Examples with FilterInvocation org.springframework.security.web.FilterInvocation used on opensource projects

Search in sources :

Example 36 with FilterInvocation

use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.

the class FilterSecurityInterceptorTests method testSuccessfulInvocation.

/**
	 * We just test invocation works in a success event. There is no need to test access
	 * denied events as the abstract parent enforces that logic, which is extensively
	 * tested separately.
	 */
@Test
public void testSuccessfulInvocation() throws Throwable {
    // Setup a Context
    Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
    SecurityContextHolder.getContext().setAuthentication(token);
    FilterInvocation fi = createinvocation();
    when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
    interceptor.invoke(fi);
    // SEC-1697
    verify(publisher, never()).publishEvent(any(AuthorizedEvent.class));
}
Also used : Authentication(org.springframework.security.core.Authentication) AuthorizedEvent(org.springframework.security.access.event.AuthorizedEvent) FilterInvocation(org.springframework.security.web.FilterInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Example 37 with FilterInvocation

use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.

the class FilterSecurityInterceptorTests method afterInvocationIsNotInvokedIfExceptionThrown.

@Test
public void afterInvocationIsNotInvokedIfExceptionThrown() throws Exception {
    Authentication token = new TestingAuthenticationToken("Test", "Password", "NOT_USED");
    SecurityContextHolder.getContext().setAuthentication(token);
    FilterInvocation fi = createinvocation();
    FilterChain chain = fi.getChain();
    doThrow(new RuntimeException()).when(chain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
    when(ods.getAttributes(fi)).thenReturn(SecurityConfig.createList("MOCK_OK"));
    AfterInvocationManager aim = mock(AfterInvocationManager.class);
    interceptor.setAfterInvocationManager(aim);
    try {
        interceptor.invoke(fi);
        fail("Expected exception");
    } catch (RuntimeException expected) {
    }
    verifyZeroInteractions(aim);
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) AfterInvocationManager(org.springframework.security.access.intercept.AfterInvocationManager) Authentication(org.springframework.security.core.Authentication) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) FilterInvocation(org.springframework.security.web.FilterInvocation) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Example 38 with FilterInvocation

use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.

the class FilterSecurityInterceptorTests method createinvocation.

private FilterInvocation createinvocation() {
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServletPath("/secure/page.html");
    FilterChain chain = mock(FilterChain.class);
    FilterInvocation fi = new FilterInvocation(request, response, chain);
    return fi;
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) FilterInvocation(org.springframework.security.web.FilterInvocation) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 39 with FilterInvocation

use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.

the class ExpressionBasedFilterInvocationSecurityMetadataSourceTests method expectedAttributeIsReturned.

@Test
public void expectedAttributeIsReturned() {
    final String expression = "hasRole('X')";
    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
    requestMap.put(AnyRequestMatcher.INSTANCE, SecurityConfig.createList(expression));
    ExpressionBasedFilterInvocationSecurityMetadataSource mds = new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, new DefaultWebSecurityExpressionHandler());
    assertThat(mds.getAllConfigAttributes()).hasSize(1);
    Collection<ConfigAttribute> attrs = mds.getAttributes(new FilterInvocation("/path", "GET"));
    assertThat(attrs).hasSize(1);
    WebExpressionConfigAttribute attribute = (WebExpressionConfigAttribute) attrs.toArray()[0];
    assertThat(attribute.getAttribute()).isNull();
    assertThat(attribute.getAuthorizeExpression().getExpressionString()).isEqualTo(expression);
    assertThat(attribute.toString()).isEqualTo(expression);
}
Also used : AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) ConfigAttribute(org.springframework.security.access.ConfigAttribute) Collection(java.util.Collection) FilterInvocation(org.springframework.security.web.FilterInvocation) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.Test)

Example 40 with FilterInvocation

use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.

the class WebExpressionVoterTests method abstainsIfNoAttributeFound.

@Test
public void abstainsIfNoAttributeFound() {
    WebExpressionVoter voter = new WebExpressionVoter();
    assertThat(voter.vote(user, new FilterInvocation("/path", "GET"), SecurityConfig.createList("A", "B", "C"))).isEqualTo(AccessDecisionVoter.ACCESS_ABSTAIN);
}
Also used : FilterInvocation(org.springframework.security.web.FilterInvocation) Test(org.junit.Test)

Aggregations

FilterInvocation (org.springframework.security.web.FilterInvocation)50 Test (org.junit.Test)32 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)20 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)18 FilterChain (javax.servlet.FilterChain)16 ConfigAttribute (org.springframework.security.access.ConfigAttribute)15 Authentication (org.springframework.security.core.Authentication)10 Expression (org.springframework.expression.Expression)7 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 AccessDeniedException (org.springframework.security.access.AccessDeniedException)4 List (java.util.List)3 Vector (java.util.Vector)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3 ArrayList (java.util.ArrayList)2 Collection (java.util.Collection)2 HashMap (java.util.HashMap)2 LinkedHashMap (java.util.LinkedHashMap)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial