SEC-2783: XML Configuration Defaults Should Match JavaConfig

* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
This commit is contained in:
Rob Winch
2014-12-05 09:52:29 -06:00
parent b56e5edbbd
commit c67ff42b8a
125 changed files with 8122 additions and 395 deletions

View File

@@ -103,10 +103,10 @@ public class AbstractAuthenticationProcessingFilterTests {
MockHttpServletRequest request = createMockAuthenticationRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockAuthenticationFilter filter = new MockAuthenticationFilter();
filter.setFilterProcessesUrl("/j_spring_security_check");
filter.setFilterProcessesUrl("/login");
DefaultHttpFirewall firewall = new DefaultHttpFirewall();
request.setServletPath("/j_spring_security_check;jsessionid=I8MIONOSTHOR");
request.setServletPath("/login;jsessionid=I8MIONOSTHOR");
// the firewall ensures that path parameters are ignored
HttpServletRequest firewallRequest = firewall.getFirewalledRequest(request);
@@ -211,7 +211,7 @@ public class AbstractAuthenticationProcessingFilterTests {
filter.setAuthenticationFailureHandler(failureHandler);
successHandler.setDefaultTargetUrl("/");
filter.setAuthenticationSuccessHandler(successHandler);
filter.setFilterProcessesUrl("/j_spring_security_check");
filter.setFilterProcessesUrl("/login");
try {
filter.afterPropertiesSet();

View File

@@ -30,15 +30,15 @@ public class DefaultLoginPageGeneratingFilterTests {
@Test
public void generatingPageWithAuthenticationProcessingFilterOnlyIsSuccessFul() throws Exception {
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationFilter());
filter.doFilter(new MockHttpServletRequest("GET", "/spring_security_login"), new MockHttpServletResponse(), chain);
filter.doFilter(new MockHttpServletRequest("GET", "/spring_security_login;pathparam=unused"), new MockHttpServletResponse(), chain);
filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), chain);
filter.doFilter(new MockHttpServletRequest("GET", "/login;pathparam=unused"), new MockHttpServletResponse(), chain);
}
@Test
public void generatingPageWithOpenIdFilterOnlyIsSuccessFul() throws Exception {
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new MockProcessingFilter());
filter.doFilter(new MockHttpServletRequest("GET", "/spring_security_login"), new MockHttpServletResponse(), chain);
filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), chain);
}
// Fake OpenID filter (since it's not in this module
@@ -62,7 +62,7 @@ public class DefaultLoginPageGeneratingFilterTests {
@Test
public void handlesNonIso8859CharsInErrorMessage() throws Exception {
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationFilter());
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/spring_security_login");
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
request.addParameter("login_error", "true");
MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
String message = messages.getMessage(

View File

@@ -22,8 +22,8 @@ public class LogoutHandlerTests extends TestCase {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
request.setRequestURI("/context/j_spring_security_logout;someparam=blah?param=blah");
request.setServletPath("/j_spring_security_logout;someparam=blah");
request.setRequestURI("/context/logout;someparam=blah?param=blah");
request.setServletPath("/logout;someparam=blah");
request.setQueryString("otherparam=blah");
DefaultHttpFirewall fw = new DefaultHttpFirewall();
@@ -35,8 +35,8 @@ public class LogoutHandlerTests extends TestCase {
request.setContextPath("/context");
MockHttpServletResponse response = new MockHttpServletResponse();
request.setServletPath("/j_spring_security_logout");
request.setRequestURI("/context/j_spring_security_logout?param=blah");
request.setServletPath("/logout");
request.setRequestURI("/context/logout?param=blah");
request.setQueryString("otherparam=blah");
assertTrue(filter.requiresLogout(request, response));

View File

@@ -67,7 +67,7 @@ public class SwitchUserFilterTests {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setScheme("http");
request.setServerName("localhost");
request.setRequestURI("/j_spring_security_switch_user");
request.setRequestURI("/login/impersonate");
return request;
}
@@ -145,7 +145,7 @@ public class SwitchUserFilterTests {
@Test
public void switchToLockedAccountCausesRedirectToSwitchFailureUrl() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI("/j_spring_security_switch_user");
request.setRequestURI("/login/impersonate");
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "mcgarrett");
MockHttpServletResponse response = new MockHttpServletResponse();
SwitchUserFilter filter = new SwitchUserFilter();
@@ -162,7 +162,7 @@ public class SwitchUserFilterTests {
// Now check for the redirect
request.setContextPath("/mywebapp");
request.setRequestURI("/mywebapp/j_spring_security_switch_user");
request.setRequestURI("/mywebapp/login/impersonate");
filter = new SwitchUserFilter();
filter.setTargetUrl("/target");
filter.setUserDetailsService(new MockUserDetailsService());
@@ -181,8 +181,8 @@ public class SwitchUserFilterTests {
@Test(expected=IllegalArgumentException.class)
public void configMissingUserDetailsServiceFails() throws Exception {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setSwitchUserUrl("/j_spring_security_switch_user");
filter.setExitUserUrl("/j_spring_security_exit_user");
filter.setSwitchUserUrl("/login/impersonate");
filter.setExitUserUrl("/logout/impersonate");
filter.setTargetUrl("/main.jsp");
filter.afterPropertiesSet();
}
@@ -191,8 +191,8 @@ public class SwitchUserFilterTests {
public void testBadConfigMissingTargetUrl() throws Exception {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(new MockUserDetailsService());
filter.setSwitchUserUrl("/j_spring_security_switch_user");
filter.setExitUserUrl("/j_spring_security_exit_user");
filter.setSwitchUserUrl("/login/impersonate");
filter.setExitUserUrl("/logout/impersonate");
filter.afterPropertiesSet();
}
@@ -200,9 +200,9 @@ public class SwitchUserFilterTests {
public void defaultProcessesFilterUrlMatchesUrlWithPathParameter() {
MockHttpServletRequest request = createMockSwitchRequest();
SwitchUserFilter filter = new SwitchUserFilter();
filter.setSwitchUserUrl("/j_spring_security_switch_user");
filter.setSwitchUserUrl("/login/impersonate");
request.setRequestURI("/webapp/j_spring_security_switch_user;jsessionid=8JHDUD723J8");
request.setRequestURI("/webapp/login/impersonate;jsessionid=8JHDUD723J8");
assertTrue(filter.requiresSwitchUser(request));
}
@@ -221,12 +221,12 @@ public class SwitchUserFilterTests {
SecurityContextHolder.getContext().setAuthentication(admin);
MockHttpServletRequest request = createMockSwitchRequest();
request.setRequestURI("/j_spring_security_exit_user");
request.setRequestURI("/logout/impersonate");
// setup filter
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(new MockUserDetailsService());
filter.setExitUserUrl("/j_spring_security_exit_user");
filter.setExitUserUrl("/logout/impersonate");
filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
// run 'exit'
@@ -248,12 +248,12 @@ public class SwitchUserFilterTests {
SecurityContextHolder.clearContext();
MockHttpServletRequest request = createMockSwitchRequest();
request.setRequestURI("/j_spring_security_exit_user");
request.setRequestURI("/logout/impersonate");
// setup filter
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(new MockUserDetailsService());
filter.setExitUserUrl("/j_spring_security_exit_user");
filter.setExitUserUrl("/logout/impersonate");
// run 'exit', expect fail due to no current user
FilterChain chain = mock(FilterChain.class);
@@ -268,10 +268,10 @@ public class SwitchUserFilterTests {
MockHttpServletRequest request = createMockSwitchRequest();
request.setContextPath("/webapp");
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
request.setRequestURI("/webapp/j_spring_security_switch_user");
request.setRequestURI("/webapp/login/impersonate");
SwitchUserFilter filter = new SwitchUserFilter();
filter.setSwitchUserUrl("/j_spring_security_switch_user");
filter.setSwitchUserUrl("/login/impersonate");
filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl"));
filter.setUserDetailsService(new MockUserDetailsService());
@@ -294,10 +294,10 @@ public class SwitchUserFilterTests {
MockHttpServletRequest request = createMockSwitchRequest();
request.setContextPath("/webapp");
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
request.setRequestURI("/webapp/j_spring_security_switch_user");
request.setRequestURI("/webapp/login/impersonate");
SwitchUserFilter filter = new SwitchUserFilter();
filter.setSwitchUserUrl("/j_spring_security_switch_user");
filter.setSwitchUserUrl("/login/impersonate");
SimpleUrlAuthenticationSuccessHandler switchSuccessHandler =
new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl");
DefaultRedirectStrategy contextRelativeRedirector = new DefaultRedirectStrategy();
@@ -325,7 +325,7 @@ public class SwitchUserFilterTests {
// http request
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI("/webapp/j_spring_security_switch_user");
request.setRequestURI("/webapp/login/impersonate");
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
// http response
@@ -334,7 +334,7 @@ public class SwitchUserFilterTests {
// setup filter
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(new MockUserDetailsService());
filter.setSwitchUserUrl("/j_spring_security_switch_user");
filter.setSwitchUserUrl("/login/impersonate");
filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
FilterChain chain = mock(FilterChain.class);