Example 11 with MockSessionStore
use of org.pac4j.core.context.session.MockSessionStore in project pac4j by pac4j.
the class DefaultSecurityLogicTests method setUp.
@Before
public void setUp() {
logic = new DefaultSecurityLogic();
context = MockWebContext.create();
sessionStore = new MockSessionStore();
config = new Config();
securityGrantedAccessAdapter = (context, sessionStore, profiles, parameters) -> {
nbCall++;
return null;
};
httpActionAdapter = (act, ctx) -> {
action = act;
return null;
};
clients = null;
authorizers = null;
matchers = null;
nbCall = 0;
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Config(org.pac4j.core.config.Config)
Before(org.junit.Before)
Example 12 with MockSessionStore
use of org.pac4j.core.context.session.MockSessionStore in project pac4j by pac4j.
the class DefaultMatchingCheckerTests method testSecurityHeaders.
@Test
public void testSecurityHeaders() {
final var context = MockWebContext.create();
context.setScheme(SCHEME_HTTPS);
checker.matches(context, new MockSessionStore(), DefaultMatchers.SECURITYHEADERS, new HashMap<>(), new ArrayList<>());
assertNotNull(context.getResponseHeaders().get("Strict-Transport-Security"));
assertNotNull(context.getResponseHeaders().get("X-Content-Type-Options"));
assertNotNull(context.getResponseHeaders().get("X-Content-Type-Options"));
assertNotNull(context.getResponseHeaders().get("X-XSS-Protection"));
assertNotNull(context.getResponseHeaders().get("Cache-Control"));
assertNotNull(context.getResponseHeaders().get("Pragma"));
assertNotNull(context.getResponseHeaders().get("Expires"));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Test(org.junit.Test)
Example 13 with MockSessionStore
use of org.pac4j.core.context.session.MockSessionStore in project pac4j by pac4j.
the class DefaultMatchingCheckerTests method testCsrfTokenDefaultButIndirectClient.
@Test
public void testCsrfTokenDefaultButIndirectClient() {
final var context = MockWebContext.create();
final List<Client> clients = new ArrayList<>();
clients.add(new MockIndirectClient("test"));
assertTrue(checker.matches(context, new MockSessionStore(), "", new HashMap<>(), clients));
assertTrue(context.getRequestAttribute(Pac4jConstants.CSRF_TOKEN).isPresent());
assertNotNull(WebContextHelper.getCookie(context.getResponseCookies(), Pac4jConstants.CSRF_TOKEN));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
MockIndirectClient(org.pac4j.core.client.MockIndirectClient)
Client(org.pac4j.core.client.Client)
MockIndirectClient(org.pac4j.core.client.MockIndirectClient)
Test(org.junit.Test)
Example 14 with MockSessionStore
use of org.pac4j.core.context.session.MockSessionStore in project pac4j by pac4j.
the class DefaultMatchingCheckerTests method testAllowAjaxRequests.
@Test
public void testAllowAjaxRequests() {
final var context = MockWebContext.create();
checker.matches(context, new MockSessionStore(), DefaultMatchers.ALLOW_AJAX_REQUESTS, new HashMap<>(), new ArrayList<>());
assertEquals("*", context.getResponseHeaders().get(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER));
assertEquals("true", context.getResponseHeaders().get(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER));
final var methods = context.getResponseHeaders().get(ACCESS_CONTROL_ALLOW_METHODS_HEADER);
final var methodArray = Arrays.asList(methods.split(",")).stream().map(String::trim).collect(Collectors.toList());
assertTrue(methodArray.contains(HTTP_METHOD.POST.name()));
assertTrue(methodArray.contains(HTTP_METHOD.PUT.name()));
assertTrue(methodArray.contains(HTTP_METHOD.DELETE.name()));
assertTrue(methodArray.contains(HTTP_METHOD.OPTIONS.name()));
assertTrue(methodArray.contains(HTTP_METHOD.GET.name()));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Test(org.junit.Test)
Example 15 with MockSessionStore
use of org.pac4j.core.context.session.MockSessionStore in project pac4j by pac4j.
the class DefaultMatchingCheckerTests method testXssprotection.
@Test
public void testXssprotection() {
final var context = MockWebContext.create();
checker.matches(context, new MockSessionStore(), DefaultMatchers.XSSPROTECTION, new HashMap<>(), new ArrayList<>());
assertNotNull(context.getResponseHeaders().get("X-XSS-Protection"));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Test(org.junit.Test)
Aggregations
MockSessionStore (org.pac4j.core.context.session.MockSessionStore)164
Test (org.junit.Test)151
FoundAction (org.pac4j.core.exception.http.FoundAction)29
SessionStore (org.pac4j.core.context.session.SessionStore)22
CommonProfile (org.pac4j.core.profile.CommonProfile)20
TokenCredentials (org.pac4j.core.credentials.TokenCredentials)19
UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)17
MockWebContext (org.pac4j.core.context.MockWebContext)15
WebContext (org.pac4j.core.context.WebContext)15
CasConfiguration (org.pac4j.cas.config.CasConfiguration)14
HttpAction (org.pac4j.core.exception.http.HttpAction)12
SimpleTestTokenAuthenticator (org.pac4j.http.credentials.authenticator.test.SimpleTestTokenAuthenticator)11
AnonymousProfile (org.pac4j.core.profile.AnonymousProfile)9
SimpleTestUsernamePasswordAuthenticator (org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)7
CasProfile (org.pac4j.cas.profile.CasProfile)6
HashMap (java.util.HashMap)5
Authorizer (org.pac4j.core.authorization.authorizer.Authorizer)5
RequireAnyRoleAuthorizer (org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer)5
OkAction (org.pac4j.core.exception.http.OkAction)5
URL (java.net.URL)4
