Search in sources :

Example 81 with HttpServletResponse

use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method outputStreamCloseDelegate.

// SEC-SEC-2055
@Test
public void outputStreamCloseDelegate() throws Exception {
    HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
    repo.setSpringSecurityContextKey("imTheContext");
    MockHttpServletRequest request = new MockHttpServletRequest();
    HttpServletResponse response = mock(HttpServletResponse.class);
    ServletOutputStream outputstream = mock(ServletOutputStream.class);
    given(response.getOutputStream()).willReturn(outputstream);
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
    SecurityContextHolder.setContext(repo.loadContext(holder));
    SecurityContextHolder.getContext().setAuthentication(this.testToken);
    holder.getResponse().getOutputStream().close();
    verify(outputstream).close();
}
Also used : ServletOutputStream(jakarta.servlet.ServletOutputStream) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 82 with HttpServletResponse

use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method saveContextWhenSaveNewContextThenOriginalContextThenOriginalContextSaved.

@Test
public void saveContextWhenSaveNewContextThenOriginalContextThenOriginalContextSaved() throws Exception {
    HttpSessionSecurityContextRepository repository = new HttpSessionSecurityContextRepository();
    SecurityContextPersistenceFilter securityContextPersistenceFilter = new SecurityContextPersistenceFilter(repository);
    UserDetails original = User.withUsername("user").password("password").roles("USER").build();
    SecurityContext originalContext = createSecurityContext(original);
    UserDetails impersonate = User.withUserDetails(original).username("impersonate").build();
    SecurityContext impersonateContext = createSecurityContext(impersonate);
    MockHttpServletRequest mockRequest = new MockHttpServletRequest();
    MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    Filter saveImpersonateContext = (request, response, chain) -> {
        SecurityContextHolder.setContext(impersonateContext);
        // ensure the response is committed to trigger save
        response.flushBuffer();
        chain.doFilter(request, response);
    };
    Filter saveOriginalContext = (request, response, chain) -> {
        SecurityContextHolder.setContext(originalContext);
        chain.doFilter(request, response);
    };
    HttpServlet servlet = new HttpServlet() {

        @Override
        protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
            resp.getWriter().write("Hi");
        }
    };
    SecurityContextHolder.setContext(originalContext);
    MockFilterChain chain = new MockFilterChain(servlet, saveImpersonateContext, saveOriginalContext);
    securityContextPersistenceFilter.doFilter(mockRequest, mockResponse, chain);
    assertThat(mockRequest.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isEqualTo(originalContext);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) User(org.springframework.security.core.userdetails.User) ServletException(jakarta.servlet.ServletException) Transient(org.springframework.security.core.Transient) ArgumentMatchers.anyBoolean(org.mockito.ArgumentMatchers.anyBoolean) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Retention(java.lang.annotation.Retention) Filter(jakarta.servlet.Filter) HttpServletRequestWrapper(jakarta.servlet.http.HttpServletRequestWrapper) ServletOutputStream(jakarta.servlet.ServletOutputStream) HttpSession(jakarta.servlet.http.HttpSession) TestAuthentication(org.springframework.security.authentication.TestAuthentication) TransientSecurityContext(org.springframework.security.core.context.TransientSecurityContext) BDDMockito.given(org.mockito.BDDMockito.given) UserDetails(org.springframework.security.core.userdetails.UserDetails) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) Assertions.assertThatIllegalStateException(org.assertj.core.api.Assertions.assertThatIllegalStateException) SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) IOException(java.io.IOException) Target(java.lang.annotation.Target) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) ElementType(java.lang.annotation.ElementType) HttpServlet(jakarta.servlet.http.HttpServlet) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) HttpServletResponseWrapper(jakarta.servlet.http.HttpServletResponseWrapper) AfterEach(org.junit.jupiter.api.AfterEach) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver) Mockito.never(org.mockito.Mockito.never) SecurityContext(org.springframework.security.core.context.SecurityContext) AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Authentication(org.springframework.security.core.Authentication) Collections(java.util.Collections) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) Mockito.reset(org.mockito.Mockito.reset) RetentionPolicy(java.lang.annotation.RetentionPolicy) Mockito.mock(org.mockito.Mockito.mock) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) UserDetails(org.springframework.security.core.userdetails.UserDetails) Filter(jakarta.servlet.Filter) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServlet(jakarta.servlet.http.HttpServlet) TransientSecurityContext(org.springframework.security.core.context.TransientSecurityContext) SecurityContext(org.springframework.security.core.context.SecurityContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 83 with HttpServletResponse

use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.

the class CompositeHeaderWriterTests method writeHeadersWhenConfiguredWithDelegatesThenInvokesEach.

@Test
public void writeHeadersWhenConfiguredWithDelegatesThenInvokesEach() {
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    HeaderWriter one = mock(HeaderWriter.class);
    HeaderWriter two = mock(HeaderWriter.class);
    CompositeHeaderWriter headerWriter = new CompositeHeaderWriter(Arrays.asList(one, two));
    headerWriter.writeHeaders(request, response);
    verify(one).writeHeaders(request, response);
    verify(two).writeHeaders(request, response);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) HeaderWriter(org.springframework.security.web.header.HeaderWriter) Test(org.junit.jupiter.api.Test)

Example 84 with HttpServletResponse

use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.

the class HttpStatusRequestRejectedHandlerTests method httpStatusRequestRejectedHandlerCanBeConfiguredToUseStatusHelper.

private void httpStatusRequestRejectedHandlerCanBeConfiguredToUseStatusHelper(int status) throws Exception {
    HttpStatusRequestRejectedHandler sut = new HttpStatusRequestRejectedHandler(status);
    HttpServletResponse response = mock(HttpServletResponse.class);
    sut.handle(mock(HttpServletRequest.class), response, mock(RequestRejectedException.class));
    verify(response).sendError(status);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) HttpServletResponse(jakarta.servlet.http.HttpServletResponse)

Example 85 with HttpServletResponse

use of jakarta.servlet.http.HttpServletResponse in project spring-security by spring-projects.

the class HttpStatusRequestRejectedHandlerTests method httpStatusRequestRejectedHandlerUsesStatus400byDefault.

@Test
public void httpStatusRequestRejectedHandlerUsesStatus400byDefault() throws Exception {
    HttpStatusRequestRejectedHandler sut = new HttpStatusRequestRejectedHandler();
    HttpServletResponse response = mock(HttpServletResponse.class);
    sut.handle(mock(HttpServletRequest.class), response, mock(RequestRejectedException.class));
    verify(response).sendError(400);
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

HttpServletResponse (jakarta.servlet.http.HttpServletResponse)118 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)76 Test (org.junit.jupiter.api.Test)47 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)34 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)31 FilterChain (jakarta.servlet.FilterChain)22 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)18 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)16 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)15 ServletException (jakarta.servlet.ServletException)14 StandardCharsets (java.nio.charset.StandardCharsets)14 HttpServlet (jakarta.servlet.http.HttpServlet)13 IOException (java.io.IOException)12 HashMap (java.util.HashMap)12 TomcatBaseTest (org.apache.catalina.startup.TomcatBaseTest)10 Test (org.junit.Test)10 Authentication (org.springframework.security.core.Authentication)10 FileCopyUtils (org.springframework.util.FileCopyUtils)9 BeforeEach (org.junit.jupiter.api.BeforeEach)8 Collections (java.util.Collections)7