Examples with FilterChain jakarta.servlet.FilterChain used on opensource projects

Search in sources :

Example 71 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class OAuth2LoginAuthenticationFilterTests method doFilterWhenAuthorizationResponseAuthorizationRequestNotFoundThenAuthorizationRequestNotFoundError.

@Test
public void doFilterWhenAuthorizationResponseAuthorizationRequestNotFoundThenAuthorizationRequestNotFoundError() throws Exception {
    String requestUri = "/login/oauth2/code/" + this.registration2.getRegistrationId();
    MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
    request.setServletPath(requestUri);
    request.addParameter(OAuth2ParameterNames.CODE, "code");
    request.addParameter(OAuth2ParameterNames.STATE, "state");
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    this.filter.doFilter(request, response, filterChain);
    ArgumentCaptor<AuthenticationException> authenticationExceptionArgCaptor = ArgumentCaptor.forClass(AuthenticationException.class);
    verify(this.failureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), authenticationExceptionArgCaptor.capture());
    assertThat(authenticationExceptionArgCaptor.getValue()).isInstanceOf(OAuth2AuthenticationException.class);
    OAuth2AuthenticationException authenticationException = (OAuth2AuthenticationException) authenticationExceptionArgCaptor.getValue();
    assertThat(authenticationException.getError().getErrorCode()).isEqualTo("authorization_request_not_found");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) AuthenticationException(org.springframework.security.core.AuthenticationException) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) OAuth2AuthenticationException(org.springframework.security.oauth2.core.OAuth2AuthenticationException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 72 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class SwitchUserFilterTests method switchToLockedAccountCausesRedirectToSwitchFailureUrl.

@Test
public void switchToLockedAccountCausesRedirectToSwitchFailureUrl() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRequestURI("/login/impersonate");
    request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "mcgarrett");
    MockHttpServletResponse response = new MockHttpServletResponse();
    SwitchUserFilter filter = new SwitchUserFilter();
    filter.setTargetUrl("/target");
    filter.setUserDetailsService(new MockUserDetailsService());
    filter.afterPropertiesSet();
    // Check it with no url set (should get a text response)
    FilterChain chain = mock(FilterChain.class);
    filter.doFilter(request, response, chain);
    verify(chain, never()).doFilter(request, response);
    assertThat(response.getErrorMessage()).isNotNull();
    // Now check for the redirect
    request.setContextPath("/mywebapp");
    request.setRequestURI("/mywebapp/login/impersonate");
    filter = new SwitchUserFilter();
    filter.setTargetUrl("/target");
    filter.setUserDetailsService(new MockUserDetailsService());
    filter.setSwitchFailureUrl("/switchfailed");
    filter.afterPropertiesSet();
    response = new MockHttpServletResponse();
    chain = mock(FilterChain.class);
    filter.doFilter(request, response, chain);
    verify(chain, never()).doFilter(request, response);
    assertThat(response.getRedirectedUrl()).isEqualTo("/mywebapp/switchfailed");
    assertThat(FieldUtils.getFieldValue(filter, "switchFailureUrl")).isEqualTo("/switchfailed");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 73 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class SwitchUserFilterTests method exitUserJackLordToDanoSucceeds.

@Test
public void exitUserJackLordToDanoSucceeds() throws Exception {
    // original user
    UsernamePasswordAuthenticationToken source = new UsernamePasswordAuthenticationToken("dano", "hawaii50", ROLES_12);
    // set current user (Admin)
    List<GrantedAuthority> adminAuths = new ArrayList<>();
    adminAuths.addAll(ROLES_12);
    adminAuths.add(new SwitchUserGrantedAuthority("PREVIOUS_ADMINISTRATOR", source));
    UsernamePasswordAuthenticationToken admin = new UsernamePasswordAuthenticationToken("jacklord", "hawaii50", adminAuths);
    SecurityContextHolder.getContext().setAuthentication(admin);
    MockHttpServletRequest request = createMockSwitchRequest();
    request.setRequestURI("/logout/impersonate");
    // setup filter
    SwitchUserFilter filter = new SwitchUserFilter();
    filter.setUserDetailsService(new MockUserDetailsService());
    filter.setExitUserUrl("/logout/impersonate");
    filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
    // run 'exit'
    FilterChain chain = mock(FilterChain.class);
    MockHttpServletResponse response = new MockHttpServletResponse();
    filter.doFilter(request, response, chain);
    verify(chain, never()).doFilter(request, response);
    // check current user, should be back to original user (dano)
    Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication();
    assertThat(targetAuth).isNotNull();
    assertThat(targetAuth.getPrincipal()).isEqualTo("dano");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) FilterChain(jakarta.servlet.FilterChain) ArrayList(java.util.ArrayList) SimpleUrlAuthenticationSuccessHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 74 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class SwitchUserFilterTests method testSwitchRequestFromDanoToJackLord.

@Test
public void testSwitchRequestFromDanoToJackLord() throws Exception {
    // set current user
    UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
    SecurityContextHolder.getContext().setAuthentication(auth);
    // http request
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRequestURI("/webapp/login/impersonate");
    request.setContextPath("/webapp");
    request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
    // http response
    MockHttpServletResponse response = new MockHttpServletResponse();
    // setup filter
    SwitchUserFilter filter = new SwitchUserFilter();
    filter.setUserDetailsService(new MockUserDetailsService());
    filter.setSwitchUserUrl("/login/impersonate");
    filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
    FilterChain chain = mock(FilterChain.class);
    // test updates user token and context
    filter.doFilter(request, response, chain);
    verify(chain, never()).doFilter(request, response);
    // check current user
    Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication();
    assertThat(targetAuth).isNotNull();
    assertThat(targetAuth.getPrincipal() instanceof UserDetails).isTrue();
    assertThat(((User) targetAuth.getPrincipal()).getUsername()).isEqualTo("jacklord");
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) User(org.springframework.security.core.userdetails.User) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) FilterChain(jakarta.servlet.FilterChain) SimpleUrlAuthenticationSuccessHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 75 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class SwitchUserFilterTests method redirectOmitsContextPathIfUseRelativeContextSet.

@Test
public void redirectOmitsContextPathIfUseRelativeContextSet() throws Exception {
    // set current user
    UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
    SecurityContextHolder.getContext().setAuthentication(auth);
    MockHttpServletRequest request = createMockSwitchRequest();
    request.setContextPath("/webapp");
    request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
    request.setRequestURI("/webapp/login/impersonate");
    SwitchUserFilter filter = new SwitchUserFilter();
    filter.setSwitchUserUrl("/login/impersonate");
    SimpleUrlAuthenticationSuccessHandler switchSuccessHandler = new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl");
    DefaultRedirectStrategy contextRelativeRedirector = new DefaultRedirectStrategy();
    contextRelativeRedirector.setContextRelative(true);
    switchSuccessHandler.setRedirectStrategy(contextRelativeRedirector);
    filter.setSuccessHandler(switchSuccessHandler);
    filter.setUserDetailsService(new MockUserDetailsService());
    FilterChain chain = mock(FilterChain.class);
    MockHttpServletResponse response = new MockHttpServletResponse();
    filter.doFilter(request, response, chain);
    verify(chain, never()).doFilter(request, response);
    assertThat(response.getRedirectedUrl()).isEqualTo("/someOtherUrl");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) SimpleUrlAuthenticationSuccessHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) DefaultRedirectStrategy(org.springframework.security.web.DefaultRedirectStrategy) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

FilterChain (jakarta.servlet.FilterChain)141 Test (org.junit.jupiter.api.Test)134 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)103 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)102 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)68 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)54 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)35 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)32 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)29 ServletRequest (jakarta.servlet.ServletRequest)25 ServletResponse (jakarta.servlet.ServletResponse)25 Authentication (org.springframework.security.core.Authentication)23 MockFilterChain (org.springframework.mock.web.MockFilterChain)20 ServletException (jakarta.servlet.ServletException)16 StandardCharsets (java.nio.charset.StandardCharsets)16 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)16 IOException (java.io.IOException)15 BeforeEach (org.junit.jupiter.api.BeforeEach)14 FileCopyUtils (org.springframework.util.FileCopyUtils)14 Arrays (java.util.Arrays)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial