Example 11 with FilterChainProxy
use of org.springframework.security.web.FilterChainProxy in project spring-security by spring-projects.
the class WebTestUtilsTests method findFilterExplicitWithSecurityFilterInContext.
@Test
public void findFilterExplicitWithSecurityFilterInContext() {
loadConfig(SecurityConfigWithDefaults.class);
CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository());
FilterChainProxy springSecurityFilterChain = new FilterChainProxy(new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind));
this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isSameAs(toFind);
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
CsrfFilter(org.springframework.security.web.csrf.CsrfFilter)
HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
Test(org.junit.Test)
Example 12 with FilterChainProxy
use of org.springframework.security.web.FilterChainProxy in project spring-boot by spring-projects.
the class SpringBootWebSecurityConfigurationTests method defaultHeaderConfiguration.
@Test
public void defaultHeaderConfiguration() throws Exception {
this.context = SpringApplication.run(VanillaWebConfiguration.class, "--server.port=0");
MockMvc mockMvc = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.context).addFilters((FilterChainProxy) this.context.getBean("springSecurityFilterChain", Filter.class)).build();
mockMvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.header().string("X-Content-Type-Options", is(notNullValue()))).andExpect(MockMvcResultMatchers.header().string("X-XSS-Protection", is(notNullValue()))).andExpect(MockMvcResultMatchers.header().string("Cache-Control", is(notNullValue()))).andExpect(MockMvcResultMatchers.header().string("X-Frame-Options", is(notNullValue()))).andExpect(MockMvcResultMatchers.header().doesNotExist("Content-Security-Policy"));
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
Filter(javax.servlet.Filter)
MockMvc(org.springframework.test.web.servlet.MockMvc)
Test(org.junit.Test)
Example 13 with FilterChainProxy
use of org.springframework.security.web.FilterChainProxy in project spring-boot by spring-projects.
the class SpringBootWebSecurityConfigurationTests method contentSecurityPolicyConfiguration.
@Test
public void contentSecurityPolicyConfiguration() throws Exception {
this.context = SpringApplication.run(VanillaWebConfiguration.class, "--security.headers.content-security-policy=default-src 'self';", "--server.port=0");
MockMvc mockMvc = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.context).addFilters((FilterChainProxy) this.context.getBean("springSecurityFilterChain", Filter.class)).build();
mockMvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.header().string("Content-Security-Policy", is("default-src 'self';"))).andExpect(MockMvcResultMatchers.header().doesNotExist("Content-Security-Policy-Report-Only"));
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
Filter(javax.servlet.Filter)
MockMvc(org.springframework.test.web.servlet.MockMvc)
Test(org.junit.Test)
Example 14 with FilterChainProxy
use of org.springframework.security.web.FilterChainProxy in project spring-boot by spring-projects.
the class SpringBootWebSecurityConfigurationTests method contentSecurityPolicyReportOnlyConfiguration.
@Test
public void contentSecurityPolicyReportOnlyConfiguration() throws Exception {
this.context = SpringApplication.run(VanillaWebConfiguration.class, "--security.headers.content-security-policy=default-src 'self';", "--security.headers.content-security-policy-mode=report-only", "--server.port=0");
MockMvc mockMvc = MockMvcBuilders.webAppContextSetup((WebApplicationContext) this.context).addFilters((FilterChainProxy) this.context.getBean("springSecurityFilterChain", Filter.class)).build();
mockMvc.perform(MockMvcRequestBuilders.get("/")).andExpect(MockMvcResultMatchers.header().string("Content-Security-Policy-Report-Only", is("default-src 'self';"))).andExpect(MockMvcResultMatchers.header().doesNotExist("Content-Security-Policy"));
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
Filter(javax.servlet.Filter)
MockMvc(org.springframework.test.web.servlet.MockMvc)
Test(org.junit.Test)
Aggregations
FilterChainProxy (org.springframework.security.web.FilterChainProxy)14
Test (org.junit.Test)12
DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)5
Filter (javax.servlet.Filter)4
MockMvc (org.springframework.test.web.servlet.MockMvc)3
SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)2
CsrfFilter (org.springframework.security.web.csrf.CsrfFilter)2
HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)2
ArrayList (java.util.ArrayList)1
Before (org.junit.Before)1
MockServletContext (org.springframework.mock.web.MockServletContext)1
EnableWebSecurity (org.springframework.security.config.annotation.web.configuration.EnableWebSecurity)1
AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)1
ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)1
FilterSecurityInterceptor (org.springframework.security.web.access.intercept.FilterSecurityInterceptor)1
AnonymousAuthenticationFilter (org.springframework.security.web.authentication.AnonymousAuthenticationFilter)1
LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)1
DebugFilter (org.springframework.security.web.debug.DebugFilter)1
MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)1
AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)1
