Examples with MockFilterChain org.springframework.mock.web.MockFilterChain used on opensource projects

Search in sources :

Example 31 with MockFilterChain

use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.

the class HttpPathParameterStrippingTests method adminFilePatternCannotBeBypassedByAddingPathParameters.

@Test
public void adminFilePatternCannotBeBypassedByAddingPathParameters() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServletPath("/secured/admin.html;x=user.html");
    request.setSession(createAuthenticatedSession("ROLE_USER"));
    MockHttpServletResponse response = new MockHttpServletResponse();
    fcp.doFilter(request, response, new MockFilterChain());
    assertThat(response.getStatus()).isEqualTo(403);
    // Try with pathInfo
    request = new MockHttpServletRequest();
    request.setServletPath("/secured");
    request.setPathInfo("/admin.html;x=user.html");
    request.setSession(createAuthenticatedSession("ROLE_USER"));
    response = new MockHttpServletResponse();
    fcp.doFilter(request, response, new MockFilterChain());
    assertThat(response.getStatus()).isEqualTo(403);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 32 with MockFilterChain

use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.

the class HttpPathParameterStrippingTests method securedFilterChainCannotBeBypassedByAddingPathParameters.

@Test
public void securedFilterChainCannotBeBypassedByAddingPathParameters() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setPathInfo("/secured;x=y/admin.html");
    request.setSession(createAuthenticatedSession("ROLE_USER"));
    MockHttpServletResponse response = new MockHttpServletResponse();
    fcp.doFilter(request, response, new MockFilterChain());
    assertThat(response.getStatus()).isEqualTo(403);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 33 with MockFilterChain

use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.

the class FilterChainPerformanceTests method runWithStack.

private void runWithStack(FilterChainProxy stack) throws Exception {
    for (int i = 0; i < N_INVOCATIONS; i++) {
        MockHttpServletRequest request = createRequest("/somefile.html");
        stack.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
        session = request.getSession();
    }
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 34 with MockFilterChain

use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.

the class SessionManagementFilterTests method strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest.

@Test
public void strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest() throws Exception {
    SecurityContextRepository repo = mock(SecurityContextRepository.class);
    SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
    // mock that repo contains a security context
    when(repo.containsContext(any(HttpServletRequest.class))).thenReturn(true);
    SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
    HttpServletRequest request = new MockHttpServletRequest();
    authenticateUser();
    filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
    verifyZeroInteractions(strategy);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 35 with MockFilterChain

use of org.springframework.mock.web.MockFilterChain in project spring-security by spring-projects.

the class RequestCacheAwareFilterTests method savedRequestIsRemovedAfterMatch.

@Test
public void savedRequestIsRemovedAfterMatch() throws Exception {
    RequestCacheAwareFilter filter = new RequestCacheAwareFilter();
    HttpSessionRequestCache cache = new HttpSessionRequestCache();
    MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
    MockHttpServletResponse response = new MockHttpServletResponse();
    cache.saveRequest(request, response);
    assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNotNull();
    filter.doFilter(request, response, new MockFilterChain());
    assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNull();
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Aggregations

MockFilterChain (org.springframework.mock.web.MockFilterChain)108 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)106 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)106 Test (org.junit.Test)77 ServletRequest (javax.servlet.ServletRequest)28 ServletResponse (javax.servlet.ServletResponse)28 IOException (java.io.IOException)24 ServletException (javax.servlet.ServletException)24 HttpServletResponse (javax.servlet.http.HttpServletResponse)22 NestedServletException (org.springframework.web.util.NestedServletException)19 Before (org.junit.Before)17 ErrorPage (org.springframework.boot.web.server.ErrorPage)15 HttpServletResponseWrapper (javax.servlet.http.HttpServletResponseWrapper)14 MockFilterConfig (org.springframework.mock.web.MockFilterConfig)11 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 MockHttpSession (org.springframework.mock.web.MockHttpSession)9 MockServletContext (org.springframework.mock.web.MockServletContext)9 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)9 WebStatFilter (com.alibaba.druid.support.http.WebStatFilter)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial