Search in sources :

Example 16 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class DefaultSessionAuthenticationStrategyTests method onlySavedRequestAttributeIsMigratedIfMigrateAttributesIsFalse.

// See SEC-1077
@Test
public void onlySavedRequestAttributeIsMigratedIfMigrateAttributesIsFalse() {
    SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
    strategy.setMigrateSessionAttributes(false);
    HttpServletRequest request = new MockHttpServletRequest();
    HttpSession session = request.getSession();
    session.setAttribute("blah", "blah");
    session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest");
    strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
    assertThat(request.getSession().getAttribute("blah")).isNull();
    assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpSession(jakarta.servlet.http.HttpSession) Authentication(org.springframework.security.core.Authentication) SessionFixationProtectionStrategy(org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 17 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class NamespaceHttpTests method configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession.

// http@security-context-repository-ref
@Test
public void configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession() throws Exception {
    this.spring.register(SecurityContextRepoConfig.class).autowire();
    MvcResult mvcResult = this.mockMvc.perform(formLogin()).andReturn();
    HttpSession session = mvcResult.getRequest().getSession(false);
    assertThat(session).isNull();
}
Also used : HttpSession(jakarta.servlet.http.HttpSession) MvcResult(org.springframework.test.web.servlet.MvcResult) Test(org.junit.jupiter.api.Test)

Example 18 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class NamespaceHttpTests method configureWhenSessionCreationPolicyAlwaysThenSessionCreatedOnRequest.

// http@create-session=always
@Test
public void configureWhenSessionCreationPolicyAlwaysThenSessionCreatedOnRequest() throws Exception {
    this.spring.register(CreateSessionAlwaysConfig.class).autowire();
    MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
    HttpSession session = mvcResult.getRequest().getSession(false);
    assertThat(session).isNotNull();
    assertThat(session.isNew()).isTrue();
}
Also used : HttpSession(jakarta.servlet.http.HttpSession) MvcResult(org.springframework.test.web.servlet.MvcResult) Test(org.junit.jupiter.api.Test)

Example 19 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class NamespaceHttpTests method configureWhenSessionCreationPolicyStatelessThenSessionNotCreatedOnRequest.

// http@create-session=stateless
@Test
public void configureWhenSessionCreationPolicyStatelessThenSessionNotCreatedOnRequest() throws Exception {
    this.spring.register(CreateSessionStatelessConfig.class).autowire();
    MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
    HttpSession session = mvcResult.getRequest().getSession(false);
    assertThat(session).isNull();
}
Also used : HttpSession(jakarta.servlet.http.HttpSession) MvcResult(org.springframework.test.web.servlet.MvcResult) Test(org.junit.jupiter.api.Test)

Example 20 with HttpSession

use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.

the class NamespaceHttpTests method configureWhenSessionCreationPolicyNeverThenSessionNotCreatedOnRequest.

// http@create-session=never
@Test
public void configureWhenSessionCreationPolicyNeverThenSessionNotCreatedOnRequest() throws Exception {
    this.spring.register(CreateSessionNeverConfig.class).autowire();
    MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
    HttpSession session = mvcResult.getRequest().getSession(false);
    assertThat(session).isNull();
}
Also used : HttpSession(jakarta.servlet.http.HttpSession) MvcResult(org.springframework.test.web.servlet.MvcResult) Test(org.junit.jupiter.api.Test)

Aggregations

HttpSession (jakarta.servlet.http.HttpSession)98 Test (org.junit.jupiter.api.Test)38 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)17 MvcResult (org.springframework.test.web.servlet.MvcResult)16 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)12 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)12 MockHttpSession (org.springframework.mock.web.MockHttpSession)12 MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)11 Map (java.util.Map)10 MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)9 SecurityContext (org.springframework.security.core.context.SecurityContext)7 PathPatternsParameterizedTest (org.springframework.web.servlet.handler.PathPatternsParameterizedTest)7 Authentication (org.springframework.security.core.Authentication)6 Cookie (jakarta.servlet.http.Cookie)5 Request (org.apache.catalina.connector.Request)5 OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)5 SessionFixationProtectionStrategy (org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy)5 Response (org.apache.catalina.connector.Response)4 RootBeanDefinition (org.springframework.beans.factory.support.RootBeanDefinition)4 PrintWriter (java.io.PrintWriter)3