use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.
the class HttpSessionSecurityContextRepositoryTests method outputStreamCloseDelegate.
// SEC-SEC-2055
@Test
public void outputStreamCloseDelegate() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
repo.setSpringSecurityContextKey("imTheContext");
MockHttpServletRequest request = new MockHttpServletRequest();
HttpServletResponse response = mock(HttpServletResponse.class);
ServletOutputStream outputstream = mock(ServletOutputStream.class);
given(response.getOutputStream()).willReturn(outputstream);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
SecurityContextHolder.setContext(repo.loadContext(holder));
SecurityContextHolder.getContext().setAuthentication(this.testToken);
holder.getResponse().getOutputStream().close();
verify(outputstream).close();
}
use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.
the class HttpSessionSecurityContextRepositoryTests method saveContextWhenSaveNewContextThenOriginalContextThenOriginalContextSaved.
@Test
public void saveContextWhenSaveNewContextThenOriginalContextThenOriginalContextSaved() throws Exception {
HttpSessionSecurityContextRepository repository = new HttpSessionSecurityContextRepository();
SecurityContextPersistenceFilter securityContextPersistenceFilter = new SecurityContextPersistenceFilter(repository);
UserDetails original = User.withUsername("user").password("password").roles("USER").build();
SecurityContext originalContext = createSecurityContext(original);
UserDetails impersonate = User.withUserDetails(original).username("impersonate").build();
SecurityContext impersonateContext = createSecurityContext(impersonate);
MockHttpServletRequest mockRequest = new MockHttpServletRequest();
MockHttpServletResponse mockResponse = new MockHttpServletResponse();
Filter saveImpersonateContext = (request, response, chain) -> {
SecurityContextHolder.setContext(impersonateContext);
// ensure the response is committed to trigger save
response.flushBuffer();
chain.doFilter(request, response);
};
Filter saveOriginalContext = (request, response, chain) -> {
SecurityContextHolder.setContext(originalContext);
chain.doFilter(request, response);
};
HttpServlet servlet = new HttpServlet() {
@Override
protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.getWriter().write("Hi");
}
};
SecurityContextHolder.setContext(originalContext);
MockFilterChain chain = new MockFilterChain(servlet, saveImpersonateContext, saveOriginalContext);
securityContextPersistenceFilter.doFilter(mockRequest, mockResponse, chain);
assertThat(mockRequest.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isEqualTo(originalContext);
}
use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.
the class CompositeHeaderWriterTests method writeHeadersWhenConfiguredWithDelegatesThenInvokesEach.
@Test
public void writeHeadersWhenConfiguredWithDelegatesThenInvokesEach() {
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
HeaderWriter one = mock(HeaderWriter.class);
HeaderWriter two = mock(HeaderWriter.class);
CompositeHeaderWriter headerWriter = new CompositeHeaderWriter(Arrays.asList(one, two));
headerWriter.writeHeaders(request, response);
verify(one).writeHeaders(request, response);
verify(two).writeHeaders(request, response);
}
use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.
the class HttpStatusRequestRejectedHandlerTests method httpStatusRequestRejectedHandlerCanBeConfiguredToUseStatusHelper.
private void httpStatusRequestRejectedHandlerCanBeConfiguredToUseStatusHelper(int status) throws Exception {
HttpStatusRequestRejectedHandler sut = new HttpStatusRequestRejectedHandler(status);
HttpServletResponse response = mock(HttpServletResponse.class);
sut.handle(mock(HttpServletRequest.class), response, mock(RequestRejectedException.class));
verify(response).sendError(status);
}
use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.
the class HttpStatusRequestRejectedHandlerTests method httpStatusRequestRejectedHandlerUsesStatus400byDefault.
@Test
public void httpStatusRequestRejectedHandlerUsesStatus400byDefault() throws Exception {
HttpStatusRequestRejectedHandler sut = new HttpStatusRequestRejectedHandler();
HttpServletResponse response = mock(HttpServletResponse.class);
sut.handle(mock(HttpServletRequest.class), response, mock(RequestRejectedException.class));
verify(response).sendError(400);
}
Aggregations