SEC-1229: Refactored authentication.concurrent in core, moving classes into core.session

This commit is contained in:
Luke Taylor
2009-10-05 15:51:00 +00:00
parent 2b89ebdfbb
commit acf13c74ca
23 changed files with 119 additions and 150 deletions

View File

@@ -13,15 +13,15 @@
* limitations under the License.
*/
package org.springframework.security.web.authentication;
package org.springframework.security.web.concurrent;
import junit.framework.TestCase;
import org.springframework.mock.web.MockFilterConfig;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.authentication.concurrent.SessionRegistry;
import org.springframework.security.authentication.concurrent.SessionRegistryImpl;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
import javax.servlet.Filter;

View File

@@ -21,7 +21,7 @@ public class DefaultSessionAuthenticationStrategyTests {
@Test
public void newSessionShouldNotBeCreatedIfNoSessionExistsAndAlwaysCreateIsFalse() throws Exception {
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
HttpServletRequest request = new MockHttpServletRequest();
strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
@@ -31,7 +31,7 @@ public class DefaultSessionAuthenticationStrategyTests {
@Test
public void newSessionIsCreatedIfSessionAlreadyExists() throws Exception {
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
HttpServletRequest request = new MockHttpServletRequest();
String sessionId = request.getSession().getId();
@@ -43,7 +43,7 @@ public class DefaultSessionAuthenticationStrategyTests {
// See SEC-1077
@Test
public void onlySavedRequestAttributeIsMigratedIfMigrateAttributesIsFalse() throws Exception {
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
strategy.setMigrateSessionAttributes(false);
HttpServletRequest request = new MockHttpServletRequest();
HttpSession session = request.getSession();
@@ -58,7 +58,7 @@ public class DefaultSessionAuthenticationStrategyTests {
@Test
public void sessionIsCreatedIfAlwaysCreateTrue() throws Exception {
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
strategy.setAlwaysCreateSession(true);
HttpServletRequest request = new MockHttpServletRequest();
strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());