Examples with HttpServletRequest jakarta.servlet.http.HttpServletRequest used on opensource projects

Search in sources :

Example 41 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class DefaultSessionAuthenticationStrategyTests method newSessionShouldNotBeCreatedIfNoSessionExistsAndAlwaysCreateIsFalse.

@Test
public void newSessionShouldNotBeCreatedIfNoSessionExistsAndAlwaysCreateIsFalse() {
    SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
    HttpServletRequest request = new MockHttpServletRequest();
    strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
    assertThat(request.getSession(false)).isNull();
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) SessionFixationProtectionStrategy(org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 42 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class DefaultSessionAuthenticationStrategyTests method newSessionIsCreatedIfSessionAlreadyExists.

@Test
public void newSessionIsCreatedIfSessionAlreadyExists() {
    SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
    HttpServletRequest request = new MockHttpServletRequest();
    String sessionId = request.getSession().getId();
    strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
    assertThat(sessionId.equals(request.getSession().getId())).isFalse();
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) SessionFixationProtectionStrategy(org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 43 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class DefaultSessionAuthenticationStrategyTests method onAuthenticationWhenMigrateSessionAttributesTrueThenMaxInactiveIntervalIsMigrated.

@Test
public void onAuthenticationWhenMigrateSessionAttributesTrueThenMaxInactiveIntervalIsMigrated() {
    SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
    HttpServletRequest request = new MockHttpServletRequest();
    HttpSession session = request.getSession();
    session.setMaxInactiveInterval(1);
    Authentication mockAuthentication = mock(Authentication.class);
    strategy.onAuthentication(mockAuthentication, request, new MockHttpServletResponse());
    assertThat(request.getSession().getMaxInactiveInterval()).isEqualTo(1);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpSession(jakarta.servlet.http.HttpSession) Authentication(org.springframework.security.core.Authentication) SessionFixationProtectionStrategy(org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 44 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class DefaultSessionAuthenticationStrategyTests method onlySavedRequestAttributeIsMigratedIfMigrateAttributesIsFalse.

// See SEC-1077
@Test
public void onlySavedRequestAttributeIsMigratedIfMigrateAttributesIsFalse() {
    SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
    strategy.setMigrateSessionAttributes(false);
    HttpServletRequest request = new MockHttpServletRequest();
    HttpSession session = request.getSession();
    session.setAttribute("blah", "blah");
    session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest");
    strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
    assertThat(request.getSession().getAttribute("blah")).isNull();
    assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpSession(jakarta.servlet.http.HttpSession) Authentication(org.springframework.security.core.Authentication) SessionFixationProtectionStrategy(org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 45 with HttpServletRequest

use of jakarta.servlet.http.HttpServletRequest in project spring-security by spring-projects.

the class SessionManagementFilterTests method strategyIsInvokedIfUserIsNewlyAuthenticated.

@Test
public void strategyIsInvokedIfUserIsNewlyAuthenticated() throws Exception {
    SecurityContextRepository repo = mock(SecurityContextRepository.class);
    // repo will return false to containsContext()
    SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
    SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
    HttpServletRequest request = new MockHttpServletRequest();
    authenticateUser();
    filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
    verify(strategy).onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class));
    // Check that it is only applied once to the request
    filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
    verifyNoMoreInteractions(strategy);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

HttpServletRequest (jakarta.servlet.http.HttpServletRequest)334 Test (org.junit.jupiter.api.Test)200 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)93 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)91 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)67 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)44 Authentication (org.springframework.security.core.Authentication)31 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)31 Test (org.junit.Test)28 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)26 IOException (java.io.IOException)22 ServletException (jakarta.servlet.ServletException)21 HashMap (java.util.HashMap)20 HttpServlet (jakarta.servlet.http.HttpServlet)19 FilterChain (jakarta.servlet.FilterChain)17 FilterDef (org.apache.tomcat.util.descriptor.web.FilterDef)16 HttpSession (jakarta.servlet.http.HttpSession)14 MockFilterChain (org.springframework.mock.web.MockFilterChain)14 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)14 ServletRequest (jakarta.servlet.ServletRequest)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial