Example 36 with RequestContext
use of org.craftercms.commons.http.RequestContext in project profile by craftercms.
the class AddSecurityCookiesProcessorTest method testAddCookiesLoggedIn.
@Test
public void testAddCookiesLoggedIn() throws Exception {
String ticket = new ObjectId().toString();
Date lastModified = new Date();
Profile profile = new Profile();
profile.setLastModified(lastModified);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
RequestContext context = new RequestContext(request, response, null);
RequestSecurityProcessor flushResponseProcessor = new RequestSecurityProcessor() {
@Override
public void processRequest(RequestContext context, RequestSecurityProcessorChain processorChain) throws Exception {
context.getResponse().getOutputStream().flush();
}
};
RequestSecurityProcessorChain chain = new RequestSecurityProcessorChainImpl(Arrays.asList(processor, flushResponseProcessor).iterator());
Authentication auth = new DefaultAuthentication(ticket, profile);
SecurityUtils.setAuthentication(request, auth);
processor.processRequest(context, chain);
Cookie ticketCookie = response.getCookie(SecurityUtils.TICKET_COOKIE_NAME);
assertNotNull(ticketCookie);
assertEquals(ticket, ticketCookie.getValue());
Cookie profileLastModifiedCookie = response.getCookie(SecurityUtils.PROFILE_LAST_MODIFIED_COOKIE_NAME);
assertNotNull(profileLastModifiedCookie);
assertEquals(profile.getLastModified().getTime(), Long.parseLong(profileLastModifiedCookie.getValue()));
}
Also used :
Cookie(javax.servlet.http.Cookie)
RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain)
ObjectId(org.bson.types.ObjectId)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Date(java.util.Date)
Profile(org.craftercms.profile.api.Profile)
DefaultAuthentication(org.craftercms.security.authentication.impl.DefaultAuthentication)
Authentication(org.craftercms.security.authentication.Authentication)
DefaultAuthentication(org.craftercms.security.authentication.impl.DefaultAuthentication)
RequestSecurityProcessor(org.craftercms.security.processors.RequestSecurityProcessor)
RequestContext(org.craftercms.commons.http.RequestContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 37 with RequestContext
use of org.craftercms.commons.http.RequestContext in project profile by craftercms.
the class LoginProcessorTest method testLoginSuccess.
@Test
public void testLoginSuccess() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest(LoginProcessor.DEFAULT_LOGIN_METHOD, LoginProcessor.DEFAULT_LOGIN_URL);
MockHttpServletResponse response = new MockHttpServletResponse();
HttpSession session = request.getSession(true);
RequestContext context = new RequestContext(request, response, null);
RequestSecurityProcessorChain chain = mock(RequestSecurityProcessorChain.class);
request.setParameter(LoginProcessor.DEFAULT_USERNAME_PARAM, USERNAME);
request.setParameter(LoginProcessor.DEFAULT_PASSWORD_PARAM, VALID_PASSWORD);
session.setAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE, new BadCredentialsException());
session.setAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE, new AuthenticationSystemException());
processor.processRequest(context, chain);
verify(chain, never()).processRequest(context);
/**
* Removed Session are invalidated after login is ok.
* assertNull(session.getAttribute(SecurityUtils.BAD_CREDENTIALS_EXCEPTION_SESSION_ATTRIBUTE));
* assertNull(session.getAttribute(SecurityUtils.AUTHENTICATION_EXCEPTION_SESSION_ATTRIBUTE));
*/
Authentication auth = SecurityUtils.getAuthentication(request);
assertNotNull(auth);
assertEquals(TICKET, auth.getTicket());
assertNotNull(auth.getProfile());
assertEquals(USERNAME, auth.getProfile().getUsername());
verify(authenticationManager).authenticateUser(TENANTS, USERNAME, VALID_PASSWORD);
verify(rememberMeManager).disableRememberMe(context);
verify(loginSuccessHandler).handle(context, auth);
request.setParameter(LoginProcessor.DEFAULT_REMEMBER_ME_PARAM, "true");
processor.processRequest(context, chain);
auth = SecurityUtils.getAuthentication(request);
assertNotNull(auth);
verify(rememberMeManager).enableRememberMe(auth, context);
}
Also used :
RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
Authentication(org.craftercms.security.authentication.Authentication)
DefaultAuthentication(org.craftercms.security.authentication.impl.DefaultAuthentication)
AuthenticationSystemException(org.craftercms.security.exception.AuthenticationSystemException)
RequestContext(org.craftercms.commons.http.RequestContext)
BadCredentialsException(org.craftercms.security.exception.BadCredentialsException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 38 with RequestContext
use of org.craftercms.commons.http.RequestContext in project profile by craftercms.
the class MellonAutoLoginProcessorTest method testProcess.
@Test
public void testProcess() throws Exception {
RequestContext context = getRequestContext();
RequestSecurityProcessorChain chain = mock(RequestSecurityProcessorChain.class);
processor.processRequest(context, chain);
Authentication auth = SecurityUtils.getAuthentication(context.getRequest());
assertNotNull(auth);
assertEquals(TICKET, auth.getTicket());
assertEquals(PROFILE_ID, auth.getProfile().getId());
assertEquals(USERNAME, auth.getProfile().getUsername());
assertEquals(EMAIL, auth.getProfile().getEmail());
assertTrue(auth.getProfile().isEnabled());
assertEquals(TENANT_NAME, auth.getProfile().getTenant());
assertEquals(getAttributes(), auth.getProfile().getAttributes());
}
Also used :
RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain)
Authentication(org.craftercms.security.authentication.Authentication)
DefaultAuthentication(org.craftercms.security.authentication.impl.DefaultAuthentication)
RequestContext(org.craftercms.commons.http.RequestContext)
Test(org.junit.Test)
Example 39 with RequestContext
use of org.craftercms.commons.http.RequestContext in project profile by craftercms.
the class MellonAutoLoginProcessorTest method getRequestContext.
private RequestContext getRequestContext() {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
request.addHeader(MellonAutoLoginProcessor.DEFAULT_USERNAME_HEADER_NAME, USERNAME);
request.addHeader(MellonAutoLoginProcessor.DEFAULT_EMAIL_HEADER_NAME, EMAIL);
request.addHeader(MellonAutoLoginProcessor.DEFAULT_MELLON_HEADER_PREFIX + FIRST_NAME_ATTRIB_NAME, FIRST_NAME);
request.addHeader(MellonAutoLoginProcessor.DEFAULT_MELLON_HEADER_PREFIX + LAST_NAME_ATTRIB_NAME, LAST_NAME);
return new RequestContext(request, response, null);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
RequestContext(org.craftercms.commons.http.RequestContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Example 40 with RequestContext
use of org.craftercms.commons.http.RequestContext in project profile by craftercms.
the class SecurityExceptionProcessorTest method testAccessDeniedNoAuthentication.
@Test
public void testAccessDeniedNoAuthentication() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
RequestContext context = new RequestContext(request, response, null);
RequestSecurityProcessorChain chain = mock(RequestSecurityProcessorChain.class);
doThrow(AccessDeniedException.class).when(chain).processRequest(context);
processor.processRequest(context, chain);
verify(chain).processRequest(context);
verify(authenticationRequiredHandler).handle(eq(context), any(AuthenticationRequiredException.class));
}
Also used :
RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
RequestContext(org.craftercms.commons.http.RequestContext)
AuthenticationRequiredException(org.craftercms.security.exception.AuthenticationRequiredException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Aggregations
RequestContext (org.craftercms.commons.http.RequestContext)47
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)40
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)40
Test (org.junit.Test)37
RequestSecurityProcessorChain (org.craftercms.security.processors.RequestSecurityProcessorChain)17
Authentication (org.craftercms.security.authentication.Authentication)12
DefaultAuthentication (org.craftercms.security.authentication.impl.DefaultAuthentication)11
Cookie (javax.servlet.http.Cookie)9
Profile (org.craftercms.profile.api.Profile)9
ObjectId (org.bson.types.ObjectId)7
AuthenticationRequiredException (org.craftercms.security.exception.AuthenticationRequiredException)5
AccessDeniedException (org.craftercms.security.exception.AccessDeniedException)4
Date (java.util.Date)3
BadCredentialsException (org.craftercms.security.exception.BadCredentialsException)3
RequestSecurityProcessor (org.craftercms.security.processors.RequestSecurityProcessor)3
HashMap (java.util.HashMap)2
HttpSession (javax.servlet.http.HttpSession)2
AuthenticationException (org.craftercms.security.exception.AuthenticationException)2
ExecutionInput (graphql.ExecutionInput)1
ExecutionInput.newExecutionInput (graphql.ExecutionInput.newExecutionInput)1
