Example 6 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class FilterInvocationTests method testStringMethodsWithoutAnyQueryString.
@Test
public void testStringMethodsWithoutAnyQueryString() {
MockHttpServletRequest request = new MockHttpServletRequest(null, null);
request.setServletPath("/HelloWorld");
request.setServerName("www.example.com");
request.setScheme("http");
request.setServerPort(80);
request.setContextPath("/mycontext");
request.setRequestURI("/mycontext/HelloWorld");
MockHttpServletResponse response = new MockHttpServletResponse();
FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld");
assertThat(fi.toString()).isEqualTo("FilterInvocation: URL: /HelloWorld");
assertThat(fi.getFullRequestUrl()).isEqualTo("http://www.example.com/mycontext/HelloWorld");
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(javax.servlet.FilterChain)
FilterInvocation(org.springframework.security.web.FilterInvocation)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 7 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security-oauth by spring-projects.
the class OAuthConsumerProcessingFilter method getAccessTokenDependencies.
/**
* Loads the access token dependencies for the given request. This will be a set of {@link ProtectedResourceDetails#getId() resource ids}
* for which an OAuth access token is required.
*
* @param request The request.
* @param response The response
* @param filterChain The filter chain
* @return The access token dependencies (could be empty).
*/
protected Set<String> getAccessTokenDependencies(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
Set<String> deps = new TreeSet<String>();
if (getObjectDefinitionSource() != null) {
FilterInvocation invocation = new FilterInvocation(request, response, filterChain);
Collection<ConfigAttribute> attributes = getObjectDefinitionSource().getAttributes(invocation);
if (attributes != null) {
for (ConfigAttribute attribute : attributes) {
deps.add(attribute.getAttribute());
}
}
}
return deps;
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
TreeSet(java.util.TreeSet)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Example 8 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class WebExpressionVoterTests method grantsAccessIfExpressionIsTrueDeniesIfFalse.
@Test
public void grantsAccessIfExpressionIsTrueDeniesIfFalse() {
WebExpressionVoter voter = new WebExpressionVoter();
Expression ex = mock(Expression.class);
EvaluationContextPostProcessor postProcessor = mock(EvaluationContextPostProcessor.class);
when(postProcessor.postProcess(any(EvaluationContext.class), any(FilterInvocation.class))).thenAnswer(new Answer<EvaluationContext>() {
public EvaluationContext answer(InvocationOnMock invocation) throws Throwable {
return invocation.getArgumentAt(0, EvaluationContext.class);
}
});
WebExpressionConfigAttribute weca = new WebExpressionConfigAttribute(ex, postProcessor);
EvaluationContext ctx = mock(EvaluationContext.class);
SecurityExpressionHandler eh = mock(SecurityExpressionHandler.class);
FilterInvocation fi = new FilterInvocation("/path", "GET");
voter.setExpressionHandler(eh);
when(eh.createEvaluationContext(user, fi)).thenReturn(ctx);
when(ex.getValue(ctx, Boolean.class)).thenReturn(Boolean.TRUE).thenReturn(Boolean.FALSE);
ArrayList attributes = new ArrayList();
attributes.addAll(SecurityConfig.createList("A", "B", "C"));
attributes.add(weca);
assertThat(voter.vote(user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_GRANTED);
// Second time false
assertThat(voter.vote(user, fi, attributes)).isEqualTo(AccessDecisionVoter.ACCESS_DENIED);
}
Also used :
SecurityExpressionHandler(org.springframework.security.access.expression.SecurityExpressionHandler)
Expression(org.springframework.expression.Expression)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
ArrayList(java.util.ArrayList)
EvaluationContext(org.springframework.expression.EvaluationContext)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 9 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class WebSecurityExpressionRootTests method ipAddressMatchesForEqualIpAddresses.
@Test
public void ipAddressMatchesForEqualIpAddresses() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI("/test");
// IPv4
request.setRemoteAddr("192.168.1.1");
WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(mock(Authentication.class), new FilterInvocation(request, mock(HttpServletResponse.class), mock(FilterChain.class)));
assertThat(root.hasIpAddress("192.168.1.1")).isTrue();
// IPv6 Address
request.setRemoteAddr("fa:db8:85a3::8a2e:370:7334");
assertThat(root.hasIpAddress("fa:db8:85a3::8a2e:370:7334")).isTrue();
}
Also used :
WebSecurityExpressionRoot(org.springframework.security.web.access.expression.WebSecurityExpressionRoot)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Authentication(org.springframework.security.core.Authentication)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 10 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method httpMethodLookupSucceeds.
@Test
public void httpMethodLookupSucceeds() {
createFids("/somepage**", "GET");
FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET");
Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
assertThat(attrs).isEqualTo(this.def);
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Aggregations
FilterInvocation (org.springframework.security.web.FilterInvocation)48
Test (org.junit.Test)32
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)20
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)18
FilterChain (javax.servlet.FilterChain)16
ConfigAttribute (org.springframework.security.access.ConfigAttribute)15
Authentication (org.springframework.security.core.Authentication)10
Expression (org.springframework.expression.Expression)7
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
AccessDeniedException (org.springframework.security.access.AccessDeniedException)4
List (java.util.List)3
Vector (java.util.Vector)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
LinkedHashMap (java.util.LinkedHashMap)2
EvaluationContext (org.springframework.expression.EvaluationContext)2
