[ELY-2639] Add a test to AggregateRealmEvidenceTest for the case wher…

…e authentication fails with a principal transformer
wildfly-security · Nov 1, 2024 · c29c687 · c29c687
1 parent 1887489
commit c29c687
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/.../realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java b/.../realm/base/src/test/java/org/wildfly/security/auth/realm/AggregateRealmEvidenceTest.java
@@ -176,6 +176,26 @@ public void testAuthenticationOnlyWithPrincipalTransformer() throws Exception {
         Assert.assertEquals("Expected attribute count.", 0, identityAttributes.size());
     }
 
+    @Test
+    public void testAuthenticationFailsWithPrincipalTransformer() throws Exception {
+        Attributes authenticationAttributes = new MapAttributes();
+        authenticationAttributes.add("team", 0, "One");
+
+        Function<Principal, Principal> principalTransformer = new AggregateRealmEvidenceTest.CaseRewriter().asPrincipalRewriter();
+        X509PeerCertificateChainEvidence evidence = new X509PeerCertificateChainEvidence(populateCertificateChain());
+        evidence.setDecodedPrincipal(new NamePrincipal("invalid_principal"));
+
+        SecurityRealm testRealm = createSecurityRealm(true, authenticationAttributes, principalTransformer, new Attributes[] { null });
+        RealmIdentity identity = testRealm.getRealmIdentity(evidence);
+
+        Assert.assertFalse("Identity should not exist with invalid principal", identity.exists());
+
+        // Assert no authorization attributes exist
+        Attributes identityAttributes = identity.getAuthorizationIdentity().getAttributes();
+        Assert.assertEquals("Expected attribute count.", 0, identityAttributes.size());
+    }
+
+
     @Test
     public void testAuthorizationOnlyWithPrincipalTransformer() throws Exception {
         Attributes authorizationAttributes = new MapAttributes();