Examples with HttpServletRequest jakarta.servlet.http.HttpServletRequest used on opensource projects

Search in sources :

Example 36 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class CookieRequestCacheTests method requestWhenDoesNotMatchSavedRequestThenDoesNotClearCookie.

@Test
public void requestWhenDoesNotMatchSavedRequestThenDoesNotClearCookie() {
    CookieRequestCache cookieRequestCache = new CookieRequestCache();
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServerPort(443);
    request.setSecure(true);
    request.setScheme("https");
    request.setServerName("abc.com");
    request.setRequestURI("/destination");
    String redirectUrl = "https://abc.com/api";
    request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl)));
    MockHttpServletResponse response = new MockHttpServletResponse();
    final HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response);
    assertThat(matchingRequest).isNull();
    Cookie expiredCookie = response.getCookie(DEFAULT_COOKIE_NAME);
    assertThat(expiredCookie).isNull();
}
Also used : Cookie(jakarta.servlet.http.Cookie) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 37 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class OpenSamlLogoutRequestResolverTests method resolvePostWhenAuthenticatedThenIncludesName.

@Test
public void resolvePostWhenAuthenticatedThenIncludesName() {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)).build();
    Saml2Authentication authentication = authentication(registration);
    HttpServletRequest request = new MockHttpServletRequest();
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutRequest saml2LogoutRequest = this.logoutRequestResolver.resolve(request, authentication);
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIG_ALG)).isNull();
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIGNATURE)).isNull();
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.RELAY_STATE)).isNotNull();
    Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleLogoutServiceBinding();
    LogoutRequest logoutRequest = getLogoutRequest(saml2LogoutRequest.getSamlRequest(), binding);
    assertThat(logoutRequest.getNameID().getValue()).isEqualTo(authentication.getName());
    assertThat(logoutRequest.getSessionIndexes()).hasSize(1);
    assertThat(logoutRequest.getSessionIndexes().get(0).getSessionIndex()).isEqualTo("session-index");
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) Arrays(java.util.Arrays) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) HashMap(java.util.HashMap) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArrayList(java.util.ArrayList) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) ByteArrayInputStream(java.io.ByteArrayInputStream) BDDMockito.given(org.mockito.BDDMockito.given) Document(org.w3c.dom.Document) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) Saml2Exception(org.springframework.security.saml2.Saml2Exception) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) StandardCharsets(java.nio.charset.StandardCharsets) XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport) Test(org.junit.jupiter.api.Test) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) Element(org.w3c.dom.Element) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Test(org.junit.jupiter.api.Test)

Example 38 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class OpenSamlLogoutRequestResolverTests method resolveRedirectWhenAuthenticatedThenIncludesName.

@Test
public void resolveRedirectWhenAuthenticatedThenIncludesName() {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().build();
    Saml2Authentication authentication = authentication(registration);
    HttpServletRequest request = new MockHttpServletRequest();
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutRequest saml2LogoutRequest = this.logoutRequestResolver.resolve(request, authentication);
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIG_ALG)).isNotNull();
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIGNATURE)).isNotNull();
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.RELAY_STATE)).isNotNull();
    Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleLogoutServiceBinding();
    LogoutRequest logoutRequest = getLogoutRequest(saml2LogoutRequest.getSamlRequest(), binding);
    assertThat(logoutRequest.getNameID().getValue()).isEqualTo(authentication.getName());
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Test(org.junit.jupiter.api.Test)

Example 39 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests method isAllowedWhenServletContextIsSetThenPassedFilterInvocationHttpServletRequestHasServletContext.

@Test
void isAllowedWhenServletContextIsSetThenPassedFilterInvocationHttpServletRequestHasServletContext() {
    Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
    MockServletContext servletContext = new MockServletContext();
    ArgumentCaptor<HttpServletRequest> argumentCaptor = ArgumentCaptor.forClass(HttpServletRequest.class);
    RequestMatcher requestMatcher = mock(RequestMatcher.class);
    WebInvocationPrivilegeEvaluator wipe = mock(WebInvocationPrivilegeEvaluator.class);
    RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = new RequestMatcherEntry<>(requestMatcher, Collections.singletonList(wipe));
    RequestMatcherDelegatingWebInvocationPrivilegeEvaluator requestMatcherWipe = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(Collections.singletonList(delegate));
    requestMatcherWipe.setServletContext(servletContext);
    requestMatcherWipe.isAllowed("/foo/index.jsp", token);
    verify(requestMatcher).matches(argumentCaptor.capture());
    assertThat(argumentCaptor.getValue().getServletContext()).isNotNull();
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) Authentication(org.springframework.security.core.Authentication) List(java.util.List) RequestMatcherEntry(org.springframework.security.web.util.matcher.RequestMatcherEntry) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockServletContext(org.springframework.mock.web.MockServletContext) Test(org.junit.jupiter.api.Test)

Example 40 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class FilterChainProxyTests method setup.

@BeforeEach
public void setup() throws Exception {
    this.matcher = mock(RequestMatcher.class);
    this.filter = mock(Filter.class);
    willAnswer((Answer<Object>) (inv) -> {
        Object[] args = inv.getArguments();
        FilterChain fc = (FilterChain) args[2];
        HttpServletRequestWrapper extraWrapper = new HttpServletRequestWrapper((HttpServletRequest) args[0]);
        fc.doFilter(extraWrapper, (HttpServletResponse) args[1]);
        return null;
    }).given(this.filter).doFilter(any(), any(), any());
    this.fcp = new FilterChainProxy(new DefaultSecurityFilterChain(this.matcher, Arrays.asList(this.filter)));
    this.fcp.setFilterChainValidator(mock(FilterChainProxy.FilterChainValidator.class));
    this.request = new MockHttpServletRequest("GET", "");
    this.request.setServletPath("/path");
    this.response = new MockHttpServletResponse();
    this.chain = mock(FilterChain.class);
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) RequestRejectedException(org.springframework.security.web.firewall.RequestRejectedException) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServletException(jakarta.servlet.ServletException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Filter(jakarta.servlet.Filter) HttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequestWrapper) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) Answer(org.mockito.stubbing.Answer) BDDMockito.given(org.mockito.BDDMockito.given) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) RequestRejectedHandler(org.springframework.security.web.firewall.RequestRejectedHandler) FilterChain(jakarta.servlet.FilterChain) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) HttpFirewall(org.springframework.security.web.firewall.HttpFirewall) FirewalledRequest(org.springframework.security.web.firewall.FirewalledRequest) BDDMockito.willAnswer(org.mockito.BDDMockito.willAnswer) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) List(java.util.List) AfterEach(org.junit.jupiter.api.AfterEach) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) Collections(java.util.Collections) Mockito.mock(org.mockito.Mockito.mock) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(jakarta.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Filter(jakarta.servlet.Filter) HttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequestWrapper) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) BeforeEach(org.junit.jupiter.api.BeforeEach)

Aggregations

HttpServletRequest (jakarta.servlet.http.HttpServletRequest)334 Test (org.junit.jupiter.api.Test)200 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)93 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)91 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)67 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)44 Authentication (org.springframework.security.core.Authentication)31 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)31 Test (org.junit.Test)28 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)26 IOException (java.io.IOException)22 ServletException (jakarta.servlet.ServletException)21 HashMap (java.util.HashMap)20 HttpServlet (jakarta.servlet.http.HttpServlet)19 FilterChain (jakarta.servlet.FilterChain)17 FilterDef (org.apache.tomcat.util.descriptor.web.FilterDef)16 HttpSession (jakarta.servlet.http.HttpSession)14 MockFilterChain (org.springframework.mock.web.MockFilterChain)14 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)14 ServletRequest (jakarta.servlet.ServletRequest)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial