Example 26 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method createFilterInvocation.
private FilterInvocation createFilterInvocation(String servletPath, String pathInfo, String queryString, String method) {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI(null);
request.setMethod(method);
request.setServletPath(servletPath);
request.setPathInfo(pathInfo);
request.setQueryString(queryString);
return new FilterInvocation(request, new MockHttpServletResponse(), mock(FilterChain.class));
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(javax.servlet.FilterChain)
FilterInvocation(org.springframework.security.web.FilterInvocation)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Example 27 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method requestWithDifferentHttpMethodDoesntMatch.
@Test
public void requestWithDifferentHttpMethodDoesntMatch() {
createFids("/somepage**", "GET");
FilterInvocation fi = createFilterInvocation("/somepage", null, null, "POST");
Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
assertThat(attrs).isNull();
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 28 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class FilterSecurityInterceptorTests method finallyInvocationIsInvokedIfExceptionThrown.
// SEC-1967
@Test
@SuppressWarnings("unchecked")
public void finallyInvocationIsInvokedIfExceptionThrown() throws Exception {
SecurityContext ctx = SecurityContextHolder.getContext();
Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
token.setAuthenticated(true);
ctx.setAuthentication(token);
RunAsManager runAsManager = mock(RunAsManager.class);
when(runAsManager.buildRunAs(eq(token), any(), anyCollection())).thenReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
interceptor.setRunAsManager(runAsManager);
FilterInvocation fi = createinvocation();
FilterChain chain = fi.getChain();
doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
AfterInvocationManager aim = mock(AfterInvocationManager.class);
interceptor.setAfterInvocationManager(aim);
try {
interceptor.invoke(fi);
fail("Expected exception");
} catch (RuntimeException expected) {
}
// Check we've changed back
assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager)
RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken)
RunAsManager(org.springframework.security.access.intercept.RunAsManager)
Authentication(org.springframework.security.core.Authentication)
FilterChain(javax.servlet.FilterChain)
SecurityContext(org.springframework.security.core.context.SecurityContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
FilterInvocation(org.springframework.security.web.FilterInvocation)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Example 29 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class FilterSecurityInterceptorTests method testSuccessfulInvocation.
/**
* We just test invocation works in a success event. There is no need to test access
* denied events as the abstract parent enforces that logic, which is extensively
* tested separately.
*/
@Test
public void testSuccessfulInvocation() throws Throwable {
// Setup a Context
Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
SecurityContextHolder.getContext().setAuthentication(token);
FilterInvocation fi = createinvocation();
when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
interceptor.invoke(fi);
// SEC-1697
verify(publisher, never()).publishEvent(any(AuthorizedEvent.class));
}
Also used :
Authentication(org.springframework.security.core.Authentication)
AuthorizedEvent(org.springframework.security.access.event.AuthorizedEvent)
FilterInvocation(org.springframework.security.web.FilterInvocation)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Example 30 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class FilterSecurityInterceptorTests method afterInvocationIsNotInvokedIfExceptionThrown.
@Test
public void afterInvocationIsNotInvokedIfExceptionThrown() throws Exception {
Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
SecurityContextHolder.getContext().setAuthentication(token);
FilterInvocation fi = createinvocation();
FilterChain chain = fi.getChain();
doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
AfterInvocationManager aim = mock(AfterInvocationManager.class);
interceptor.setAfterInvocationManager(aim);
try {
interceptor.invoke(fi);
fail("Expected exception");
} catch (RuntimeException expected) {
}
verifyZeroInteractions(aim);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager)
Authentication(org.springframework.security.core.Authentication)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
FilterInvocation(org.springframework.security.web.FilterInvocation)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Aggregations
FilterInvocation (org.springframework.security.web.FilterInvocation)48
Test (org.junit.Test)32
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)20
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)18
FilterChain (javax.servlet.FilterChain)16
ConfigAttribute (org.springframework.security.access.ConfigAttribute)15
Authentication (org.springframework.security.core.Authentication)10
Expression (org.springframework.expression.Expression)7
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
AccessDeniedException (org.springframework.security.access.AccessDeniedException)4
List (java.util.List)3
Vector (java.util.Vector)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
LinkedHashMap (java.util.LinkedHashMap)2
EvaluationContext (org.springframework.expression.EvaluationContext)2
