Examples with FilterChain javax.servlet.FilterChain used on opensource projects

Search in sources :

Example 91 with FilterChain

use of javax.servlet.FilterChain in project spring-security-oauth by spring-projects.

the class OAuthProcessingFilterTests method testValidateParams.

/**
 * tests validation of the params.
 */
@Test
public void testValidateParams() throws Exception {
    OAuthProviderProcessingFilter filter = new OAuthProviderProcessingFilter() {

        protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        }
    };
    ConsumerDetails consumerDetails = mock(ConsumerDetails.class);
    HashMap<String, String> params = new HashMap<String, String>();
    params.put(OAuthConsumerParameter.oauth_version.toString(), "1.1");
    try {
        filter.validateOAuthParams(consumerDetails, params);
        fail("should have thrown a bad credentials.");
    } catch (OAuthVersionUnsupportedException e) {
        params.remove(OAuthConsumerParameter.oauth_version.toString());
    }
    filter.getAuthenticationEntryPoint().setRealmName("anywho");
    params.put("realm", "hello");
    try {
        filter.validateOAuthParams(consumerDetails, params);
        fail("should have thrown a bad credentials.");
    } catch (InvalidOAuthParametersException e) {
    }
    params.put("realm", "anywho");
    try {
        filter.validateOAuthParams(consumerDetails, params);
        fail("should have thrown a bad credentials for missing signature method.");
    } catch (InvalidOAuthParametersException e) {
    }
    params.remove("realm");
    params.put(OAuthConsumerParameter.oauth_signature_method.toString(), "sigmethod");
    try {
        filter.validateOAuthParams(consumerDetails, params);
        fail("should have thrown a bad credentials for missing signature.");
    } catch (InvalidOAuthParametersException e) {
    }
    params.remove("realm");
    params.put(OAuthConsumerParameter.oauth_signature_method.toString(), "sigmethod");
    params.put(OAuthConsumerParameter.oauth_signature.toString(), "value");
    try {
        filter.validateOAuthParams(consumerDetails, params);
        fail("should have thrown a bad credentials for missing timestamp.");
    } catch (InvalidOAuthParametersException e) {
    }
    params.remove("realm");
    params.put(OAuthConsumerParameter.oauth_signature_method.toString(), "sigmethod");
    params.put(OAuthConsumerParameter.oauth_signature.toString(), "value");
    params.put(OAuthConsumerParameter.oauth_timestamp.toString(), "value");
    try {
        filter.validateOAuthParams(consumerDetails, params);
        fail("should have thrown a bad credentials for missing nonce.");
    } catch (InvalidOAuthParametersException e) {
    }
    params.remove("realm");
    params.put(OAuthConsumerParameter.oauth_signature_method.toString(), "sigmethod");
    params.put(OAuthConsumerParameter.oauth_signature.toString(), "value");
    params.put(OAuthConsumerParameter.oauth_timestamp.toString(), "value");
    params.put(OAuthConsumerParameter.oauth_nonce.toString(), "value");
    try {
        filter.validateOAuthParams(consumerDetails, params);
        fail("should have thrown a bad credentials for bad timestamp.");
    } catch (InvalidOAuthParametersException e) {
    }
    OAuthNonceServices nonceServices = mock(OAuthNonceServices.class);
    filter.setNonceServices(nonceServices);
    params.remove("realm");
    params.put(OAuthConsumerParameter.oauth_signature_method.toString(), "sigmethod");
    params.put(OAuthConsumerParameter.oauth_signature.toString(), "value");
    params.put(OAuthConsumerParameter.oauth_timestamp.toString(), "1111111");
    params.put(OAuthConsumerParameter.oauth_nonce.toString(), "value");
    filter.validateOAuthParams(consumerDetails, params);
    verify(nonceServices).validateNonce(consumerDetails, 1111111L, "value");
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) OAuthNonceServices(org.springframework.security.oauth.provider.nonce.OAuthNonceServices) InvalidOAuthParametersException(org.springframework.security.oauth.provider.InvalidOAuthParametersException) OAuthVersionUnsupportedException(org.springframework.security.oauth.provider.OAuthVersionUnsupportedException) HashMap(java.util.HashMap) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) ConsumerDetails(org.springframework.security.oauth.provider.ConsumerDetails) Test(org.junit.Test)

Example 92 with FilterChain

use of javax.servlet.FilterChain in project spring-security-oauth by spring-projects.

the class OAuthProcessingFilterTests method testValidateSignature.

/**
 * test validating the signature.
 */
@Test
public void testValidateSignature() throws Exception {
    OAuthProviderProcessingFilter filter = new OAuthProviderProcessingFilter() {

        @Override
        protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
        }
    };
    ConsumerDetails details = mock(ConsumerDetails.class);
    SignatureSecret secret = mock(SignatureSecret.class);
    OAuthProviderToken token = mock(OAuthProviderToken.class);
    OAuthSignatureMethod sigMethod = mock(OAuthSignatureMethod.class);
    ConsumerCredentials credentials = new ConsumerCredentials("id", "sig", "method", "base", "token");
    when(details.getAuthorities()).thenReturn(new ArrayList<GrantedAuthority>());
    when(details.getSignatureSecret()).thenReturn(secret);
    filter.setTokenServices(tokenServices);
    when(tokenServices.getToken("token")).thenReturn(token);
    filter.setSignatureMethodFactory(signatureFactory);
    when(token.getSecret()).thenReturn("shhh!!!");
    when(signatureFactory.getSignatureMethod("method", secret, "shhh!!!")).thenReturn(sigMethod);
    ConsumerAuthentication authentication = new ConsumerAuthentication(details, credentials);
    filter.validateSignature(authentication);
    verify(sigMethod).verify("base", "sig");
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SignatureSecret(org.springframework.security.oauth.common.signature.SignatureSecret) OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken) ConsumerCredentials(org.springframework.security.oauth.provider.ConsumerCredentials) FilterChain(javax.servlet.FilterChain) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication) HttpServletResponse(javax.servlet.http.HttpServletResponse) OAuthSignatureMethod(org.springframework.security.oauth.common.signature.OAuthSignatureMethod) ConsumerDetails(org.springframework.security.oauth.provider.ConsumerDetails) Test(org.junit.Test)

Example 93 with FilterChain

use of javax.servlet.FilterChain in project spring-security-oauth by spring-projects.

the class ProtectedResourceProcessingFilterTests method testOnValidSignature.

/**
 * test onValidSignature
 */
@Test
public void testOnValidSignature() throws Exception {
    ProtectedResourceProcessingFilter filter = new ProtectedResourceProcessingFilter();
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    FilterChain chain = mock(FilterChain.class);
    ConsumerCredentials creds = new ConsumerCredentials("key", "sig", "meth", "base", "tok");
    ConsumerAuthentication authentication = new ConsumerAuthentication(mock(ConsumerDetails.class), creds);
    authentication.setAuthenticated(true);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    OAuthProviderTokenServices tokenServices = mock(OAuthProviderTokenServices.class);
    OAuthAccessProviderToken token = mock(OAuthAccessProviderToken.class);
    filter.setTokenServices(tokenServices);
    when(tokenServices.getToken("tok")).thenReturn(token);
    when(token.isAccessToken()).thenReturn(true);
    Authentication userAuthentication = mock(Authentication.class);
    when(token.getUserAuthentication()).thenReturn(userAuthentication);
    filter.onValidSignature(request, response, chain);
    verify(chain).doFilter(request, response);
    assertSame(userAuthentication, SecurityContextHolder.getContext().getAuthentication());
    SecurityContextHolder.getContext().setAuthentication(null);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ProtectedResourceProcessingFilter(org.springframework.security.oauth.provider.filter.ProtectedResourceProcessingFilter) OAuthProviderTokenServices(org.springframework.security.oauth.provider.token.OAuthProviderTokenServices) ConsumerCredentials(org.springframework.security.oauth.provider.ConsumerCredentials) ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication) Authentication(org.springframework.security.core.Authentication) FilterChain(javax.servlet.FilterChain) ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication) HttpServletResponse(javax.servlet.http.HttpServletResponse) OAuthAccessProviderToken(org.springframework.security.oauth.provider.token.OAuthAccessProviderToken) ConsumerDetails(org.springframework.security.oauth.provider.ConsumerDetails) Test(org.junit.Test)

Example 94 with FilterChain

use of javax.servlet.FilterChain in project microservices by pwillhan.

the class SsoUiApplication method csrfHeaderFilter.

private Filter csrfHeaderFilter() {
    return new OncePerRequestFilter() {

        @Override
        protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
            CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
            if (csrf != null) {
                Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
                String token = csrf.getToken();
                if (cookie == null || token != null && !token.equals(cookie.getValue())) {
                    cookie = new Cookie("XSRF-TOKEN", token);
                    cookie.setPath("/");
                    response.addCookie(cookie);
                }
            }
            filterChain.doFilter(request, response);
        }
    };
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Cookie(javax.servlet.http.Cookie) OncePerRequestFilter(org.springframework.web.filter.OncePerRequestFilter) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) CsrfToken(org.springframework.security.web.csrf.CsrfToken)

Example 95 with FilterChain

use of javax.servlet.FilterChain in project knox by apache.

the class CommonIdentityAssertionFilterTest method testSimpleFilter.

@Test
public void testSimpleFilter() throws ServletException, IOException, URISyntaxException {
    FilterConfig config = EasyMock.createNiceMock(FilterConfig.class);
    EasyMock.replay(config);
    final HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
    EasyMock.replay(request);
    final HttpServletResponse response = EasyMock.createNiceMock(HttpServletResponse.class);
    EasyMock.replay(response);
    final FilterChain chain = new FilterChain() {

        @Override
        public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
        }
    };
    Subject subject = new Subject();
    subject.getPrincipals().add(new PrimaryPrincipal("larry"));
    subject.getPrincipals().add(new GroupPrincipal("users"));
    subject.getPrincipals().add(new GroupPrincipal("admin"));
    try {
        Subject.doAs(subject, new PrivilegedExceptionAction<Object>() {

            public Object run() throws Exception {
                filter.doFilter(request, response, chain);
                return null;
            }
        });
    } catch (PrivilegedActionException e) {
        Throwable t = e.getCause();
        if (t instanceof IOException) {
            throw (IOException) t;
        } else if (t instanceof ServletException) {
            throw (ServletException) t;
        } else {
            throw new ServletException(t);
        }
    }
    assertEquals("LARRY", username);
    assertEquals(mappedGroups.length, 2);
    assertTrue(mappedGroups[0].equals("USERS") || mappedGroups[0].equals("ADMIN"));
    assertTrue(mappedGroups[1], mappedGroups[1].equals("USERS") || mappedGroups[1].equals("ADMIN"));
}
Also used : ServletRequest(javax.servlet.ServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServletResponse(javax.servlet.ServletResponse) PrivilegedActionException(java.security.PrivilegedActionException) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) Subject(javax.security.auth.Subject) PrivilegedActionException(java.security.PrivilegedActionException) ServletException(javax.servlet.ServletException) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) GroupPrincipal(org.apache.knox.gateway.security.GroupPrincipal) PrimaryPrincipal(org.apache.knox.gateway.security.PrimaryPrincipal) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Aggregations

FilterChain (javax.servlet.FilterChain)418 HttpServletRequest (javax.servlet.http.HttpServletRequest)317 HttpServletResponse (javax.servlet.http.HttpServletResponse)269 Test (org.junit.Test)246 ServletResponse (javax.servlet.ServletResponse)135 ServletRequest (javax.servlet.ServletRequest)118 FilterConfig (javax.servlet.FilterConfig)80 Filter (javax.servlet.Filter)68 ServletException (javax.servlet.ServletException)54 IOException (java.io.IOException)48 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)46 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)46 Injector (com.google.inject.Injector)32 ServletTestUtils.newFakeHttpServletRequest (com.google.inject.servlet.ServletTestUtils.newFakeHttpServletRequest)25 ServletContext (javax.servlet.ServletContext)25 Test (org.testng.annotations.Test)25 HttpSession (javax.servlet.http.HttpSession)24 MockFilterChain (org.springframework.mock.web.MockFilterChain)24 InvocationOnMock (org.mockito.invocation.InvocationOnMock)22 Properties (java.util.Properties)19
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial