SEC-2781: Remove deprecations
This commit is contained in:
@@ -81,15 +81,6 @@ public class FilterChainProxyTests {
|
||||
verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Deprecated
|
||||
public void filterChainMapIsCorrect() throws Exception {
|
||||
fcp.setFilterChainMap(fcp.getFilterChainMap());
|
||||
Map<RequestMatcher, List<Filter>> filterChainMap = fcp.getFilterChainMap();
|
||||
assertEquals(1, filterChainMap.size());
|
||||
assertSame(filter, filterChainMap.get(matcher).get(0));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void originalChainIsInvokedAfterSecurityChainIfMatchSucceeds() throws Exception {
|
||||
when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
|
||||
|
||||
@@ -93,8 +93,7 @@ public class ExceptionTranslationFilterTests {
|
||||
new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
|
||||
|
||||
// Test
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(mockEntryPoint);
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
|
||||
filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
|
||||
assertNotNull(filter.getAuthenticationTrustResolver());
|
||||
|
||||
@@ -123,8 +122,7 @@ public class ExceptionTranslationFilterTests {
|
||||
adh.setErrorPage("/error.jsp");
|
||||
|
||||
// Test
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(mockEntryPoint);
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
|
||||
filter.setAccessDeniedHandler(adh);
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
@@ -149,8 +147,7 @@ public class ExceptionTranslationFilterTests {
|
||||
doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
|
||||
// Test
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(mockEntryPoint);
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
|
||||
filter.afterPropertiesSet();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
filter.doFilter(request, response, fc);
|
||||
@@ -175,11 +172,9 @@ public class ExceptionTranslationFilterTests {
|
||||
doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
|
||||
// Test
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(mockEntryPoint);
|
||||
HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint, requestCache);
|
||||
requestCache.setPortResolver(new MockPortResolver(8080, 8443));
|
||||
filter.setRequestCache(requestCache);
|
||||
filter.afterPropertiesSet();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
filter.doFilter(request, response, fc);
|
||||
@@ -189,18 +184,12 @@ public class ExceptionTranslationFilterTests {
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void startupDetectsMissingAuthenticationEntryPoint() throws Exception {
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setThrowableAnalyzer(mock(ThrowableAnalyzer.class));
|
||||
|
||||
filter.afterPropertiesSet();
|
||||
new ExceptionTranslationFilter(null);
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void startupDetectsMissingRequestCache() throws Exception {
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(mockEntryPoint);
|
||||
|
||||
filter.setRequestCache(null);
|
||||
new ExceptionTranslationFilter(mockEntryPoint, null);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -210,8 +199,7 @@ public class ExceptionTranslationFilterTests {
|
||||
request.setServletPath("/secure/page.html");
|
||||
|
||||
// Test
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
filter.setAuthenticationEntryPoint(mockEntryPoint);
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
|
||||
assertSame(mockEntryPoint, filter.getAuthenticationEntryPoint());
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
@@ -220,9 +208,8 @@ public class ExceptionTranslationFilterTests {
|
||||
|
||||
@Test
|
||||
public void thrownIOExceptionServletExceptionAndRuntimeExceptionsAreRethrown() throws Exception {
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
|
||||
|
||||
filter.setAuthenticationEntryPoint(mockEntryPoint);
|
||||
filter.afterPropertiesSet();
|
||||
Exception[] exceptions = {new IOException(), new ServletException(), new RuntimeException()};
|
||||
for (Exception e : exceptions) {
|
||||
|
||||
@@ -15,8 +15,26 @@
|
||||
|
||||
package org.springframework.security.web.authentication;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Matchers.anyString;
|
||||
import static org.mockito.Matchers.eq;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.junit.After;
|
||||
@@ -33,19 +51,12 @@ import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServicesTests;
|
||||
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.firewall.DefaultHttpFirewall;
|
||||
import org.springframework.test.util.ReflectionTestUtils;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link AbstractAuthenticationProcessingFilter}.
|
||||
@@ -94,8 +105,12 @@ public class AbstractAuthenticationProcessingFilterTests {
|
||||
MockAuthenticationFilter filter = new MockAuthenticationFilter();
|
||||
filter.setFilterProcessesUrl("/j_spring_security_check");
|
||||
|
||||
request.setRequestURI("/mycontext/j_spring_security_check;jsessionid=I8MIONOSTHOR");
|
||||
assertTrue(filter.requiresAuthentication(request, response));
|
||||
DefaultHttpFirewall firewall = new DefaultHttpFirewall();
|
||||
request.setServletPath("/j_spring_security_check;jsessionid=I8MIONOSTHOR");
|
||||
|
||||
// the firewall ensures that path parameters are ignored
|
||||
HttpServletRequest firewallRequest = firewall.getFirewalledRequest(request);
|
||||
assertTrue(filter.requiresAuthentication(firewallRequest, response));
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -132,10 +147,9 @@ public class AbstractAuthenticationProcessingFilterTests {
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
assertNotNull(filter.getRememberMeServices());
|
||||
filter.setRememberMeServices(new TokenBasedRememberMeServices());
|
||||
filter.setRememberMeServices(new TokenBasedRememberMeServices("key", new AbstractRememberMeServicesTests.MockUserDetailsService()));
|
||||
assertEquals(TokenBasedRememberMeServices.class, filter.getRememberMeServices().getClass());
|
||||
assertTrue(filter.getAuthenticationManager() != null);
|
||||
assertEquals("/p", filter.getFilterProcessesUrl());
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -218,7 +232,7 @@ public class AbstractAuthenticationProcessingFilterTests {
|
||||
filter.setFilterProcessesUrl(null);
|
||||
fail("Should have thrown IllegalArgumentException");
|
||||
} catch (IllegalArgumentException expected) {
|
||||
assertEquals("filterProcessesUrl must be specified", expected.getMessage());
|
||||
assertEquals("Pattern cannot be null or empty", expected.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -402,10 +416,6 @@ public class AbstractAuthenticationProcessingFilterTests {
|
||||
throw exceptionToThrow;
|
||||
}
|
||||
}
|
||||
|
||||
public boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
|
||||
return super.requiresAuthentication(request, response);
|
||||
}
|
||||
}
|
||||
|
||||
private class MockFilterChain implements FilterChain {
|
||||
|
||||
@@ -24,9 +24,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.memory.UserAttribute;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
@@ -59,20 +57,12 @@ public class AnonymousAuthenticationFilterTests {
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsMissingKey() throws Exception {
|
||||
UserAttribute user = new UserAttribute();
|
||||
user.setPassword("anonymousUsername");
|
||||
user.addAuthority(new SimpleGrantedAuthority("ROLE_ANONYMOUS"));
|
||||
|
||||
AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter();
|
||||
filter.setUserAttribute(user);
|
||||
filter.afterPropertiesSet();
|
||||
new AnonymousAuthenticationFilter(null);
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsUserAttribute() throws Exception {
|
||||
AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter();
|
||||
filter.setKey("qwerty");
|
||||
filter.afterPropertiesSet();
|
||||
new AnonymousAuthenticationFilter("qwerty", null, null);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -96,13 +86,7 @@ public class AnonymousAuthenticationFilterTests {
|
||||
|
||||
@Test
|
||||
public void testOperationWhenNoAuthenticationInSecurityContextHolder() throws Exception {
|
||||
UserAttribute user = new UserAttribute();
|
||||
user.setPassword("anonymousUsername");
|
||||
user.addAuthority(new SimpleGrantedAuthority("ROLE_ANONYMOUS"));
|
||||
|
||||
AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter();
|
||||
filter.setKey("qwerty");
|
||||
filter.setUserAttribute(user);
|
||||
AnonymousAuthenticationFilter filter = new AnonymousAuthenticationFilter("qwerty", "anonymousUsername", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
@@ -67,7 +67,6 @@ public class DefaultLoginPageGeneratingFilterTests {
|
||||
MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
||||
String message = messages.getMessage(
|
||||
"AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials", Locale.KOREA);
|
||||
System.out.println("Message: " + message);
|
||||
request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(message));
|
||||
|
||||
filter.doFilter(request, new MockHttpServletResponse(), chain);
|
||||
|
||||
@@ -37,34 +37,24 @@ public class LoginUrlAuthenticationEntryPointTests {
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsMissingLoginFormUrl() throws Exception {
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setPortMapper(new PortMapperImpl());
|
||||
ep.setPortResolver(new MockPortResolver(80, 443));
|
||||
ep.afterPropertiesSet();
|
||||
new LoginUrlAuthenticationEntryPoint(null);
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsMissingPortMapper() throws Exception {
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setLoginFormUrl("xxx");
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/login");
|
||||
ep.setPortMapper(null);
|
||||
|
||||
ep.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testDetectsMissingPortResolver() throws Exception {
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setLoginFormUrl("xxx");
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/login");
|
||||
ep.setPortResolver(null);
|
||||
|
||||
ep.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGettersSetters() {
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setLoginFormUrl("/hello");
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
|
||||
ep.setPortMapper(new PortMapperImpl());
|
||||
ep.setPortResolver(new MockPortResolver(8080, 8443));
|
||||
assertEquals("/hello", ep.getLoginFormUrl());
|
||||
@@ -91,8 +81,7 @@ public class LoginUrlAuthenticationEntryPointTests {
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setLoginFormUrl("/hello");
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
|
||||
ep.setPortMapper(new PortMapperImpl());
|
||||
ep.setForceHttps(true);
|
||||
ep.setPortMapper(new PortMapperImpl());
|
||||
@@ -120,8 +109,7 @@ public class LoginUrlAuthenticationEntryPointTests {
|
||||
portMapper.setPortMappings(map);
|
||||
response = new MockHttpServletResponse();
|
||||
|
||||
ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setLoginFormUrl("/hello");
|
||||
ep = new LoginUrlAuthenticationEntryPoint("/hello");
|
||||
ep.setPortMapper(new PortMapperImpl());
|
||||
ep.setForceHttps(true);
|
||||
ep.setPortMapper(portMapper);
|
||||
@@ -143,8 +131,7 @@ public class LoginUrlAuthenticationEntryPointTests {
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setLoginFormUrl("/hello");
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
|
||||
ep.setPortMapper(new PortMapperImpl());
|
||||
ep.setForceHttps(true);
|
||||
ep.setPortMapper(new PortMapperImpl());
|
||||
@@ -163,8 +150,7 @@ public class LoginUrlAuthenticationEntryPointTests {
|
||||
|
||||
@Test
|
||||
public void testNormalOperation() throws Exception {
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setLoginFormUrl("/hello");
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
|
||||
ep.setPortMapper(new PortMapperImpl());
|
||||
ep.setPortResolver(new MockPortResolver(80, 443));
|
||||
ep.afterPropertiesSet();
|
||||
@@ -185,8 +171,7 @@ public class LoginUrlAuthenticationEntryPointTests {
|
||||
|
||||
@Test
|
||||
public void testOperationWhenHttpsRequestsButHttpsPortUnknown() throws Exception {
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setLoginFormUrl("/hello");
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
|
||||
ep.setPortResolver(new MockPortResolver(8888, 1234));
|
||||
ep.setForceHttps(true);
|
||||
ep.afterPropertiesSet();
|
||||
@@ -209,8 +194,7 @@ public class LoginUrlAuthenticationEntryPointTests {
|
||||
|
||||
@Test
|
||||
public void testServerSideRedirectWithoutForceHttpsForwardsToLoginPage() throws Exception {
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setLoginFormUrl("/hello");
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
|
||||
ep.setUseForward(true);
|
||||
ep.afterPropertiesSet();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
@@ -230,8 +214,7 @@ public class LoginUrlAuthenticationEntryPointTests {
|
||||
|
||||
@Test
|
||||
public void testServerSideRedirectWithForceHttpsRedirectsCurrentRequest() throws Exception {
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
ep.setLoginFormUrl("/hello");
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/hello");
|
||||
ep.setUseForward(true);
|
||||
ep.setForceHttps(true);
|
||||
ep.afterPropertiesSet();
|
||||
@@ -253,9 +236,8 @@ public class LoginUrlAuthenticationEntryPointTests {
|
||||
// SEC-1498
|
||||
@Test
|
||||
public void absoluteLoginFormUrlIsSupported() throws Exception {
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
final String loginFormUrl = "http://somesite.com/login";
|
||||
ep.setLoginFormUrl(loginFormUrl);
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint(loginFormUrl);
|
||||
ep.afterPropertiesSet();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
ep.commence(new MockHttpServletRequest("GET", "/someUrl"), response, null);
|
||||
@@ -264,9 +246,8 @@ public class LoginUrlAuthenticationEntryPointTests {
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void absoluteLoginFormUrlCantBeUsedWithForwarding() throws Exception {
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint();
|
||||
final String loginFormUrl = "http://somesite.com/login";
|
||||
ep.setLoginFormUrl(loginFormUrl);
|
||||
LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("http://somesite.com/login");
|
||||
ep.setUseForward(true);
|
||||
ep.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@@ -49,7 +49,6 @@ public class UsernamePasswordAuthenticationFilterTests extends TestCase {
|
||||
request.addParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY, "koala");
|
||||
|
||||
UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
|
||||
assertEquals("/j_spring_security_check", filter.getFilterProcessesUrl());
|
||||
filter.setAuthenticationManager(createAuthenticationManager());
|
||||
// filter.init(null);
|
||||
|
||||
|
||||
@@ -6,6 +6,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.web.authentication.logout.LogoutFilter;
|
||||
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
|
||||
import org.springframework.security.web.firewall.DefaultHttpFirewall;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
@@ -21,9 +22,12 @@ public class LogoutHandlerTests extends TestCase {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
request.setRequestURI("/j_spring_security_logout;someparam=blah?otherparam=blah");
|
||||
request.setRequestURI("/context/j_spring_security_logout;someparam=blah?param=blah");
|
||||
request.setServletPath("/j_spring_security_logout;someparam=blah");
|
||||
request.setQueryString("otherparam=blah");
|
||||
|
||||
assertTrue(filter.requiresLogout(request, response));
|
||||
DefaultHttpFirewall fw = new DefaultHttpFirewall();
|
||||
assertTrue(filter.requiresLogout(fw.getFirewalledRequest(request), response));
|
||||
}
|
||||
|
||||
public void testRequiresLogoutUrlWorksWithQueryParams() {
|
||||
@@ -31,7 +35,9 @@ public class LogoutHandlerTests extends TestCase {
|
||||
request.setContextPath("/context");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
request.setServletPath("/j_spring_security_logout");
|
||||
request.setRequestURI("/context/j_spring_security_logout?param=blah");
|
||||
request.setQueryString("otherparam=blah");
|
||||
|
||||
assertTrue(filter.requiresLogout(request, response));
|
||||
}
|
||||
|
||||
@@ -1,68 +0,0 @@
|
||||
package org.springframework.security.web.authentication.preauth.websphere;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.junit.After;
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsChecker;
|
||||
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @since 3.0
|
||||
*/
|
||||
public class WebSphere2SpringSecurityPropagationInterceptorTests {
|
||||
|
||||
@After
|
||||
public void clearContext() {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
/** SEC-1078 */
|
||||
@SuppressWarnings("unchecked")
|
||||
@Test
|
||||
public void createdAuthenticationTokenIsAcceptableToPreauthProvider () throws Throwable {
|
||||
WASUsernameAndGroupsExtractor helper = mock(WASUsernameAndGroupsExtractor.class);
|
||||
when(helper.getCurrentUserName()).thenReturn("joe");
|
||||
WebSphere2SpringSecurityPropagationInterceptor interceptor =
|
||||
new WebSphere2SpringSecurityPropagationInterceptor(helper);
|
||||
|
||||
final SecurityContext context = new SecurityContextImpl();
|
||||
|
||||
interceptor.setAuthenticationManager(new AuthenticationManager() {
|
||||
public Authentication authenticate(Authentication authentication) {
|
||||
// Store the auth object
|
||||
context.setAuthentication(authentication);
|
||||
return null;
|
||||
}
|
||||
});
|
||||
interceptor.setAuthenticationDetailsSource(mock(AuthenticationDetailsSource.class));
|
||||
interceptor.invoke(mock(MethodInvocation.class));
|
||||
|
||||
PreAuthenticatedAuthenticationProvider provider = new PreAuthenticatedAuthenticationProvider();
|
||||
AuthenticationUserDetailsService uds = mock(AuthenticationUserDetailsService.class);
|
||||
UserDetails user = mock(UserDetails.class);
|
||||
List authorities = AuthorityUtils.createAuthorityList("SOME_ROLE");
|
||||
when(user.getAuthorities()).thenReturn(authorities);
|
||||
when(uds.loadUserDetails(any(Authentication.class))).thenReturn(user);
|
||||
provider.setPreAuthenticatedUserDetailsService(uds);
|
||||
provider.setUserDetailsChecker(mock(UserDetailsChecker.class));
|
||||
|
||||
assertNotNull(provider.authenticate(context.getAuthentication()));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -13,8 +13,10 @@ import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.powermock.core.classloader.annotations.PrepareForTest;
|
||||
import org.powermock.core.classloader.annotations.PrepareOnlyThisForTest;
|
||||
import org.powermock.modules.junit4.PowerMockRunner;
|
||||
@@ -42,17 +44,23 @@ import org.springframework.util.StringUtils;
|
||||
public class AbstractRememberMeServicesTests {
|
||||
static User joe = new User("joe", "password", true, true,true,true, AuthorityUtils.createAuthorityList("ROLE_A"));
|
||||
|
||||
MockUserDetailsService uds;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
uds = new MockUserDetailsService(joe, false);
|
||||
}
|
||||
|
||||
@Test(expected = InvalidCookieException.class)
|
||||
public void nonBase64CookieShouldBeDetected() {
|
||||
new MockRememberMeServices().decodeCookie("nonBase64CookieValue%");
|
||||
new MockRememberMeServices(uds).decodeCookie("nonBase64CookieValue%");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void setAndGetAreConsistent() throws Exception {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
assertNotNull(services.getCookieName());
|
||||
assertNotNull(services.getParameter());
|
||||
services.setKey("xxxx");
|
||||
assertEquals("xxxx", services.getKey());
|
||||
services.setParameter("rm");
|
||||
assertEquals("rm", services.getParameter());
|
||||
@@ -60,8 +68,6 @@ public class AbstractRememberMeServicesTests {
|
||||
assertEquals("kookie", services.getCookieName());
|
||||
services.setTokenValiditySeconds(600);
|
||||
assertEquals(600, services.getTokenValiditySeconds());
|
||||
UserDetailsService uds = mock(UserDetailsService.class);
|
||||
services.setUserDetailsService(uds);
|
||||
assertSame(uds, services.getUserDetailsService());
|
||||
AuthenticationDetailsSource ads = mock(AuthenticationDetailsSource.class);
|
||||
services.setAuthenticationDetailsSource(ads);
|
||||
@@ -72,7 +78,7 @@ public class AbstractRememberMeServicesTests {
|
||||
@Test
|
||||
public void cookieShouldBeCorrectlyEncodedAndDecoded() throws Exception {
|
||||
String[] cookie = new String[] {"name", "cookie", "tokens", "blah"};
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
|
||||
String encoded = services.encodeCookie(cookie);
|
||||
// '=' aren't allowed in version 0 cookies.
|
||||
@@ -89,7 +95,7 @@ public class AbstractRememberMeServicesTests {
|
||||
@Test
|
||||
public void cookieWithOpenIDidentifierAsNameIsEncodedAndDecoded() throws Exception {
|
||||
String[] cookie = new String[] {"http://id.openid.zz", "cookie", "tokens", "blah"};
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
|
||||
String[] decoded = services.decodeCookie(services.encodeCookie(cookie));
|
||||
assertEquals(4, decoded.length);
|
||||
@@ -104,7 +110,7 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void autoLoginShouldReturnNullIfNoLoginCookieIsPresented() {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
@@ -123,8 +129,7 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void successfulAutoLoginReturnsExpectedAuthentication() throws Exception {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
services.setUserDetailsService(new MockUserDetailsService(joe, false));
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
services.afterPropertiesSet();
|
||||
assertNotNull(services.getUserDetailsService());
|
||||
|
||||
@@ -140,7 +145,7 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void autoLoginShouldFailIfCookieIsNotBase64() throws Exception {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
@@ -152,7 +157,7 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void autoLoginShouldFailIfCookieIsEmpty() throws Exception {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
@@ -164,8 +169,7 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void autoLoginShouldFailIfInvalidCookieExceptionIsRaised() {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
// services.setUserDetailsService(new MockUserDetailsService(joe, true));
|
||||
MockRememberMeServices services = new MockRememberMeServices(new MockUserDetailsService(joe, true));
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
// Wrong number of tokens
|
||||
@@ -181,8 +185,8 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void autoLoginShouldFailIfUserNotFound() {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
services.setUserDetailsService(new MockUserDetailsService(joe, true));
|
||||
uds.setThrowException(true);
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setCookies(createLoginCookie("cookie:1:2"));
|
||||
@@ -197,10 +201,9 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void autoLoginShouldFailIfUserAccountIsLocked() {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
services.setUserDetailsChecker(new AccountStatusUserDetailsChecker());
|
||||
User joeLocked = new User("joe", "password",false,true,true,true,joe.getAuthorities());
|
||||
services.setUserDetailsService(new MockUserDetailsService(joeLocked, false));
|
||||
uds.toReturn = new User("joe", "password",false,true,true,true,joe.getAuthorities());
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setCookies(createLoginCookie("cookie:1:2"));
|
||||
@@ -215,8 +218,8 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void loginFailShouldCancelCookie() {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
services.setUserDetailsService(new MockUserDetailsService(joe, true));
|
||||
uds.setThrowException(true);
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setContextPath("contextpath");
|
||||
@@ -230,7 +233,7 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void logoutShouldCancelCookie() throws Exception {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setContextPath("contextpath");
|
||||
request.setCookies(createLoginCookie("cookie:1:2"));
|
||||
@@ -247,13 +250,12 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test(expected = CookieTheftException.class)
|
||||
public void cookieTheftExceptionShouldBeRethrown() {
|
||||
MockRememberMeServices services = new MockRememberMeServices() {
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds) {
|
||||
protected UserDetails processAutoLoginCookie(String[] cookieTokens, HttpServletRequest request, HttpServletResponse response) {
|
||||
throw new CookieTheftException("Pretending cookie was stolen");
|
||||
}
|
||||
};
|
||||
|
||||
services.setUserDetailsService(new MockUserDetailsService(joe, false));
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
request.setCookies(createLoginCookie("cookie:1:2"));
|
||||
@@ -264,25 +266,24 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void loginSuccessCallsOnLoginSuccessCorrectly() {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
Authentication auth = new UsernamePasswordAuthenticationToken("joe","password");
|
||||
|
||||
// No parameter set
|
||||
services = new MockRememberMeServices();
|
||||
services.loginSuccess(request, response, auth);
|
||||
assertFalse(services.loginSuccessCalled);
|
||||
|
||||
// Parameter set to true
|
||||
services = new MockRememberMeServices();
|
||||
services = new MockRememberMeServices(uds);
|
||||
request.setParameter(MockRememberMeServices.DEFAULT_PARAMETER, "true");
|
||||
services.loginSuccess(request, response, auth);
|
||||
assertTrue(services.loginSuccessCalled);
|
||||
|
||||
// Different parameter name, set to true
|
||||
services = new MockRememberMeServices();
|
||||
services = new MockRememberMeServices(uds);
|
||||
services.setParameter("my_parameter");
|
||||
request.setParameter("my_parameter", "true");
|
||||
services.loginSuccess(request, response, auth);
|
||||
@@ -290,13 +291,13 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
|
||||
// Parameter set to false
|
||||
services = new MockRememberMeServices();
|
||||
services = new MockRememberMeServices(uds);
|
||||
request.setParameter(MockRememberMeServices.DEFAULT_PARAMETER, "false");
|
||||
services.loginSuccess(request, response, auth);
|
||||
assertFalse(services.loginSuccessCalled);
|
||||
|
||||
// alwaysRemember set to true
|
||||
services = new MockRememberMeServices();
|
||||
services = new MockRememberMeServices(uds);
|
||||
services.setAlwaysRemember(true);
|
||||
services.loginSuccess(request, response, auth);
|
||||
assertTrue(services.loginSuccessCalled);
|
||||
@@ -307,7 +308,7 @@ public class AbstractRememberMeServicesTests {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
request.setContextPath("contextpath");
|
||||
MockRememberMeServices services = new MockRememberMeServices() {
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds) {
|
||||
protected String encodeCookie(String[] cookieTokens) {
|
||||
return cookieTokens[0];
|
||||
}
|
||||
@@ -329,7 +330,7 @@ public class AbstractRememberMeServicesTests {
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
request.setContextPath("contextpath");
|
||||
|
||||
MockRememberMeServices services = new MockRememberMeServices() {
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds) {
|
||||
protected String encodeCookie(String[] cookieTokens) {
|
||||
return cookieTokens[0];
|
||||
}
|
||||
@@ -345,7 +346,7 @@ public class AbstractRememberMeServicesTests {
|
||||
spy(ReflectionUtils.class);
|
||||
when(ReflectionUtils.findMethod(Cookie.class,"setHttpOnly", boolean.class)).thenReturn(null);
|
||||
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
assertNull(ReflectionTestUtils.getField(services, "setHttpOnlyMethod"));
|
||||
|
||||
services = new MockRememberMeServices("key",new MockUserDetailsService(joe, false));
|
||||
@@ -353,7 +354,7 @@ public class AbstractRememberMeServicesTests {
|
||||
}
|
||||
|
||||
private Cookie[] createLoginCookie(String cookieToken) {
|
||||
MockRememberMeServices services = new MockRememberMeServices();
|
||||
MockRememberMeServices services = new MockRememberMeServices(uds);
|
||||
Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY,
|
||||
services.encodeCookie(StringUtils.delimitedListToStringArray(cookieToken, ":")));
|
||||
|
||||
@@ -372,11 +373,15 @@ public class AbstractRememberMeServicesTests {
|
||||
boolean loginSuccessCalled;
|
||||
|
||||
MockRememberMeServices(String key, UserDetailsService userDetailsService) {
|
||||
super(key,userDetailsService);
|
||||
super(key, userDetailsService);
|
||||
}
|
||||
|
||||
MockRememberMeServices(UserDetailsService userDetailsService) {
|
||||
super("xxxx", userDetailsService);
|
||||
}
|
||||
|
||||
MockRememberMeServices() {
|
||||
setKey("key");
|
||||
this(new MockUserDetailsService(null,false));
|
||||
}
|
||||
|
||||
protected void onLoginSuccess(HttpServletRequest request, HttpServletResponse response, Authentication successfulAuthentication) {
|
||||
@@ -398,6 +403,10 @@ public class AbstractRememberMeServicesTests {
|
||||
private UserDetails toReturn;
|
||||
private boolean throwException;
|
||||
|
||||
public MockUserDetailsService() {
|
||||
this(null, false);
|
||||
}
|
||||
|
||||
public MockUserDetailsService(UserDetails toReturn, boolean throwException) {
|
||||
this.toReturn = toReturn;
|
||||
this.throwException = throwException;
|
||||
@@ -410,5 +419,9 @@ public class AbstractRememberMeServicesTests {
|
||||
|
||||
return toReturn;
|
||||
}
|
||||
|
||||
public void setThrowException(boolean value) {
|
||||
this.throwException = value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,6 +3,7 @@ package org.springframework.security.web.authentication.rememberme;
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
|
||||
@@ -18,6 +19,7 @@ import org.springframework.security.web.authentication.rememberme.PersistentReme
|
||||
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
|
||||
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;
|
||||
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServicesTests.*;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
@@ -25,6 +27,8 @@ import org.springframework.security.web.authentication.rememberme.RememberMeAuth
|
||||
public class PersistentTokenBasedRememberMeServicesTests {
|
||||
private PersistentTokenBasedRememberMeServices services;
|
||||
|
||||
private MockTokenRepository repo;
|
||||
|
||||
@Before
|
||||
public void setUpData() throws Exception {
|
||||
services = new PersistentTokenBasedRememberMeServices("key",
|
||||
@@ -44,22 +48,15 @@ public class PersistentTokenBasedRememberMeServicesTests {
|
||||
|
||||
@Test(expected = RememberMeAuthenticationException.class)
|
||||
public void loginIsRejectedWhenNoTokenMatchingSeriesIsFound() {
|
||||
services.setTokenRepository(new MockTokenRepository(null));
|
||||
services = create(null);
|
||||
services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse());
|
||||
}
|
||||
|
||||
@Test(expected = RememberMeAuthenticationException.class)
|
||||
public void loginIsRejectedWhenTokenIsExpired() {
|
||||
MockTokenRepository repo =
|
||||
new MockTokenRepository(new PersistentRememberMeToken("joe", "series","token", new Date()));
|
||||
services.setTokenRepository(repo);
|
||||
services = create(new PersistentRememberMeToken("joe", "series","token", new Date(System.currentTimeMillis() - TimeUnit.SECONDS.toMillis(1) - 100)));
|
||||
services.setTokenValiditySeconds(1);
|
||||
try {
|
||||
Thread.sleep(1100);
|
||||
} catch (InterruptedException e) {
|
||||
}
|
||||
services.setTokenRepository(repo);
|
||||
|
||||
services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse());
|
||||
@@ -67,17 +64,14 @@ public class PersistentTokenBasedRememberMeServicesTests {
|
||||
|
||||
@Test(expected = CookieTheftException.class)
|
||||
public void cookieTheftIsDetectedWhenSeriesAndTokenDontMatch() {
|
||||
PersistentRememberMeToken token = new PersistentRememberMeToken("joe", "series","wrongtoken", new Date());
|
||||
services.setTokenRepository(new MockTokenRepository(token));
|
||||
services = create(new PersistentRememberMeToken("joe", "series","wrongtoken", new Date()));
|
||||
services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(),
|
||||
new MockHttpServletResponse());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void successfulAutoLoginCreatesNewTokenAndCookieWithSameSeries() {
|
||||
MockTokenRepository repo =
|
||||
new MockTokenRepository(new PersistentRememberMeToken("joe", "series","token", new Date()));
|
||||
services.setTokenRepository(repo);
|
||||
services = create(new PersistentRememberMeToken("joe", "series","token", new Date()));
|
||||
// 12 => b64 length will be 16
|
||||
services.setTokenLength(12);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
@@ -91,9 +85,8 @@ public class PersistentTokenBasedRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void loginSuccessCreatesNewTokenAndCookieWithNewSeries() {
|
||||
services = create(null);
|
||||
services.setAlwaysRemember(true);
|
||||
MockTokenRepository repo = new MockTokenRepository(null);
|
||||
services.setTokenRepository(repo);
|
||||
services.setTokenLength(12);
|
||||
services.setSeriesLength(12);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
@@ -114,9 +107,7 @@ public class PersistentTokenBasedRememberMeServicesTests {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setCookies(cookie);
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockTokenRepository repo =
|
||||
new MockTokenRepository(new PersistentRememberMeToken("joe", "series","token", new Date()));
|
||||
services.setTokenRepository(repo);
|
||||
services = create(new PersistentRememberMeToken("joe", "series","token", new Date()));
|
||||
services.logout(request, response, new TestingAuthenticationToken("joe","somepass","SOME_AUTH"));
|
||||
Cookie returnedCookie = response.getCookie("mycookiename");
|
||||
assertNotNull(returnedCookie);
|
||||
@@ -126,6 +117,16 @@ public class PersistentTokenBasedRememberMeServicesTests {
|
||||
services.logout(request, response, null);
|
||||
}
|
||||
|
||||
private PersistentTokenBasedRememberMeServices create(PersistentRememberMeToken token) {
|
||||
repo = new MockTokenRepository(token);
|
||||
PersistentTokenBasedRememberMeServices services = new PersistentTokenBasedRememberMeServices("key",
|
||||
new AbstractRememberMeServicesTests.MockUserDetailsService(AbstractRememberMeServicesTests.joe, false),
|
||||
repo);
|
||||
|
||||
services.setCookieName("mycookiename");
|
||||
return services;
|
||||
}
|
||||
|
||||
private class MockTokenRepository implements PersistentTokenRepository {
|
||||
private PersistentRememberMeToken storedToken;
|
||||
|
||||
|
||||
@@ -60,33 +60,12 @@ public class RememberMeAuthenticationFilterTests {
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void testDetectsAuthenticationManagerProperty() {
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter();
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
filter.setRememberMeServices(new NullRememberMeServices());
|
||||
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
filter.setAuthenticationManager(null);
|
||||
|
||||
filter.afterPropertiesSet();
|
||||
new RememberMeAuthenticationFilter(null, new NullRememberMeServices());
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void testDetectsRememberMeServicesProperty() {
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter();
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
|
||||
// check default is NullRememberMeServices
|
||||
// assertEquals(NullRememberMeServices.class, filter.getRememberMeServices().getClass());
|
||||
|
||||
// check getter/setter
|
||||
filter.setRememberMeServices(new TokenBasedRememberMeServices());
|
||||
assertEquals(TokenBasedRememberMeServices.class, filter.getRememberMeServices().getClass());
|
||||
|
||||
// check detects if made null
|
||||
filter.setRememberMeServices(null);
|
||||
|
||||
filter.afterPropertiesSet();
|
||||
new RememberMeAuthenticationFilter(mock(AuthenticationManager.class), null);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -96,9 +75,7 @@ public class RememberMeAuthenticationFilterTests {
|
||||
SecurityContextHolder.getContext().setAuthentication(originalAuth);
|
||||
|
||||
// Setup our filter correctly
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter();
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
filter.setRememberMeServices(new MockRememberMeServices(remembered));
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(mock(AuthenticationManager.class), new MockRememberMeServices(remembered));
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
// Test
|
||||
@@ -114,12 +91,10 @@ public class RememberMeAuthenticationFilterTests {
|
||||
|
||||
@Test
|
||||
public void testOperationWhenNoAuthenticationInContextHolder() throws Exception {
|
||||
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter();
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(remembered)).thenReturn(remembered);
|
||||
filter.setAuthenticationManager(am);
|
||||
filter.setRememberMeServices(new MockRememberMeServices(remembered));
|
||||
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am, new MockRememberMeServices(remembered));
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
@@ -135,17 +110,16 @@ public class RememberMeAuthenticationFilterTests {
|
||||
@Test
|
||||
public void onUnsuccessfulLoginIsCalledWhenProviderRejectsAuth() throws Exception {
|
||||
final Authentication failedAuth = new TestingAuthenticationToken("failed", "");
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
|
||||
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter() {
|
||||
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am, new MockRememberMeServices(remembered)) {
|
||||
protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) {
|
||||
super.onUnsuccessfulAuthentication(request, response, failed);
|
||||
SecurityContextHolder.getContext().setAuthentication(failedAuth);
|
||||
}
|
||||
};
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
|
||||
filter.setAuthenticationManager(am);
|
||||
filter.setRememberMeServices(new MockRememberMeServices(remembered));
|
||||
filter.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
@@ -160,11 +134,9 @@ public class RememberMeAuthenticationFilterTests {
|
||||
|
||||
@Test
|
||||
public void authenticationSuccessHandlerIsInvokedOnSuccessfulAuthenticationIfSet() throws Exception {
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter();
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
when(am.authenticate(remembered)).thenReturn(remembered);
|
||||
filter.setAuthenticationManager(am);
|
||||
filter.setRememberMeServices(new MockRememberMeServices(remembered));
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am, new MockRememberMeServices(remembered));
|
||||
filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/target"));
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
@@ -53,10 +53,8 @@ public class TokenBasedRememberMeServicesTests {
|
||||
|
||||
@Before
|
||||
public void createTokenBasedRememberMeServices() {
|
||||
services = new TokenBasedRememberMeServices();
|
||||
uds = mock(UserDetailsService.class);
|
||||
services.setKey("key");
|
||||
services.setUserDetailsService(uds);
|
||||
services = new TokenBasedRememberMeServices("key",uds);
|
||||
}
|
||||
|
||||
void udsWillReturnUser() {
|
||||
@@ -227,8 +225,7 @@ public class TokenBasedRememberMeServicesTests {
|
||||
public void testGettersSetters() {
|
||||
assertEquals(uds, services.getUserDetailsService());
|
||||
|
||||
services.setKey("d");
|
||||
assertEquals("d", services.getKey());
|
||||
assertEquals("key", services.getKey());
|
||||
|
||||
assertEquals(DEFAULT_PARAMETER, services.getParameter());
|
||||
services.setParameter("some_param");
|
||||
@@ -251,7 +248,7 @@ public class TokenBasedRememberMeServicesTests {
|
||||
|
||||
@Test
|
||||
public void loginSuccessIgnoredIfParameterNotSetOrFalse() {
|
||||
TokenBasedRememberMeServices services = new TokenBasedRememberMeServices();
|
||||
TokenBasedRememberMeServices services = new TokenBasedRememberMeServices("key",new AbstractRememberMeServicesTests.MockUserDetailsService(null, false));
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addParameter(DEFAULT_PARAMETER, "false");
|
||||
|
||||
|
||||
@@ -1,116 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.authentication.session;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.AdditionalMatchers.not;
|
||||
import static org.mockito.Matchers.anyObject;
|
||||
import static org.mockito.Matchers.anyString;
|
||||
import static org.mockito.Matchers.eq;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.runners.MockitoJUnitRunner;
|
||||
import org.springframework.context.ApplicationEvent;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.session.SessionRegistry;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class ConcurrentSessionControlStrategyTests {
|
||||
@Mock
|
||||
private SessionRegistry sessionRegistry;
|
||||
@Mock
|
||||
private Authentication authentication;
|
||||
|
||||
private MockHttpServletRequest request;
|
||||
private MockHttpServletResponse response;
|
||||
|
||||
private ConcurrentSessionControlStrategy strategy;
|
||||
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
request = new MockHttpServletRequest();
|
||||
response = new MockHttpServletResponse();
|
||||
|
||||
strategy = new ConcurrentSessionControlStrategy(sessionRegistry);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onAuthenticationNewSession() {
|
||||
strategy.onAuthentication(authentication, request, response);
|
||||
|
||||
verify(sessionRegistry,times(0)).removeSessionInformation(anyString());
|
||||
verify(sessionRegistry).registerNewSession(anyString(), anyObject());
|
||||
}
|
||||
|
||||
// SEC-1875
|
||||
@Test
|
||||
public void onAuthenticationChangeSession() {
|
||||
String originalSessionId = request.getSession().getId();
|
||||
|
||||
strategy.onAuthentication(authentication, request, response);
|
||||
|
||||
verify(sessionRegistry,times(0)).removeSessionInformation(anyString());
|
||||
verify(sessionRegistry).registerNewSession(not(eq(originalSessionId)), anyObject());
|
||||
}
|
||||
|
||||
// SEC-2002
|
||||
@Test
|
||||
public void onAuthenticationChangeSessionWithEventPublisher() {
|
||||
String originalSessionId = request.getSession().getId();
|
||||
|
||||
ApplicationEventPublisher eventPublisher = mock(ApplicationEventPublisher.class);
|
||||
strategy.setApplicationEventPublisher(eventPublisher);
|
||||
|
||||
strategy.onAuthentication(authentication, request, response);
|
||||
|
||||
verify(sessionRegistry,times(0)).removeSessionInformation(anyString());
|
||||
verify(sessionRegistry).registerNewSession(not(eq(originalSessionId)), anyObject());
|
||||
|
||||
ArgumentCaptor<ApplicationEvent> eventArgumentCaptor = ArgumentCaptor.forClass(ApplicationEvent.class);
|
||||
verify(eventPublisher).publishEvent(eventArgumentCaptor.capture());
|
||||
|
||||
assertNotNull(eventArgumentCaptor.getValue());
|
||||
assertTrue(eventArgumentCaptor.getValue() instanceof SessionFixationProtectionEvent);
|
||||
SessionFixationProtectionEvent event = (SessionFixationProtectionEvent)eventArgumentCaptor.getValue();
|
||||
assertEquals(originalSessionId, event.getOldSessionId());
|
||||
assertEquals(request.getSession().getId(), event.getNewSessionId());
|
||||
assertSame(authentication, event.getAuthentication());
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void setApplicationEventPublisherForbidsNulls() {
|
||||
strategy.setApplicationEventPublisher(null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onAuthenticationNoExceptionWhenRequireApplicationEventPublisherSet() {
|
||||
strategy.onAuthentication(authentication, request, response);
|
||||
}
|
||||
}
|
||||
@@ -67,9 +67,7 @@ public class BasicAuthenticationFilterTests {
|
||||
when(manager.authenticate(rodRequest)).thenReturn(rod);
|
||||
when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));
|
||||
|
||||
filter = new BasicAuthenticationFilter();
|
||||
filter.setAuthenticationManager(manager);
|
||||
filter.setAuthenticationEntryPoint(new BasicAuthenticationEntryPoint());
|
||||
filter = new BasicAuthenticationFilter(manager,new BasicAuthenticationEntryPoint());
|
||||
}
|
||||
|
||||
@After
|
||||
@@ -95,11 +93,7 @@ public class BasicAuthenticationFilterTests {
|
||||
|
||||
@Test
|
||||
public void testGettersSetters() {
|
||||
BasicAuthenticationFilter filter = new BasicAuthenticationFilter();
|
||||
filter.setAuthenticationManager(manager);
|
||||
assertThat(filter.getAuthenticationManager()).isNotNull();
|
||||
|
||||
filter.setAuthenticationEntryPoint(mock(AuthenticationEntryPoint.class));
|
||||
assertThat(filter.getAuthenticationEntryPoint()).isNotNull();
|
||||
}
|
||||
|
||||
@@ -168,16 +162,12 @@ public class BasicAuthenticationFilterTests {
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception {
|
||||
BasicAuthenticationFilter filter = new BasicAuthenticationFilter();
|
||||
filter.setAuthenticationManager(manager);
|
||||
filter.afterPropertiesSet();
|
||||
new BasicAuthenticationFilter(manager, null);
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testStartupDetectsMissingAuthenticationManager() throws Exception {
|
||||
BasicAuthenticationFilter filter = new BasicAuthenticationFilter();
|
||||
filter.setAuthenticationEntryPoint(mock(AuthenticationEntryPoint.class));
|
||||
filter.afterPropertiesSet();
|
||||
BasicAuthenticationFilter filter = new BasicAuthenticationFilter(null);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -225,7 +215,7 @@ public class BasicAuthenticationFilterTests {
|
||||
request.setServletPath("/some_file.html");
|
||||
request.setSession(new MockHttpSession());
|
||||
|
||||
filter.setIgnoreFailure(true);
|
||||
filter = new BasicAuthenticationFilter(manager);
|
||||
assertThat(filter.isIgnoreFailure()).isTrue();
|
||||
FilterChain chain = mock(FilterChain.class);
|
||||
filter.doFilter(request, new MockHttpServletResponse(), chain);
|
||||
|
||||
@@ -51,16 +51,14 @@ public class ConcurrentSessionFilterTests {
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
// Setup our test fixture and registry to want this session to be expired
|
||||
ConcurrentSessionFilter filter = new ConcurrentSessionFilter();
|
||||
filter.setRedirectStrategy(new DefaultRedirectStrategy());
|
||||
filter.setLogoutHandlers(new LogoutHandler[] {new SecurityContextLogoutHandler()});
|
||||
|
||||
SessionRegistry registry = new SessionRegistryImpl();
|
||||
registry.registerNewSession(session.getId(), "principal");
|
||||
registry.getSessionInformation(session.getId()).expireNow();
|
||||
filter.setSessionRegistry(registry);
|
||||
filter.setExpiredUrl("/expired.jsp");
|
||||
|
||||
// Setup our test fixture and registry to want this session to be expired
|
||||
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry,"/expired.jsp");
|
||||
filter.setRedirectStrategy(new DefaultRedirectStrategy());
|
||||
filter.setLogoutHandlers(new LogoutHandler[]{new SecurityContextLogoutHandler()});
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
FilterChain fc = mock(FilterChain.class);
|
||||
@@ -80,11 +78,10 @@ public class ConcurrentSessionFilterTests {
|
||||
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
ConcurrentSessionFilter filter = new ConcurrentSessionFilter();
|
||||
SessionRegistry registry = new SessionRegistryImpl();
|
||||
registry.registerNewSession(session.getId(), "principal");
|
||||
registry.getSessionInformation(session.getId()).expireNow();
|
||||
filter.setSessionRegistry(registry);
|
||||
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
|
||||
|
||||
FilterChain fc = mock(FilterChain.class);
|
||||
filter.doFilter(request, response, fc);
|
||||
@@ -96,15 +93,12 @@ public class ConcurrentSessionFilterTests {
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void detectsMissingSessionRegistry() throws Exception {
|
||||
ConcurrentSessionFilter filter = new ConcurrentSessionFilter();
|
||||
filter.afterPropertiesSet();
|
||||
new ConcurrentSessionFilter(null);
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void detectsInvalidUrl() throws Exception {
|
||||
ConcurrentSessionFilter filter = new ConcurrentSessionFilter();
|
||||
filter.setExpiredUrl("ImNotValid");
|
||||
filter.afterPropertiesSet();
|
||||
new ConcurrentSessionFilter(new SessionRegistryImpl(), "ImNotValid");
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -118,13 +112,11 @@ public class ConcurrentSessionFilterTests {
|
||||
FilterChain fc = mock(FilterChain.class);
|
||||
|
||||
// Setup our test fixture
|
||||
ConcurrentSessionFilter filter = new ConcurrentSessionFilter();
|
||||
SessionRegistry registry = new SessionRegistryImpl();
|
||||
registry.registerNewSession(session.getId(), "principal");
|
||||
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, "/expired.jsp");
|
||||
|
||||
Date lastRequest = registry.getSessionInformation(session.getId()).getLastRequest();
|
||||
filter.setSessionRegistry(registry);
|
||||
filter.setExpiredUrl("/expired.jsp");
|
||||
|
||||
Thread.sleep(1000);
|
||||
|
||||
|
||||
@@ -61,14 +61,13 @@ public class SecurityContextPersistenceFilterTests {
|
||||
public void loadedContextContextIsCopiedToSecurityContextHolderAndUpdatedContextIsStored() throws Exception {
|
||||
final MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
final MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter();
|
||||
final TestingAuthenticationToken beforeAuth = new TestingAuthenticationToken("someoneelse", "passwd", "ROLE_B");
|
||||
final SecurityContext scBefore = new SecurityContextImpl();
|
||||
final SecurityContext scExpectedAfter = new SecurityContextImpl();
|
||||
scExpectedAfter.setAuthentication(testToken);
|
||||
scBefore.setAuthentication(beforeAuth);
|
||||
final SecurityContextRepository repo = mock(SecurityContextRepository.class);
|
||||
filter.setSecurityContextRepository(repo);
|
||||
SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo);
|
||||
|
||||
when(repo.loadContext(any(HttpRequestResponseHolder.class))).thenReturn(scBefore);
|
||||
|
||||
@@ -90,8 +89,7 @@ public class SecurityContextPersistenceFilterTests {
|
||||
final FilterChain chain = mock(FilterChain.class);
|
||||
final MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
final MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter();
|
||||
filter.setSecurityContextRepository(mock(SecurityContextRepository.class));
|
||||
SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(mock(SecurityContextRepository.class));
|
||||
|
||||
request.setAttribute(SecurityContextPersistenceFilter.FILTER_APPLIED, Boolean.TRUE);
|
||||
filter.doFilter(request, response, chain);
|
||||
@@ -114,9 +112,8 @@ public class SecurityContextPersistenceFilterTests {
|
||||
final FilterChain chain = mock(FilterChain.class);
|
||||
final MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
final MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter();
|
||||
SecurityContextRepository repo = new NullSecurityContextRepository();
|
||||
filter.setSecurityContextRepository(repo);
|
||||
SecurityContextPersistenceFilter filter = new SecurityContextPersistenceFilter(repo);
|
||||
filter.doFilter(request, response, chain);
|
||||
assertFalse(repo.containsContext(request));
|
||||
assertNull(request.getSession(false));
|
||||
|
||||
@@ -66,8 +66,7 @@ public class SessionManagementFilterTests {
|
||||
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
|
||||
// mock that repo contains a security context
|
||||
when(repo.containsContext(any(HttpServletRequest.class))).thenReturn(true);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo);
|
||||
filter.setSessionAuthenticationStrategy(strategy);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo,strategy);
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
authenticateUser();
|
||||
|
||||
@@ -80,8 +79,7 @@ public class SessionManagementFilterTests {
|
||||
public void strategyIsNotInvokedIfAuthenticationIsNull() throws Exception {
|
||||
SecurityContextRepository repo = mock(SecurityContextRepository.class);
|
||||
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo);
|
||||
filter.setSessionAuthenticationStrategy(strategy);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo,strategy);
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
|
||||
@@ -94,8 +92,7 @@ public class SessionManagementFilterTests {
|
||||
SecurityContextRepository repo = mock(SecurityContextRepository.class);
|
||||
// repo will return false to containsContext()
|
||||
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo);
|
||||
filter.setSessionAuthenticationStrategy(strategy);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo,strategy);
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
authenticateUser();
|
||||
|
||||
@@ -114,9 +111,8 @@ public class SessionManagementFilterTests {
|
||||
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
|
||||
|
||||
AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo,strategy);
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
filter.setSessionAuthenticationStrategy(strategy);
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
HttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain fc = mock(FilterChain.class);
|
||||
@@ -135,8 +131,7 @@ public class SessionManagementFilterTests {
|
||||
SecurityContextRepository repo = mock(SecurityContextRepository.class);
|
||||
// repo will return false to containsContext()
|
||||
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo);
|
||||
filter.setSessionAuthenticationStrategy(strategy);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo,strategy);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRequestedSessionId("xxx");
|
||||
request.setRequestedSessionIdValid(false);
|
||||
|
||||
Reference in New Issue
Block a user