本文整理汇总了Java中org.owasp.esapi.errors.AuthenticationException类的典型用法代码示例。如果您正苦于以下问题:Java AuthenticationException类的具体用法?Java AuthenticationException怎么用?Java AuthenticationException使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
AuthenticationException类属于org.owasp.esapi.errors包,在下文中一共展示了AuthenticationException类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: testUpdate
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test of update method, of class org.owasp.esapi.AccessReferenceMap.
*
* @throws AuthenticationException
* the authentication exception
* @throws EncryptionException
*/
public void testUpdate() throws AuthenticationException, EncryptionException {
System.out.println("update");
IntegerAccessReferenceMap arm = new IntegerAccessReferenceMap();
Authenticator auth = ESAPI.authenticator();
String pass = auth.generateStrongPassword();
User u = auth.createUser( "armUpdate", pass, pass );
// test to make sure update returns something
arm.update(auth.getUserNames());
String indirect = arm.getIndirectReference( u.getAccountName() );
if ( indirect == null ) fail();
// test to make sure update removes items that are no longer in the list
auth.removeUser( u.getAccountName() );
arm.update(auth.getUserNames());
indirect = arm.getIndirectReference( u.getAccountName() );
if ( indirect != null ) fail();
// test to make sure old indirect reference is maintained after an update
arm.update(auth.getUserNames());
String newIndirect = arm.getIndirectReference( u.getAccountName() );
assertEquals(indirect, newIndirect);
}
示例2: testGetUserFromSession
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test get user from session.
*
* @throws AuthenticationException
* the authentication exception
*/
public void testGetUserFromSession() throws AuthenticationException {
System.out.println("getUserFromSession");
FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
instance.logout(); // in case anyone is logged in
String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
String password = instance.generateStrongPassword();
User user = instance.createUser(accountName, password, password);
user.enable();
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter("username", accountName);
request.addParameter("password", password);
MockHttpServletResponse response = new MockHttpServletResponse();
ESAPI.httpUtilities().setCurrentHTTP( request, response );
instance.login( request, response);
User test = instance.getUserFromSession();
assertEquals( user, test );
}
示例3: testGetUserNames
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test get user names.
*
* @throws AuthenticationException
* the authentication exception
*/
public void testGetUserNames() throws AuthenticationException {
System.out.println("getUserNames");
Authenticator instance = ESAPI.authenticator();
String password = instance.generateStrongPassword();
String[] testnames = new String[10];
for(int i=0;i<testnames.length;i++) {
testnames[i] = ESAPI.randomizer().getRandomString(8,EncoderConstants.CHAR_ALPHANUMERICS);
}
for(int i=0;i<testnames.length;i++) {
instance.createUser(testnames[i], password, password);
}
Set names = instance.getUserNames();
for(int i=0;i<testnames.length;i++) {
assertTrue(names.contains(testnames[i].toLowerCase()));
}
}
示例4: testAddCSRFToken
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test of addCSRFToken method, of class org.owasp.esapi.HTTPUtilities.
* @throws AuthenticationException
*/
public void testAddCSRFToken() throws AuthenticationException {
Authenticator instance = ESAPI.authenticator();
String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
User user = instance.createUser(username, "addCSRFToken", "addCSRFToken");
instance.setCurrentUser( user );
System.out.println("addCSRFToken");
String csrf1=ESAPI.httpUtilities().addCSRFToken("/test1");
System.out.println( "CSRF1:" + csrf1);
assertTrue(csrf1.indexOf("?") > -1);
String csrf2=ESAPI.httpUtilities().addCSRFToken("/test1?one=two");
System.out.println( "CSRF1:" + csrf1);
assertTrue(csrf2.indexOf("&") > -1);
}
示例5: testSetRememberToken
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
*
* @throws org.owasp.esapi.errors.AuthenticationException
*/
public void testSetRememberToken() throws AuthenticationException {
System.out.println("setRememberToken");
Authenticator instance = (Authenticator)ESAPI.authenticator();
String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
String password = instance.generateStrongPassword();
User user = instance.createUser(accountName, password, password);
user.enable();
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter("username", accountName);
request.addParameter("password", password);
MockHttpServletResponse response = new MockHttpServletResponse();
instance.login( request, response);
int maxAge = ( 60 * 60 * 24 * 14 );
ESAPI.httpUtilities().setRememberToken( request, response, password, maxAge, "domain", "/" );
// Can't test this because we're using safeSetCookie, which sets a header, not a real cookie!
// String value = response.getCookie( Authenticator.REMEMBER_TOKEN_COOKIE_NAME ).getValue();
// assertEquals( user.getRememberToken(), value );
}
示例6: testUpdate
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test of update method, of class org.owasp.esapi.AccessReferenceMap.
*
* @throws AuthenticationException
* the authentication exception
* @throws EncryptionException
*/
public void testUpdate() throws AuthenticationException, EncryptionException {
System.out.println("update");
RandomAccessReferenceMap arm = new RandomAccessReferenceMap();
Authenticator auth = ESAPI.authenticator();
String pass = auth.generateStrongPassword();
User u = auth.createUser( "armUpdate", pass, pass );
// test to make sure update returns something
arm.update(auth.getUserNames());
String indirect = arm.getIndirectReference( u.getAccountName() );
if ( indirect == null ) fail();
// test to make sure update removes items that are no longer in the list
auth.removeUser( u.getAccountName() );
arm.update(auth.getUserNames());
indirect = arm.getIndirectReference( u.getAccountName() );
if ( indirect != null ) fail();
// test to make sure old indirect reference is maintained after an update
arm.update(auth.getUserNames());
String newIndirect = arm.getIndirectReference( u.getAccountName() );
assertEquals(indirect, newIndirect);
}
示例7: testAddException
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test of addException method, of class org.owasp.esapi.IntrusionDetector.
*
* @throws AuthenticationException
* the authentication exception
*/
public void testAddException() throws AuthenticationException {
System.out.println("addException");
ESAPI.intrusionDetector().addException( new RuntimeException("message") );
ESAPI.intrusionDetector().addException( new ValidationException("user message", "log message") );
ESAPI.intrusionDetector().addException( new IntrusionException("user message", "log message") );
String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
Authenticator auth = ESAPI.authenticator();
User user = auth.createUser(username, "addException", "addException");
user.enable();
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
ESAPI.httpUtilities().setCurrentHTTP(request, response);
user.loginWithPassword("addException");
// Now generate some exceptions to disable account
for ( int i = 0; i < ESAPI.securityConfiguration().getQuota(IntegrityException.class.getName()).count; i++ ) {
// EnterpriseSecurityExceptions are added to IntrusionDetector automatically
new IntegrityException( "IntegrityException " + i, "IntegrityException " + i );
}
assertFalse( user.isLoggedIn() );
}
示例8: testAddEvent
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test of addEvent method, of class org.owasp.esapi.IntrusionDetector.
*
* @throws AuthenticationException
* the authentication exception
*/
public void testAddEvent() throws AuthenticationException {
System.out.println("addEvent");
String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
Authenticator auth = ESAPI.authenticator();
User user = auth.createUser(username, "addEvent", "addEvent");
user.enable();
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
ESAPI.httpUtilities().setCurrentHTTP(request, response);
user.loginWithPassword("addEvent");
// Now generate some events to disable user account
for ( int i = 0; i < ESAPI.securityConfiguration().getQuota("event.test").count; i++ ) {
ESAPI.intrusionDetector().addEvent("test", "test message");
}
assertFalse( user.isEnabled() );
}
示例9: testChangePassword
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test of changePassword method, of class org.owasp.esapi.User.
*
* @throws Exception
* the exception
*/
public void testChangePassword() throws Exception {
System.out.println("changePassword");
Authenticator instance = ESAPI.authenticator();
String oldPassword = "[email protected]";
DefaultUser user = createTestUser(oldPassword);
System.out.println("Hash of " + oldPassword + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
String password1 = "SomethingElse34#$";
user.changePassword(oldPassword, password1, password1);
System.out.println("Hash of " + password1 + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
assertTrue(user.verifyPassword(password1));
String password2 = "YetAnother56%^";
user.changePassword(password1, password2, password2);
System.out.println("Hash of " + password2 + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
try {
user.changePassword(password2, password1, password1);
fail("Shouldn't be able to reuse a password");
} catch( AuthenticationException e ) {
// expected
}
assertTrue(user.verifyPassword(password2));
assertFalse(user.verifyPassword("badpass"));
}
示例10: testGetSessions
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
*
* @throws org.owasp.esapi.errors.AuthenticationException
*/
public void testGetSessions() throws AuthenticationException {
System.out.println("getSessions");
Authenticator instance = ESAPI.authenticator();
String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
String password = ESAPI.authenticator().generateStrongPassword();
User user = instance.createUser(accountName, password, password);
HttpSession session1 = new MockHttpSession();
user.addSession( session1 );
HttpSession session2 = new MockHttpSession();
user.addSession( session2 );
HttpSession session3 = new MockHttpSession();
user.addSession( session3 );
Set sessions = user.getSessions();
Iterator i = sessions.iterator();
while ( i.hasNext() ) {
HttpSession s = (HttpSession)i.next();
System.out.println( ">>>" + s.getId() );
}
assertTrue(sessions.size() == 3);
}
示例11: testIsSessionAbsoluteTimeout
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test of isSessionAbsoluteTimeout method, of class
* org.owasp.esapi.IntrusionDetector.
*
* @throws AuthenticationException
* the authentication exception
*/
public void testIsSessionAbsoluteTimeout() throws AuthenticationException {
System.out.println("isSessionAbsoluteTimeout");
Authenticator instance = ESAPI.authenticator();
String oldPassword = instance.generateStrongPassword();
DefaultUser user = createTestUser(oldPassword);
long now = System.currentTimeMillis();
// setup request and response
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
ESAPI.httpUtilities().setCurrentHTTP(request, response);
MockHttpSession session = (MockHttpSession)request.getSession();
// set session creation -3 hours (default is 2 hour timeout)
session.setCreationTime( now - (1000 * 60 * 60 * 3) );
assertTrue(user.isSessionAbsoluteTimeout());
// set session creation -1 hour (default is 2 hour timeout)
session.setCreationTime( now - (1000 * 60 * 60 * 1) );
assertFalse(user.isSessionAbsoluteTimeout());
}
示例12: testIsSessionTimeout
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test of isSessionTimeout method, of class
* org.owasp.esapi.IntrusionDetector.
*
* @throws AuthenticationException
* the authentication exception
*/
public void testIsSessionTimeout() throws AuthenticationException {
System.out.println("isSessionTimeout");
Authenticator instance = ESAPI.authenticator();
String oldPassword = instance.generateStrongPassword();
DefaultUser user = createTestUser(oldPassword);
long now = System.currentTimeMillis();
// setup request and response
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
ESAPI.httpUtilities().setCurrentHTTP(request, response);
MockHttpSession session = (MockHttpSession)request.getSession();
// set creation -30 mins (default is 20 min timeout)
session.setAccessedTime( now - 1000 * 60 * 30 );
assertTrue(user.isSessionTimeout());
// set creation -1 hour (default is 20 min timeout)
session.setAccessedTime( now - 1000 * 60 * 10 );
assertFalse(user.isSessionTimeout());
}
示例13: testLogout
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* Test of logout method, of class org.owasp.esapi.User.
*
* @throws AuthenticationException
* the authentication exception
*/
public void testLogout() throws AuthenticationException {
System.out.println("logout");
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockHttpSession session = (MockHttpSession) request.getSession();
assertFalse(session.getInvalidated());
Authenticator instance = ESAPI.authenticator();
ESAPI.httpUtilities().setCurrentHTTP(request, response);
String oldPassword = instance.generateStrongPassword();
DefaultUser user = createTestUser(oldPassword);
user.enable();
System.out.println(user.getLastLoginTime());
user.loginWithPassword(oldPassword);
assertTrue(user.isLoggedIn());
// get new session after user logs in
session = (MockHttpSession) request.getSession();
assertFalse(session.getInvalidated());
user.logout();
assertFalse(user.isLoggedIn());
assertTrue(session.getInvalidated());
}
示例14: verifyPasswordStrength
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
/**
* The newPassword must not be empty or null, principalName must not be empty or null, oldPassword could be empty or null. <br>
* The newPassword must be at least 8 chars length, and must contain at least one char from each char set (uppercase, lowercase, digit and specials), <br>
* and uses <code>FileBasedAuthenticator</code> to <code>verifyPasswordStrength</code>.
*/
public static boolean verifyPasswordStrength(String oldPassword, String newPassword, String principalName) {
if (newPassword == null || newPassword.isEmpty()) {
LOG.error("verifyPasswordStrength failed because newPassword or principalName is null or empty");
return false;
} else if (newPassword != null && newPassword.trim().length() < 8) {
LOG.error("verifyPasswordStrength failed because newPassword is too short, should be at least 8 chars long");
return false;
} else if (newPassword != null && !verifyCharSets(newPassword)) {
LOG.error("verifyPasswordStrength failed because newPassword doesn't have a char from each char set");
return false;
}
if (principalName == null) {
principalName = "";
}
try {
FileBasedAuthenticator.getInstance().verifyPasswordStrength(oldPassword, newPassword, getESAPIUser(principalName));
} catch (AuthenticationException e) {
// e.g. if newPassword is too similar to oldPassword
LOG.error("verifyPasswordStrength failed because: " + e.getUserMessage() + " " + e.getLogMessage());
return false;
}
return true;
}
示例15: createUser
import org.owasp.esapi.errors.AuthenticationException; //导入依赖的package包/类
public String createUser(){
FileBasedAuthenticator auth = (FileBasedAuthenticator)FileBasedAuthenticator.getInstance();
/*if (input4 != input5){
System.out.println("Please enter same password!");
return "register";
}else{*/
try {
auth.createUser(input1, input4, input5);
System.out.println(auth.getUser(input1).getAccountId());
auth.getUser(auth.getUser(input1).getAccountId()).addRole("admin");
auth.getUser(auth.getUser(input1).getAccountId()).enable();
auth.getUser(auth.getUser(input1).getAccountId()).unlock();
System.out.println("getrole :"+auth.getUser(auth.getUser(input1).getAccountId()).getRoles());
} catch (AuthenticationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return "userregistered";
}