}
 	
 	protected void flush() {
@@ -572,7 +968,6 @@
 				"classpath*:testDataSource.xml",
 				"classpath*:testShibbolethSecurity.xml"};
 	}
-//	"classpath*:applicationContext-aop.xml",
 
 	//~ Inner Classes ==================================================================================================
 
@@ -584,10 +979,6 @@
             this.expectToProceed = expectToProceed;
         }
 
-        private MockFilterChain() {
-            super();
-        }
-
         public void doFilter(ServletRequest request, ServletResponse response)
             throws IOException, ServletException {
             if (expectToProceed) {

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-web/src/main/java/org/openuss/web/security/AuthenticationController.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-web/src/main/java/org/openuss/web/security/AuthenticationController.java	2008-07-28 13:39:55 UTC (rev 4764)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-web/src/main/java/org/openuss/web/security/AuthenticationController.java	2008-07-29 00:37:09 UTC (rev 4765)
@@ -98,6 +98,7 @@
 		final HttpServletRequest request = getRequest();
 		final HttpServletResponse response = getResponse();
 		final HttpSession session = getSession();
+		boolean userWasUpdated = false;
 		
 		// Delete domain information from username, so that users can enter domain information during login
 		username = SecurityDomainUtility.extractUsername(username);
@@ -124,7 +125,10 @@
 					 * 3. Handle "local user".
 					 */
 					AuthenticationUtils.checkLocallyAll...
 
[truncated message content]

[Openuss-svn-commits] SF.net SVN: openuss:[4764] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ PlexusShibbolethIntegrationTest.java

[<pet...@us...>]

Revision: 4764
          http://openuss.svn.sourceforge.net/openuss/?rev=4764&view=rev
Author:   peterschuh
Date:     2008-07-28 13:39:55 +0000 (Mon, 28 Jul 2008)

Log Message:
-----------
Integration tests.

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java	2008-07-26 22:30:13 UTC (rev 4763)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java	2008-07-28 13:39:55 UTC (rev 4764)
@@ -13,11 +13,15 @@
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.acegisecurity.AuthenticationManager;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.GrantedAuthorityImpl;
 import org.acegisecurity.MockAuthenticationManager;
+import org.acegisecurity.context.HttpSessionContextIntegrationFilter;
+import org.acegisecurity.context.SecurityContext;
 import org.acegisecurity.context.SecurityContextHolder;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.acegisecurity.ui.AbstractProcessingFilter;
@@ -44,7 +48,7 @@
 
 public class PlexusShibbolethIntegrationTest extends AbstractTransactionalDataSourceSpringContextTests {
     private final String SHIBBOLETHUSERNAMEHEADERKEY = "SHIB_REMOTE_USER";
-	private final String SHIBBOLETHFIRSTNAMEHEADERKEY = "Shib-Person-givennam";
+	private final String SHIBBOLETHFIRSTNAMEHEADERKEY = "Shib-Person-givenname";
 	private final String SHIBBOLETHLASTNAMEHEADERKEY = "Shib-Person-sn";
 	private final String SHIBBOLETHEMAILHEADERKEY = "Shib-Person-mail";
 	private final String KEY = "shibboleth";
@@ -158,8 +162,8 @@
 		return request;
 	}
 		
-    private SavedRequest makeSavedRequestForUrl() {
-        MockHttpServletRequest request = createMockRequest(SECUREDVIEWSURL);
+    private SavedRequest makeSavedRequestForUrl(String url) {
+        MockHttpServletRequest request = createMockRequest(url);
         return new SavedRequest(request, new PortResolverImpl());
     }
 
@@ -187,25 +191,31 @@
 	
 	private void generateMigratedDisabledUser() {
 		UserInfo user = createUserInfo();
+		securityService.createUser(user);
+		user = securityService.getUserByName(USERNAME);
 		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
-		securityService.createUser(user);		
+		securityService.saveUser(user);
 	}
 	
 	private void generateMigratedEnabledUserNoReconcilationNecessary() {
 		UserInfo user = createUserInfo();
+		user.setEnabled(true);
+		securityService.createUser(user);
+		user = securityService.getUserByName(USERNAME);
 		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
-		user.setEnabled(true);
-		securityService.createUser(user);		
+		securityService.saveUser(user);
 	}
 
 	private void generateMigratedEnabledUserToBeReconciled() {
 		UserInfo user = createUserInfo();
-		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
 		user.setEmail("ac...@ac...");
 		user.setFirstName("John");
 		user.setLastName("Doe");
 		user.setEnabled(true);
-		securityService.createUser(user);		
+		securityService.createUser(user);	
+		user = securityService.getUserByName(USERNAME);
+		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
+		securityService.saveUser(user);
 	}
 
 	private void generateLockedUser() {
@@ -248,6 +258,7 @@
 		UserInfo user = securityService.getUserByName(USERNAME);
 		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, user.getUsername()));
 		securityService.saveUser(user);
+		user = securityService.getUserByName(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
 		assertNotNull(user);
 		assertNotNull(user.getId());
 		assertTrue(user.isCentralUser());
@@ -263,7 +274,7 @@
         request.setRequestURI(request.getContextPath()+request.getServletPath());
         // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
         response = new MockHttpServletResponse();     
-        // Test SECUREDVIEWSURL. Application filter not invoked, since we redirect to login form url.
+        // Test SECUREDVIEWSURL. Application filter chain is not invoked, since we redirect to login form url.
         securityFilterChainProxy.doFilter(request, response, chain);
         assertEquals(SCHEME+"://"+SERVERNAME+CONTEXTPATH+LOGINFORMURL, response.getRedirectedUrl());
         assertEquals(request.getScheme()+"://"+request.getServerName()+request.getRequestURI(), ((SavedRequest)request.getSession().getAttribute(SAVEDREQUESTKEY)).getFullRequestUrl());
@@ -278,85 +289,192 @@
         request.setRequestURI(request.getContextPath()+request.getServletPath());
         // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
         response = new MockHttpServletResponse();     
-        // Test NOTSECUREDVIEWSURL. Application filter invoked, since access is granted.
+        // Test NOTSECUREDVIEWSURL. Application filter chain is invoked, since access is granted.
         securityFilterChainProxy.doFilter(request, response, chain);
         assertNull(response.getRedirectedUrl());
         assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));
         assertEquals(1, chain.getCount());
 
-        // Test for other URLs -> unsecured view, (un)secured rss
-        
-        
-//        String savedRequestUrl = ((SavedRequest)request.getSession().getAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY)).getFullRequestUrl();
-//        String redirectUrl = response.getRedirectedUrl();
+        chain.resetCount();
+        request = new MockHttpServletRequest();
+        request.setServletPath(SECUREDRSSFEEDURL);
+        request.setScheme(SCHEME);
+        request.setServerName(SERVERNAME);
+        request.setContextPath(CONTEXTPATH);
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDRSSFEEDURL. Application filter chain is not invoked. Basic Authentication is requested.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNotNull(response.getHeader("WWW-Authenticate"));
+        assertEquals("Full authentication is required to access this resource", response.getErrorMessage());
+        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
+        assertNotNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(0, chain.getCount());
+
+        chain.resetCount();
+        request = new MockHttpServletRequest();
+        request.setServletPath(NOTSECUREDRSSFEEDURL);
+        request.setScheme(SCHEME);
+        request.setServerName(SERVERNAME);
+        request.setContextPath(CONTEXTPATH);
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDRSSFEEDURL. Application filter chain is invoked, since access is granted.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getHeader("WWW-Authenticate"));
+        assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(1, chain.getCount());
     }
 
     public void testShibbolethRequestHeadersCleared() throws Exception {
         // Setup our HTTP request with headers cleared. Shibboleth service provider clears request headers to prevent spoofing.
         MockHttpServletRequest request = new MockHttpServletRequest();
-        request.setServletPath("/j_mock_post");
-        request.setScheme("https");
-        request.setServerName("www.example.com");
-        request.setRequestURI(CONTEXTPATH+SECUREDVIEWSURL);
+        request.setServletPath(SECUREDVIEWSURL);
+        request.setScheme(SCHEME);
+        request.setServerName(SERVERNAME);
         request.setContextPath(CONTEXTPATH);
-      
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
         request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, "");
         request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, "");
         request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, "");
         request.addHeader(SHIBBOLETHEMAILHEADERKEY, "");
 
-        boolean continueFilteringIfShibbolethHeadersAreCleared = true;
-        // Setup our expectation that the filter chain will not be invoked, as we redirect to authenticationFailureUrl
-        MockFilterChain chain = new MockFilterChain(continueFilteringIfShibbolethHeadersAreCleared);
-
-        // Setup requiresAuthentication switches.
-        boolean onlyProcessFilterProcessesUrlEnabled = false;
-        boolean processEachUrlEnabled = true;
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDVIEWSURL. Application filter chain is not invoked, since we redirect to login form url.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertEquals(SCHEME+"://"+SERVERNAME+CONTEXTPATH+LOGINFORMURL, response.getRedirectedUrl());
+        assertEquals(request.getScheme()+"://"+request.getServerName()+request.getRequestURI(), ((SavedRequest)request.getSession().getAttribute(SAVEDREQUESTKEY)).getFullRequestUrl());
+        assertEquals(0, chain.getCount());
         
+        chain.resetCount();
+        request = new MockHttpServletRequest();
+        request.setServletPath(NOTSECUREDVIEWSURL);
+        request.setScheme(SCHEME);
+        request.setServerName(SERVERNAME);
+        request.setContextPath(CONTEXTPATH);
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
+        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHEMAILHEADERKEY, "");
         // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
-        response = new MockHttpServletResponse();
-        // Test
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDVIEWSURL. Application filter chain is invoked, since access is granted.
         securityFilterChainProxy.doFilter(request, response, chain);
-        assertNull(SecurityContextHolder.getContext().getAuthentication());
+        assertNull(response.getRedirectedUrl());
+        assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));
+        assertEquals(1, chain.getCount());
+
+        chain.resetCount();
+        request = new MockHttpServletRequest();
+        request.setServletPath(SECUREDRSSFEEDURL);
+        request.setScheme(SCHEME);
+        request.setServerName(SERVERNAME);
+        request.setContextPath(CONTEXTPATH);
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
+        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHEMAILHEADERKEY, "");
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test SECUREDRSSFEEDURL. Application filter chain is not invoked. Basic Authentication is requested.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNotNull(response.getHeader("WWW-Authenticate"));
+        assertEquals("Full authentication is required to access this resource", response.getErrorMessage());
+        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
+        assertNotNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(0, chain.getCount());
+
+        chain.resetCount();
+        request = new MockHttpServletRequest();
+        request.setServletPath(NOTSECUREDRSSFEEDURL);
+        request.setScheme(SCHEME);
+        request.setServerName(SERVERNAME);
+        request.setContextPath(CONTEXTPATH);
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
+        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHEMAILHEADERKEY, "");
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDRSSFEEDURL. Application filter chain is invoked, since access is granted.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getHeader("WWW-Authenticate"));
+        assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));        
+        assertEquals(1, chain.getCount());        
     }
-/*
-    public void testSuccessfulAuthenticationWithoutRedirectToMigrationPageForMigratedUser() throws Exception {
-		
-	    // Setup to return.
-	    boolean returnAfterSuccessfulAuthentication = true;
-	    // Setup our expectation that the filter chain will not be invoked.
-	    MockFilterChain chain = new MockFilterChain(!returnAfterSuccessfulAuthentication);
-	
-        // Setup authentication manager
-        AuthenticationManager authManager = new AuthenticationManager()
-        {public org.acegisecurity.Authentication authenticate(org.acegisecurity.Authentication authentication) throws org.acegisecurity.AuthenticationException {
-        	return new UsernamePasswordAuthenticationToken(USERNAME,"protected",new GrantedAuthority[]{new GrantedAuthorityImpl(DEFAULTROLE)});}};
-        	
-	    // Setup our test object, to grant access and redirect migrated user to defaultTargetUrl.
-	    String defaultTargetUrl = "/foobar";
-        filter.setFilterProcessesUrl("/j_mock_post");
-	    filter.setDefaultTargetUrl(defaultTargetUrl);
-	    filter.setAuthenticationManager(authManager);
-	    filter.setReturnAfterSuccessfulAuthentication(returnAfterSuccessfulAuthentication);
-		filter.setMigrationTargetUrl(MIGRATIONTARGETURL);
-	    // Test
-	    executeFilterInContainerSimulator(config, filter, request, response, chain);
-	    assertEquals(request.getContextPath()+defaultTargetUrl, response.getRedirectedUrl());
-	    assertTrue(SecurityContextHolder.getContext().getAuthentication() instanceof UsernamePasswordAuthenticationToken);
-	
-	    SecurityContextHolder.clearContext();
-	    response = new MockHttpServletResponse();
-        // Setup our HTTP request
-    	request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
-	    // Setup our test object, to grant access and redirect migrated user to url within SavedRequest.
-    	boolean alwaysUseDefaultTargetUrl = false;
-    	filter.setAlwaysUseDefaultTargetUrl(alwaysUseDefaultTargetUrl);
-	    // Test
-	    executeFilterInContainerSimulator(config, filter, request, response, chain);
-	    assertEquals(makeSavedRequestForUrl().getFullRequestUrl(), response.getRedirectedUrl());
-	    assertTrue(SecurityContextHolder.getContext().getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+    
+    
+    
+//        String savedRequestUrl = ((SavedRequest)request.getSession().getAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY)).getFullRequestUrl();
+//        String redirectUrl = response.getRedirectedUrl();
+
+    public void testSuccessfulAuthenticationWithoutReconciliationForEnabledMigratedUser() throws Exception {
+    	generateMigratedEnabledUserNoReconcilationNecessary();
+//        chain.resetCount();
+//    	request = createMockRequest(SECUREDVIEWSURL);
+//    	response = new MockHttpServletResponse();
+//        // Test DEFAULTTARGETURL. Application filter chain is not invoked, due to redirect to defaultTargetUrl, since there is no saved request.
+//        securityFilterChainProxy.doFilter(request, response, chain);
+//	    assertEquals(request.getContextPath()+DEFAULTTARGETURL, response.getRedirectedUrl());
+//	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+//	    assertEquals(0, chain.getCount());
+//    	response = new MockHttpServletResponse();
+//    	// Test DEFAULTTARGETURL. Application filter chain invoked, after redirect and with authentication present within security context.
+//        securityFilterChainProxy.doFilter(request, response, chain);
+//        assertNull(response.getRedirectedUrl());
+//	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+//	    assertEquals(1, chain.getCount());
+	    	    
+    	request = createMockRequest(DEFAULTTARGETURL);
+    	SavedRequest savedRequest = makeSavedRequestForUrl(SECUREDVIEWSURL);
+        request.getSession().setAttribute(SAVEDREQUESTKEY, savedRequest);
+        assertNotNull(request.getSession());
+        assertNotNull(request.getSession().getAttribute(SAVEDREQUESTKEY));
+        assertEquals(SECUREDVIEWSURL, ((SavedRequest)request.getSession().getAttribute(SAVEDREQUESTKEY)).getServletPath());
+        chain.resetCount();
+    	response = new MockHttpServletResponse();
+        // Test SECUREDVIEWSURL. Application filter chain is not invoked, due to redirect to url of saved request.
+        securityFilterChainProxy.doFilter(request, response, chain);
+	    assertEquals(savedRequest.getFullRequestUrl(), response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(0, chain.getCount());
+    	response = new MockHttpServletResponse();
+    	// Test SECUREDVIEWSURL. Application filter chain invoked, after redirect and with authentication present within security context.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+	    assertTrue(((SecurityContext)request.getSession().getAttribute(HttpSessionContextIntegrationFilter.ACEGI_SECURITY_CONTEXT_KEY)).getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    assertEquals(1, chain.getCount());
+	    
+	    
+
+//	    
+//	    SecurityContextHolder.clearContext();
+//	    response = new MockHttpServletResponse();
+//        // Setup our HTTP request
+//    	request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
+//	    // Setup our test object, to grant access and redirect migrated user to url within SavedRequest.
+//    	boolean alwaysUseDefaultTargetUrl = false;
+//    	filter.setAlwaysUseDefaultTargetUrl(alwaysUseDefaultTargetUrl);
+//	    // Test
+//	    executeFilterInContainerSimulator(config, filter, request, response, chain);
+//	    assertEquals(makeSavedRequestForUrl().getFullRequestUrl(), response.getRedirectedUrl());
+//	    assertTrue(SecurityContextHolder.getContext().getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	    
+	    // Test for other URLs -> unsecured view, (un)secured rss
+
     }
+    
+    public void testSuccessfulAuthenticationWithReconciliationForEnabledMigratedUser() throws Exception {
+    	generateMigratedEnabledUserToBeReconciled();
+    }
 
+/*
     public void testSuccessfulAuthenticationWithoutRedirectButContinuedProcessingOfFilterChain() throws Exception {
 		
 	    // Setup not to return, but to continue chain.


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4763] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ PlexusShibbolethIntegrationTest.java

[<pet...@us...>]

Revision: 4763
          http://openuss.svn.sourceforge.net/openuss/?rev=4763&view=rev
Author:   peterschuh
Date:     2008-07-26 22:30:13 +0000 (Sat, 26 Jul 2008)

Log Message:
-----------
Integration tests

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java	2008-07-25 00:04:06 UTC (rev 4762)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java	2008-07-26 22:30:13 UTC (rev 4763)
@@ -67,6 +67,7 @@
 	private final String DEFAULTTARGETURL = "/views/welcome.faces";
 	private final String LOGINFORMURL = "/views/public/login/login.faces";
 	private final String MIGRATIONTARGETURL = "/views/secured/migration/migration.faces";
+	private final String SAVEDREQUESTKEY = AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY;
 	
 	private MockHttpServletRequest request;
 	private MockFilterConfig config;
@@ -131,6 +132,7 @@
 	protected PlexusShibbolethAuthenticationProcessingFilter shibbolethProcessingFilterWithoutMigration;
 	protected PlexusShibbolethAuthenticationProvider shibbolethAuthenticationProviderWithoutMigration;
 	protected FilterChainProxy securityFilterChainProxy;
+	// The application filter chain.
 	protected MockFilterChain chain = new MockFilterChain(true);
 
 	//~ Constructor
@@ -140,80 +142,28 @@
 	}
 
 	//~ Convenience methods
-	private MockHttpServletRequest createMockRequestForSecuredView() {
-        MockHttpServletRequest request = new MockHttpServletRequest();
-
-        request.setServletPath("/j_mock_post");
-        request.setScheme("https");
-        request.setServerName("www.example.com");
-        request.setRequestURI(CONTEXTPATH+SECUREDVIEWSURL);
-        request.setContextPath(CONTEXTPATH);
-        
-        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, USERNAME);
-        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, FIRSTNAME);
-        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, LASTNAME);
-        request.addHeader(SHIBBOLETHEMAILHEADERKEY, EMAIL);
-
-        return request;
-    }
 	
-	private MockHttpServletRequest createMockRequestForNotSecuredView() {
-        MockHttpServletRequest request = new MockHttpServletRequest();
-
-        request.setServletPath("/j_mock_post");
-        request.setScheme("https");
-        request.setServerName("www.example.com");
-        request.setRequestURI(CONTEXTPATH+NOTSECUREDVIEWSURL);
+	private MockHttpServletRequest createMockRequest(String url) {
+		MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath(url);
+		request.setScheme(SCHEME);
+        request.setServerName(SERVERNAME);
         request.setContextPath(CONTEXTPATH);
+        request.setRequestURI(request.getContextPath()+url);
         
         request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, USERNAME);
         request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, FIRSTNAME);
         request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, LASTNAME);
         request.addHeader(SHIBBOLETHEMAILHEADERKEY, EMAIL);
-
-        return request;
-    }
-	
-	private MockHttpServletRequest createMockRequestForSecuredRssFeed() {
-        MockHttpServletRequest request = new MockHttpServletRequest();
-
-        request.setServletPath("/j_mock_post");
-        request.setScheme("https");
-        request.setServerName("www.example.com");
-        request.setRequestURI(CONTEXTPATH+SECUREDRSSFEEDURL);
-        request.setContextPath(CONTEXTPATH);
-        
-        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, USERNAME);
-        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, FIRSTNAME);
-        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, LASTNAME);
-        request.addHeader(SHIBBOLETHEMAILHEADERKEY, EMAIL);
-
-        return request;
-    }
-	
-	private MockHttpServletRequest createMockRequestForNotSecuredRssFeed() {
-        MockHttpServletRequest request = new MockHttpServletRequest();
-
-        request.setServletPath("/j_mock_post");
-        request.setScheme("https");
-        request.setServerName("www.example.com");
-        request.setRequestURI(CONTEXTPATH+NOTSECUREDRSSFEEDURL);
-        request.setContextPath(CONTEXTPATH);
-        
-        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, USERNAME);
-        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, FIRSTNAME);
-        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, LASTNAME);
-        request.addHeader(SHIBBOLETHEMAILHEADERKEY, EMAIL);
-
-        return request;
-    }
-	
+		return request;
+	}
+		
     private SavedRequest makeSavedRequestForUrl() {
-        MockHttpServletRequest request = createMockRequestForSecuredView();
+        MockHttpServletRequest request = createMockRequest(SECUREDVIEWSURL);
         return new SavedRequest(request, new PortResolverImpl());
     }
 
-	private void generateUnmigratedDisabledUser() {
+	private UserInfo createUserInfo() {
 		UserInfo user = new UserInfo();
 		user.setUsername(USERNAME);
 		user.setPassword(PASSWORD);
@@ -222,54 +172,36 @@
 		user.setTimezone(TimeZone.getDefault().getID());		
 		user.setFirstName(FIRSTNAME);
 		user.setLastName(LASTNAME);
-		securityService.createUser(user);
+		return user;
 	}
+    
+    private void generateUnmigratedDisabledUser() {
+		securityService.createUser(createUserInfo());
+	}
 	
 	private void generateUnmigratedEnabledUser() {
-		UserInfo user = new UserInfo();
-		user.setUsername(USERNAME);
-		user.setPassword(PASSWORD);
-		user.setEmail(EMAIL);
-		user.setLocale(LOCALE);
-		user.setTimezone(TimeZone.getDefault().getID());		
-		user.setFirstName(FIRSTNAME);
-		user.setLastName(LASTNAME);
+		UserInfo user = createUserInfo();
 		user.setEnabled(true);
 		securityService.createUser(user);
 	}
 	
 	private void generateMigratedDisabledUser() {
-		UserInfo user = new UserInfo();
+		UserInfo user = createUserInfo();
 		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
-		user.setPassword(PASSWORD);
-		user.setEmail(EMAIL);
-		user.setLocale(LOCALE);
-		user.setTimezone(TimeZone.getDefault().getID());		
-		user.setFirstName(FIRSTNAME);
-		user.setLastName(LASTNAME);
 		securityService.createUser(user);		
 	}
 	
 	private void generateMigratedEnabledUserNoReconcilationNecessary() {
-		UserInfo user = new UserInfo();
+		UserInfo user = createUserInfo();
 		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
-		user.setPassword(PASSWORD);
-		user.setEmail(EMAIL);
-		user.setLocale(LOCALE);
-		user.setTimezone(TimeZone.getDefault().getID());		
-		user.setFirstName(FIRSTNAME);
-		user.setLastName(LASTNAME);
 		user.setEnabled(true);
 		securityService.createUser(user);		
 	}
 
 	private void generateMigratedEnabledUserToBeReconciled() {
-		UserInfo user = new UserInfo();
+		UserInfo user = createUserInfo();
 		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
-		user.setPassword(PASSWORD);
 		user.setEmail("ac...@ac...");
-		user.setLocale(LOCALE);
-		user.setTimezone(TimeZone.getDefault().getID());		
 		user.setFirstName("John");
 		user.setLastName("Doe");
 		user.setEnabled(true);
@@ -277,42 +209,21 @@
 	}
 
 	private void generateLockedUser() {
-		UserInfo user = new UserInfo();
-		user.setUsername(USERNAME);
-		user.setPassword(PASSWORD);
-		user.setEmail(EMAIL);
-		user.setLocale(LOCALE);
-		user.setTimezone(TimeZone.getDefault().getID());		
-		user.setFirstName(FIRSTNAME);
-		user.setLastName(LASTNAME);
+		UserInfo user = createUserInfo();
 		user.setEnabled(true);
 		user.setAccountLocked(true);
 		securityService.createUser(user);		
 	}
 	
 	private void generateAccountExpiredUser() {
-		UserInfo user = new UserInfo();
-		user.setUsername(USERNAME);
-		user.setPassword(PASSWORD);
-		user.setEmail(EMAIL);
-		user.setLocale(LOCALE);
-		user.setTimezone(TimeZone.getDefault().getID());		
-		user.setFirstName(FIRSTNAME);
-		user.setLastName(LASTNAME);
+		UserInfo user = createUserInfo();
 		user.setEnabled(true);
 		user.setAccountExpired(true);
 		securityService.createUser(user);		
 	}
 	
 	private void generateCredentialsExpiredUser() {
-		UserInfo user = new UserInfo();
-		user.setUsername(USERNAME);
-		user.setPassword(PASSWORD);
-		user.setEmail(EMAIL);
-		user.setLocale(LOCALE);
-		user.setTimezone(TimeZone.getDefault().getID());		
-		user.setFirstName(FIRSTNAME);
-		user.setLastName(LASTNAME);
+		UserInfo user = createUserInfo();
 		user.setEnabled(true);
 		user.setAccountExpired(true);
 		securityService.createUser(user);
@@ -335,29 +246,49 @@
 	public void testUserCreation() {
 		generateUnmigratedEnabledUser();
 		UserInfo user = securityService.getUserByName(USERNAME);
-		String[] grantedAuthorities = securityService.getGrantedAuthorities(user);
 		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, user.getUsername()));
 		securityService.saveUser(user);
-		UserInfo user2 = securityService.getUserByEmail(EMAIL);
 		assertNotNull(user);
 		assertNotNull(user.getId());
+		assertTrue(user.isCentralUser());
 	}
 	
     public void testShibbolethRequestHeadersNotPresent() throws Exception {
-        MockHttpServletRequest request = new MockHttpServletRequest();
+        chain.resetCount();
+    	request = new MockHttpServletRequest();
         request.setServletPath(SECUREDVIEWSURL);
         request.setScheme(SCHEME);
         request.setServerName(SERVERNAME);
-        request.setRequestURI(CONTEXTPATH+SECUREDVIEWSURL);
         request.setContextPath(CONTEXTPATH);
-
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
         // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
-        response = new MockHttpServletResponse();
-     
-        // Test
+        response = new MockHttpServletResponse();     
+        // Test SECUREDVIEWSURL. Application filter not invoked, since we redirect to login form url.
         securityFilterChainProxy.doFilter(request, response, chain);
-        String redirectUrl = response.getRedirectedUrl();
         assertEquals(SCHEME+"://"+SERVERNAME+CONTEXTPATH+LOGINFORMURL, response.getRedirectedUrl());
+        assertEquals(request.getScheme()+"://"+request.getServerName()+request.getRequestURI(), ((SavedRequest)request.getSession().getAttribute(SAVEDREQUESTKEY)).getFullRequestUrl());
+        assertEquals(0, chain.getCount());
+
+        chain.resetCount();
+        request = new MockHttpServletRequest();
+        request.setServletPath(NOTSECUREDVIEWSURL);
+        request.setScheme(SCHEME);
+        request.setServerName(SERVERNAME);
+        request.setContextPath(CONTEXTPATH);
+        request.setRequestURI(request.getContextPath()+request.getServletPath());
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();     
+        // Test NOTSECUREDVIEWSURL. Application filter invoked, since access is granted.
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(response.getRedirectedUrl());
+        assertNull(request.getSession().getAttribute(SAVEDREQUESTKEY));
+        assertEquals(1, chain.getCount());
+
+        // Test for other URLs -> unsecured view, (un)secured rss
+        
+        
+//        String savedRequestUrl = ((SavedRequest)request.getSession().getAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY)).getFullRequestUrl();
+//        String redirectUrl = response.getRedirectedUrl();
     }
 
     public void testShibbolethRequestHeadersCleared() throws Exception {
@@ -549,13 +480,17 @@
             }
         }
 
+		public void resetCount() {
+			setCount(0);
+		}
+
 		public int getCount() {
 			return count;
 		}
 
 		public void setCount(int count) {
 			this.count = count;
-		}
+		}		
     }    
 
     public SecurityService getSecurityService() {


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4762] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ PlexusShibbolethIntegrationTest.java

[<pet...@us...>]

Revision: 4762
          http://openuss.svn.sourceforge.net/openuss/?rev=4762&view=rev
Author:   peterschuh
Date:     2008-07-25 00:04:06 +0000 (Fri, 25 Jul 2008)

Log Message:
-----------
# Integration Tests

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java	2008-07-24 14:32:58 UTC (rev 4761)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/PlexusShibbolethIntegrationTest.java	2008-07-25 00:04:06 UTC (rev 4762)
@@ -6,14 +6,38 @@
 import static org.easymock.EasyMock.expect;
 import static org.easymock.EasyMock.verify;
 
+import java.io.IOException;
+import java.util.TimeZone;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+import org.acegisecurity.AuthenticationManager;
+import org.acegisecurity.GrantedAuthority;
+import org.acegisecurity.GrantedAuthorityImpl;
+import org.acegisecurity.MockAuthenticationManager;
 import org.acegisecurity.context.SecurityContextHolder;
+import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
+import org.acegisecurity.ui.AbstractProcessingFilter;
 import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter;
+import org.acegisecurity.ui.savedrequest.SavedRequest;
+import org.acegisecurity.util.FilterChainProxy;
+import org.acegisecurity.util.PortResolverImpl;
 import org.hibernate.SessionFactory;
 import org.openuss.TestUtility;
+import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetails;
+import org.openuss.framework.web.acegi.shibboleth.ShibbolethUserDetailsImpl;
 import org.openuss.messaging.MessageService;
 import org.openuss.migration.UserMigrationUtility;
 import org.openuss.migration.UserMigrationUtilityImpl;
+import org.openuss.security.SecurityDomainUtility;
 import org.openuss.security.SecurityService;
+import org.openuss.security.UserInfo;
+import org.springframework.mock.web.MockFilterConfig;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.test.AbstractTransactionalDataSourceSpringContextTests;
 
 import junit.framework.TestCase;
@@ -26,11 +50,28 @@
 	private final String KEY = "shibboleth";
 	private final String DEFAULTDOMAINNAME = "wwu";
 	private final Long DEFAULTDOMAINID = 1006L;
-	private final String MIGRATIONTARGETURL = "/views/secured/migration/migration.faces";
 	private final String DEFAULTROLE = "ROLE_SHIBBOLETHUSER";
+	private final String USERNAME = "test";
+	private final String FIRSTNAME = "Joe";
+	private final String LASTNAME = "Sixpack";
+	private final String EMAIL = "j_s...@ac...";
+	private final String PASSWORD = "password";
+	private final String LOCALE = "de";
+	private final String SCHEME = "https";
+	private final String SERVERNAME = "localhost:8080";
+	private final String CONTEXTPATH = "/plexus-web";
+	private final String SECUREDVIEWSURL = "/views/secured/user/profile.faces";
+	private final String NOTSECUREDVIEWSURL = "/views/public/login/logout.faces";
+	private final String SECUREDRSSFEEDURL = "/rss/secured/documents.xml?course=2236";
+	private final String NOTSECUREDRSSFEEDURL = "/rss/public/institute.xml?institute=2192";
 	private final String DEFAULTTARGETURL = "/views/welcome.faces";
-	private final String USERNAME = "test";
+	private final String LOGINFORMURL = "/views/public/login/login.faces";
+	private final String MIGRATIONTARGETURL = "/views/secured/migration/migration.faces";
 	
+	private MockHttpServletRequest request;
+	private MockFilterConfig config;
+	private MockHttpServletResponse response;
+	
 //	private PlexusShibbolethAuthenticationProcessingFilter filter = new PlexusShibbolethAuthenticationProcessingFilter();
 //	private PlexusShibbolethAuthenticationProvider provider = new PlexusShibbolethAuthenticationProvider();
 //
@@ -89,13 +130,195 @@
 	protected PlexusShibbolethAuthenticationProvider shibbolethAuthenticationProvider;
 	protected PlexusShibbolethAuthenticationProcessingFilter shibbolethProcessingFilterWithoutMigration;
 	protected PlexusShibbolethAuthenticationProvider shibbolethAuthenticationProviderWithoutMigration;
-	
+	protected FilterChainProxy securityFilterChainProxy;
+	protected MockFilterChain chain = new MockFilterChain(true);
+
+	//~ Constructor
 	public PlexusShibbolethIntegrationTest() {
 		super();
 		super.setAutowireMode(AbstractTransactionalDataSourceSpringContextTests.AUTOWIRE_BY_NAME);
 	}
 
-	public void testSecurityServiceInjection() {
+	//~ Convenience methods
+	private MockHttpServletRequest createMockRequestForSecuredView() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+
+        request.setServletPath("/j_mock_post");
+        request.setScheme("https");
+        request.setServerName("www.example.com");
+        request.setRequestURI(CONTEXTPATH+SECUREDVIEWSURL);
+        request.setContextPath(CONTEXTPATH);
+        
+        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, USERNAME);
+        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, FIRSTNAME);
+        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, LASTNAME);
+        request.addHeader(SHIBBOLETHEMAILHEADERKEY, EMAIL);
+
+        return request;
+    }
+	
+	private MockHttpServletRequest createMockRequestForNotSecuredView() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+
+        request.setServletPath("/j_mock_post");
+        request.setScheme("https");
+        request.setServerName("www.example.com");
+        request.setRequestURI(CONTEXTPATH+NOTSECUREDVIEWSURL);
+        request.setContextPath(CONTEXTPATH);
+        
+        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, USERNAME);
+        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, FIRSTNAME);
+        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, LASTNAME);
+        request.addHeader(SHIBBOLETHEMAILHEADERKEY, EMAIL);
+
+        return request;
+    }
+	
+	private MockHttpServletRequest createMockRequestForSecuredRssFeed() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+
+        request.setServletPath("/j_mock_post");
+        request.setScheme("https");
+        request.setServerName("www.example.com");
+        request.setRequestURI(CONTEXTPATH+SECUREDRSSFEEDURL);
+        request.setContextPath(CONTEXTPATH);
+        
+        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, USERNAME);
+        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, FIRSTNAME);
+        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, LASTNAME);
+        request.addHeader(SHIBBOLETHEMAILHEADERKEY, EMAIL);
+
+        return request;
+    }
+	
+	private MockHttpServletRequest createMockRequestForNotSecuredRssFeed() {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+
+        request.setServletPath("/j_mock_post");
+        request.setScheme("https");
+        request.setServerName("www.example.com");
+        request.setRequestURI(CONTEXTPATH+NOTSECUREDRSSFEEDURL);
+        request.setContextPath(CONTEXTPATH);
+        
+        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, USERNAME);
+        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, FIRSTNAME);
+        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, LASTNAME);
+        request.addHeader(SHIBBOLETHEMAILHEADERKEY, EMAIL);
+
+        return request;
+    }
+	
+    private SavedRequest makeSavedRequestForUrl() {
+        MockHttpServletRequest request = createMockRequestForSecuredView();
+        return new SavedRequest(request, new PortResolverImpl());
+    }
+
+	private void generateUnmigratedDisabledUser() {
+		UserInfo user = new UserInfo();
+		user.setUsername(USERNAME);
+		user.setPassword(PASSWORD);
+		user.setEmail(EMAIL);
+		user.setLocale(LOCALE);
+		user.setTimezone(TimeZone.getDefault().getID());		
+		user.setFirstName(FIRSTNAME);
+		user.setLastName(LASTNAME);
+		securityService.createUser(user);
+	}
+	
+	private void generateUnmigratedEnabledUser() {
+		UserInfo user = new UserInfo();
+		user.setUsername(USERNAME);
+		user.setPassword(PASSWORD);
+		user.setEmail(EMAIL);
+		user.setLocale(LOCALE);
+		user.setTimezone(TimeZone.getDefault().getID());		
+		user.setFirstName(FIRSTNAME);
+		user.setLastName(LASTNAME);
+		user.setEnabled(true);
+		securityService.createUser(user);
+	}
+	
+	private void generateMigratedDisabledUser() {
+		UserInfo user = new UserInfo();
+		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
+		user.setPassword(PASSWORD);
+		user.setEmail(EMAIL);
+		user.setLocale(LOCALE);
+		user.setTimezone(TimeZone.getDefault().getID());		
+		user.setFirstName(FIRSTNAME);
+		user.setLastName(LASTNAME);
+		securityService.createUser(user);		
+	}
+	
+	private void generateMigratedEnabledUserNoReconcilationNecessary() {
+		UserInfo user = new UserInfo();
+		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
+		user.setPassword(PASSWORD);
+		user.setEmail(EMAIL);
+		user.setLocale(LOCALE);
+		user.setTimezone(TimeZone.getDefault().getID());		
+		user.setFirstName(FIRSTNAME);
+		user.setLastName(LASTNAME);
+		user.setEnabled(true);
+		securityService.createUser(user);		
+	}
+
+	private void generateMigratedEnabledUserToBeReconciled() {
+		UserInfo user = new UserInfo();
+		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, USERNAME));
+		user.setPassword(PASSWORD);
+		user.setEmail("ac...@ac...");
+		user.setLocale(LOCALE);
+		user.setTimezone(TimeZone.getDefault().getID());		
+		user.setFirstName("John");
+		user.setLastName("Doe");
+		user.setEnabled(true);
+		securityService.createUser(user);		
+	}
+
+	private void generateLockedUser() {
+		UserInfo user = new UserInfo();
+		user.setUsername(USERNAME);
+		user.setPassword(PASSWORD);
+		user.setEmail(EMAIL);
+		user.setLocale(LOCALE);
+		user.setTimezone(TimeZone.getDefault().getID());		
+		user.setFirstName(FIRSTNAME);
+		user.setLastName(LASTNAME);
+		user.setEnabled(true);
+		user.setAccountLocked(true);
+		securityService.createUser(user);		
+	}
+	
+	private void generateAccountExpiredUser() {
+		UserInfo user = new UserInfo();
+		user.setUsername(USERNAME);
+		user.setPassword(PASSWORD);
+		user.setEmail(EMAIL);
+		user.setLocale(LOCALE);
+		user.setTimezone(TimeZone.getDefault().getID());		
+		user.setFirstName(FIRSTNAME);
+		user.setLastName(LASTNAME);
+		user.setEnabled(true);
+		user.setAccountExpired(true);
+		securityService.createUser(user);		
+	}
+	
+	private void generateCredentialsExpiredUser() {
+		UserInfo user = new UserInfo();
+		user.setUsername(USERNAME);
+		user.setPassword(PASSWORD);
+		user.setEmail(EMAIL);
+		user.setLocale(LOCALE);
+		user.setTimezone(TimeZone.getDefault().getID());		
+		user.setFirstName(FIRSTNAME);
+		user.setLastName(LASTNAME);
+		user.setEnabled(true);
+		user.setAccountExpired(true);
+		securityService.createUser(user);
+	}
+	
+	public void testInjection() {
 		assertNotNull(securityService);
 		assertNotNull(shibbolethProcessingFilter);
 		assertTrue(shibbolethProcessingFilter.isMigrationEnabled());
@@ -105,8 +328,178 @@
 		assertFalse(shibbolethProcessingFilterWithoutMigration.isMigrationEnabled());
 		assertNotNull(shibbolethAuthenticationProviderWithoutMigration);
 		assertFalse(shibbolethAuthenticationProviderWithoutMigration.isMigrationEnabled());
+		assertNotNull(securityFilterChainProxy);
 	}
+
 	
+	public void testUserCreation() {
+		generateUnmigratedEnabledUser();
+		UserInfo user = securityService.getUserByName(USERNAME);
+		String[] grantedAuthorities = securityService.getGrantedAuthorities(user);
+		user.setUsername(SecurityDomainUtility.toUsername(DEFAULTDOMAINNAME, user.getUsername()));
+		securityService.saveUser(user);
+		UserInfo user2 = securityService.getUserByEmail(EMAIL);
+		assertNotNull(user);
+		assertNotNull(user.getId());
+	}
+	
+    public void testShibbolethRequestHeadersNotPresent() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath(SECUREDVIEWSURL);
+        request.setScheme(SCHEME);
+        request.setServerName(SERVERNAME);
+        request.setRequestURI(CONTEXTPATH+SECUREDVIEWSURL);
+        request.setContextPath(CONTEXTPATH);
+
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();
+     
+        // Test
+        securityFilterChainProxy.doFilter(request, response, chain);
+        String redirectUrl = response.getRedirectedUrl();
+        assertEquals(SCHEME+"://"+SERVERNAME+CONTEXTPATH+LOGINFORMURL, response.getRedirectedUrl());
+    }
+
+    public void testShibbolethRequestHeadersCleared() throws Exception {
+        // Setup our HTTP request with headers cleared. Shibboleth service provider clears request headers to prevent spoofing.
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/j_mock_post");
+        request.setScheme("https");
+        request.setServerName("www.example.com");
+        request.setRequestURI(CONTEXTPATH+SECUREDVIEWSURL);
+        request.setContextPath(CONTEXTPATH);
+      
+        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHEMAILHEADERKEY, "");
+
+        boolean continueFilteringIfShibbolethHeadersAreCleared = true;
+        // Setup our expectation that the filter chain will not be invoked, as we redirect to authenticationFailureUrl
+        MockFilterChain chain = new MockFilterChain(continueFilteringIfShibbolethHeadersAreCleared);
+
+        // Setup requiresAuthentication switches.
+        boolean onlyProcessFilterProcessesUrlEnabled = false;
+        boolean processEachUrlEnabled = true;
+        
+        // Setup filter. Does not attempt authentication, due to request headers are not present. Continues with next filter instead.
+        response = new MockHttpServletResponse();
+        // Test
+        securityFilterChainProxy.doFilter(request, response, chain);
+        assertNull(SecurityContextHolder.getContext().getAuthentication());
+    }
+/*
+    public void testSuccessfulAuthenticationWithoutRedirectToMigrationPageForMigratedUser() throws Exception {
+		
+	    // Setup to return.
+	    boolean returnAfterSuccessfulAuthentication = true;
+	    // Setup our expectation that the filter chain will not be invoked.
+	    MockFilterChain chain = new MockFilterChain(!returnAfterSuccessfulAuthentication);
+	
+        // Setup authentication manager
+        AuthenticationManager authManager = new AuthenticationManager()
+        {public org.acegisecurity.Authentication authenticate(org.acegisecurity.Authentication authentication) throws org.acegisecurity.AuthenticationException {
+        	return new UsernamePasswordAuthenticationToken(USERNAME,"protected",new GrantedAuthority[]{new GrantedAuthorityImpl(DEFAULTROLE)});}};
+        	
+	    // Setup our test object, to grant access and redirect migrated user to defaultTargetUrl.
+	    String defaultTargetUrl = "/foobar";
+        filter.setFilterProcessesUrl("/j_mock_post");
+	    filter.setDefaultTargetUrl(defaultTargetUrl);
+	    filter.setAuthenticationManager(authManager);
+	    filter.setReturnAfterSuccessfulAuthentication(returnAfterSuccessfulAuthentication);
+		filter.setMigrationTargetUrl(MIGRATIONTARGETURL);
+	    // Test
+	    executeFilterInContainerSimulator(config, filter, request, response, chain);
+	    assertEquals(request.getContextPath()+defaultTargetUrl, response.getRedirectedUrl());
+	    assertTrue(SecurityContextHolder.getContext().getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+	
+	    SecurityContextHolder.clearContext();
+	    response = new MockHttpServletResponse();
+        // Setup our HTTP request
+    	request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
+	    // Setup our test object, to grant access and redirect migrated user to url within SavedRequest.
+    	boolean alwaysUseDefaultTargetUrl = false;
+    	filter.setAlwaysUseDefaultTargetUrl(alwaysUseDefaultTargetUrl);
+	    // Test
+	    executeFilterInContainerSimulator(config, filter, request, response, chain);
+	    assertEquals(makeSavedRequestForUrl().getFullRequestUrl(), response.getRedirectedUrl());
+	    assertTrue(SecurityContextHolder.getContext().getAuthentication() instanceof UsernamePasswordAuthenticationToken);
+    }
+
+    public void testSuccessfulAuthenticationWithoutRedirectButContinuedProcessingOfFilterChain() throws Exception {
+		
+	    // Setup not to return, but to continue chain.
+	    boolean returnAfterSuccessfulAuthentication = false;
+	    // Setup our expectation that the filter chain will be invoked.
+	    MockFilterChain chain = new MockFilterChain(!returnAfterSuccessfulAuthentication);
+	    
+	    // Setup our test object, to grant access
+	    filter.setFilterProcessesUrl("/j_mock_post");
+	    filter.setDefaultTargetUrl("/foobar");
+	    filter.setAuthenticationManager(new MockAuthenticationManager(true));
+	    filter.setReturnAfterSuccessfulAuthentication(returnAfterSuccessfulAuthentication);
+		filter.setRedirectOnAuthenticationSuccessEnabled(false);
+	    // Test
+	    executeFilterInContainerSimulator(config, filter, request, response, chain);
+	    assertNull(response.getRedirectedUrl());
+	    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
+	    assertTrue(SecurityContextHolder.getContext().getAuthentication().getDetails() instanceof ShibbolethUserDetails);
+	    ShibbolethUserDetails sud = (ShibbolethUserDetails)SecurityContextHolder.getContext().getAuthentication().getDetails();
+	    assertEquals(USERNAME,(String)sud.getAttributes().get(ShibbolethUserDetailsImpl.USERNAME_KEY).get());
+	    assertEquals(FIRSTNAME,(String)sud.getAttributes().get(ShibbolethUserDetailsImpl.FIRSTNAME_KEY).get());
+	    assertEquals(LASTNAME,(String)sud.getAttributes().get(ShibbolethUserDetailsImpl.LASTNAME_KEY).get());
+	    assertEquals(EMAIL,(String)sud.getAttributes().get(ShibbolethUserDetailsImpl.EMAIL_KEY).get());
+	    assertEquals(DEFAULTDOMAINNAME,(String)sud.getAttributes().get(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINNAME_KEY).get());
+	    assertEquals(DEFAULTDOMAINID,(Long)sud.getAttributes().get(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINID_KEY).get());
+	    assertEquals(1, chain.getCount());
+	}
+
+    public void testUnsuccessfulAuthenticationWithoutRedirectButContinuedProcessingOfFilterChain() throws Exception {
+	    // Setup not to return, but to continue chain.
+	    boolean returnAfterUnsuccessfulAuthentication = false;
+	    // Setup our expectation that the filter chain will be invoked.
+	    MockFilterChain chain = new MockFilterChain(!returnAfterUnsuccessfulAuthentication);
+	
+	    // Setup our test object, to grant access
+	    filter.setFilterProcessesUrl("/j_mock_post");
+	    filter.setDefaultTargetUrl("/foobar");
+	    filter.setAuthenticationManager(new MockAuthenticationManager(false));
+	    filter.setReturnAfterSuccessfulAuthentication(returnAfterUnsuccessfulAuthentication);
+		filter.setRedirectOnAuthenticationFailureEnabled(false);
+	    // Test
+	    executeFilterInContainerSimulator(config, filter, request, response, chain);
+	    assertNull(response.getRedirectedUrl());
+	    assertNull(SecurityContextHolder.getContext().getAuthentication());
+	    assertEquals(1, chain.getCount());
+    }
+ */
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
+	
 	protected void commit() {
 		setComplete();
 		endTransaction();
@@ -131,8 +524,41 @@
 				"classpath*:testShibbolethSecurity.xml"};
 	}
 //	"classpath*:applicationContext-aop.xml",
-	
-	public SecurityService getSecurityService() {
+
+	//~ Inner Classes ==================================================================================================
+
+    private class MockFilterChain implements FilterChain {
+        private boolean expectToProceed;
+        private int count = 0;
+
+        public MockFilterChain(boolean expectToProceed) {
+            this.expectToProceed = expectToProceed;
+        }
+
+        private MockFilterChain() {
+            super();
+        }
+
+        public void doFilter(ServletRequest request, ServletResponse response)
+            throws IOException, ServletException {
+            if (expectToProceed) {
+            	count++;
+                assertTrue(true);
+            } else {
+                fail("Did not expect filter chain to proceed");
+            }
+        }
+
+		public int getCount() {
+			return count;
+		}
+
+		public void setCount(int count) {
+			this.count = count;
+		}
+    }    
+
+    public SecurityService getSecurityService() {
 		return securityService;
 	}
 
@@ -192,4 +618,13 @@
 			PlexusShibbolethAuthenticationProvider shibbolethAuthenticationProviderWithoutMigration) {
 		this.shibbolethAuthenticationProviderWithoutMigration = shibbolethAuthenticationProviderWithoutMigration;
 	}
+
+	public FilterChainProxy getSecurityFilterChainProxy() {
+		return securityFilterChainProxy;
+	}
+
+	public void setSecurityFilterChainProxy(
+			FilterChainProxy securityFilterChainProxy) {
+		this.securityFilterChainProxy = securityFilterChainProxy;
+	}
 }


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4761] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src

[<pet...@us...>]

Revision: 4761
          http://openuss.svn.sourceforge.net/openuss/?rev=4761&view=rev
Author:   peterschuh
Date:     2008-07-24 14:32:58 +0000 (Thu, 24 Jul 2008)

Log Message:
-----------
# Unit Tests
# Unreachable code

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilterTest.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java	2008-07-24 13:54:30 UTC (rev 4760)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/main/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilter.java	2008-07-24 14:32:58 UTC (rev 4761)
@@ -291,28 +291,23 @@
 		
 		public Object buildDetails(HttpServletRequest request) {
 			shibbolethUserDetails = new ShibbolethUserDetailsImpl();
-			if (request.getHeader(shibbolethUsernameHeaderKey)!=null) {
-				shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.USERNAME_KEY, request.getHeader(shibbolethUsernameHeaderKey));
-				if (request.getHeader(shibbolethEmailHeaderKey)!=null) {
-					shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.EMAIL_KEY, ((String) request.getHeader(shibbolethEmailHeaderKey)).toLowerCase());
-				}
-				if (request.getHeader(shibbolethFirstNameHeaderKey)!=null) {
-					shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.FIRSTNAME_KEY, request.getHeader(shibbolethFirstNameHeaderKey));
-				}
-				if (request.getHeader(shibbolethLastNameHeaderKey)!=null) {
-					shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.LASTNAME_KEY, request.getHeader(shibbolethLastNameHeaderKey));
-				}
-				if (getDefaultDomainName()!=null) {
-					shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINNAME_KEY, getDefaultDomainName());
-				}
-				if (getDefaultDomainId()!=null) {
-					shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINID_KEY, getDefaultDomainId());
-				}
-				return shibbolethUserDetails;
+            shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.USERNAME_KEY, request.getHeader(shibbolethUsernameHeaderKey));
+			if (request.getHeader(shibbolethEmailHeaderKey)!=null) {
+				shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.EMAIL_KEY, ((String) request.getHeader(shibbolethEmailHeaderKey)).toLowerCase());
 			}
-			else {
-				return null;
+			if (request.getHeader(shibbolethFirstNameHeaderKey)!=null) {
+				shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.FIRSTNAME_KEY, request.getHeader(shibbolethFirstNameHeaderKey));
 			}
+			if (request.getHeader(shibbolethLastNameHeaderKey)!=null) {
+				shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.LASTNAME_KEY, request.getHeader(shibbolethLastNameHeaderKey));
+			}
+			if (getDefaultDomainName()!=null) {
+				shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINNAME_KEY, getDefaultDomainName());
+			}
+			if (getDefaultDomainId()!=null) {
+				shibbolethUserDetails.getAttributes().put(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINID_KEY, getDefaultDomainId());
+			}
+			return shibbolethUserDetails;
 		}
 		
 	}

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilterTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilterTest.java	2008-07-24 13:54:30 UTC (rev 4760)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProcessingFilterTest.java	2008-07-24 14:32:58 UTC (rev 4761)
@@ -227,6 +227,29 @@
 	    assertEquals(1, chain.getCount());
     }
     
+    public void testDomainInformationNotSet() throws Exception {
+  
+	    // Setup to return.
+	    boolean returnAfterSuccessfulAuthentication = true;
+	    // Setup our expectation that the filter chain will not be invoked.
+	    MockFilterChain chain = new MockFilterChain(!returnAfterSuccessfulAuthentication);
+	    // Setup our test object, to grant access.
+	    filter.setAuthenticationManager(new MockAuthenticationManager(true));
+	    String defaultTargetUrl = "/foobar";
+        filter.setFilterProcessesUrl("/j_mock_post");
+	    filter.setDefaultTargetUrl(defaultTargetUrl);
+        filter.setReturnAfterSuccessfulAuthentication(returnAfterSuccessfulAuthentication);
+        filter.setDefaultDomainId(null);
+        filter.setDefaultDomainName(null);
+	    
+	    // Test
+	    executeFilterInContainerSimulator(config, filter, request, response, chain);
+	    assertEquals(request.getContextPath()+defaultTargetUrl, response.getRedirectedUrl());
+	    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
+	    assertNull(((ShibbolethUserDetails)SecurityContextHolder.getContext().getAuthentication().getDetails()).getAttributes().get(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINID_KEY));
+	    assertNull(((ShibbolethUserDetails)SecurityContextHolder.getContext().getAuthentication().getDetails()).getAttributes().get(ShibbolethUserDetailsImpl.AUTHENTICATIONDOMAINNAME_KEY));
+    }
+    
     public void testShibbolethRequestHeadersNotPresent() throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
         request.setServletPath("/j_mock_post");
@@ -284,7 +307,72 @@
         executeFilterInContainerSimulator(config, filter, request, response, chain);
         assertNull(SecurityContextHolder.getContext().getAuthentication());
     }
+
+    public void testUsernameHeaderSetButOtherRequestHeadersNotPresent() throws Exception {
+        // Setup our HTTP request with headers cleared. Shibboleth service provider clears request headers to prevent spoofing.
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/j_mock_post");
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setRequestURI("/mycontext/j_mock_post");
+        request.setContextPath("/mycontext");
+        
+        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, USERNAME);
+  
+	    // Setup to return.
+	    boolean returnAfterSuccessfulAuthentication = true;
+	    // Setup our expectation that the filter chain will not be invoked.
+	    MockFilterChain chain = new MockFilterChain(!returnAfterSuccessfulAuthentication);
+	    // Setup our test object, to grant access.
+	    filter.setAuthenticationManager(new MockAuthenticationManager(true));
+	    String defaultTargetUrl = "/foobar";
+        filter.setFilterProcessesUrl("/j_mock_post");
+	    filter.setDefaultTargetUrl(defaultTargetUrl);
+        filter.setReturnAfterSuccessfulAuthentication(returnAfterSuccessfulAuthentication);
+	    
+	    // Test
+	    executeFilterInContainerSimulator(config, filter, request, response, chain);
+	    assertEquals(request.getContextPath()+defaultTargetUrl, response.getRedirectedUrl());
+	    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
+	    assertNull(((ShibbolethUserDetails)SecurityContextHolder.getContext().getAuthentication().getDetails()).getAttributes().get(ShibbolethUserDetailsImpl.EMAIL_KEY));
+	    assertNull(((ShibbolethUserDetails)SecurityContextHolder.getContext().getAuthentication().getDetails()).getAttributes().get(ShibbolethUserDetailsImpl.FIRSTNAME_KEY));
+	    assertNull(((ShibbolethUserDetails)SecurityContextHolder.getContext().getAuthentication().getDetails()).getAttributes().get(ShibbolethUserDetailsImpl.LASTNAME_KEY));
+    }
     
+    public void testUsernameHeaderSetButOtherRequestHeadersCleared() throws Exception {
+        // Setup our HTTP request with headers cleared. Shibboleth service provider clears request headers to prevent spoofing.
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/j_mock_post");
+        request.setScheme("http");
+        request.setServerName("www.example.com");
+        request.setRequestURI("/mycontext/j_mock_post");
+        request.setContextPath("/mycontext");
+        
+        request.addHeader(SHIBBOLETHUSERNAMEHEADERKEY, USERNAME);
+        request.addHeader(SHIBBOLETHFIRSTNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHLASTNAMEHEADERKEY, "");
+        request.addHeader(SHIBBOLETHEMAILHEADERKEY, "");
+  
+	    // Setup to return.
+	    boolean returnAfterSuccessfulAuthentication = true;
+	    // Setup our expectation that the filter chain will not be invoked.
+	    MockFilterChain chain = new MockFilterChain(!returnAfterSuccessfulAuthentication);
+	    // Setup our test object, to grant access.
+	    filter.setAuthenticationManager(new MockAuthenticationManager(true));
+	    String defaultTargetUrl = "/foobar";
+        filter.setFilterProcessesUrl("/j_mock_post");
+	    filter.setDefaultTargetUrl(defaultTargetUrl);
+        filter.setReturnAfterSuccessfulAuthentication(returnAfterSuccessfulAuthentication);
+	    
+	    // Test
+	    executeFilterInContainerSimulator(config, filter, request, response, chain);
+	    assertEquals(request.getContextPath()+defaultTargetUrl, response.getRedirectedUrl());
+	    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
+	    assertNotNull(((ShibbolethUserDetails)SecurityContextHolder.getContext().getAuthentication().getDetails()).getAttributes().get(ShibbolethUserDetailsImpl.EMAIL_KEY));
+	    assertNotNull(((ShibbolethUserDetails)SecurityContextHolder.getContext().getAuthentication().getDetails()).getAttributes().get(ShibbolethUserDetailsImpl.FIRSTNAME_KEY));
+	    assertNotNull(((ShibbolethUserDetails)SecurityContextHolder.getContext().getAuthentication().getDetails()).getAttributes().get(ShibbolethUserDetailsImpl.LASTNAME_KEY));
+    }
+    
     public void testRequiresAuthentication() {
         MockHttpServletRequest request = createMockRequest();
         MockHttpServletResponse response = new MockHttpServletResponse();


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

[Openuss-svn-commits] SF.net SVN: openuss:[4760] branches/openuss-plexus-3.1-shibboleth/plexus/ plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ ShibbolethAuthenticationProviderTest.java

[<pet...@us...>]

Revision: 4760
          http://openuss.svn.sourceforge.net/openuss/?rev=4760&view=rev
Author:   peterschuh
Date:     2008-07-24 13:54:30 +0000 (Thu, 24 Jul 2008)

Log Message:
-----------
# Unit Tests

Modified Paths:
--------------
    branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java

Modified: branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java
===================================================================
--- branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java	2008-07-24 12:10:16 UTC (rev 4759)
+++ branches/openuss-plexus-3.1-shibboleth/plexus/plexus-core/src/test/java/org/openuss/security/acegi/shibboleth/ShibbolethAuthenticationProviderTest.java	2008-07-24 13:54:30 UTC (rev 4760)
@@ -523,11 +523,30 @@
 		userMap = new UserMap();
 		userMap.addUser(migratedUser);
 		userDetailsService.setUserMap(userMap);
+		userCache = createMock(UserCache.class);
+		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
+		replay(userCache);
+		provider.setUserCache(userCache);
 		provider.setIgnoreDisabledException(true);
+		// Test not ignoring disabled status for migrated users. Test with disabled, migrated user.
+		try {
+			provider.authenticate(authentication);
+			fail("DisabledException expected.");
+		} catch (DisabledException e) {
+			// success
+		}
+		verify(userCache);
+		
+		authResult = null;
+		migratedUser = new User(USERNAME,DELIMITER+PW+DELIMITER,false,true,true,true,new GrantedAuthority[]{new GrantedAuthorityImpl(USERROLE)});
+		userMap = new UserMap();
+		userMap.addUser(migratedUser);
+		userDetailsService.setUserMap(userMap);
 		userCache = createMock(UserCache.class);
 		expect(userCache.getUserFromCache(USERNAME)).andReturn(migratedUser);
 		replay(userCache);
 		provider.setUserCache(userCache);
+		provider.setIgnoreDisabledException(false);
 		// Test not ignoring disabled status for migrated users. Test with disabled, migrated user.
 		try {
 			provider.authenticate(authentication);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.