Search in sources :

Example 96 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class AbstractAuthenticationProcessingFilterTests method testNormalOperationWithDefaultFilterProcessesUrl.

@Test
public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = createMockAuthenticationRequest();
    HttpSession sessionPreAuth = request.getSession();
    // Setup our filter configuration
    MockFilterConfig config = new MockFilterConfig(null, null);
    // Setup our expectation that the filter chain will not be invoked, as we redirect
    // to defaultTargetUrl
    MockFilterChain chain = new MockFilterChain(false);
    MockHttpServletResponse response = new MockHttpServletResponse();
    // Setup our test object, to grant access
    MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
    filter.setFilterProcessesUrl("/j_mock_post");
    filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
    filter.setAuthenticationSuccessHandler(this.successHandler);
    filter.setAuthenticationFailureHandler(this.failureHandler);
    filter.setAuthenticationManager(mock(AuthenticationManager.class));
    filter.afterPropertiesSet();
    // Test
    filter.doFilter(request, response, chain);
    assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
    assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test");
    // Should still have the same session
    assertThat(request.getSession()).isEqualTo(sessionPreAuth);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpSession(jakarta.servlet.http.HttpSession) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) MockFilterConfig(org.springframework.mock.web.MockFilterConfig) Test(org.junit.jupiter.api.Test)

Example 97 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class ExceptionTranslationFilterTests method getSavedRequestUrl.

private static String getSavedRequestUrl(HttpServletRequest request) {
    HttpSession session = request.getSession(false);
    if (session == null) {
        return null;
    }
    HttpSessionRequestCache rc = new HttpSessionRequestCache();
    SavedRequest sr = rc.getRequest(request, new MockHttpServletResponse());
    return sr.getRedirectUrl();
}
Also used : HttpSession(jakarta.servlet.http.HttpSession) HttpSessionRequestCache(org.springframework.security.web.savedrequest.HttpSessionRequestCache) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest)

Example 98 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class AbstractAuthenticationProcessingFilterTests method testNormalOperationWithDefaultFilterProcessesUrlAndAuthenticationManager.

@Test
public void testNormalOperationWithDefaultFilterProcessesUrlAndAuthenticationManager() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = createMockAuthenticationRequest();
    HttpSession sessionPreAuth = request.getSession();
    // Setup our filter configuration
    MockFilterConfig config = new MockFilterConfig(null, null);
    // Setup our expectation that the filter chain will not be invoked, as we redirect
    // to defaultTargetUrl
    MockFilterChain chain = new MockFilterChain(false);
    MockHttpServletResponse response = new MockHttpServletResponse();
    // Setup our test object, to grant access
    MockAuthenticationFilter filter = new MockAuthenticationFilter("/j_mock_post", mock(AuthenticationManager.class));
    filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
    filter.setAuthenticationSuccessHandler(this.successHandler);
    filter.setAuthenticationFailureHandler(this.failureHandler);
    filter.afterPropertiesSet();
    // Test
    filter.doFilter(request, response, chain);
    assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/logged_in.jsp");
    assertThat(SecurityContextHolder.getContext().getAuthentication()).isNotNull();
    assertThat(SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()).isEqualTo("test");
    // Should still have the same session
    assertThat(request.getSession()).isEqualTo(sessionPreAuth);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpSession(jakarta.servlet.http.HttpSession) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) MockFilterConfig(org.springframework.mock.web.MockFilterConfig) Test(org.junit.jupiter.api.Test)

Example 99 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-boot by spring-projects.

the class AbstractServletWebServerFactoryTests method sessionServletRegistration.

protected final ServletContextInitializer sessionServletRegistration() {
    ServletRegistrationBean<ExampleServlet> bean = new ServletRegistrationBean<>(new ExampleServlet() {

        @Override
        public void service(ServletRequest request, ServletResponse response) throws IOException {
            HttpSession session = ((HttpServletRequest) request).getSession(true);
            long value = System.currentTimeMillis();
            Object existing = session.getAttribute("boot");
            session.setAttribute("boot", value);
            PrintWriter writer = response.getWriter();
            writer.append(String.valueOf(existing)).append(":").append(String.valueOf(value));
        }
    }, "/session");
    bean.setName("session");
    return bean;
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) ServletRequest(jakarta.servlet.ServletRequest) ServletResponse(jakarta.servlet.ServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) ServletRegistrationBean(org.springframework.boot.web.servlet.ServletRegistrationBean) HttpSession(jakarta.servlet.http.HttpSession) Assertions.assertThatIOException(org.assertj.core.api.Assertions.assertThatIOException) IOException(java.io.IOException) ExampleServlet(org.springframework.boot.testsupport.web.servlet.ExampleServlet) PrintWriter(java.io.PrintWriter)

Example 100 with HttpSession

use of jakarta.servlet.http.HttpSession in project OpenGrok by OpenGrok.

the class AuthorizationFrameworkReloadTest method testReloadSimple.

/**
 * After {@code reload()} the session attributes should be invalidated.
 * It is assumed that invalidation of HttpSession objects means that all
 * the attributes will be unset.
 */
@Test
public void testReloadSimple() {
    DummyHttpServletRequest req = new DummyHttpServletRequest();
    AuthorizationFramework framework = new AuthorizationFramework(pluginDirectory.getPath());
    // to avoid noise when loading classes of other tests
    framework.setLoadClasses(false);
    framework.reload();
    // Ensure the framework was setup correctly.
    assertNotNull(framework.getPluginDirectory());
    assertEquals(pluginDirectory, framework.getPluginDirectory());
    // Create pre-requisite objects - mainly the HTTP session with attribute.
    Project p = new Project("project" + Math.random());
    HttpSession session = req.getSession();
    String attrName = "foo";
    session.setAttribute(attrName, "bar");
    assertNotNull(session.getAttribute(attrName));
    // Reload the framework to increment the plugin generation version.
    framework.reload();
    // Let the framework check the request. This should invalidate the session
    // since the version was incremented. In this test we are not interested
    // in the actual result.
    framework.isAllowed(req, p);
    // Verify that the session no longer has the attribute.
    assertNull(session.getAttribute(attrName));
}
Also used : Project(org.opengrok.indexer.configuration.Project) DummyHttpServletRequest(org.opengrok.indexer.web.DummyHttpServletRequest) HttpSession(jakarta.servlet.http.HttpSession) Test(org.junit.jupiter.api.Test)

Aggregations

HttpSession (jakarta.servlet.http.HttpSession)101 Test (org.junit.jupiter.api.Test)39 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)17 MvcResult (org.springframework.test.web.servlet.MvcResult)16 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)13 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)12 MockHttpSession (org.springframework.mock.web.MockHttpSession)12 Map (java.util.Map)11 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)11 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)9 SecurityContext (org.springframework.security.core.context.SecurityContext)7 PathPatternsParameterizedTest (org.springframework.web.servlet.handler.PathPatternsParameterizedTest)7 Authentication (org.springframework.security.core.Authentication)6 Cookie (jakarta.servlet.http.Cookie)5 Request (org.apache.catalina.connector.Request)5 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)5 SessionFixationProtectionStrategy (org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy)5 IOException (java.io.IOException)4 PrintWriter (java.io.PrintWriter)4 Response (org.apache.catalina.connector.Response)4