Example 11 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class FilterInvocationTests method testStringMethodsWithAQueryString.
@Test
public void testStringMethodsWithAQueryString() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("foo=bar");
request.setServletPath("/HelloWorld");
request.setServerName("www.example.com");
request.setScheme("http");
request.setServerPort(80);
request.setContextPath("/mycontext");
request.setRequestURI("/mycontext/HelloWorld");
MockHttpServletResponse response = new MockHttpServletResponse();
FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
assertThat(fi.getRequestUrl()).isEqualTo("/HelloWorld?foo=bar");
assertThat(fi.toString()).isEqualTo("FilterInvocation: URL: /HelloWorld?foo=bar");
assertThat(fi.getFullRequestUrl()).isEqualTo("http://www.example.com/mycontext/HelloWorld?foo=bar");
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(javax.servlet.FilterChain)
FilterInvocation(org.springframework.security.web.FilterInvocation)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 12 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class SecureChannelProcessorTests method testDecideDetectsUnacceptableChannel.
@Test
public void testDecideDetectsUnacceptableChannel() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("info=true");
request.setServerName("localhost");
request.setContextPath("/bigapp");
request.setServletPath("/servlet");
request.setScheme("http");
request.setServerPort(8080);
MockHttpServletResponse response = new MockHttpServletResponse();
FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
SecureChannelProcessor processor = new SecureChannelProcessor();
processor.decide(fi, SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL" }));
assertThat(fi.getResponse().isCommitted()).isTrue();
}
Also used :
SecureChannelProcessor(org.springframework.security.web.access.channel.SecureChannelProcessor)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(javax.servlet.FilterChain)
FilterInvocation(org.springframework.security.web.FilterInvocation)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 13 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class InsecureChannelProcessorTests method testDecideDetectsAcceptableChannel.
@Test
public void testDecideDetectsAcceptableChannel() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setQueryString("info=true");
request.setServerName("localhost");
request.setContextPath("/bigapp");
request.setServletPath("/servlet");
request.setScheme("http");
request.setServerPort(8080);
MockHttpServletResponse response = new MockHttpServletResponse();
FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
InsecureChannelProcessor processor = new InsecureChannelProcessor();
processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"));
assertThat(fi.getResponse().isCommitted()).isFalse();
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(javax.servlet.FilterChain)
FilterInvocation(org.springframework.security.web.FilterInvocation)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 14 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful.
@Test
public void lookupRequiringExactMatchWithAdditionalSlashesIsSuccessful() {
createFids("/someAdminPage.html**", null);
FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, "a=/test", null);
Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
// see SEC-161 (it should truncate after ?
assertThat(response);
// sign).isEqualTo(def)
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 15 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project head by mifos.
the class DynamicAuthorizationVoter method vote.
@Override
public int vote(Authentication authentication, Object object, Collection attributes) {
Object principal = authentication.getPrincipal();
for (Object configAttribute : attributes) {
if (supports((ConfigAttribute) configAttribute)) {
}
}
FilterInvocation filter = (FilterInvocation) object;
String fullUrl = filter.getFullRequestUrl();
HttpServletRequest request = filter.getHttpRequest();
HttpSession session = request.getSession();
PreviousRequestValues previousRequestValues = (PreviousRequestValues) session.getAttribute(Constants.PREVIOUS_REQUEST);
if (null == previousRequestValues) {
previousRequestValues = new PreviousRequestValues();
session.setAttribute(Constants.PREVIOUS_REQUEST, previousRequestValues);
}
return ACCESS_GRANTED;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
PreviousRequestValues(org.mifos.framework.util.helpers.PreviousRequestValues)
HttpSession(javax.servlet.http.HttpSession)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Aggregations
FilterInvocation (org.springframework.security.web.FilterInvocation)48
Test (org.junit.Test)32
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)20
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)18
FilterChain (javax.servlet.FilterChain)16
ConfigAttribute (org.springframework.security.access.ConfigAttribute)15
Authentication (org.springframework.security.core.Authentication)10
Expression (org.springframework.expression.Expression)7
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
AccessDeniedException (org.springframework.security.access.AccessDeniedException)4
List (java.util.List)3
Vector (java.util.Vector)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
LinkedHashMap (java.util.LinkedHashMap)2
EvaluationContext (org.springframework.expression.EvaluationContext)2
