Search in sources :

Example 1 with AuthenticationTrustResolverImpl

use of org.springframework.security.authentication.AuthenticationTrustResolverImpl in project spring-security by spring-projects.

the class ExceptionTranslationFilterTests method testAccessDeniedWhenAnonymous.

@Test
public void testAccessDeniedWhenAnonymous() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServletPath("/secure/page.html");
    request.setServerPort(80);
    request.setScheme("http");
    request.setServerName("www.example.com");
    request.setContextPath("/mycontext");
    request.setRequestURI("/mycontext/secure/page.html");
    // Setup the FilterChain to thrown an access denied exception
    FilterChain fc = mock(FilterChain.class);
    doThrow(new AccessDeniedException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    // Setup SecurityContextHolder, as filter needs to check if user is
    // anonymous
    SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("ignored", "ignored", AuthorityUtils.createAuthorityList("IGNORED")));
    // Test
    ExceptionTranslationFilter filter = new ExceptionTranslationFilter(mockEntryPoint);
    filter.setAuthenticationTrustResolver(new AuthenticationTrustResolverImpl());
    assertThat(filter.getAuthenticationTrustResolver()).isNotNull();
    MockHttpServletResponse response = new MockHttpServletResponse();
    filter.doFilter(request, response, fc);
    assertThat(response.getRedirectedUrl()).isEqualTo("/mycontext/login.jsp");
    assertThat(getSavedRequestUrl(request)).isEqualTo("http://www.example.com/mycontext/secure/page.html");
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl) AccessDeniedException(org.springframework.security.access.AccessDeniedException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Aggregations

FilterChain (javax.servlet.FilterChain)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Test (org.junit.Test)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)1 AuthenticationTrustResolverImpl (org.springframework.security.authentication.AuthenticationTrustResolverImpl)1