SEC-1125: Created separate web module spring-security-web
This commit is contained in:
@@ -26,21 +26,21 @@ import org.springframework.security.concurrent.ConcurrentLoginException;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.concurrent.ConcurrentSessionFilter;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.context.web.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.intercept.web.FilterInvocation;
|
||||
import org.springframework.security.intercept.web.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.intercept.web.FilterSecurityInterceptor;
|
||||
import org.springframework.security.providers.TestingAuthenticationToken;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.providers.anonymous.AnonymousProcessingFilter;
|
||||
import org.springframework.security.securechannel.ChannelProcessingFilter;
|
||||
import org.springframework.security.ui.AuthenticationFailureHandler;
|
||||
import org.springframework.security.ui.AuthenticationSuccessHandler;
|
||||
import org.springframework.security.ui.ExceptionTranslationFilter;
|
||||
import org.springframework.security.ui.SessionFixationProtectionFilter;
|
||||
import org.springframework.security.ui.WebAuthenticationDetails;
|
||||
import org.springframework.security.ui.anonymous.AnonymousProcessingFilter;
|
||||
import org.springframework.security.ui.basicauth.BasicProcessingFilter;
|
||||
import org.springframework.security.ui.logout.LogoutFilter;
|
||||
import org.springframework.security.ui.logout.LogoutHandler;
|
||||
@@ -49,9 +49,8 @@ import org.springframework.security.ui.rememberme.PersistentTokenBasedRememberMe
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.ui.webapp.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
import org.springframework.security.util.FilterChainProxy;
|
||||
import org.springframework.security.util.MockFilter;
|
||||
import org.springframework.security.util.PortMapperImpl;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.web.util.PortMapperImpl;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
@@ -341,20 +340,20 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
"<b:bean id='userFilter' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
|
||||
" <custom-filter after='LOGOUT_FILTER'/>" +
|
||||
"</b:bean>" +
|
||||
"<b:bean id='userFilter1' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'>" +
|
||||
"<b:bean id='userFilter1' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" +
|
||||
" <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/>" +
|
||||
"</b:bean>" +
|
||||
"<b:bean id='userFilter2' class='org.springframework.security.util.MockFilter'>" +
|
||||
"<b:bean id='userFilter2' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'>" +
|
||||
" <custom-filter position='FIRST'/>" +
|
||||
"</b:bean>" +
|
||||
"<b:bean id='userFilter3' class='org.springframework.security.util.MockFilter'/>" +
|
||||
"<b:bean id='userFilter3' class='org.springframework.security.context.web.SecurityContextPersistenceFilter'/>" +
|
||||
"<b:bean id='userFilter4' class='org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter'/>"
|
||||
);
|
||||
List<Filter> filters = getFilters("/someurl");
|
||||
|
||||
assertEquals(AUTO_CONFIG_FILTERS + 3, filters.size());
|
||||
assertTrue(filters.get(0) instanceof MockFilter);
|
||||
assertTrue(filters.get(1) instanceof SecurityContextHolderAwareRequestFilter);
|
||||
assertTrue(filters.get(0) instanceof SecurityContextPersistenceFilter);
|
||||
assertTrue(filters.get(1) instanceof SecurityContextPersistenceFilter);
|
||||
assertTrue(filters.get(4) instanceof SecurityContextHolderAwareRequestFilter);
|
||||
}
|
||||
|
||||
@@ -694,7 +693,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void supportsExternallyDefinedSecurityContextRepository() throws Exception {
|
||||
setContext(
|
||||
"<b:bean id='repo' class='org.springframework.security.context.HttpSessionSecurityContextRepository'/>" +
|
||||
"<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" +
|
||||
"<http create-session='always' security-context-repository-ref='repo'>" +
|
||||
" <http-basic />" +
|
||||
"</http>" + AUTH_PROVIDER_XML);
|
||||
@@ -707,7 +706,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
@Test(expected=BeanDefinitionParsingException.class)
|
||||
public void cantUseUnsupportedSessionCreationAttributeWithExternallyDefinedSecurityContextRepository() throws Exception {
|
||||
setContext(
|
||||
"<b:bean id='repo' class='org.springframework.security.context.HttpSessionSecurityContextRepository'/>" +
|
||||
"<b:bean id='repo' class='org.springframework.security.context.web.HttpSessionSecurityContextRepository'/>" +
|
||||
"<http create-session='never' security-context-repository-ref='repo'>" +
|
||||
" <http-basic />" +
|
||||
"</http>" + AUTH_PROVIDER_XML);
|
||||
|
||||
@@ -16,10 +16,15 @@
|
||||
package org.springframework.security.util;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
import static org.mockito.Matchers.*;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
@@ -29,8 +34,10 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.MockFilterConfig;
|
||||
import org.springframework.security.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.context.web.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.util.FilterChainProxy;
|
||||
import org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter;
|
||||
|
||||
/**
|
||||
* Tests {@link FilterChainProxy}.
|
||||
@@ -56,23 +63,6 @@ public class FilterChainProxyConfigTests {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDoNotFilter() throws Exception {
|
||||
FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChain", FilterChainProxy.class);
|
||||
MockFilter filter = (MockFilter) appCtx.getBean("mockFilter", MockFilter.class);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setServletPath("/do/not/filter/somefile.html");
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain(true);
|
||||
|
||||
filterChainProxy.doFilter(request, response, chain);
|
||||
assertFalse(filter.isWasInitialized());
|
||||
assertFalse(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
}
|
||||
|
||||
@Test(expected=BeanCreationException.class)
|
||||
public void misplacedUniversalPathShouldBeDetected() throws Exception {
|
||||
appCtx.getBean("newFilterChainProxyWrongPathOrder", FilterChainProxy.class);
|
||||
@@ -126,14 +116,14 @@ public class FilterChainProxyConfigTests {
|
||||
private void checkPathAndFilterOrder(FilterChainProxy filterChainProxy) throws Exception {
|
||||
List<Filter> filters = filterChainProxy.getFilters("/foo/blah");
|
||||
assertEquals(1, filters.size());
|
||||
assertTrue(filters.get(0) instanceof MockFilter);
|
||||
assertTrue(filters.get(0) instanceof SecurityContextHolderAwareRequestFilter);
|
||||
|
||||
filters = filterChainProxy.getFilters("/some/other/path/blah");
|
||||
assertNotNull(filters);
|
||||
assertEquals(3, filters.size());
|
||||
assertTrue(filters.get(0) instanceof SecurityContextPersistenceFilter);
|
||||
assertTrue(filters.get(1) instanceof MockFilter);
|
||||
assertTrue(filters.get(2) instanceof MockFilter);
|
||||
assertTrue(filters.get(1) instanceof SecurityContextHolderAwareRequestFilter);
|
||||
assertTrue(filters.get(2) instanceof SecurityContextHolderAwareRequestFilter);
|
||||
|
||||
filters = filterChainProxy.getFilters("/do/not/filter");
|
||||
assertEquals(0, filters.size());
|
||||
@@ -142,37 +132,26 @@ public class FilterChainProxyConfigTests {
|
||||
assertEquals(3, filters.size());
|
||||
assertTrue(filters.get(0) instanceof SecurityContextPersistenceFilter);
|
||||
assertTrue(filters.get(1) instanceof AuthenticationProcessingFilter);
|
||||
assertTrue(filters.get(2) instanceof MockFilter);
|
||||
assertTrue(filters.get(2) instanceof SecurityContextHolderAwareRequestFilter);
|
||||
}
|
||||
|
||||
private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception {
|
||||
MockFilter filter = (MockFilter) appCtx.getBean("mockFilter", MockFilter.class);
|
||||
assertFalse(filter.isWasInitialized());
|
||||
assertFalse(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
|
||||
filterChainProxy.init(new MockFilterConfig());
|
||||
assertTrue(filter.isWasInitialized());
|
||||
assertFalse(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setServletPath("/foo/secure/super/somefile.html");
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockFilterChain chain = new MockFilterChain(true);
|
||||
FilterChain chain = mock(FilterChain.class);
|
||||
|
||||
filterChainProxy.doFilter(request, response, chain);
|
||||
assertTrue(filter.isWasInitialized());
|
||||
assertTrue(filter.isWasDoFiltered());
|
||||
assertFalse(filter.isWasDestroyed());
|
||||
verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
|
||||
request.setServletPath("/a/path/which/doesnt/match/any/filter.html");
|
||||
chain = mock(FilterChain.class);
|
||||
filterChainProxy.doFilter(request, response, chain);
|
||||
verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
|
||||
filterChainProxy.destroy();
|
||||
assertTrue(filter.isWasInitialized());
|
||||
assertTrue(filter.isWasDoFiltered());
|
||||
assertTrue(filter.isWasDestroyed());
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user