Search in sources :

Example 66 with MockFilterChain

use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.

the class AbstractPreAuthenticatedProcessingFilterTests method requiresAuthenticationTruePrincipalNotString.

@Test
public void requiresAuthenticationTruePrincipalNotString() throws Exception {
    Object currentPrincipal = new Object();
    TestingAuthenticationToken authRequest = new TestingAuthenticationToken(currentPrincipal, "something", "ROLE_USER");
    SecurityContextHolder.getContext().setAuthentication(authRequest);
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain chain = new MockFilterChain();
    ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
    filter.setCheckForPrincipalChanges(true);
    filter.principal = new Object();
    AuthenticationManager am = mock(AuthenticationManager.class);
    filter.setAuthenticationManager(am);
    filter.afterPropertiesSet();
    filter.doFilter(request, response, chain);
    verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class));
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 67 with MockFilterChain

use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.

the class AbstractPreAuthenticatedProcessingFilterTests method requiresAuthenticationFalsePrincipalString.

@Test
public void requiresAuthenticationFalsePrincipalString() throws Exception {
    Object principal = "sameprincipal";
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain chain = new MockFilterChain();
    ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
    filter.setCheckForPrincipalChanges(true);
    filter.principal = principal;
    AuthenticationManager am = mock(AuthenticationManager.class);
    filter.setAuthenticationManager(am);
    filter.afterPropertiesSet();
    filter.doFilter(request, response, chain);
    verifyZeroInteractions(am);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 68 with MockFilterChain

use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.

the class AbstractPreAuthenticatedProcessingFilterTests method testDoFilter.

private void testDoFilter(boolean grantAccess) throws Exception {
    MockHttpServletRequest req = new MockHttpServletRequest();
    MockHttpServletResponse res = new MockHttpServletResponse();
    getFilter(grantAccess).doFilter(req, res, new MockFilterChain());
    assertThat(null != SecurityContextHolder.getContext().getAuthentication()).isEqualTo(grantAccess);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 69 with MockFilterChain

use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method doFilterWhenNoSessionInformationThenChainIsContinued.

@Test
public void doFilterWhenNoSessionInformationThenChainIsContinued() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setSession(new MockHttpSession());
    MockHttpServletResponse response = new MockHttpServletResponse();
    RedirectStrategy redirect = mock(RedirectStrategy.class);
    SessionRegistry registry = mock(SessionRegistry.class);
    String expiredUrl = "/expired";
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
    filter.setRedirectStrategy(redirect);
    MockFilterChain chain = new MockFilterChain();
    filter.doFilter(request, response, chain);
    assertThat(chain.getRequest()).isNotNull();
}
Also used : SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) Matchers.anyString(org.mockito.Matchers.anyString) RedirectStrategy(org.springframework.security.web.RedirectStrategy) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 70 with MockFilterChain

use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.

the class ConcurrentSessionFilterTests method doFilterWhenNoExpiredUrlThenResponseWritten.

@Test
public void doFilterWhenNoExpiredUrlThenResponseWritten() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpSession session = new MockHttpSession();
    request.setSession(session);
    MockHttpServletResponse response = new MockHttpServletResponse();
    SessionRegistry registry = mock(SessionRegistry.class);
    SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
    information.expireNow();
    when(registry.getSessionInformation(anyString())).thenReturn(information);
    ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
    filter.doFilter(request, response, new MockFilterChain());
    assertThat(response.getContentAsString()).contains("This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).");
}
Also used : SessionInformation(org.springframework.security.core.session.SessionInformation) SessionRegistry(org.springframework.security.core.session.SessionRegistry) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Date(java.util.Date) Test(org.junit.Test)

Aggregations

MockFilterChain (org.springframework.mock.web.MockFilterChain)108 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)106 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)106 Test (org.junit.Test)77 ServletRequest (javax.servlet.ServletRequest)28 ServletResponse (javax.servlet.ServletResponse)28 IOException (java.io.IOException)24 ServletException (javax.servlet.ServletException)24 HttpServletResponse (javax.servlet.http.HttpServletResponse)22 NestedServletException (org.springframework.web.util.NestedServletException)19 Before (org.junit.Before)17 ErrorPage (org.springframework.boot.web.server.ErrorPage)15 HttpServletResponseWrapper (javax.servlet.http.HttpServletResponseWrapper)14 MockFilterConfig (org.springframework.mock.web.MockFilterConfig)11 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 MockHttpSession (org.springframework.mock.web.MockHttpSession)9 MockServletContext (org.springframework.mock.web.MockServletContext)9 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)9 WebStatFilter (com.alibaba.druid.support.http.WebStatFilter)8