Example 31 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method generalMatchIsUsedIfNoMethodSpecificMatchExists.
@Test
public void generalMatchIsUsedIfNoMethodSpecificMatchExists() {
createFids("/somepage**", null);
FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET");
Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
assertThat(attrs).isEqualTo(this.def);
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 32 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method mixingPatternsWithAndWithoutHttpMethodsIsSupported.
// SEC-1236
@Test
public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() throws Exception {
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
Collection<ConfigAttribute> userAttrs = SecurityConfig.createList("A");
requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs);
requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"), SecurityConfig.createList("B"));
this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
FilterInvocation fi = createFilterInvocation("/user", null, null, "GET");
Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
assertThat(attrs).isEqualTo(userAttrs);
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Collection(java.util.Collection)
FilterInvocation(org.springframework.security.web.FilterInvocation)
LinkedHashMap(java.util.LinkedHashMap)
Test(org.junit.Test)
Example 33 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method createFilterInvocation.
private FilterInvocation createFilterInvocation(String servletPath, String pathInfo, String queryString, String method) {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI(null);
request.setMethod(method);
request.setServletPath(servletPath);
request.setPathInfo(pathInfo);
request.setQueryString(queryString);
return new FilterInvocation(request, new MockHttpServletResponse(), mock(FilterChain.class));
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(javax.servlet.FilterChain)
FilterInvocation(org.springframework.security.web.FilterInvocation)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Example 34 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method requestWithDifferentHttpMethodDoesntMatch.
@Test
public void requestWithDifferentHttpMethodDoesntMatch() {
createFids("/somepage**", "GET");
FilterInvocation fi = createFilterInvocation("/somepage", null, null, "POST");
Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
assertThat(attrs).isNull();
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 35 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.
the class FilterSecurityInterceptorTests method finallyInvocationIsInvokedIfExceptionThrown.
// SEC-1967
@Test
@SuppressWarnings("unchecked")
public void finallyInvocationIsInvokedIfExceptionThrown() throws Exception {
SecurityContext ctx = SecurityContextHolder.getContext();
Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
token.setAuthenticated(true);
ctx.setAuthentication(token);
RunAsManager runAsManager = mock(RunAsManager.class);
when(runAsManager.buildRunAs(eq(token), any(), anyCollection())).thenReturn(new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), token.getClass()));
interceptor.setRunAsManager(runAsManager);
FilterInvocation fi = createinvocation();
FilterChain chain = fi.getChain();
doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
AfterInvocationManager aim = mock(AfterInvocationManager.class);
interceptor.setAfterInvocationManager(aim);
try {
interceptor.invoke(fi);
fail("Expected exception");
} catch (RuntimeException expected) {
}
// Check we've changed back
assertThat(SecurityContextHolder.getContext()).isSameAs(ctx);
assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(token);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager)
RunAsUserToken(org.springframework.security.access.intercept.RunAsUserToken)
RunAsManager(org.springframework.security.access.intercept.RunAsManager)
Authentication(org.springframework.security.core.Authentication)
FilterChain(javax.servlet.FilterChain)
SecurityContext(org.springframework.security.core.context.SecurityContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
FilterInvocation(org.springframework.security.web.FilterInvocation)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Aggregations
FilterInvocation (org.springframework.security.web.FilterInvocation)50
Test (org.junit.Test)32
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)20
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)18
FilterChain (javax.servlet.FilterChain)16
ConfigAttribute (org.springframework.security.access.ConfigAttribute)15
Authentication (org.springframework.security.core.Authentication)10
Expression (org.springframework.expression.Expression)7
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
AccessDeniedException (org.springframework.security.access.AccessDeniedException)4
List (java.util.List)3
Vector (java.util.Vector)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
HashMap (java.util.HashMap)2
LinkedHashMap (java.util.LinkedHashMap)2
