SEC-1229: Redesign Concurrent Session Control implementation. Renamed session strategy interface and introduced SessionAuthenticationException for rejection of session/Authentication combination.
This commit is contained in:
@@ -50,7 +50,7 @@ import org.springframework.security.web.authentication.SavedRequestAwareAuthenti
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.savedrequest.SavedRequest;
|
||||
import org.springframework.security.web.session.AuthenticatedSessionStrategy;
|
||||
import org.springframework.security.web.session.SessionAuthenticationStrategy;
|
||||
|
||||
|
||||
/**
|
||||
@@ -240,7 +240,7 @@ public class AbstractProcessingFilterTests extends TestCase {
|
||||
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
|
||||
|
||||
filter.setFilterProcessesUrl("/j_mock_post");
|
||||
filter.setAuthenticatedSessionStrategy(mock(AuthenticatedSessionStrategy.class));
|
||||
filter.setAuthenticatedSessionStrategy(mock(SessionAuthenticationStrategy.class));
|
||||
filter.setAuthenticationSuccessHandler(successHandler);
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
|
||||
@@ -18,11 +18,11 @@ import org.springframework.security.web.savedrequest.SavedRequest;
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
public class DefaultAuthenticatedSessionStrategyTests {
|
||||
public class DefaultSessionAuthenticationStrategyTests {
|
||||
|
||||
@Test
|
||||
public void newSessionShouldNotBeCreatedIfNoSessionExistsAndAlwaysCreateIsFalse() throws Exception {
|
||||
DefaultAuthenticatedSessionStrategy strategy = new DefaultAuthenticatedSessionStrategy();
|
||||
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
|
||||
@@ -32,7 +32,7 @@ public class DefaultAuthenticatedSessionStrategyTests {
|
||||
|
||||
// @Test
|
||||
// public void newSessionIsCreatedIfSessionAlreadyExists() throws Exception {
|
||||
// DefaultAuthenticatedSessionStrategy strategy = new DefaultAuthenticatedSessionStrategy();
|
||||
// DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
|
||||
// strategy.setSessionRegistry(mock(SessionRegistry.class));
|
||||
// HttpServletRequest request = new MockHttpServletRequest();
|
||||
// String sessionId = request.getSession().getId();
|
||||
@@ -45,7 +45,7 @@ public class DefaultAuthenticatedSessionStrategyTests {
|
||||
// See SEC-1077
|
||||
@Test
|
||||
public void onlySavedRequestAttributeIsMigratedIfMigrateAttributesIsFalse() throws Exception {
|
||||
DefaultAuthenticatedSessionStrategy strategy = new DefaultAuthenticatedSessionStrategy();
|
||||
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
|
||||
strategy.setMigrateSessionAttributes(false);
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
HttpSession session = request.getSession();
|
||||
@@ -60,7 +60,7 @@ public class DefaultAuthenticatedSessionStrategyTests {
|
||||
|
||||
@Test
|
||||
public void sessionIsCreatedIfAlwaysCreateTrue() throws Exception {
|
||||
DefaultAuthenticatedSessionStrategy strategy = new DefaultAuthenticatedSessionStrategy();
|
||||
DefaultSessionAuthenticationStrategy strategy = new DefaultSessionAuthenticationStrategy();
|
||||
strategy.setAlwaysCreateSession(true);
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
|
||||
@@ -44,7 +44,7 @@ public class SessionManagementFilterTests {
|
||||
@Test
|
||||
public void strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest() throws Exception {
|
||||
SecurityContextRepository repo = mock(SecurityContextRepository.class);
|
||||
AuthenticatedSessionStrategy strategy = mock(AuthenticatedSessionStrategy.class);
|
||||
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
|
||||
// mock that repo contains a security context
|
||||
when(repo.containsContext(any(HttpServletRequest.class))).thenReturn(true);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo);
|
||||
@@ -60,7 +60,7 @@ public class SessionManagementFilterTests {
|
||||
@Test
|
||||
public void strategyIsNotInvokedIfAuthenticationIsNull() throws Exception {
|
||||
SecurityContextRepository repo = mock(SecurityContextRepository.class);
|
||||
AuthenticatedSessionStrategy strategy = mock(AuthenticatedSessionStrategy.class);
|
||||
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo);
|
||||
filter.setAuthenticatedSessionStrategy(strategy);
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
@@ -74,7 +74,7 @@ public class SessionManagementFilterTests {
|
||||
public void strategyIsInvokedIfUserIsNewlyAuthenticated() throws Exception {
|
||||
SecurityContextRepository repo = mock(SecurityContextRepository.class);
|
||||
// repo will return false to containsContext()
|
||||
AuthenticatedSessionStrategy strategy = mock(AuthenticatedSessionStrategy.class);
|
||||
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo);
|
||||
filter.setAuthenticatedSessionStrategy(strategy);
|
||||
HttpServletRequest request = new MockHttpServletRequest();
|
||||
@@ -92,7 +92,7 @@ public class SessionManagementFilterTests {
|
||||
public void responseIsRedirectedToTimeoutUrlIfSetAndSessionIsInvalid() throws Exception {
|
||||
SecurityContextRepository repo = mock(SecurityContextRepository.class);
|
||||
// repo will return false to containsContext()
|
||||
AuthenticatedSessionStrategy strategy = mock(AuthenticatedSessionStrategy.class);
|
||||
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(repo);
|
||||
filter.setAuthenticatedSessionStrategy(strategy);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
|
||||
Reference in New Issue
Block a user