SEC-1077: Added DefaultAuthenticatedSessionStrategy test to check that saved request attribute is retained when migrateAttributes is false.

This commit is contained in:
Luke Taylor
2009-07-28 23:47:26 +00:00
parent db90122179
commit 609a68b12a
3 changed files with 44 additions and 17 deletions

View File

@@ -4,11 +4,14 @@ import static org.junit.Assert.*;
import static org.mockito.Mockito.mock;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.concurrent.SessionRegistry;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.savedrequest.SavedRequest;
/**
*
@@ -30,6 +33,7 @@ public class DefaultAuthenticatedSessionStrategyTests {
@Test
public void newSessionIsCreatedIfSessionAlreadyExists() throws Exception {
DefaultAuthenticatedSessionStrategy strategy = new DefaultAuthenticatedSessionStrategy();
strategy.setSessionRegistry(mock(SessionRegistry.class));
HttpServletRequest request = new MockHttpServletRequest();
String sessionId = request.getSession().getId();
@@ -38,4 +42,27 @@ public class DefaultAuthenticatedSessionStrategyTests {
assertFalse(sessionId.equals(request.getSession().getId()));
}
// See SEC-1077
@Test
public void onlySavedRequestAttributeIsMigratedIfMigrateAttributesIsFalse() throws Exception {
DefaultAuthenticatedSessionStrategy strategy = new DefaultAuthenticatedSessionStrategy();
strategy.setMigrateSessionAttributes(false);
HttpServletRequest request = new MockHttpServletRequest();
HttpSession session = request.getSession();
session.setAttribute("blah", "blah");
session.setAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, "SavedRequest");
strategy.onAuthenticationSuccess(mock(Authentication.class), request, new MockHttpServletResponse());
assertNull(request.getSession().getAttribute("blah"));
assertNotNull(request.getSession().getAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
}
@Test
public void sessionIsCreatedIfAlwaysCreateTrue() throws Exception {
DefaultAuthenticatedSessionStrategy strategy = new DefaultAuthenticatedSessionStrategy();
strategy.setAlwaysCreateSession(true);
}
}