SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session
This commit is contained in:
@@ -13,15 +13,15 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.authentication;
|
||||
package org.springframework.security.web.concurrent;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.springframework.mock.web.MockFilterConfig;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.authentication.concurrent.SessionRegistry;
|
||||
import org.springframework.security.authentication.concurrent.SessionRegistryImpl;
|
||||
import org.springframework.security.core.session.SessionRegistry;
|
||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
||||
import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
@@ -21,7 +21,7 @@ public class DefaultSessionAuthenticationStrategyTests {
|
||||
|
||||
@Test
|
||||
public void newSessionShouldNotBeCreatedIfNoSessionExistsAndAlwaysCreateIsFalse() throws Exception {
|
||||
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
|
||||
SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
|
||||
@@ -31,7 +31,7 @@ public class DefaultSessionAuthenticationStrategyTests {
|
||||
|
||||
@Test
|
||||
public void newSessionIsCreatedIfSessionAlreadyExists() throws Exception {
|
||||
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
|
||||
SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
String sessionId = request.getSession().getId();
|
||||
|
||||
@@ -43,7 +43,7 @@ public class DefaultSessionAuthenticationStrategyTests {
|
||||
// See SEC-1077
|
||||
@Test
|
||||
public void onlySavedRequestAttributeIsMigratedIfMigrateAttributesIsFalse() throws Exception {
|
||||
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
|
||||
SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
|
||||
strategy.setMigrateSessionAttributes(false);
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
HttpSession session = request.getSession();
|
||||
@@ -58,7 +58,7 @@ public class DefaultSessionAuthenticationStrategyTests {
|
||||
|
||||
@Test
|
||||
public void sessionIsCreatedIfAlwaysCreateTrue() throws Exception {
|
||||
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
|
||||
SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
|
||||
strategy.setAlwaysCreateSession(true);
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
|
||||
|
||||
Reference in New Issue
Block a user