Added initial unit tests for authentication routines, very experimental so far.

Also, external auth now defaults to true which will generate warnings in non-REMOTE_USER enabled environments

src/main/java/se/su/dsv/scipro/SciProSession.java

@@ -207,7 +207,7 @@ public class SciProSession extends WebSession {
 	 * @return true if the switch was successful, else false.
 	 */
 	public boolean switchAuthenticatedUser(final String suUser, final String suRealm){
-		logger.info("Currently logged in user: '"+user.getEmailAddress()+"' attempting switch to '"+suUser+"'");
+		logger.info("Currently logged in user: '"+user.getEmailAddress()+"' attempting switch to '"+suUser+"@"+suRealm+"'");
 		if(suUser != null && roleDao.isSysadmin(user)){
 			iRoles.clear();
 			return signInAuthenticatedUser(suUser, suRealm);

src/main/java/se/su/dsv/scipro/security/auth/ExternalAuthenticationRequestHelper.java

@@ -78,7 +78,7 @@ public final class ExternalAuthenticationRequestHelper{
 	 * Internal query method
 	 */
 	private boolean isExternalAuthInfoOnRequest(){
-		return (req.getRemoteUser()!=null);
+		return (remoteUser!=null);
 	}
 	/**
 	 * Internal query method
@@ -92,9 +92,9 @@ public final class ExternalAuthenticationRequestHelper{
 	 */
 	public boolean isExternalAuthSupported(){
 		if(appSettings.isAcceptExternalAuthentication() && !isExternalAuthInfoOnRequest())
-			logger.error("External authentication support is ON, but REMOTE_USER is not populated");
+			logger.warn("External authentication support is ON, but REMOTE_USER is not populated");
 		if(!appSettings.isAcceptExternalAuthentication() && isExternalAuthInfoOnRequest())
-			logger.error("External authentication support is OFF, but REMOTE_USER is populated");
+			logger.warn("External authentication support is OFF, but REMOTE_USER is populated");
 		return (appSettings.isAcceptExternalAuthentication() && isExternalAuthInfoOnRequest());
 	}
 	/**
@@ -182,7 +182,7 @@ public final class ExternalAuthenticationRequestHelper{
 	 * @return true on success, else false.
 	 */
 	public boolean signIn(final SciProSession session){
-		if(session != null){
+		if(session != null && isExternalAuthSupported()){
 			//dumpAuthInfo();
 			return session.signInAuthenticatedUser(getExternalAuthRemoteUserId(), getExternalAuthRemoteUserRealm());
 		}

src/main/resources/applicationContext.xml

@@ -84,7 +84,7 @@
 		<!-- This property points to the location of the daisy json search -->
 		<property name="remoteLookupUrl" value="https://thesis.dsv.su.se/projectplan/json" />
 		<!--  External auth support (via J2EE standard mechanism REMOTE_USER) -->
-		<property name="acceptExternalAuthentication" value="false"/>
+		<property name="acceptExternalAuthentication" value="true"/>
 	</bean>
 	
 	<!-- Defines the class used for lookup in username against a remote server  NOW AUTOWIRED AND DEPRECATED, NOT MAINTAINED-->

src/test/java/se/su/dsv/scipro/security/auth/TestAuthRoutines.java

@@ -0,0 +1,166 @@
+package se.su.dsv.scipro.security.auth;
+
+import static org.junit.Assert.*;
+
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequestWrapper;
+
+import org.apache.wicket.Request;
+import org.apache.wicket.protocol.http.HttpSessionStore;
+import org.apache.wicket.session.ISessionStore;
+import org.apache.wicket.spring.injection.annot.SpringBean;
+import org.apache.wicket.spring.injection.annot.SpringComponentInjector;
+import org.apache.wicket.spring.test.ApplicationContextMock;
+import org.apache.wicket.util.tester.WicketTester;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+import org.springframework.orm.jpa.LocalEntityManagerFactoryBean;
+
+import se.su.dsv.scipro.ApplicationSettings;
+import se.su.dsv.scipro.SciProApplication;
+import se.su.dsv.scipro.SciProSession;
+import se.su.dsv.scipro.data.dao.interfaces.ProjectDao;
+import se.su.dsv.scipro.data.dao.interfaces.RoleDao;
+import se.su.dsv.scipro.data.dao.interfaces.StringResourceDao;
+import se.su.dsv.scipro.data.dao.interfaces.UserDao;
+import se.su.dsv.scipro.data.dao.interfaces.UserSettingsDao;
+import se.su.dsv.scipro.data.dataobjects.Role;
+import se.su.dsv.scipro.data.dataobjects.Student;
+import se.su.dsv.scipro.data.dataobjects.SysAdmin;
+import se.su.dsv.scipro.data.dataobjects.User;
+import se.su.dsv.scipro.data.dataobjects.Username;
+import se.su.dsv.scipro.json.IUserLookup;
+import se.su.dsv.scipro.repository.util.RepositoryManager;
+
+public class TestAuthRoutines {
+	SciProSession session;
+	WicketTester wt;
+	User user;
+	Role sysAdm;
+	IUserLookup fixedLookup;
+	@Before
+	public void init(){
+		final ApplicationContextMock ac = new ApplicationContextMock();
+		//Create mock object in need of config		
+		ApplicationSettings appSettings = new ApplicationSettings();
+		appSettings.setAcceptExternalAuthentication(true);
+		appSettings.setEnableRemoteUserLookup(true);
+		appSettings.setRemoteLookupUrl("https://thesis.dsv.su.se/projectplan/json");
+		//Fake a lookup mechanism
+		fixedLookup = new IUserLookup(){
+			@Override
+			public User lookup(String username) throws Exception{
+				return user;
+			}
+		};
+		//Create mock user and associated data
+		user = new User();
+		user.setDateCreated(new Date());
+		user.setEmailAddress("kalle-kula@dsv.su.se");
+		user.setFirstName("Kalle");
+		user.setLastName("Kula");
+		user.setIdentifier(new Long(666));
+		user.setLastModified(new Date());
+		Set<Role> roles = new HashSet<Role>();
+		//Faked student
+		Role role = new Student();
+		role.setId(new Long(555));
+		role.setUser(user);
+		roles.add(new Student());
+		user.setRoles(roles);
+		//Faked sysadm, added later
+		sysAdm = new SysAdmin();
+		sysAdm.setId(new Long(444));
+		Set<Username> usernames = new HashSet<Username>();
+		Username username = new Username();
+		username.setUserName("kalle-kula");
+		username.setRealm("DSV.SU.SE");
+		usernames.add(username);
+		user.setUserNames(usernames);
+		//Put stuff on bean context
+		ac.putBean("entityManagerFactory",Mockito.mock(LocalEntityManagerFactoryBean.class));
+		ac.putBean("repositoryManager",Mockito.mock(RepositoryManager.class));
+		ac.putBean("applicationSettings",appSettings);
+		ac.putBean("userDao",Mockito.mock(UserDao.class));
+		ac.putBean("stringResourceDao",Mockito.mock(StringResourceDao.class));
+		RoleDao mockedRoleDao = Mockito.mock(RoleDao.class);
+		Mockito.when(mockedRoleDao.isSysadmin(user)).thenAnswer(new Answer<Boolean>() {
+		    @Override
+		    public Boolean answer(InvocationOnMock invocation) throws Throwable {
+		        return user.getRoles().contains(sysAdm);
+		    }
+		});
+		ac.putBean("roleDao",mockedRoleDao);
+		ac.putBean("projectDao",Mockito.mock(ProjectDao.class));
+		ac.putBean("userSettingsDao",Mockito.mock(UserSettingsDao.class));
+		ac.putBean("userFullLookup",fixedLookup);
+		//Create tester
+		wt = new WicketTester(new SciProApplication(){
+		    @Override
+		    protected ISessionStore newSessionStore(){
+		        return new HttpSessionStore(this);
+		    }
+			@Override
+			protected SpringComponentInjector getSpringInjector() {
+				return new SpringComponentInjector(this, ac, true);
+			}
+		});
+		wt.setupRequestAndResponse();
+		session = (SciProSession)wt.getWicketSession();
+	}
+	@Test(expected=IllegalStateException.class)
+	public void testAuthenticationHelper() throws IllegalStateException {
+		//Try with faulty request
+		ExternalAuthenticationRequestHelper helper = new ExternalAuthenticationRequestHelper(wt.getServletRequest());
+		Assert.assertFalse(helper.isExternalAuthSupported());
+		Assert.assertTrue(helper.getExternalAuthRemoteUser()==null);
+		Assert.assertTrue(helper.getExternalAuthRemoteUserId()==null);
+		Assert.assertTrue(helper.getExternalAuthRemoteUserRealm().equals("DSV.SU.SE"));
+		Assert.assertFalse(helper.isRemoteUserValid(user));
+		Assert.assertFalse(helper.signIn(null));
+		//Try with conforming request
+		helper = new ExternalAuthenticationRequestHelper(new HttpServletRequestWrapper(wt.getServletRequest()){
+			@Override
+			public String getRemoteUser(){
+				return "kalle-kula@dsv.su.se";
+			}
+		});
+		Assert.assertTrue(helper.isExternalAuthSupported());
+		Assert.assertTrue(helper.getExternalAuthRemoteUser().equals("kalle-kula@dsv.su.se"));
+		Assert.assertTrue(helper.getExternalAuthRemoteUserId().equals("kalle-kula"));
+		Assert.assertTrue(helper.getExternalAuthRemoteUserRealm().equals("DSV.SU.SE"));
+		Assert.assertTrue(helper.isRemoteUserValid(user));
+		//At this point, an exception should be thrown
+		new ExternalAuthenticationRequestHelper(null);
+	}
+	@Test
+	public void testSignInAndSu(){
+		ExternalAuthenticationRequestHelper helper = new ExternalAuthenticationRequestHelper(new HttpServletRequestWrapper(wt.getServletRequest()){
+			@Override
+			public String getRemoteUser(){
+				return "kalle-kula@dsv.su.se";
+			}
+		});
+		Assert.assertTrue(helper.isExternalAuthSupported());
+		Assert.assertTrue(helper.signIn(session));
+		Assert.assertTrue(helper.isRemoteUserValid(user));
+		Assert.assertTrue(session.isLoggedIn());
+		Assert.assertTrue(session.getUser().getIdentifier().equals(user.getIdentifier()));
+		//User not authorized to switch, this should fail
+		Assert.assertFalse(session.switchAuthenticatedUser("kalle-kula", "dsv.su.se"));
+		//Change his roles and try again
+		Set<Role> roles = user.getRoles();
+		sysAdm.setUser(user);
+		roles.add(sysAdm);
+		user.setRoles(roles);
+		Assert.assertTrue(session.switchAuthenticatedUser("kalle-kula", "dsv.su.se"));
+		Assert.assertTrue(session.getUser().getIdentifier().equals(user.getIdentifier()));
+	}
+}