use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.
the class AbstractPreAuthenticatedProcessingFilterTests method requiresAuthenticationTruePrincipalNotString.
@Test
public void requiresAuthenticationTruePrincipalNotString() throws Exception {
Object currentPrincipal = new Object();
TestingAuthenticationToken authRequest = new TestingAuthenticationToken(currentPrincipal, "something", "ROLE_USER");
SecurityContextHolder.getContext().setAuthentication(authRequest);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
filter.setCheckForPrincipalChanges(true);
filter.principal = new Object();
AuthenticationManager am = mock(AuthenticationManager.class);
filter.setAuthenticationManager(am);
filter.afterPropertiesSet();
filter.doFilter(request, response, chain);
verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class));
}
use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.
the class AbstractPreAuthenticatedProcessingFilterTests method requiresAuthenticationFalsePrincipalString.
@Test
public void requiresAuthenticationFalsePrincipalString() throws Exception {
Object principal = "sameprincipal";
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken(principal, "something", "ROLE_USER"));
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
filter.setCheckForPrincipalChanges(true);
filter.principal = principal;
AuthenticationManager am = mock(AuthenticationManager.class);
filter.setAuthenticationManager(am);
filter.afterPropertiesSet();
filter.doFilter(request, response, chain);
verifyZeroInteractions(am);
}
use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.
the class AbstractPreAuthenticatedProcessingFilterTests method testDoFilter.
private void testDoFilter(boolean grantAccess) throws Exception {
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
getFilter(grantAccess).doFilter(req, res, new MockFilterChain());
assertThat(null != SecurityContextHolder.getContext().getAuthentication()).isEqualTo(grantAccess);
}
use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.
the class ConcurrentSessionFilterTests method doFilterWhenNoSessionInformationThenChainIsContinued.
@Test
public void doFilterWhenNoSessionInformationThenChainIsContinued() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setSession(new MockHttpSession());
MockHttpServletResponse response = new MockHttpServletResponse();
RedirectStrategy redirect = mock(RedirectStrategy.class);
SessionRegistry registry = mock(SessionRegistry.class);
String expiredUrl = "/expired";
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
filter.setRedirectStrategy(redirect);
MockFilterChain chain = new MockFilterChain();
filter.doFilter(request, response, chain);
assertThat(chain.getRequest()).isNotNull();
}
use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.
the class ConcurrentSessionFilterTests method doFilterWhenNoExpiredUrlThenResponseWritten.
@Test
public void doFilterWhenNoExpiredUrlThenResponseWritten() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpSession session = new MockHttpSession();
request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse();
SessionRegistry registry = mock(SessionRegistry.class);
SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
information.expireNow();
when(registry.getSessionInformation(anyString())).thenReturn(information);
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
filter.doFilter(request, response, new MockFilterChain());
assertThat(response.getContentAsString()).contains("This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).");
}
Aggregations