Search in sources :

Example 1 with RequestContext

use of org.craftercms.commons.http.RequestContext in project profile by craftercms.

the class LoginFailureHandlerImplTest method testRedirectToTargetUrl.

@Test
public void testRedirectToTargetUrl() throws Exception {
    handler.setTargetUrl(TARGET_URL);
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    RequestContext context = new RequestContext(request, response, null);
    handler.handle(context, new AuthenticationException());
    assertEquals(TARGET_URL, response.getRedirectedUrl());
    assertEquals(HttpServletResponse.SC_MOVED_TEMPORARILY, response.getStatus());
    assertTrue(response.isCommitted());
}
Also used : AuthenticationException(org.craftercms.security.exception.AuthenticationException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestContext(org.craftercms.commons.http.RequestContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 2 with RequestContext

use of org.craftercms.commons.http.RequestContext in project profile by craftercms.

the class AccessDeniedHandlerImplTest method testSendError.

@Test
public void testSendError() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    RequestContext context = new RequestContext(request, response, null);
    handler.handle(context, new AccessDeniedException(""));
    assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
    assertTrue(response.isCommitted());
}
Also used : AccessDeniedException(org.craftercms.security.exception.AccessDeniedException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestContext(org.craftercms.commons.http.RequestContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 3 with RequestContext

use of org.craftercms.commons.http.RequestContext in project profile by craftercms.

the class AccessDeniedHandlerImplTest method testForwardToErrorPage.

@Test
public void testForwardToErrorPage() throws Exception {
    handler.setErrorPageUrl(ERROR_PAGE_URL);
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    RequestContext context = new RequestContext(request, response, null);
    handler.handle(context, new AccessDeniedException(""));
    assertEquals(ERROR_PAGE_URL, response.getForwardedUrl());
    assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus());
}
Also used : AccessDeniedException(org.craftercms.security.exception.AccessDeniedException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestContext(org.craftercms.commons.http.RequestContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 4 with RequestContext

use of org.craftercms.commons.http.RequestContext in project profile by craftercms.

the class AddSecurityCookiesProcessorTest method testAddCookiesLoggedOut.

@Test
public void testAddCookiesLoggedOut() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    RequestContext context = new RequestContext(request, response, null);
    RequestSecurityProcessor flushResponseProcessor = new RequestSecurityProcessor() {

        @Override
        public void processRequest(RequestContext context, RequestSecurityProcessorChain processorChain) throws Exception {
            context.getResponse().getOutputStream().flush();
        }
    };
    Cookie ticketCookie = new Cookie(SecurityUtils.TICKET_COOKIE_NAME, new ObjectId().toString());
    Cookie profileLastModifiedCookie = new Cookie(SecurityUtils.PROFILE_LAST_MODIFIED_COOKIE_NAME, String.valueOf(System.currentTimeMillis()));
    request.setCookies(ticketCookie, profileLastModifiedCookie);
    RequestSecurityProcessorChain chain = new RequestSecurityProcessorChainImpl(Arrays.asList(processor, flushResponseProcessor).iterator());
    processor.processRequest(context, chain);
    ticketCookie = response.getCookie(SecurityUtils.TICKET_COOKIE_NAME);
    assertNotNull(ticketCookie);
    assertEquals(null, ticketCookie.getValue());
    assertEquals(0, ticketCookie.getMaxAge());
    profileLastModifiedCookie = response.getCookie(SecurityUtils.PROFILE_LAST_MODIFIED_COOKIE_NAME);
    assertNotNull(profileLastModifiedCookie);
    assertEquals(null, profileLastModifiedCookie.getValue());
    assertEquals(0, profileLastModifiedCookie.getMaxAge());
}
Also used : Cookie(javax.servlet.http.Cookie) RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain) ObjectId(org.bson.types.ObjectId) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestSecurityProcessor(org.craftercms.security.processors.RequestSecurityProcessor) RequestContext(org.craftercms.commons.http.RequestContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 5 with RequestContext

use of org.craftercms.commons.http.RequestContext in project profile by craftercms.

the class LoginProcessorTest method testLoginFailure.

@Test
public void testLoginFailure() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest(LoginProcessor.DEFAULT_LOGIN_METHOD, LoginProcessor.DEFAULT_LOGIN_URL);
    MockHttpServletResponse response = new MockHttpServletResponse();
    HttpSession session = request.getSession(true);
    RequestContext context = new RequestContext(request, response, null);
    RequestSecurityProcessorChain chain = mock(RequestSecurityProcessorChain.class);
    request.setParameter(LoginProcessor.DEFAULT_USERNAME_PARAM, USERNAME);
    request.setParameter(LoginProcessor.DEFAULT_PASSWORD_PARAM, INVALID_PASSWORD);
    processor.processRequest(context, chain);
    verify(chain, never()).processRequest(context);
    assertNotNull(session.getAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE));
    Authentication auth = SecurityUtils.getAuthentication(request);
    assertNull(auth);
    verify(authenticationManager).authenticateUser(TENANTS, USERNAME, INVALID_PASSWORD);
    verify(loginFailureHandler).handle(eq(context), any(BadCredentialsException.class));
}
Also used : RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpSession(javax.servlet.http.HttpSession) Authentication(org.craftercms.security.authentication.Authentication) DefaultAuthentication(org.craftercms.security.authentication.impl.DefaultAuthentication) RequestContext(org.craftercms.commons.http.RequestContext) BadCredentialsException(org.craftercms.security.exception.BadCredentialsException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Aggregations

RequestContext (org.craftercms.commons.http.RequestContext)47 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)40 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)40 Test (org.junit.Test)37 RequestSecurityProcessorChain (org.craftercms.security.processors.RequestSecurityProcessorChain)17 Authentication (org.craftercms.security.authentication.Authentication)12 DefaultAuthentication (org.craftercms.security.authentication.impl.DefaultAuthentication)11 Cookie (javax.servlet.http.Cookie)9 Profile (org.craftercms.profile.api.Profile)9 ObjectId (org.bson.types.ObjectId)7 AuthenticationRequiredException (org.craftercms.security.exception.AuthenticationRequiredException)5 AccessDeniedException (org.craftercms.security.exception.AccessDeniedException)4 Date (java.util.Date)3 BadCredentialsException (org.craftercms.security.exception.BadCredentialsException)3 RequestSecurityProcessor (org.craftercms.security.processors.RequestSecurityProcessor)3 HashMap (java.util.HashMap)2 HttpSession (javax.servlet.http.HttpSession)2 AuthenticationException (org.craftercms.security.exception.AuthenticationException)2 ExecutionInput (graphql.ExecutionInput)1 ExecutionInput.newExecutionInput (graphql.ExecutionInput.newExecutionInput)1