Example 21 with HttpSession
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class SecurityContextConfigurerTests method requestWhenSecurityContextDisabledInLambdaThenContextNotSavedInSession.
@Test
public void requestWhenSecurityContextDisabledInLambdaThenContextNotSavedInSession() throws Exception {
this.spring.register(SecurityContextDisabledInLambdaConfig.class).autowire();
MvcResult mvcResult = this.mvc.perform(formLogin()).andReturn();
HttpSession session = mvcResult.getRequest().getSession(false);
assertThat(session).isNull();
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
MvcResult(org.springframework.test.web.servlet.MvcResult)
Test(org.junit.jupiter.api.Test)
Example 22 with HttpSession
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class HttpSessionOAuth2AuthorizedClientRepositoryTests method saveAuthorizedClientWhenSavedThenSavedToSession.
@Test
public void saveAuthorizedClientWhenSavedThenSavedToSession() {
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration2, this.principalName1, mock(OAuth2AccessToken.class));
this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response);
HttpSession session = this.request.getSession(false);
assertThat(session).isNotNull();
@SuppressWarnings("unchecked") Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>) session.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS");
assertThat(authorizedClients).isNotEmpty();
assertThat(authorizedClients).hasSize(1);
assertThat(authorizedClients.values().iterator().next()).isSameAs(authorizedClient);
}
Also used :
OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken)
HttpSession(jakarta.servlet.http.HttpSession)
OAuth2AuthorizedClient(org.springframework.security.oauth2.client.OAuth2AuthorizedClient)
Map(java.util.Map)
Test(org.junit.jupiter.api.Test)
Example 23 with HttpSession
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class HttpSessionOAuth2AuthorizedClientRepositoryTests method removeAuthorizedClientWhenSavedThenRemovedFromSession.
@Test
public void removeAuthorizedClientWhenSavedThenRemovedFromSession() {
OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient(this.registration1, this.principalName1, mock(OAuth2AccessToken.class));
this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, null, this.request, this.response);
OAuth2AuthorizedClient loadedAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(this.registrationId1, null, this.request);
assertThat(loadedAuthorizedClient).isSameAs(authorizedClient);
this.authorizedClientRepository.removeAuthorizedClient(this.registrationId1, null, this.request, this.response);
HttpSession session = this.request.getSession(false);
assertThat(session).isNotNull();
assertThat(session.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS")).isNull();
}
Also used :
OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken)
HttpSession(jakarta.servlet.http.HttpSession)
OAuth2AuthorizedClient(org.springframework.security.oauth2.client.OAuth2AuthorizedClient)
Test(org.junit.jupiter.api.Test)
Example 24 with HttpSession
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class AuthenticationFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (!this.requestMatcher.matches(request)) {
if (logger.isTraceEnabled()) {
logger.trace("Did not match request to " + this.requestMatcher);
}
filterChain.doFilter(request, response);
return;
}
try {
Authentication authenticationResult = attemptAuthentication(request, response);
if (authenticationResult == null) {
filterChain.doFilter(request, response);
return;
}
HttpSession session = request.getSession(false);
if (session != null) {
request.changeSessionId();
}
successfulAuthentication(request, response, filterChain, authenticationResult);
} catch (AuthenticationException ex) {
unsuccessfulAuthentication(request, response, ex);
}
}
Also used :
AuthenticationException(org.springframework.security.core.AuthenticationException)
Authentication(org.springframework.security.core.Authentication)
HttpSession(jakarta.servlet.http.HttpSession)
Example 25 with HttpSession
use of jakarta.servlet.http.HttpSession in project spring-security by spring-projects.
the class SecurityContextLogoutHandler method logout.
/**
* Requires the request to be passed in.
* @param request from which to obtain a HTTP session (cannot be null)
* @param response not used (can be <code>null</code>)
* @param authentication not used (can be <code>null</code>)
*/
@Override
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
Assert.notNull(request, "HttpServletRequest required");
if (this.invalidateHttpSession) {
HttpSession session = request.getSession(false);
if (session != null) {
session.invalidate();
if (this.logger.isDebugEnabled()) {
this.logger.debug(LogMessage.format("Invalidated session %s", session.getId()));
}
}
}
SecurityContext context = SecurityContextHolder.getContext();
SecurityContextHolder.clearContext();
if (this.clearAuthentication) {
context.setAuthentication(null);
}
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
SecurityContext(org.springframework.security.core.context.SecurityContext)
Aggregations
HttpSession (jakarta.servlet.http.HttpSession)98
Test (org.junit.jupiter.api.Test)38
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)17
MvcResult (org.springframework.test.web.servlet.MvcResult)16
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)12
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)12
MockHttpSession (org.springframework.mock.web.MockHttpSession)12
MockHttpServletRequest (org.springframework.web.testfixture.servlet.MockHttpServletRequest)11
Map (java.util.Map)10
MockHttpServletResponse (org.springframework.web.testfixture.servlet.MockHttpServletResponse)9
SecurityContext (org.springframework.security.core.context.SecurityContext)7
PathPatternsParameterizedTest (org.springframework.web.servlet.handler.PathPatternsParameterizedTest)7
Authentication (org.springframework.security.core.Authentication)6
Cookie (jakarta.servlet.http.Cookie)5
Request (org.apache.catalina.connector.Request)5
OAuth2AuthorizedClient (org.springframework.security.oauth2.client.OAuth2AuthorizedClient)5
SessionFixationProtectionStrategy (org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy)5
Response (org.apache.catalina.connector.Response)4
RootBeanDefinition (org.springframework.beans.factory.support.RootBeanDefinition)4
PrintWriter (java.io.PrintWriter)3
