use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class AbstractAuthenticationProcessingFilterTests method testNormalOperationWithDefaultFilterProcessesUrl.
@Test
public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = createMockAuthenticationRequest();
HttpSession sessionPreAuth = request.getSession();
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(null, null);
// Setup our expectation that the filter chain will not be invoked, as we redirect
// to defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
filter.setFilterProcessesUrl("/j_mock_post");
filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
filter.setAuthenticationSuccessHandler(this.successHandler);
filter.setAuthenticationFailureHandler(this.failureHandler);
filter.setAuthenticationManager(mock(AuthenticationManager.class));
filter.afterPropertiesSet();
// Test
filter.doFilter(request, response, chain);
assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test");
// Should still have the same session
assertThat(request.getSession()).isEqualTo(sessionPreAuth);
}
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class ExceptionTranslationFilterTests method getSavedRequestUrl.
private static String getSavedRequestUrl(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session == null) {
return null;
}
HttpSessionRequestCache rc = new HttpSessionRequestCache();
SavedRequest sr = rc.getRequest(request, new MockHttpServletResponse());
return sr.getRedirectUrl();
}
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class AbstractAuthenticationProcessingFilterTests method testNormalOperationWithDefaultFilterProcessesUrlAndAuthenticationManager.
@Test
public void testNormalOperationWithDefaultFilterProcessesUrlAndAuthenticationManager() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = createMockAuthenticationRequest();
HttpSession sessionPreAuth = request.getSession();
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(null, null);
// Setup our expectation that the filter chain will not be invoked, as we redirect
// to defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAuthenticationFilter filter = new MockAuthenticationFilter("/j_mock_post", mock(AuthenticationManager.class));
filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
filter.setAuthenticationSuccessHandler(this.successHandler);
filter.setAuthenticationFailureHandler(this.failureHandler);
filter.afterPropertiesSet();
// Test
filter.doFilter(request, response, chain);
assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test");
// Should still have the same session
assertThat(request.getSession()).isEqualTo(sessionPreAuth);
}
use of jakarta.servlet.http.HttpSession in project spring-boot by spring-projects.
the class AbstractServletWebServerFactoryTests method sessionServletRegistration.
protected final ServletContextInitializer sessionServletRegistration() {
ServletRegistrationBean<ExampleServlet> bean = new ServletRegistrationBean<>(new ExampleServlet() {
@Override
public void service(ServletRequest request, ServletResponse response) throws IOException {
HttpSession session = ((HttpServletRequest) request).getSession(true);
long value = System.currentTimeMillis();
Object existing = session.getAttribute("boot");
session.setAttribute("boot", value);
PrintWriter writer = response.getWriter();
writer.append(String.valueOf(existing)).append(":").append(String.valueOf(value));
}
}, "/session");
bean.setName("session");
return bean;
}
use of jakarta.servlet.http.HttpSession in project OpenGrok by OpenGrok.
the class AuthorizationFrameworkReloadTest method testReloadSimple.
/**
* After {@code reload()} the session attributes should be invalidated.
* It is assumed that invalidation of HttpSession objects means that all
* the attributes will be unset.
*/
@Test
public void testReloadSimple() {
DummyHttpServletRequest req = new DummyHttpServletRequest();
AuthorizationFramework framework = new AuthorizationFramework(pluginDirectory.getPath());
// to avoid noise when loading classes of other tests
framework.setLoadClasses(false);
framework.reload();
// Ensure the framework was setup correctly.
assertNotNull(framework.getPluginDirectory());
assertEquals(pluginDirectory, framework.getPluginDirectory());
// Create pre-requisite objects - mainly the HTTP session with attribute.
Project p = new Project("project" + Math.random());
HttpSession session = req.getSession();
String attrName = "foo";
session.setAttribute(attrName, "bar");
assertNotNull(session.getAttribute(attrName));
// Reload the framework to increment the plugin generation version.
framework.reload();
// Let the framework check the request. This should invalidate the session
// since the version was incremented. In this test we are not interested
// in the actual result.
framework.isAllowed(req, p);
// Verify that the session no longer has the attribute.
assertNull(session.getAttribute(attrName));
}
Aggregations