Examples with HttpServletRequest jakarta.servlet.http.HttpServletRequest used on opensource projects

Search in sources :

Example 11 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class OpenSaml3LogoutRequestResolverTests method resolveWhenCustomParametersConsumerThenUses.

@Test
public void resolveWhenCustomParametersConsumerThenUses() {
    OpenSaml3LogoutRequestResolver logoutRequestResolver = new OpenSaml3LogoutRequestResolver(this.relyingPartyRegistrationResolver);
    logoutRequestResolver.setParametersConsumer((parameters) -> parameters.getLogoutRequest().setID("myid"));
    HttpServletRequest request = new MockHttpServletRequest();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().assertingPartyDetails((party) -> party.singleLogoutServiceLocation("https://ap.example.com/logout")).build();
    Authentication authentication = new TestingAuthenticationToken("user", "password");
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutRequest logoutRequest = logoutRequestResolver.resolve(request, authentication);
    assertThat(logoutRequest.getId()).isEqualTo("myid");
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Test(org.junit.jupiter.api.Test) BDDMockito.given(org.mockito.BDDMockito.given) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) Authentication(org.springframework.security.core.Authentication) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 12 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class OpenSaml4LogoutRequestResolverTests method resolveWhenCustomParametersConsumerThenUses.

@Test
public void resolveWhenCustomParametersConsumerThenUses() {
    OpenSaml4LogoutRequestResolver logoutRequestResolver = new OpenSaml4LogoutRequestResolver(this.relyingPartyRegistrationResolver);
    logoutRequestResolver.setParametersConsumer((parameters) -> parameters.getLogoutRequest().setID("myid"));
    HttpServletRequest request = new MockHttpServletRequest();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().assertingPartyDetails((party) -> party.singleLogoutServiceLocation("https://ap.example.com/logout")).build();
    Authentication authentication = new TestingAuthenticationToken("user", "password");
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutRequest logoutRequest = logoutRequestResolver.resolve(request, authentication);
    assertThat(logoutRequest.getId()).isEqualTo("myid");
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Test(org.junit.jupiter.api.Test) BDDMockito.given(org.mockito.BDDMockito.given) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) Authentication(org.springframework.security.core.Authentication) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 13 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class AbstractPreAuthenticatedProcessingFilterTests method requiresAuthenticationOverridePrincipalChangedFalse.

@Test
public void requiresAuthenticationOverridePrincipalChangedFalse() throws Exception {
    Object principal = new Object();
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain chain = new MockFilterChain();
    ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter() {

        @Override
        protected boolean principalChanged(HttpServletRequest request, Authentication currentAuthentication) {
            return false;
        }
    };
    filter.setCheckForPrincipalChanges(true);
    filter.principal = principal;
    AuthenticationManager am = mock(AuthenticationManager.class);
    filter.setAuthenticationManager(am);
    filter.afterPropertiesSet();
    filter.doFilter(request, response, chain);
    verifyZeroInteractions(am);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 14 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class AuthorizationFilterTests method filterWhenAuthorizationManagerVerifyThrowsAccessDeniedExceptionThenStopFilterChain.

@Test
public void filterWhenAuthorizationManagerVerifyThrowsAccessDeniedExceptionThenStopFilterChain() {
    AuthorizationManager<HttpServletRequest> mockAuthorizationManager = mock(AuthorizationManager.class);
    AuthorizationFilter filter = new AuthorizationFilter(mockAuthorizationManager);
    TestingAuthenticationToken authenticationToken = new TestingAuthenticationToken("user", "password");
    SecurityContext securityContext = new SecurityContextImpl();
    securityContext.setAuthentication(authenticationToken);
    SecurityContextHolder.setContext(securityContext);
    MockHttpServletRequest mockRequest = new MockHttpServletRequest(null, "/path");
    MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    FilterChain mockFilterChain = mock(FilterChain.class);
    willThrow(new AccessDeniedException("Access Denied")).given(mockAuthorizationManager).verify(any(), eq(mockRequest));
    assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> filter.doFilter(mockRequest, mockResponse, mockFilterChain)).withMessage("Access Denied");
    ArgumentCaptor<Supplier<Authentication>> authenticationCaptor = ArgumentCaptor.forClass(Supplier.class);
    verify(mockAuthorizationManager).verify(authenticationCaptor.capture(), eq(mockRequest));
    Supplier<Authentication> authentication = authenticationCaptor.getValue();
    assertThat(authentication.get()).isEqualTo(authenticationToken);
    verifyNoInteractions(mockFilterChain);
}
Also used : SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) SecurityContext(org.springframework.security.core.context.SecurityContext) Supplier(java.util.function.Supplier) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 15 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class GrantedAuthorityDefaultsXmlTests method doFilterIsUserInRole.

// SEC-2926
@Test
public void doFilterIsUserInRole() throws Exception {
    SecurityContext context = SecurityContextHolder.getContext();
    this.request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
    this.chain = new MockFilterChain() {

        @Override
        public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
            HttpServletRequest httpRequest = (HttpServletRequest) request;
            assertThat(httpRequest.isUserInRole("USER")).isTrue();
            assertThat(httpRequest.isUserInRole("INVALID")).isFalse();
            super.doFilter(request, response);
        }
    };
    this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
    assertThat(this.chain.getRequest()).isNotNull();
}
Also used : ServletException(jakarta.servlet.ServletException) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ServletRequest(jakarta.servlet.ServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) ServletResponse(jakarta.servlet.ServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) SecurityContext(org.springframework.security.core.context.SecurityContext) IOException(java.io.IOException) MockFilterChain(org.springframework.mock.web.MockFilterChain) Test(org.junit.jupiter.api.Test)

Aggregations

HttpServletRequest (jakarta.servlet.http.HttpServletRequest)334 Test (org.junit.jupiter.api.Test)200 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)93 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)91 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)67 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)44 Authentication (org.springframework.security.core.Authentication)31 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)31 Test (org.junit.Test)28 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)26 IOException (java.io.IOException)22 ServletException (jakarta.servlet.ServletException)21 HashMap (java.util.HashMap)20 HttpServlet (jakarta.servlet.http.HttpServlet)19 FilterChain (jakarta.servlet.FilterChain)17 FilterDef (org.apache.tomcat.util.descriptor.web.FilterDef)16 HttpSession (jakarta.servlet.http.HttpSession)14 MockFilterChain (org.springframework.mock.web.MockFilterChain)14 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)14 ServletRequest (jakarta.servlet.ServletRequest)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial