Examples with FilterChain jakarta.servlet.FilterChain used on opensource projects

Search in sources :

Example 16 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class ExceptionTranslationFilterTests method thrownIOExceptionServletExceptionAndRuntimeExceptionsAreRethrown.

@Test
public void thrownIOExceptionServletExceptionAndRuntimeExceptionsAreRethrown() throws Exception {
    ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
    filter.afterPropertiesSet();
    Exception[] exceptions = { new IOException(), new ServletException(), new RuntimeException() };
    for (Exception exception : exceptions) {
        FilterChain fc = mock(FilterChain.class);
        willThrow(exception).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
        assertThatExceptionOfType(Exception.class).isThrownBy(() -> filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), fc)).isSameAs(exception);
    }
}
Also used : ServletException(jakarta.servlet.ServletException) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) IOException(java.io.IOException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) ServletException(jakarta.servlet.ServletException) IOException(java.io.IOException) AccessDeniedException(org.springframework.security.access.AccessDeniedException) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 17 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class ExceptionTranslationFilterTests method testAccessDeniedWhenAnonymous.

@Test
public void testAccessDeniedWhenAnonymous() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServletPath("/secure/page.html");
    request.setServerPort(80);
    request.setScheme("http");
    request.setServerName("localhost");
    request.setContextPath("/mycontext");
    request.setRequestURI("/mycontext/secure/page.html");
    // Setup the FilterChain to thrown an access denied exception
    FilterChain fc = mock(FilterChain.class);
    willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    // Setup SecurityContextHolder, as filter needs to check if user is
    // anonymous
    SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
    // Test
    ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
    filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
    assertThat(filter.getAuthenticationTrustResolver()).isNotNull();
    MockHttpServletResponse response = new MockHttpServletResponse();
    filter.doFilter(request, response, fc);
    assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
    assertThat(getSavedRequestUrl(request)).isEqualTo("http://localhost/mycontext/secure/page.html");
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 18 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class ExceptionTranslationFilterTests method testLocalizedErrorMessages.

@Test
public void testLocalizedErrorMessages() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServletPath("/secure/page.html");
    // Setup the FilterChain to thrown an access denied exception
    FilterChain fc = mock(FilterChain.class);
    willThrow(new AccessDeniedException("")).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    // Setup SecurityContextHolder, as filter needs to check if user is
    // anonymous
    SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
    // Test
    ExceptionTranslationFilter filter = new ExceptionTranslationFilter((req, res, ae) -> res.sendError(403, ae.getMessage()));
    filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
    assertThat(filter.getAuthenticationTrustResolver()).isNotNull();
    LocaleContextHolder.setDefaultLocale(Locale.GERMAN);
    MockHttpServletResponse response = new MockHttpServletResponse();
    filter.doFilter(request, response, fc);
    assertThat(response.getErrorMessage()).isEqualTo("Vollst\u00e4ndige Authentifikation wird ben\u00f6tigt um auf diese Resource zuzugreifen");
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 19 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class ExceptionTranslationFilterTests method doFilterWhenResponseCommittedThenRethrowsException.

@Test
public void doFilterWhenResponseCommittedThenRethrowsException() {
    this.mockEntryPoint = mock(AuthenticationEntryPoint.class);
    FilterChain chain = (request, response) -> {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.sendError(HttpServletResponse.SC_BAD_REQUEST);
        throw new AccessDeniedException("Denied");
    };
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint);
    assertThatExceptionOfType(ServletException.class).isThrownBy(() -> filter.doFilter(request, response, chain)).withCauseInstanceOf(AccessDeniedException.class);
    verifyZeroInteractions(this.mockEntryPoint);
}
Also used : RememberMeAuthenticationToken(org.springframework.security.authentication.RememberMeAuthenticationToken) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) LocaleContextHolder(org.springframework.context.i18n.LocaleContextHolder) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) MockPortResolver(org.springframework.security.MockPortResolver) ServletException(jakarta.servlet.ServletException) WebAttributes(org.springframework.security.web.WebAttributes) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) HttpSession(jakarta.servlet.http.HttpSession) Locale(java.util.Locale) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) MessageSource(org.springframework.context.MessageSource) BDDMockito.willThrow(org.mockito.BDDMockito.willThrow) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest) FilterChain(jakarta.servlet.FilterChain) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) IOException(java.io.IOException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AccessDeniedException(org.springframework.security.access.AccessDeniedException) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) AfterEach(org.junit.jupiter.api.AfterEach) SecurityContext(org.springframework.security.core.context.SecurityContext) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) HttpSessionRequestCache(org.springframework.security.web.savedrequest.HttpSessionRequestCache) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) Mockito.mock(org.mockito.Mockito.mock) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 20 with FilterChain

use of jakarta.servlet.FilterChain in project spring-security by spring-projects.

the class FilterChainProxyTests method doFilterClearsSecurityContextHolderOnceOnForwards.

// SEC-2027
@Test
public void doFilterClearsSecurityContextHolderOnceOnForwards() throws Exception {
    final FilterChain innerChain = mock(FilterChain.class);
    given(this.matcher.matches(any(HttpServletRequest.class))).willReturn(true);
    willAnswer((Answer<Object>) (inv) -> {
        TestingAuthenticationToken expected = new TestingAuthenticationToken("username", "password");
        SecurityContextHolder.getContext().setAuthentication(expected);
        willAnswer((Answer<Object>) (inv1) -> {
            innerChain.doFilter(this.request, this.response);
            return null;
        }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
        this.fcp.doFilter(this.request, this.response, innerChain);
        assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(expected);
        return null;
    }).given(this.filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
    this.fcp.doFilter(this.request, this.response, this.chain);
    verify(innerChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) RequestRejectedException(org.springframework.security.web.firewall.RequestRejectedException) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServletException(jakarta.servlet.ServletException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Filter(jakarta.servlet.Filter) HttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequestWrapper) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) Answer(org.mockito.stubbing.Answer) BDDMockito.given(org.mockito.BDDMockito.given) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) RequestRejectedHandler(org.springframework.security.web.firewall.RequestRejectedHandler) FilterChain(jakarta.servlet.FilterChain) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) HttpFirewall(org.springframework.security.web.firewall.HttpFirewall) FirewalledRequest(org.springframework.security.web.firewall.FirewalledRequest) BDDMockito.willAnswer(org.mockito.BDDMockito.willAnswer) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) List(java.util.List) AfterEach(org.junit.jupiter.api.AfterEach) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) Collections(java.util.Collections) Mockito.mock(org.mockito.Mockito.mock) Answer(org.mockito.stubbing.Answer) BDDMockito.willAnswer(org.mockito.BDDMockito.willAnswer) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Aggregations

FilterChain (jakarta.servlet.FilterChain)141 Test (org.junit.jupiter.api.Test)134 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)103 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)102 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)68 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)54 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)35 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)32 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)29 ServletRequest (jakarta.servlet.ServletRequest)25 ServletResponse (jakarta.servlet.ServletResponse)25 Authentication (org.springframework.security.core.Authentication)23 MockFilterChain (org.springframework.mock.web.MockFilterChain)20 ServletException (jakarta.servlet.ServletException)16 StandardCharsets (java.nio.charset.StandardCharsets)16 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)16 IOException (java.io.IOException)15 BeforeEach (org.junit.jupiter.api.BeforeEach)14 FileCopyUtils (org.springframework.util.FileCopyUtils)14 Arrays (java.util.Arrays)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial