use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class DefaultSessionAuthenticationStrategyTests method onlySavedRequestAttributeIsMigratedIfMigrateAttributesIsFalse.
// See SEC-1077
@Test
public void onlySavedRequestAttributeIsMigratedIfMigrateAttributesIsFalse() {
SessionFixationProtectionStrategy strategy = new SessionFixationProtectionStrategy();
strategy.setMigrateSessionAttributes(false);
HttpServletRequest request = new MockHttpServletRequest();
HttpSession session = request.getSession();
session.setAttribute("blah", "blah");
session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", "DefaultSavedRequest");
strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
assertThat(request.getSession().getAttribute("blah")).isNull();
assertThat(request.getSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY")).isNotNull();
}
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class NamespaceHttpTests method configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession.
// http@security-context-repository-ref
@Test
public void configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession() throws Exception {
this.spring.register(SecurityContextRepoConfig.class).autowire();
MvcResult mvcResult = this.mockMvc.perform(formLogin()).andReturn();
HttpSession session = mvcResult.getRequest().getSession(false);
assertThat(session).isNull();
}
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class NamespaceHttpTests method configureWhenSessionCreationPolicyAlwaysThenSessionCreatedOnRequest.
// http@create-session=always
@Test
public void configureWhenSessionCreationPolicyAlwaysThenSessionCreatedOnRequest() throws Exception {
this.spring.register(CreateSessionAlwaysConfig.class).autowire();
MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
HttpSession session = mvcResult.getRequest().getSession(false);
assertThat(session).isNotNull();
assertThat(session.isNew()).isTrue();
}
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class NamespaceHttpTests method configureWhenSessionCreationPolicyStatelessThenSessionNotCreatedOnRequest.
// http@create-session=stateless
@Test
public void configureWhenSessionCreationPolicyStatelessThenSessionNotCreatedOnRequest() throws Exception {
this.spring.register(CreateSessionStatelessConfig.class).autowire();
MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
HttpSession session = mvcResult.getRequest().getSession(false);
assertThat(session).isNull();
}
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class NamespaceHttpTests method configureWhenSessionCreationPolicyNeverThenSessionNotCreatedOnRequest.
// http@create-session=never
@Test
public void configureWhenSessionCreationPolicyNeverThenSessionNotCreatedOnRequest() throws Exception {
this.spring.register(CreateSessionNeverConfig.class).autowire();
MvcResult mvcResult = this.mockMvc.perform(get("/")).andReturn();
HttpSession session = mvcResult.getRequest().getSession(false);
assertThat(session).isNull();
}
Aggregations