use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.
the class SessionManagementFilterTests method strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest.
@Test
public void strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest() throws Exception {
SecurityContextRepository repo = mock(SecurityContextRepository.class);
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
// mock that repo contains a security context
given(repo.containsContext(any(HttpServletRequest.class))).willReturn(true);
SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
HttpServletRequest request = new MockHttpServletRequest();
authenticateUser();
filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
verifyZeroInteractions(strategy);
}
use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.
the class SessionManagementFilterTests method customAuthenticationTrustResolver.
@Test
public void customAuthenticationTrustResolver() throws Exception {
AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);
SecurityContextRepository repo = mock(SecurityContextRepository.class);
SessionManagementFilter filter = new SessionManagementFilter(repo);
filter.setTrustResolver(trustResolver);
HttpServletRequest request = new MockHttpServletRequest();
authenticateUser();
filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
verify(trustResolver).isAnonymous(any(Authentication.class));
}
use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.
the class SessionManagementFilterTests method newSessionShouldNotBeCreatedIfSessionExistsAndUserIsNotAuthenticated.
@Test
public void newSessionShouldNotBeCreatedIfSessionExistsAndUserIsNotAuthenticated() throws Exception {
SecurityContextRepository repo = mock(SecurityContextRepository.class);
SessionManagementFilter filter = new SessionManagementFilter(repo);
HttpServletRequest request = new MockHttpServletRequest();
String sessionId = request.getSession().getId();
filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
assertThat(request.getSession().getId()).isEqualTo(sessionId);
}
use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.
the class SessionManagementFilterTests method strategyFailureInvokesFailureHandler.
@Test
public void strategyFailureInvokesFailureHandler() throws Exception {
SecurityContextRepository repo = mock(SecurityContextRepository.class);
// repo will return false to containsContext()
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
filter.setAuthenticationFailureHandler(failureHandler);
HttpServletRequest request = new MockHttpServletRequest();
HttpServletResponse response = new MockHttpServletResponse();
FilterChain fc = mock(FilterChain.class);
authenticateUser();
SessionAuthenticationException exception = new SessionAuthenticationException("Failure");
willThrow(exception).given(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(), request, response);
filter.doFilter(request, response, fc);
verifyZeroInteractions(fc);
verify(failureHandler).onAuthenticationFailure(request, response, exception);
}
use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.
the class DispatcherTypeRequestMatcherTests method matches_dispatcher_type.
@Test
public void matches_dispatcher_type() {
HttpServletRequest request = mockHttpServletRequest(DispatcherType.ERROR, HttpMethod.GET);
DispatcherTypeRequestMatcher matcher = new DispatcherTypeRequestMatcher(DispatcherType.ERROR);
assertThat(matcher.matches(request)).isTrue();
}
Aggregations