Examples with HttpFirewall org.springframework.security.web.firewall.HttpFirewall used on opensource projects

Search in sources :

Example 1 with HttpFirewall

use of org.springframework.security.web.firewall.HttpFirewall in project spring-security by spring-projects.

the class MiscHttpConfigTests method getWhenUsingCustomHttpFirewallThenFirewallIsInvoked.

@Test
public void getWhenUsingCustomHttpFirewallThenFirewallIsInvoked() throws Exception {
    this.spring.configLocations(xml("HttpFirewall")).autowire();
    FirewalledRequest request = new FirewalledRequest(new MockHttpServletRequest()) {

        @Override
        public void reset() {
        }
    };
    HttpServletResponse response = new MockHttpServletResponse();
    HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class);
    given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willReturn(request);
    given(firewall.getFirewalledResponse(any(HttpServletResponse.class))).willReturn(response);
    this.mvc.perform(get("/unprotected"));
    verify(firewall).getFirewalledRequest(any(HttpServletRequest.class));
    verify(firewall).getFirewalledResponse(any(HttpServletResponse.class));
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpFirewall(org.springframework.security.web.firewall.HttpFirewall) FirewalledRequest(org.springframework.security.web.firewall.FirewalledRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 2 with HttpFirewall

use of org.springframework.security.web.firewall.HttpFirewall in project spring-security by spring-projects.

the class FilterChainProxyTests method bothWrappersAreResetWithNestedFcps.

// SEC-1639
@Test
public void bothWrappersAreResetWithNestedFcps() throws Exception {
    HttpFirewall fw = mock(HttpFirewall.class);
    FilterChainProxy firstFcp = new FilterChainProxy(new DefaultSecurityFilterChain(this.matcher, this.fcp));
    firstFcp.setFirewall(fw);
    this.fcp.setFirewall(fw);
    FirewalledRequest firstFwr = mock(FirewalledRequest.class, "firstFwr");
    given(firstFwr.getRequestURI()).willReturn("/");
    given(firstFwr.getContextPath()).willReturn("");
    FirewalledRequest fwr = mock(FirewalledRequest.class, "fwr");
    given(fwr.getRequestURI()).willReturn("/");
    given(fwr.getContextPath()).willReturn("");
    given(fw.getFirewalledRequest(this.request)).willReturn(firstFwr);
    given(fw.getFirewalledRequest(firstFwr)).willReturn(fwr);
    given(fwr.getRequest()).willReturn(firstFwr);
    given(firstFwr.getRequest()).willReturn(this.request);
    given(this.matcher.matches(any())).willReturn(true);
    firstFcp.doFilter(this.request, this.response, this.chain);
    verify(firstFwr).reset();
    verify(fwr).reset();
}
Also used : HttpFirewall(org.springframework.security.web.firewall.HttpFirewall) FirewalledRequest(org.springframework.security.web.firewall.FirewalledRequest) Test(org.junit.jupiter.api.Test)

Example 3 with HttpFirewall

use of org.springframework.security.web.firewall.HttpFirewall in project spring-security by spring-projects.

the class MiscHttpConfigTests method getWhenUsingCustomRequestRejectedHandlerThenRequestRejectedHandlerIsInvoked.

@Test
public void getWhenUsingCustomRequestRejectedHandlerThenRequestRejectedHandlerIsInvoked() throws Exception {
    this.spring.configLocations(xml("RequestRejectedHandler")).autowire();
    HttpServletResponse response = new MockHttpServletResponse();
    RequestRejectedException rejected = new RequestRejectedException("failed");
    HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class);
    RequestRejectedHandler requestRejectedHandler = this.spring.getContext().getBean(RequestRejectedHandler.class);
    given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willThrow(rejected);
    this.mvc.perform(get("/unprotected"));
    verify(requestRejectedHandler).handle(any(), any(), any());
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) RequestRejectedException(org.springframework.security.web.firewall.RequestRejectedException) HttpFirewall(org.springframework.security.web.firewall.HttpFirewall) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RequestRejectedHandler(org.springframework.security.web.firewall.RequestRejectedHandler) Test(org.junit.jupiter.api.Test)

Example 4 with HttpFirewall

use of org.springframework.security.web.firewall.HttpFirewall in project spring-security by spring-projects.

the class FilterChainProxyTests method requestRejectedHandlerIsCalledIfFirewallThrowsRequestRejectedException.

@Test
public void requestRejectedHandlerIsCalledIfFirewallThrowsRequestRejectedException() throws Exception {
    HttpFirewall fw = mock(HttpFirewall.class);
    RequestRejectedHandler rjh = mock(RequestRejectedHandler.class);
    this.fcp.setFirewall(fw);
    this.fcp.setRequestRejectedHandler(rjh);
    RequestRejectedException requestRejectedException = new RequestRejectedException("Contains illegal chars");
    given(fw.getFirewalledRequest(this.request)).willThrow(requestRejectedException);
    this.fcp.doFilter(this.request, this.response, this.chain);
    verify(rjh).handle(eq(this.request), eq(this.response), eq((requestRejectedException)));
}
Also used : RequestRejectedException(org.springframework.security.web.firewall.RequestRejectedException) HttpFirewall(org.springframework.security.web.firewall.HttpFirewall) RequestRejectedHandler(org.springframework.security.web.firewall.RequestRejectedHandler) Test(org.junit.jupiter.api.Test)

Example 5 with HttpFirewall

use of org.springframework.security.web.firewall.HttpFirewall in project spring-security by spring-projects.

the class FilterChainProxyTests method wrapperIsResetWhenNoMatchingFilters.

@Test
public void wrapperIsResetWhenNoMatchingFilters() throws Exception {
    HttpFirewall fw = mock(HttpFirewall.class);
    FirewalledRequest fwr = mock(FirewalledRequest.class);
    given(fwr.getRequestURI()).willReturn("/");
    given(fwr.getContextPath()).willReturn("");
    this.fcp.setFirewall(fw);
    given(fw.getFirewalledRequest(this.request)).willReturn(fwr);
    given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(false);
    this.fcp.doFilter(this.request, this.response, this.chain);
    verify(fwr).reset();
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpFirewall(org.springframework.security.web.firewall.HttpFirewall) FirewalledRequest(org.springframework.security.web.firewall.FirewalledRequest) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)5 HttpFirewall (org.springframework.security.web.firewall.HttpFirewall)5 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 FirewalledRequest (org.springframework.security.web.firewall.FirewalledRequest)3 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 RequestRejectedException (org.springframework.security.web.firewall.RequestRejectedException)2 RequestRejectedHandler (org.springframework.security.web.firewall.RequestRejectedHandler)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial