Examples with FilterChain jakarta.servlet.FilterChain used on opensource projects

Example 11 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class AuthenticationFilterTests method filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues.

@Test
public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter);
    MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain chain = mock(FilterChain.class);
    filter.doFilter(request, response, chain);
    verifyZeroInteractions(this.authenticationManagerResolver);
    verify(chain).doFilter(any(ServletRequest.class), any(ServletResponse.class));
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}

Example 12 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class AuthenticationFilterTests method filterWhenAuthenticationManagerResolverDefaultsAndAuthenticationFailThenUnauthorized.

@Test
public void filterWhenAuthenticationManagerResolverDefaultsAndAuthenticationFailThenUnauthorized() throws Exception {
    givenResolveWillReturnAuthenticationManager();
    Authentication authentication = new TestingAuthenticationToken("test", "this", "ROLE");
    given(this.authenticationConverter.convert(any())).willReturn(authentication);
    given(this.authenticationManager.authenticate(any())).willThrow(new BadCredentialsException("failed"));
    AuthenticationFilter filter = new AuthenticationFilter(this.authenticationManagerResolver, this.authenticationConverter);
    MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain chain = mock(FilterChain.class);
    filter.doFilter(request, response, chain);
    assertThat(response.getStatus()).isEqualTo(HttpStatus.UNAUTHORIZED.value());
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}

Example 13 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class FilterChainProxyConfigTests method doNormalOperation.

private void doNormalOperation(FilterChainProxy filterChainProxy) throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
    request.setServletPath("/foo/secure/super/somefile.html");
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain chain = mock(FilterChain.class);
    filterChainProxy.doFilter(request, response, chain);
    verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    request.setServletPath("/a/path/which/doesnt/match/any/filter.html");
    chain = mock(FilterChain.class);
    filterChainProxy.doFilter(request, response, chain);
    verify(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
}

Example 14 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class Saml2LogoutResponseFilter method doFilterInternal.

/**
 * {@inheritDoc}
 */
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    if (!this.logoutRequestMatcher.matches(request)) {
        chain.doFilter(request, response);
        return;
    }
    if (request.getParameter(Saml2ParameterNames.SAML_RESPONSE) == null) {
        chain.doFilter(request, response);
        return;
    }
    Saml2LogoutRequest logoutRequest = this.logoutRequestRepository.removeLogoutRequest(request, response);
    if (logoutRequest == null) {
        this.logger.trace("Did not process logout response since could not find associated LogoutRequest");
        response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Failed to find associated LogoutRequest");
        return;
    }
    RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, logoutRequest.getRelyingPartyRegistrationId());
    if (registration == null) {
        this.logger.trace("Did not process logout request since failed to find associated RelyingPartyRegistration");
        Saml2Error error = new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "Failed to find associated RelyingPartyRegistration");
        response.sendError(HttpServletResponse.SC_BAD_REQUEST, error.toString());
        return;
    }
    if (registration.getSingleLogoutServiceResponseLocation() == null) {
        this.logger.trace("Did not process logout response since RelyingPartyRegistration has not been configured with a logout response endpoint");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    if (!isCorrectBinding(request, registration)) {
        this.logger.trace("Did not process logout request since used incorrect binding");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    String serialized = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
    Saml2LogoutResponse logoutResponse = Saml2LogoutResponse.withRelyingPartyRegistration(registration).samlResponse(serialized).relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE)).binding(registration.getSingleLogoutServiceBinding()).location(registration.getSingleLogoutServiceResponseLocation()).parameters((params) -> params.put(Saml2ParameterNames.SIG_ALG, request.getParameter(Saml2ParameterNames.SIG_ALG))).parameters((params) -> params.put(Saml2ParameterNames.SIGNATURE, request.getParameter(Saml2ParameterNames.SIGNATURE))).build();
    Saml2LogoutResponseValidatorParameters parameters = new Saml2LogoutResponseValidatorParameters(logoutResponse, logoutRequest, registration);
    Saml2LogoutValidatorResult result = this.logoutResponseValidator.validate(parameters);
    if (result.hasErrors()) {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, result.getErrors().iterator().next().toString());
        this.logger.debug(LogMessage.format("Failed to validate LogoutResponse: %s", result.getErrors()));
        return;
    }
    this.logoutSuccessHandler.onLogoutSuccess(request, response, null);
}

Example 15 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class RequestMatcherRedirectFilterTests method doFilterWhenRequestNotMatchThenNextFilter.

@Test
public void doFilterWhenRequestNotMatchThenNextFilter() throws Exception {
    RequestMatcherRedirectFilter filter = new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/context"), "/test");
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServletPath("/test");
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain filterChain = mock(FilterChain.class);
    filter.doFilter(request, response, filterChain);
    assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
    verify(filterChain).doFilter(request, response);
}