Example 41 with Cookie
use of jakarta.servlet.http.Cookie in project spring-security by spring-projects.
the class CookieRequestCacheTests method requestWhenDoesNotMatchSavedRequestThenDoesNotClearCookie.
@Test
public void requestWhenDoesNotMatchSavedRequestThenDoesNotClearCookie() {
CookieRequestCache cookieRequestCache = new CookieRequestCache();
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServerPort(443);
request.setSecure(true);
request.setScheme("https");
request.setServerName("abc.com");
request.setRequestURI("/destination");
String redirectUrl = "https://abc.com/api";
request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl)));
MockHttpServletResponse response = new MockHttpServletResponse();
final HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response);
assertThat(matchingRequest).isNull();
Cookie expiredCookie = response.getCookie(DEFAULT_COOKIE_NAME);
assertThat(expiredCookie).isNull();
}
Also used :
Cookie(jakarta.servlet.http.Cookie)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 42 with Cookie
use of jakarta.servlet.http.Cookie in project spring-security by spring-projects.
the class NamespaceRememberMeTests method rememberMeLoginWhenAuthenticationSuccessHandlerDeclaredThenUses.
@Test
public void rememberMeLoginWhenAuthenticationSuccessHandlerDeclaredThenUses() throws Exception {
AuthSuccessConfig.SUCCESS_HANDLER = mock(AuthenticationSuccessHandler.class);
this.spring.register(AuthSuccessConfig.class).autowire();
MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn();
verifyZeroInteractions(AuthSuccessConfig.SUCCESS_HANDLER);
Cookie rememberMe = result.getResponse().getCookie("remember-me");
assertThat(rememberMe).isNotNull();
this.mvc.perform(get("/somewhere").cookie(rememberMe));
verify(AuthSuccessConfig.SUCCESS_HANDLER).onAuthenticationSuccess(any(HttpServletRequest.class), any(HttpServletResponse.class), any(Authentication.class));
}
Also used :
Cookie(jakarta.servlet.http.Cookie)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
AuthenticationSuccessHandler(org.springframework.security.web.authentication.AuthenticationSuccessHandler)
Authentication(org.springframework.security.core.Authentication)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
MvcResult(org.springframework.test.web.servlet.MvcResult)
Test(org.junit.jupiter.api.Test)
Example 43 with Cookie
use of jakarta.servlet.http.Cookie in project spring-security by spring-projects.
the class NamespaceRememberMeTests method rememberMeLoginWhenUsingDefaultsThenMatchesNamespace.
@Test
public void rememberMeLoginWhenUsingDefaultsThenMatchesNamespace() throws Exception {
this.spring.register(RememberMeConfig.class, SecurityController.class).autowire();
MvcResult result = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn();
MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
Cookie rememberMe = result.getResponse().getCookie("remember-me");
assertThat(rememberMe).isNotNull();
this.mvc.perform(get("/authentication-class").cookie(rememberMe)).andExpect(content().string(RememberMeAuthenticationToken.class.getName()));
// @formatter:off
MockHttpServletRequestBuilder logoutRequest = post("/logout").with(csrf()).session(session).cookie(rememberMe);
result = this.mvc.perform(logoutRequest).andExpect(redirectedUrl("/login?logout")).andReturn();
// @formatter:on
rememberMe = result.getResponse().getCookie("remember-me");
assertThat(rememberMe).isNotNull().extracting(Cookie::getMaxAge).isEqualTo(0);
// @formatter:off
MockHttpServletRequestBuilder authenticationClassRequest = post("/authentication-class").with(csrf()).cookie(rememberMe);
this.mvc.perform(authenticationClassRequest).andExpect(redirectedUrl("http://localhost/login")).andReturn();
// @formatter:on
}
Also used :
Cookie(jakarta.servlet.http.Cookie)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
MvcResult(org.springframework.test.web.servlet.MvcResult)
Test(org.junit.jupiter.api.Test)
Example 44 with Cookie
use of jakarta.servlet.http.Cookie in project spring-security by spring-projects.
the class NamespaceRememberMeTests method rememberMeLoginWhenCookieNameDeclaredThenMatchesNamespace.
// SEC-2880
@Test
public void rememberMeLoginWhenCookieNameDeclaredThenMatchesNamespace() throws Exception {
this.spring.register(RememberMeCookieNameConfig.class).autowire();
// @formatter:off
Cookie rememberMe = this.mvc.perform(post("/login").with(rememberMeLogin())).andReturn().getResponse().getCookie("rememberMe");
// @formatter:on
assertThat(rememberMe).isNotNull();
}Example 45 with Cookie
use of jakarta.servlet.http.Cookie in project spring-security by spring-projects.
the class NamespaceRememberMeTests method rememberMeLoginWhenKeyDeclaredThenMatchesNamespace.
@Test
public void rememberMeLoginWhenKeyDeclaredThenMatchesNamespace() throws Exception {
this.spring.register(WithoutKeyConfig.class, KeyConfig.class, SecurityController.class).autowire();
MockHttpServletRequestBuilder requestWithRememberme = post("/without-key/login").with(rememberMeLogin());
// @formatter:off
Cookie withoutKey = this.mvc.perform(requestWithRememberme).andExpect(redirectedUrl("/")).andReturn().getResponse().getCookie("remember-me");
// @formatter:on
MockHttpServletRequestBuilder somewhereRequest = get("/somewhere").cookie(withoutKey);
// @formatter:off
this.mvc.perform(somewhereRequest).andExpect(status().isFound()).andExpect(redirectedUrl("http://localhost/login"));
MockHttpServletRequestBuilder loginWithRememberme = post("/login").with(rememberMeLogin());
Cookie withKey = this.mvc.perform(loginWithRememberme).andReturn().getResponse().getCookie("remember-me");
this.mvc.perform(get("/somewhere").cookie(withKey)).andExpect(status().isNotFound());
// @formatter:on
}
Also used :
Cookie(jakarta.servlet.http.Cookie)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
Test(org.junit.jupiter.api.Test)
Aggregations
Cookie (jakarta.servlet.http.Cookie)208
Test (org.junit.jupiter.api.Test)147
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)45
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)40
MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)30
Locale (java.util.Locale)19
MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)19
MvcResult (org.springframework.test.web.servlet.MvcResult)15
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)13
Authentication (org.springframework.security.core.Authentication)11
Supplier (java.util.function.Supplier)10
Pattern (java.util.regex.Pattern)10
Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)10
Assertions.fail (org.assertj.core.api.Assertions.fail)10
Test (org.junit.Test)10
SameSite (org.springframework.boot.web.server.Cookie.SameSite)10
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)9
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)9
IOException (java.io.IOException)8
LocaleContext (org.springframework.context.i18n.LocaleContext)8
