Example 11 with ServletException
use of jakarta.servlet.ServletException in project atmosphere by Atmosphere.
the class AtmosphereInterceptorTest method priorityIllegalTest.
@Test
public void priorityIllegalTest() throws ServletException, IOException {
framework.addAtmosphereHandler("/*", handler);
framework.interceptor(new AtmosphereInterceptorAdapter() {
@Override
public Action inspect(AtmosphereResource r) {
return Action.CREATED;
}
@Override
public PRIORITY priority() {
return InvokationOrder.FIRST_BEFORE_DEFAULT;
}
@Override
public String toString() {
return "XXX";
}
});
Exception exception = null;
try {
framework.interceptor(new AtmosphereInterceptorAdapter() {
@Override
public Action inspect(AtmosphereResource r) {
return Action.CREATED;
}
@Override
public PRIORITY priority() {
return InvokationOrder.FIRST_BEFORE_DEFAULT;
}
@Override
public String toString() {
return "XXX";
}
});
} catch (Exception ex) {
exception = ex;
}
assertEquals(Action.CREATED, processor.service(mock(AtmosphereRequestImpl.class), AtmosphereResponseImpl.newInstance()));
assertEquals(framework.getAtmosphereHandlers().get("/" + AtmosphereFramework.MAPPING_REGEX).interceptors.removeFirst().toString(), "CORS Interceptor Support");
assertEquals(framework.getAtmosphereHandlers().get("/" + AtmosphereFramework.MAPPING_REGEX).interceptors.getFirst().toString(), "XXX");
}
Also used :
IOException(java.io.IOException)
ServletException(jakarta.servlet.ServletException)
Test(org.testng.annotations.Test)
Example 12 with ServletException
use of jakarta.servlet.ServletException in project atmosphere by Atmosphere.
the class AtmosphereFilterChain method doFilter.
/**
* Invoke the next filter in this chain, passing the specified request
* and response. If there are no more filters in this chain, invoke
* the <code>service()</code> method of the servlet itself.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @throws IOException if an input/output error occurs
* @throws ServletException if a servlet exception occurs
*/
public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
// Call the next filter if there is one
AtomicInteger pos = ((AtomicInteger) request.getAttribute("pos"));
if (pos.get() < n) {
FilterConfigImpl filterConfig = filters[pos.getAndIncrement()];
Filter filter = null;
try {
filter = filterConfig.getFilter();
filter.doFilter(request, response, this);
} catch (IOException e) {
throw e;
} catch (ServletException e) {
throw e;
} catch (RuntimeException e) {
throw e;
} catch (Throwable e) {
throw new ServletException("Throwable", e);
}
return;
}
try {
if (servlet != null) {
servlet.service(request, response);
} else {
RequestDispatcher rd = configImpl.getServletContext().getNamedDispatcher("default");
if (rd == null) {
throw new ServletException("No Servlet Found");
}
rd.forward(request, response);
}
} catch (IOException e) {
throw e;
} catch (ServletException e) {
throw e;
} catch (RuntimeException e) {
throw e;
} catch (Throwable e) {
throw new ServletException("Throwable", e);
}
}
Also used :
ServletException(jakarta.servlet.ServletException)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
Filter(jakarta.servlet.Filter)
IOException(java.io.IOException)
RequestDispatcher(jakarta.servlet.RequestDispatcher)
Example 13 with ServletException
use of jakarta.servlet.ServletException in project spring-security by spring-projects.
the class Saml2LogoutRequestFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
if (!this.logoutRequestMatcher.matches(request)) {
chain.doFilter(request, response);
return;
}
if (request.getParameter(Saml2ParameterNames.SAML_REQUEST) == null) {
chain.doFilter(request, response);
return;
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, getRegistrationId(authentication));
if (registration == null) {
this.logger.trace("Did not process logout request since failed to find associated RelyingPartyRegistration");
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
if (registration.getSingleLogoutServiceLocation() == null) {
this.logger.trace("Did not process logout request since RelyingPartyRegistration has not been configured with a logout request endpoint");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
if (!isCorrectBinding(request, registration)) {
this.logger.trace("Did not process logout request since used incorrect binding");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
String serialized = request.getParameter(Saml2ParameterNames.SAML_REQUEST);
Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest(serialized).relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE)).binding(registration.getSingleLogoutServiceBinding()).location(registration.getSingleLogoutServiceLocation()).parameters((params) -> params.put(Saml2ParameterNames.SIG_ALG, request.getParameter(Saml2ParameterNames.SIG_ALG))).parameters((params) -> params.put(Saml2ParameterNames.SIGNATURE, request.getParameter(Saml2ParameterNames.SIGNATURE))).build();
Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(logoutRequest, registration, authentication);
Saml2LogoutValidatorResult result = this.logoutRequestValidator.validate(parameters);
if (result.hasErrors()) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, result.getErrors().iterator().next().toString());
this.logger.debug(LogMessage.format("Failed to validate LogoutRequest: %s", result.getErrors()));
return;
}
this.handler.logout(request, response, authentication);
Saml2LogoutResponse logoutResponse = this.logoutResponseResolver.resolve(request, authentication);
if (logoutResponse == null) {
this.logger.trace("Returning 401 since no logout response generated");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
if (logoutResponse.getBinding() == Saml2MessageBinding.REDIRECT) {
doRedirect(request, response, logoutResponse);
} else {
doPost(response, logoutResponse);
}
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
UriComponentsBuilder(org.springframework.web.util.UriComponentsBuilder)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
DefaultRedirectStrategy(org.springframework.security.web.DefaultRedirectStrategy)
OncePerRequestFilter(org.springframework.web.filter.OncePerRequestFilter)
ServletException(jakarta.servlet.ServletException)
Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)
Function(java.util.function.Function)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
RedirectStrategy(org.springframework.security.web.RedirectStrategy)
HtmlUtils(org.springframework.web.util.HtmlUtils)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
LogMessage(org.springframework.core.log.LogMessage)
Saml2LogoutRequestValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator)
CompositeLogoutHandler(org.springframework.security.web.authentication.logout.CompositeLogoutHandler)
SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder)
RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver)
MediaType(org.springframework.http.MediaType)
FilterChain(jakarta.servlet.FilterChain)
IOException(java.io.IOException)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
StandardCharsets(java.nio.charset.StandardCharsets)
Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult)
Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames)
LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler)
UriUtils(org.springframework.web.util.UriUtils)
Log(org.apache.commons.logging.Log)
Saml2LogoutRequestValidatorParameters(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
LogFactory(org.apache.commons.logging.LogFactory)
Authentication(org.springframework.security.core.Authentication)
Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Assert(org.springframework.util.Assert)
StringUtils(org.springframework.util.StringUtils)
Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult)
Saml2LogoutRequestValidatorParameters(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters)
Authentication(org.springframework.security.core.Authentication)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)
Example 14 with ServletException
use of jakarta.servlet.ServletException in project spring-security by spring-projects.
the class GrantedAuthorityDefaultsXmlTests method doFilterIsUserInRole.
// SEC-2926
@Test
public void doFilterIsUserInRole() throws Exception {
SecurityContext context = SecurityContextHolder.getContext();
this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
this.chain = new MockFilterChain() {
@Override
public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
assertThat(httpRequest.isUserInRole("USER")).isTrue();
assertThat(httpRequest.isUserInRole("INVALID")).isFalse();
super.doFilter(request, response);
}
};
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(this.chain.getRequest()).isNotNull();
}
Also used :
ServletException(jakarta.servlet.ServletException)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
ServletRequest(jakarta.servlet.ServletRequest)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
ServletResponse(jakarta.servlet.ServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
SecurityContext(org.springframework.security.core.context.SecurityContext)
IOException(java.io.IOException)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
Test(org.junit.jupiter.api.Test)
Example 15 with ServletException
use of jakarta.servlet.ServletException in project spring-security by spring-projects.
the class Saml2LogoutResponseFilter method doFilterInternal.
/**
* {@inheritDoc}
*/
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
if (!this.logoutRequestMatcher.matches(request)) {
chain.doFilter(request, response);
return;
}
if (request.getParameter(Saml2ParameterNames.SAML_RESPONSE) == null) {
chain.doFilter(request, response);
return;
}
Saml2LogoutRequest logoutRequest = this.logoutRequestRepository.removeLogoutRequest(request, response);
if (logoutRequest == null) {
this.logger.trace("Did not process logout response since could not find associated LogoutRequest");
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Failed to find associated LogoutRequest");
return;
}
RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, logoutRequest.getRelyingPartyRegistrationId());
if (registration == null) {
this.logger.trace("Did not process logout request since failed to find associated RelyingPartyRegistration");
Saml2Error error = new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "Failed to find associated RelyingPartyRegistration");
response.sendError(HttpServletResponse.SC_BAD_REQUEST, error.toString());
return;
}
if (registration.getSingleLogoutServiceResponseLocation() == null) {
this.logger.trace("Did not process logout response since RelyingPartyRegistration has not been configured with a logout response endpoint");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
if (!isCorrectBinding(request, registration)) {
this.logger.trace("Did not process logout request since used incorrect binding");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
String serialized = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
Saml2LogoutResponse logoutResponse = Saml2LogoutResponse.withRelyingPartyRegistration(registration).samlResponse(serialized).relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE)).binding(registration.getSingleLogoutServiceBinding()).location(registration.getSingleLogoutServiceResponseLocation()).parameters((params) -> params.put(Saml2ParameterNames.SIG_ALG, request.getParameter(Saml2ParameterNames.SIG_ALG))).parameters((params) -> params.put(Saml2ParameterNames.SIGNATURE, request.getParameter(Saml2ParameterNames.SIGNATURE))).build();
Saml2LogoutResponseValidatorParameters parameters = new Saml2LogoutResponseValidatorParameters(logoutResponse, logoutRequest, registration);
Saml2LogoutValidatorResult result = this.logoutResponseValidator.validate(parameters);
if (result.hasErrors()) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, result.getErrors().iterator().next().toString());
this.logger.debug(LogMessage.format("Failed to validate LogoutResponse: %s", result.getErrors()));
return;
}
this.logoutSuccessHandler.onLogoutSuccess(request, response, null);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
Saml2ErrorCodes(org.springframework.security.saml2.core.Saml2ErrorCodes)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver)
FilterChain(jakarta.servlet.FilterChain)
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
OncePerRequestFilter(org.springframework.web.filter.OncePerRequestFilter)
IOException(java.io.IOException)
ServletException(jakarta.servlet.ServletException)
Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
Saml2LogoutResponseValidatorParameters(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
LogMessage(org.springframework.core.log.LogMessage)
Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult)
Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames)
Saml2LogoutResponseValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator)
LogoutSuccessHandler(org.springframework.security.web.authentication.logout.LogoutSuccessHandler)
Log(org.apache.commons.logging.Log)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
LogFactory(org.apache.commons.logging.LogFactory)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Assert(org.springframework.util.Assert)
Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult)
Saml2LogoutResponseValidatorParameters(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)
Aggregations
ServletException (jakarta.servlet.ServletException)127
IOException (java.io.IOException)78
Test (org.junit.jupiter.api.Test)31
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)23
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)23
ServletContext (jakarta.servlet.ServletContext)19
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)17
MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)15
FilterChain (jakarta.servlet.FilterChain)13
MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)13
Enumeration (java.util.Enumeration)12
BeforeEach (org.junit.jupiter.api.BeforeEach)12
HttpHeaders (org.springframework.http.HttpHeaders)11
BeforeMethod (org.testng.annotations.BeforeMethod)11
ServletConfig (jakarta.servlet.ServletConfig)10
ServletRequest (jakarta.servlet.ServletRequest)10
ServletResponse (jakarta.servlet.ServletResponse)10
Arrays (java.util.Arrays)10
UnavailableException (jakarta.servlet.UnavailableException)9
HttpMethod (org.springframework.http.HttpMethod)9
