Example 21 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class FilterSecurityInterceptor method doFilter.
/**
* Method that is actually called by the filter chain. Simply delegates to the
* {@link #invoke(FilterInvocation)} method.
*
* @param request the servlet request
* @param response the servlet response
* @param chain the filter chain
*
* @throws IOException if the filter chain fails
* @throws ServletException if the filter chain fails
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
FilterInvocation fi = new FilterInvocation(request, response, chain);
invoke(fi);
}
Also used :
FilterInvocation(org.springframework.security.web.FilterInvocation)
Example 22 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class FilterInvocationTests method testRejectsNullFilterChain.
@Test(expected = IllegalArgumentException.class)
public void testRejectsNullFilterChain() {
MockHttpServletRequest request = new MockHttpServletRequest(null, null);
MockHttpServletResponse response = new MockHttpServletResponse();
new FilterInvocation(request, response, null);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterInvocation(org.springframework.security.web.FilterInvocation)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 23 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method extraQuestionMarkStillMatches.
/**
* Check fixes for SEC-321
*/
@Test
public void extraQuestionMarkStillMatches() {
createFids("/someAdminPage.html*", null);
FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, null, null);
Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
assertThat(response).isEqualTo(this.def);
fi = createFilterInvocation("/someAdminPage.html", null, "?", null);
response = this.fids.getAttributes(fi);
assertThat(response).isEqualTo(this.def);
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 24 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method generalMatchIsUsedIfNoMethodSpecificMatchExists.
@Test
public void generalMatchIsUsedIfNoMethodSpecificMatchExists() {
createFids("/somepage**", null);
FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET");
Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
assertThat(attrs).isEqualTo(this.def);
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 25 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method mixingPatternsWithAndWithoutHttpMethodsIsSupported.
// SEC-1236
@Test
public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() throws Exception {
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
Collection<ConfigAttribute> userAttrs = SecurityConfig.createList("A");
requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs);
requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"), SecurityConfig.createList("B"));
this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
FilterInvocation fi = createFilterInvocation("/user", null, null, "GET");
Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
assertThat(attrs).isEqualTo(userAttrs);
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Collection(java.util.Collection)
FilterInvocation(org.springframework.security.web.FilterInvocation)
LinkedHashMap(java.util.LinkedHashMap)
Test(org.junit.Test)
Aggregations
FilterInvocation (org.springframework.security.web.FilterInvocation)48
Test (org.junit.Test)32
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)20
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)18
FilterChain (javax.servlet.FilterChain)16
ConfigAttribute (org.springframework.security.access.ConfigAttribute)15
Authentication (org.springframework.security.core.Authentication)10
Expression (org.springframework.expression.Expression)7
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
AccessDeniedException (org.springframework.security.access.AccessDeniedException)4
List (java.util.List)3
Vector (java.util.Vector)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
LinkedHashMap (java.util.LinkedHashMap)2
EvaluationContext (org.springframework.expression.EvaluationContext)2
