From c29c68784df4f1395334001df1cc3b38fd7d8158 Mon Sep 17 00:00:00 2001 From: xjusko Date: Fri, 1 Nov 2024 17:02:22 +0100 Subject: [PATCH] [ELY-2639] Add a test to AggregateRealmEvidenceTest for the case where authentication fails with a principal transformer --- .../realm/AggregateRealmEvidenceTest.java | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/auth/realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java b/auth/realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java index c07245d2b0..1720de9c7c 100644 --- a/auth/realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java +++ b/auth/realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java @@ -176,6 +176,26 @@ public void testAuthenticationOnlyWithPrincipalTransformer() throws Exception { Assert.assertEquals("Expected attribute count.", 0, identityAttributes.size()); } + @Test + public void testAuthenticationFailsWithPrincipalTransformer() throws Exception { + Attributes authenticationAttributes = new MapAttributes(); + authenticationAttributes.add("team", 0, "One"); + + Function principalTransformer = new AggregateRealmEvidenceTest.CaseRewriter().asPrincipalRewriter(); + X509PeerCertificateChainEvidence evidence = new X509PeerCertificateChainEvidence(populateCertificateChain()); + evidence.setDecodedPrincipal(new NamePrincipal("invalid_principal")); + + SecurityRealm testRealm = createSecurityRealm(true, authenticationAttributes, principalTransformer, new Attributes[] { null }); + RealmIdentity identity = testRealm.getRealmIdentity(evidence); + + Assert.assertFalse("Identity should not exist with invalid principal", identity.exists()); + + // Assert no authorization attributes exist + Attributes identityAttributes = identity.getAuthorizationIdentity().getAttributes(); + Assert.assertEquals("Expected attribute count.", 0, identityAttributes.size()); + } + + @Test public void testAuthorizationOnlyWithPrincipalTransformer() throws Exception { Attributes authorizationAttributes = new MapAttributes();