Search in sources :

Example 46 with FilterConfig

use of javax.servlet.FilterConfig in project simba-os by cegeka.

the class SystemConfigurationTest method configurationThroughFilterConfig.

@Test
public void configurationThroughFilterConfig() {
    final ServletContext servletContextMock = setupServletContextMock(Collections.<String, String>emptyMap());
    final FilterConfig filterConfigMock = setupFilterConfigMock(servletContextMock, Collections.singletonMap(SYS_PROP_SIMBA_INTERNAL_SERVICE_URL, SERVICE_URL_FILTERCONFIG_VALUE));
    assertEquals(SERVICE_URL_FILTERCONFIG_VALUE, SystemConfiguration.getSimbaServiceURL(filterConfigMock));
}
Also used : ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Example 47 with FilterConfig

use of javax.servlet.FilterConfig in project ddf by codice.

the class LoginFilterTest method testValidEmptySubject.

@Test
public void testValidEmptySubject() throws IOException, ServletException {
    FilterConfig filterConfig = mock(FilterConfig.class);
    LoginFilter loginFilter = new LoginFilter();
    loginFilter.setSessionFactory(sessionFactory);
    loginFilter.init(filterConfig);
    HttpServletRequest servletRequest = new TestHttpServletRequest();
    servletRequest.setAttribute("ddf.security.token", mock(HandlerResult.class));
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = mock(FilterChain.class);
    loginFilter.doFilter(servletRequest, servletResponse, filterChain);
    verify(filterChain, never()).doFilter(servletRequest, servletResponse);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) Test(org.junit.Test)

Example 48 with FilterConfig

use of javax.servlet.FilterConfig in project ddf by codice.

the class LoginFilterTest method testExpiredSamlCookie.

@Test(expected = ServletException.class)
public void testExpiredSamlCookie() throws IOException, XMLStreamException, ServletException, ParserConfigurationException, SAXException, SecurityServiceException {
    FilterConfig filterConfig = mock(FilterConfig.class);
    LoginFilter loginFilter = new LoginFilter();
    loginFilter.setSessionFactory(sessionFactory);
    ddf.security.service.SecurityManager securityManager = mock(ddf.security.service.SecurityManager.class);
    loginFilter.setSecurityManager(securityManager);
    loginFilter.setSignaturePropertiesFile("signature.properties");
    try {
        loginFilter.init(filterConfig);
    } catch (ServletException e) {
        fail(e.getMessage());
    }
    HttpServletRequest servletRequest = new TestHttpServletRequest();
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = mock(FilterChain.class);
    SecurityToken securityToken = new SecurityToken();
    Element thisToken = readDocument("/good_saml.xml").getDocumentElement();
    securityToken.setToken(thisToken);
    SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, securityToken, "karaf");
    HandlerResult result = new HandlerResult(HandlerResult.Status.COMPLETED, samlToken);
    servletRequest.setAttribute("ddf.security.token", result);
    loginFilter.doFilter(servletRequest, servletResponse, filterChain);
}
Also used : FilterChain(javax.servlet.FilterChain) Element(org.w3c.dom.Element) HttpServletResponse(javax.servlet.http.HttpServletResponse) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken) ServletException(javax.servlet.ServletException) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) FilterConfig(javax.servlet.FilterConfig) SecurityManager(ddf.security.service.SecurityManager) Test(org.junit.Test)

Example 49 with FilterConfig

use of javax.servlet.FilterConfig in project ddf by codice.

the class LoginFilterTest method testBadSubject.

/**
     * Test with a bad subject - shouldn't call the filter chain, just returns.
     *
     * @throws IOException
     * @throws ServletException
     */
@Test
public void testBadSubject() throws IOException, ServletException {
    FilterConfig filterConfig = mock(FilterConfig.class);
    LoginFilter loginFilter = new LoginFilter();
    loginFilter.setSessionFactory(sessionFactory);
    try {
        loginFilter.init(filterConfig);
    } catch (ServletException e) {
        fail(e.getMessage());
    }
    HttpServletRequest servletRequest = new TestHttpServletRequest();
    servletRequest.setAttribute("ddf.security.securityToken", mock(SecurityToken.class));
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = new FilterChain() {

        @Override
        public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
            fail("Should not have continued down the filter chain without a valid Subject");
        }
    };
    loginFilter.doFilter(servletRequest, servletResponse, filterChain);
}
Also used : ServletException(javax.servlet.ServletException) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) ServletResponse(javax.servlet.ServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) Test(org.junit.Test)

Example 50 with FilterConfig

use of javax.servlet.FilterConfig in project ddf by codice.

the class AuthorizationFilterTest method testNoSubject.

@Test
public void testNoSubject() {
    FilterConfig filterConfig = mock(FilterConfig.class);
    ContextPolicyManager contextPolicyManager = new TestPolicyManager();
    contextPolicyManager.setContextPolicy(PATH, getMockContextPolicy());
    AuthorizationFilter loginFilter = new AuthorizationFilter(contextPolicyManager);
    try {
        loginFilter.init(filterConfig);
    } catch (ServletException e) {
        fail(e.getMessage());
    }
    HttpServletRequest servletRequest = getMockServletRequest();
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = (request, response) -> fail("Should not have called doFilter without a valid Subject");
    try {
        loginFilter.doFilter(servletRequest, servletResponse, filterChain);
    } catch (IOException | ServletException e) {
        fail(e.getMessage());
    }
}
Also used : ServletException(javax.servlet.ServletException) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterChain(javax.servlet.FilterChain) ServletException(javax.servlet.ServletException) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) CollectionPermission(ddf.security.permission.CollectionPermission) Collection(java.util.Collection) KeyValuePermission(ddf.security.permission.KeyValuePermission) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) HashMap(java.util.HashMap) Test(org.junit.Test) Subject(ddf.security.Subject) Mockito.when(org.mockito.Mockito.when) Matchers.anyString(org.mockito.Matchers.anyString) Matchers.any(org.mockito.Matchers.any) HttpServletRequest(javax.servlet.http.HttpServletRequest) ThreadContext(org.apache.shiro.util.ThreadContext) Map(java.util.Map) FilterConfig(javax.servlet.FilterConfig) SecurityConstants(ddf.security.SecurityConstants) Assert.fail(org.junit.Assert.fail) Collections(java.util.Collections) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) Mockito.mock(org.mockito.Mockito.mock) Before(org.junit.Before) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterConfig(javax.servlet.FilterConfig) IOException(java.io.IOException) ContextPolicyManager(org.codice.ddf.security.policy.context.ContextPolicyManager) Test(org.junit.Test)

Aggregations

FilterConfig (javax.servlet.FilterConfig)118 Test (org.junit.Test)70 HttpServletRequest (javax.servlet.http.HttpServletRequest)64 FilterChain (javax.servlet.FilterChain)63 HttpServletResponse (javax.servlet.http.HttpServletResponse)50 ServletContext (javax.servlet.ServletContext)28 HashMap (java.util.HashMap)21 ServletException (javax.servlet.ServletException)21 Vector (java.util.Vector)17 Properties (java.util.Properties)15 Filter (javax.servlet.Filter)14 ServletResponse (javax.servlet.ServletResponse)14 ServletRequest (javax.servlet.ServletRequest)12 IOException (java.io.IOException)10 SignerSecretProvider (org.apache.hadoop.security.authentication.util.SignerSecretProvider)10 HttpCookie (java.net.HttpCookie)9 Cookie (javax.servlet.http.Cookie)9 Signer (org.apache.hadoop.security.authentication.util.Signer)9 Enumeration (java.util.Enumeration)8 CrossOriginFilter (org.apache.hadoop.security.http.CrossOriginFilter)8