SEC-2783: XML Configuration Defaults Should Match JavaConfig
* j_username -> username * j_password -> password * j_spring_security_check -> login * j_spring_cas_security_check -> login/cas * j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor * j_spring_openid_security_login -> login/openid * j_spring_security_switch_user -> login/impersonate * j_spring_security_exit_user -> logout/impersonate * login_error -> error * use-expressions=true by default
This commit is contained in:
@@ -103,10 +103,10 @@ public class AbstractAuthenticationProcessingFilterTests {
|
||||
MockHttpServletRequest request = createMockAuthenticationRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockAuthenticationFilter filter = new MockAuthenticationFilter();
|
||||
filter.setFilterProcessesUrl("/j_spring_security_check");
|
||||
filter.setFilterProcessesUrl("/login");
|
||||
|
||||
DefaultHttpFirewall firewall = new DefaultHttpFirewall();
|
||||
request.setServletPath("/j_spring_security_check;jsessionid=I8MIONOSTHOR");
|
||||
request.setServletPath("/login;jsessionid=I8MIONOSTHOR");
|
||||
|
||||
// the firewall ensures that path parameters are ignored
|
||||
HttpServletRequest firewallRequest = firewall.getFirewalledRequest(request);
|
||||
@@ -211,7 +211,7 @@ public class AbstractAuthenticationProcessingFilterTests {
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
successHandler.setDefaultTargetUrl("/");
|
||||
filter.setAuthenticationSuccessHandler(successHandler);
|
||||
filter.setFilterProcessesUrl("/j_spring_security_check");
|
||||
filter.setFilterProcessesUrl("/login");
|
||||
|
||||
try {
|
||||
filter.afterPropertiesSet();
|
||||
|
||||
@@ -30,15 +30,15 @@ public class DefaultLoginPageGeneratingFilterTests {
|
||||
@Test
|
||||
public void generatingPageWithAuthenticationProcessingFilterOnlyIsSuccessFul() throws Exception {
|
||||
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationFilter());
|
||||
filter.doFilter(new MockHttpServletRequest("GET", "/spring_security_login"), new MockHttpServletResponse(), chain);
|
||||
filter.doFilter(new MockHttpServletRequest("GET", "/spring_security_login;pathparam=unused"), new MockHttpServletResponse(), chain);
|
||||
filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), chain);
|
||||
filter.doFilter(new MockHttpServletRequest("GET", "/login;pathparam=unused"), new MockHttpServletResponse(), chain);
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void generatingPageWithOpenIdFilterOnlyIsSuccessFul() throws Exception {
|
||||
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new MockProcessingFilter());
|
||||
filter.doFilter(new MockHttpServletRequest("GET", "/spring_security_login"), new MockHttpServletResponse(), chain);
|
||||
filter.doFilter(new MockHttpServletRequest("GET", "/login"), new MockHttpServletResponse(), chain);
|
||||
}
|
||||
|
||||
// Fake OpenID filter (since it's not in this module
|
||||
@@ -62,7 +62,7 @@ public class DefaultLoginPageGeneratingFilterTests {
|
||||
@Test
|
||||
public void handlesNonIso8859CharsInErrorMessage() throws Exception {
|
||||
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationFilter());
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/spring_security_login");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
|
||||
request.addParameter("login_error", "true");
|
||||
MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
||||
String message = messages.getMessage(
|
||||
|
||||
@@ -22,8 +22,8 @@ public class LogoutHandlerTests extends TestCase {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
request.setRequestURI("/context/j_spring_security_logout;someparam=blah?param=blah");
|
||||
request.setServletPath("/j_spring_security_logout;someparam=blah");
|
||||
request.setRequestURI("/context/logout;someparam=blah?param=blah");
|
||||
request.setServletPath("/logout;someparam=blah");
|
||||
request.setQueryString("otherparam=blah");
|
||||
|
||||
DefaultHttpFirewall fw = new DefaultHttpFirewall();
|
||||
@@ -35,8 +35,8 @@ public class LogoutHandlerTests extends TestCase {
|
||||
request.setContextPath("/context");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
request.setServletPath("/j_spring_security_logout");
|
||||
request.setRequestURI("/context/j_spring_security_logout?param=blah");
|
||||
request.setServletPath("/logout");
|
||||
request.setRequestURI("/context/logout?param=blah");
|
||||
request.setQueryString("otherparam=blah");
|
||||
|
||||
assertTrue(filter.requiresLogout(request, response));
|
||||
|
||||
@@ -67,7 +67,7 @@ public class SwitchUserFilterTests {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setScheme("http");
|
||||
request.setServerName("localhost");
|
||||
request.setRequestURI("/j_spring_security_switch_user");
|
||||
request.setRequestURI("/login/impersonate");
|
||||
|
||||
return request;
|
||||
}
|
||||
@@ -145,7 +145,7 @@ public class SwitchUserFilterTests {
|
||||
@Test
|
||||
public void switchToLockedAccountCausesRedirectToSwitchFailureUrl() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRequestURI("/j_spring_security_switch_user");
|
||||
request.setRequestURI("/login/impersonate");
|
||||
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "mcgarrett");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
@@ -162,7 +162,7 @@ public class SwitchUserFilterTests {
|
||||
|
||||
// Now check for the redirect
|
||||
request.setContextPath("/mywebapp");
|
||||
request.setRequestURI("/mywebapp/j_spring_security_switch_user");
|
||||
request.setRequestURI("/mywebapp/login/impersonate");
|
||||
filter = new SwitchUserFilter();
|
||||
filter.setTargetUrl("/target");
|
||||
filter.setUserDetailsService(new MockUserDetailsService());
|
||||
@@ -181,8 +181,8 @@ public class SwitchUserFilterTests {
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void configMissingUserDetailsServiceFails() throws Exception {
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
filter.setSwitchUserUrl("/j_spring_security_switch_user");
|
||||
filter.setExitUserUrl("/j_spring_security_exit_user");
|
||||
filter.setSwitchUserUrl("/login/impersonate");
|
||||
filter.setExitUserUrl("/logout/impersonate");
|
||||
filter.setTargetUrl("/main.jsp");
|
||||
filter.afterPropertiesSet();
|
||||
}
|
||||
@@ -191,8 +191,8 @@ public class SwitchUserFilterTests {
|
||||
public void testBadConfigMissingTargetUrl() throws Exception {
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
filter.setUserDetailsService(new MockUserDetailsService());
|
||||
filter.setSwitchUserUrl("/j_spring_security_switch_user");
|
||||
filter.setExitUserUrl("/j_spring_security_exit_user");
|
||||
filter.setSwitchUserUrl("/login/impersonate");
|
||||
filter.setExitUserUrl("/logout/impersonate");
|
||||
filter.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@@ -200,9 +200,9 @@ public class SwitchUserFilterTests {
|
||||
public void defaultProcessesFilterUrlMatchesUrlWithPathParameter() {
|
||||
MockHttpServletRequest request = createMockSwitchRequest();
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
filter.setSwitchUserUrl("/j_spring_security_switch_user");
|
||||
filter.setSwitchUserUrl("/login/impersonate");
|
||||
|
||||
request.setRequestURI("/webapp/j_spring_security_switch_user;jsessionid=8JHDUD723J8");
|
||||
request.setRequestURI("/webapp/login/impersonate;jsessionid=8JHDUD723J8");
|
||||
assertTrue(filter.requiresSwitchUser(request));
|
||||
}
|
||||
|
||||
@@ -221,12 +221,12 @@ public class SwitchUserFilterTests {
|
||||
SecurityContextHolder.getContext().setAuthentication(admin);
|
||||
|
||||
MockHttpServletRequest request = createMockSwitchRequest();
|
||||
request.setRequestURI("/j_spring_security_exit_user");
|
||||
request.setRequestURI("/logout/impersonate");
|
||||
|
||||
// setup filter
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
filter.setUserDetailsService(new MockUserDetailsService());
|
||||
filter.setExitUserUrl("/j_spring_security_exit_user");
|
||||
filter.setExitUserUrl("/logout/impersonate");
|
||||
filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
|
||||
|
||||
// run 'exit'
|
||||
@@ -248,12 +248,12 @@ public class SwitchUserFilterTests {
|
||||
SecurityContextHolder.clearContext();
|
||||
|
||||
MockHttpServletRequest request = createMockSwitchRequest();
|
||||
request.setRequestURI("/j_spring_security_exit_user");
|
||||
request.setRequestURI("/logout/impersonate");
|
||||
|
||||
// setup filter
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
filter.setUserDetailsService(new MockUserDetailsService());
|
||||
filter.setExitUserUrl("/j_spring_security_exit_user");
|
||||
filter.setExitUserUrl("/logout/impersonate");
|
||||
|
||||
// run 'exit', expect fail due to no current user
|
||||
FilterChain chain = mock(FilterChain.class);
|
||||
@@ -268,10 +268,10 @@ public class SwitchUserFilterTests {
|
||||
MockHttpServletRequest request = createMockSwitchRequest();
|
||||
request.setContextPath("/webapp");
|
||||
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
|
||||
request.setRequestURI("/webapp/j_spring_security_switch_user");
|
||||
request.setRequestURI("/webapp/login/impersonate");
|
||||
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
filter.setSwitchUserUrl("/j_spring_security_switch_user");
|
||||
filter.setSwitchUserUrl("/login/impersonate");
|
||||
filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl"));
|
||||
filter.setUserDetailsService(new MockUserDetailsService());
|
||||
|
||||
@@ -294,10 +294,10 @@ public class SwitchUserFilterTests {
|
||||
MockHttpServletRequest request = createMockSwitchRequest();
|
||||
request.setContextPath("/webapp");
|
||||
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
|
||||
request.setRequestURI("/webapp/j_spring_security_switch_user");
|
||||
request.setRequestURI("/webapp/login/impersonate");
|
||||
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
filter.setSwitchUserUrl("/j_spring_security_switch_user");
|
||||
filter.setSwitchUserUrl("/login/impersonate");
|
||||
SimpleUrlAuthenticationSuccessHandler switchSuccessHandler =
|
||||
new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl");
|
||||
DefaultRedirectStrategy contextRelativeRedirector = new DefaultRedirectStrategy();
|
||||
@@ -325,7 +325,7 @@ public class SwitchUserFilterTests {
|
||||
|
||||
// http request
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRequestURI("/webapp/j_spring_security_switch_user");
|
||||
request.setRequestURI("/webapp/login/impersonate");
|
||||
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
|
||||
|
||||
// http response
|
||||
@@ -334,7 +334,7 @@ public class SwitchUserFilterTests {
|
||||
// setup filter
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
filter.setUserDetailsService(new MockUserDetailsService());
|
||||
filter.setSwitchUserUrl("/j_spring_security_switch_user");
|
||||
filter.setSwitchUserUrl("/login/impersonate");
|
||||
filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
|
||||
|
||||
FilterChain chain = mock(FilterChain.class);
|
||||
|
||||
Reference in New Issue
Block a user