Example 1 with RequestSecurityProcessor
use of org.craftercms.security.processors.RequestSecurityProcessor in project profile by craftercms.
the class RequestSecurityProcessorChainImpl method processRequest.
/**
* Calls the next {@link RequestSecurityProcessor} of the iterator.
*
* @param context the request context
* @throws Exception
*/
public void processRequest(RequestContext context) throws Exception {
if (processorIterator.hasNext()) {
RequestSecurityProcessor processor = processorIterator.next();
logger.debug("Executing processor {}", processor);
processor.processRequest(context, this);
}
}
Also used :
RequestSecurityProcessor(org.craftercms.security.processors.RequestSecurityProcessor)
Example 2 with RequestSecurityProcessor
use of org.craftercms.security.processors.RequestSecurityProcessor in project profile by craftercms.
the class AddSecurityCookiesProcessorTest method testAddCookiesLoggedOut.
@Test
public void testAddCookiesLoggedOut() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
RequestContext context = new RequestContext(request, response, null);
RequestSecurityProcessor flushResponseProcessor = new RequestSecurityProcessor() {
@Override
public void processRequest(RequestContext context, RequestSecurityProcessorChain processorChain) throws Exception {
context.getResponse().getOutputStream().flush();
}
};
Cookie ticketCookie = new Cookie(SecurityUtils.TICKET_COOKIE_NAME, new ObjectId().toString());
Cookie profileLastModifiedCookie = new Cookie(SecurityUtils.PROFILE_LAST_MODIFIED_COOKIE_NAME, String.valueOf(System.currentTimeMillis()));
request.setCookies(ticketCookie, profileLastModifiedCookie);
RequestSecurityProcessorChain chain = new RequestSecurityProcessorChainImpl(Arrays.asList(processor, flushResponseProcessor).iterator());
processor.processRequest(context, chain);
ticketCookie = response.getCookie(SecurityUtils.TICKET_COOKIE_NAME);
assertNotNull(ticketCookie);
assertEquals(null, ticketCookie.getValue());
assertEquals(0, ticketCookie.getMaxAge());
profileLastModifiedCookie = response.getCookie(SecurityUtils.PROFILE_LAST_MODIFIED_COOKIE_NAME);
assertNotNull(profileLastModifiedCookie);
assertEquals(null, profileLastModifiedCookie.getValue());
assertEquals(0, profileLastModifiedCookie.getMaxAge());
}
Also used :
Cookie(javax.servlet.http.Cookie)
RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain)
ObjectId(org.bson.types.ObjectId)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
RequestSecurityProcessor(org.craftercms.security.processors.RequestSecurityProcessor)
RequestContext(org.craftercms.commons.http.RequestContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 3 with RequestSecurityProcessor
use of org.craftercms.security.processors.RequestSecurityProcessor in project profile by craftercms.
the class RequestSecurityFilter method doFilterInternal.
/**
* Passes the request through the chain of {@link RequestSecurityProcessor}s.
*
* @param request
* @param response
* @param chain
* @throws IOException
* @throws ServletException
*/
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
RequestContext context = RequestContext.getCurrent();
if (context == null) {
context = createRequestContext(request, response);
}
List<RequestSecurityProcessor> finalSecurityProcessors = new ArrayList<>(securityProcessors);
finalSecurityProcessors.add(getLastProcessorInChain(chain));
Iterator<RequestSecurityProcessor> processorIter = finalSecurityProcessors.iterator();
RequestSecurityProcessorChain processorChain = new RequestSecurityProcessorChainImpl(processorIter);
try {
processorChain.processRequest(context);
} catch (IOException | ServletException | RuntimeException e) {
throw e;
} catch (Exception e) {
throw new ServletException(e.getMessage(), e);
}
}
Also used :
ServletException(javax.servlet.ServletException)
RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain)
RequestSecurityProcessor(org.craftercms.security.processors.RequestSecurityProcessor)
ArrayList(java.util.ArrayList)
RequestContext(org.craftercms.commons.http.RequestContext)
IOException(java.io.IOException)
RequestSecurityProcessorChainImpl(org.craftercms.security.processors.impl.RequestSecurityProcessorChainImpl)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 4 with RequestSecurityProcessor
use of org.craftercms.security.processors.RequestSecurityProcessor in project profile by craftercms.
the class AddSecurityCookiesProcessorTest method testAddCookiesLoggedIn.
@Test
public void testAddCookiesLoggedIn() throws Exception {
String ticket = new ObjectId().toString();
Date lastModified = new Date();
Profile profile = new Profile();
profile.setLastModified(lastModified);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
RequestContext context = new RequestContext(request, response, null);
RequestSecurityProcessor flushResponseProcessor = new RequestSecurityProcessor() {
@Override
public void processRequest(RequestContext context, RequestSecurityProcessorChain processorChain) throws Exception {
context.getResponse().getOutputStream().flush();
}
};
RequestSecurityProcessorChain chain = new RequestSecurityProcessorChainImpl(Arrays.asList(processor, flushResponseProcessor).iterator());
Authentication auth = new DefaultAuthentication(ticket, profile);
SecurityUtils.setAuthentication(request, auth);
processor.processRequest(context, chain);
Cookie ticketCookie = response.getCookie(SecurityUtils.TICKET_COOKIE_NAME);
assertNotNull(ticketCookie);
assertEquals(ticket, ticketCookie.getValue());
Cookie profileLastModifiedCookie = response.getCookie(SecurityUtils.PROFILE_LAST_MODIFIED_COOKIE_NAME);
assertNotNull(profileLastModifiedCookie);
assertEquals(profile.getLastModified().getTime(), Long.parseLong(profileLastModifiedCookie.getValue()));
}
Also used :
Cookie(javax.servlet.http.Cookie)
RequestSecurityProcessorChain(org.craftercms.security.processors.RequestSecurityProcessorChain)
ObjectId(org.bson.types.ObjectId)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Date(java.util.Date)
Profile(org.craftercms.profile.api.Profile)
DefaultAuthentication(org.craftercms.security.authentication.impl.DefaultAuthentication)
Authentication(org.craftercms.security.authentication.Authentication)
DefaultAuthentication(org.craftercms.security.authentication.impl.DefaultAuthentication)
RequestSecurityProcessor(org.craftercms.security.processors.RequestSecurityProcessor)
RequestContext(org.craftercms.commons.http.RequestContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Aggregations
RequestSecurityProcessor (org.craftercms.security.processors.RequestSecurityProcessor)4
RequestContext (org.craftercms.commons.http.RequestContext)3
RequestSecurityProcessorChain (org.craftercms.security.processors.RequestSecurityProcessorChain)3
Cookie (javax.servlet.http.Cookie)2
ObjectId (org.bson.types.ObjectId)2
Test (org.junit.Test)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
Date (java.util.Date)1
ServletException (javax.servlet.ServletException)1
Profile (org.craftercms.profile.api.Profile)1
Authentication (org.craftercms.security.authentication.Authentication)1
DefaultAuthentication (org.craftercms.security.authentication.impl.DefaultAuthentication)1
RequestSecurityProcessorChainImpl (org.craftercms.security.processors.impl.RequestSecurityProcessorChainImpl)1
