Search in sources :

Example 46 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class SessionManagementFilterTests method strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest.

@Test
public void strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest() throws Exception {
    SecurityContextRepository repo = mock(SecurityContextRepository.class);
    SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
    // mock that repo contains a security context
    given(repo.containsContext(any(HttpServletRequest.class))).willReturn(true);
    SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
    HttpServletRequest request = new MockHttpServletRequest();
    authenticateUser();
    filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
    verifyZeroInteractions(strategy);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 47 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class SessionManagementFilterTests method customAuthenticationTrustResolver.

@Test
public void customAuthenticationTrustResolver() throws Exception {
    AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);
    SecurityContextRepository repo = mock(SecurityContextRepository.class);
    SessionManagementFilter filter = new SessionManagementFilter(repo);
    filter.setTrustResolver(trustResolver);
    HttpServletRequest request = new MockHttpServletRequest();
    authenticateUser();
    filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
    verify(trustResolver).isAnonymous(any(Authentication.class));
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 48 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class SessionManagementFilterTests method newSessionShouldNotBeCreatedIfSessionExistsAndUserIsNotAuthenticated.

@Test
public void newSessionShouldNotBeCreatedIfSessionExistsAndUserIsNotAuthenticated() throws Exception {
    SecurityContextRepository repo = mock(SecurityContextRepository.class);
    SessionManagementFilter filter = new SessionManagementFilter(repo);
    HttpServletRequest request = new MockHttpServletRequest();
    String sessionId = request.getSession().getId();
    filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
    assertThat(request.getSession().getId()).isEqualTo(sessionId);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 49 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class SessionManagementFilterTests method strategyFailureInvokesFailureHandler.

@Test
public void strategyFailureInvokesFailureHandler() throws Exception {
    SecurityContextRepository repo = mock(SecurityContextRepository.class);
    // repo will return false to containsContext()
    SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
    AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
    SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
    filter.setAuthenticationFailureHandler(failureHandler);
    HttpServletRequest request = new MockHttpServletRequest();
    HttpServletResponse response = new MockHttpServletResponse();
    FilterChain fc = mock(FilterChain.class);
    authenticateUser();
    SessionAuthenticationException exception = new SessionAuthenticationException("Failure");
    willThrow(exception).given(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(), request, response);
    filter.doFilter(request, response, fc);
    verifyZeroInteractions(fc);
    verify(failureHandler).onAuthenticationFailure(request, response, exception);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionAuthenticationException(org.springframework.security.web.authentication.session.SessionAuthenticationException) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 50 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class DispatcherTypeRequestMatcherTests method matches_dispatcher_type.

@Test
public void matches_dispatcher_type() {
    HttpServletRequest request = mockHttpServletRequest(DispatcherType.ERROR, HttpMethod.GET);
    DispatcherTypeRequestMatcher matcher = new DispatcherTypeRequestMatcher(DispatcherType.ERROR);
    assertThat(matcher.matches(request)).isTrue();
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Test(org.junit.jupiter.api.Test)

Aggregations

HttpServletRequest (jakarta.servlet.http.HttpServletRequest)289 Test (org.junit.jupiter.api.Test)160 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)93 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)88 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)67 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)44 Authentication (org.springframework.security.core.Authentication)31 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)31 Test (org.junit.Test)28 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)26 IOException (java.io.IOException)21 ServletException (jakarta.servlet.ServletException)20 HttpServlet (jakarta.servlet.http.HttpServlet)19 HashMap (java.util.HashMap)17 FilterDef (org.apache.tomcat.util.descriptor.web.FilterDef)16 FilterChain (jakarta.servlet.FilterChain)15 HttpSession (jakarta.servlet.http.HttpSession)14 MockFilterChain (org.springframework.mock.web.MockFilterChain)14 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)14 ServletRequest (jakarta.servlet.ServletRequest)13