Example 61 with MockHttpSession
use of org.springframework.mock.web.MockHttpSession in project spring-security by spring-projects.
the class ConcurrentSessionFilterTests method lastRequestTimeUpdatesCorrectly.
@Test
public void lastRequestTimeUpdatesCorrectly() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpSession session = new MockHttpSession();
request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain fc = mock(FilterChain.class);
// Setup our test fixture
SessionRegistry registry = new SessionRegistryImpl();
registry.registerNewSession(session.getId(), "principal");
SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy("/expired.jsp");
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy);
Date lastRequest = registry.getSessionInformation(session.getId()).getLastRequest();
Thread.sleep(1000);
filter.doFilter(request, response, fc);
verify(fc).doFilter(request, response);
assertThat(registry.getSessionInformation(session.getId()).getLastRequest().after(lastRequest)).isTrue();
}
Also used :
SimpleRedirectSessionInformationExpiredStrategy(org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy)
SessionRegistry(org.springframework.security.core.session.SessionRegistry)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
SessionRegistryImpl(org.springframework.security.core.session.SessionRegistryImpl)
FilterChain(javax.servlet.FilterChain)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Date(java.util.Date)
Test(org.junit.Test)
Example 62 with MockHttpSession
use of org.springframework.mock.web.MockHttpSession in project spring-security by spring-projects.
the class ConcurrentSessionFilterTests method doFilterWhenNoSessionInformationThenChainIsContinued.
@Test
public void doFilterWhenNoSessionInformationThenChainIsContinued() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setSession(new MockHttpSession());
MockHttpServletResponse response = new MockHttpServletResponse();
RedirectStrategy redirect = mock(RedirectStrategy.class);
SessionRegistry registry = mock(SessionRegistry.class);
String expiredUrl = "/expired";
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl);
filter.setRedirectStrategy(redirect);
MockFilterChain chain = new MockFilterChain();
filter.doFilter(request, response, chain);
assertThat(chain.getRequest()).isNotNull();
}
Also used :
SessionRegistry(org.springframework.security.core.session.SessionRegistry)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter)
Matchers.anyString(org.mockito.Matchers.anyString)
RedirectStrategy(org.springframework.security.web.RedirectStrategy)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 63 with MockHttpSession
use of org.springframework.mock.web.MockHttpSession in project spring-security by spring-projects.
the class ConcurrentSessionFilterTests method detectsExpiredSessions.
@Test
public void detectsExpiredSessions() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpSession session = new MockHttpSession();
request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse();
SessionRegistry registry = new SessionRegistryImpl();
registry.registerNewSession(session.getId(), "principal");
registry.getSessionInformation(session.getId()).expireNow();
// Setup our test fixture and registry to want this session to be expired
SimpleRedirectSessionInformationExpiredStrategy expiredSessionStrategy = new SimpleRedirectSessionInformationExpiredStrategy("/expired.jsp");
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredSessionStrategy);
filter.setLogoutHandlers(new LogoutHandler[] { new SecurityContextLogoutHandler() });
filter.afterPropertiesSet();
FilterChain fc = mock(FilterChain.class);
filter.doFilter(request, response, fc);
// Expect that the filter chain will not be invoked, as we redirect to expiredUrl
verifyZeroInteractions(fc);
assertThat(response.getRedirectedUrl()).isEqualTo("/expired.jsp");
}
Also used :
SecurityContextLogoutHandler(org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler)
SimpleRedirectSessionInformationExpiredStrategy(org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy)
SessionRegistry(org.springframework.security.core.session.SessionRegistry)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
SessionRegistryImpl(org.springframework.security.core.session.SessionRegistryImpl)
FilterChain(javax.servlet.FilterChain)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 64 with MockHttpSession
use of org.springframework.mock.web.MockHttpSession in project spring-security by spring-projects.
the class ConcurrentSessionFilterTests method doFilterWhenNoExpiredUrlThenResponseWritten.
@Test
public void doFilterWhenNoExpiredUrlThenResponseWritten() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpSession session = new MockHttpSession();
request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse();
SessionRegistry registry = mock(SessionRegistry.class);
SessionInformation information = new SessionInformation("user", "sessionId", new Date(System.currentTimeMillis() - 1000));
information.expireNow();
when(registry.getSessionInformation(anyString())).thenReturn(information);
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
filter.doFilter(request, response, new MockFilterChain());
assertThat(response.getContentAsString()).contains("This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).");
}
Also used :
SessionInformation(org.springframework.security.core.session.SessionInformation)
SessionRegistry(org.springframework.security.core.session.SessionRegistry)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Date(java.util.Date)
Test(org.junit.Test)
Example 65 with MockHttpSession
use of org.springframework.mock.web.MockHttpSession in project spring-security by spring-projects.
the class BasicAuthenticationFilterTests method invalidBase64IsIgnored.
@Test
public void invalidBase64IsIgnored() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Authorization", "Basic NOT_VALID_BASE64");
request.setServletPath("/some_file.html");
request.setSession(new MockHttpSession());
final MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain chain = mock(FilterChain.class);
filter.doFilter(request, response, chain);
// The filter chain shouldn't proceed
verify(chain, never()).doFilter(any(ServletRequest.class), any(ServletResponse.class));
assertThat(SecurityContextHolder.getContext().getAuthentication()).isNull();
assertThat(response.getStatus()).isEqualTo(401);
}
Also used :
ServletRequest(javax.servlet.ServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
ServletResponse(javax.servlet.ServletResponse)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(javax.servlet.FilterChain)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Aggregations
MockHttpSession (org.springframework.mock.web.MockHttpSession)106
Test (org.junit.Test)84
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)44
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)34
DhisWebSpringTest (org.hisp.dhis.webapi.DhisWebSpringTest)23
HashMap (java.util.HashMap)13
AbstractWebApiTest (org.hisp.dhis.webapi.documentation.controller.AbstractWebApiTest)13
MockFilterChain (org.springframework.mock.web.MockFilterChain)12
FieldDescriptor (org.springframework.restdocs.payload.FieldDescriptor)11
ModelAndView (org.springframework.web.servlet.ModelAndView)11
OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)9
FilterChain (javax.servlet.FilterChain)8
MockServletContext (org.springframework.mock.web.MockServletContext)8
SessionRegistry (org.springframework.security.core.session.SessionRegistry)8
ConcurrentSessionFilter (org.springframework.security.web.session.ConcurrentSessionFilter)8
Principal (org.apereo.cas.authentication.principal.Principal)7
DataElement (org.hisp.dhis.dataelement.DataElement)7
CasProfile (org.pac4j.cas.profile.CasProfile)7
InputStream (java.io.InputStream)6
Before (org.junit.Before)6
