Examples with FilterInvocation org.springframework.security.web.FilterInvocation used on opensource projects

Search in sources :

Example 41 with FilterInvocation

use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.

the class WebSecurityExpressionRootTests method addressesInIpRangeMatch.

@Test
public void addressesInIpRangeMatch() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRequestURI("/test");
    WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(mock(Authentication.class), new FilterInvocation(request, mock(HttpServletResponse.class), mock(FilterChain.class)));
    for (int i = 0; i < 255; i++) {
        request.setRemoteAddr("192.168.1." + i);
        assertThat(root.hasIpAddress("192.168.1.0/24")).isTrue();
    }
    request.setRemoteAddr("192.168.1.127");
    // 25 = FF FF FF 80
    assertThat(root.hasIpAddress("192.168.1.0/25")).isTrue();
    // encroach on the mask
    request.setRemoteAddr("192.168.1.128");
    assertThat(root.hasIpAddress("192.168.1.0/25")).isFalse();
    request.setRemoteAddr("192.168.1.255");
    assertThat(root.hasIpAddress("192.168.1.128/25")).isTrue();
    assertThat(root.hasIpAddress("192.168.1.192/26")).isTrue();
    assertThat(root.hasIpAddress("192.168.1.224/27")).isTrue();
    assertThat(root.hasIpAddress("192.168.1.240/27")).isTrue();
    assertThat(root.hasIpAddress("192.168.1.255/32")).isTrue();
    request.setRemoteAddr("202.24.199.127");
    assertThat(root.hasIpAddress("202.24.0.0/14")).isTrue();
    request.setRemoteAddr("202.25.179.135");
    assertThat(root.hasIpAddress("202.24.0.0/14")).isTrue();
    request.setRemoteAddr("202.26.179.135");
    assertThat(root.hasIpAddress("202.24.0.0/14")).isTrue();
}
Also used : WebSecurityExpressionRoot(org.springframework.security.web.access.expression.WebSecurityExpressionRoot) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) FilterInvocation(org.springframework.security.web.FilterInvocation) Test(org.junit.Test)

Example 42 with FilterInvocation

use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.

the class DefaultFilterInvocationSecurityMetadataSourceTests method lookupNotRequiringExactMatchSucceedsIfNotMatching.

@Test
public void lookupNotRequiringExactMatchSucceedsIfNotMatching() {
    createFids("/secure/super/**", null);
    FilterInvocation fi = createFilterInvocation("/secure/super/somefile.html", null, null, null);
    assertThat(this.fids.getAttributes(fi)).isEqualTo(this.def);
}
Also used : FilterInvocation(org.springframework.security.web.FilterInvocation) Test(org.junit.Test)

Example 43 with FilterInvocation

use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.

the class DefaultFilterInvocationSecurityMetadataSourceTests method lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase.

/**
	 * SEC-501. Note that as of 2.0, lower case comparisons are the default for this
	 * class.
	 */
@Test
public void lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase() {
    createFids("/secure/super/**", null);
    FilterInvocation fi = createFilterInvocation("/secure", "/super/somefile.html", null, null);
    Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
    assertThat(response).isEqualTo(this.def);
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) FilterInvocation(org.springframework.security.web.FilterInvocation) Test(org.junit.Test)

Example 44 with FilterInvocation

use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.

the class DefaultFilterInvocationSecurityMetadataSourceTests method lookupRequiringExactMatchIsSuccessful.

@Test
public void lookupRequiringExactMatchIsSuccessful() {
    createFids("/SeCurE/super/**", null);
    FilterInvocation fi = createFilterInvocation("/SeCurE/super/somefile.html", null, null, null);
    Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
    assertThat(response).isEqualTo(this.def);
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) FilterInvocation(org.springframework.security.web.FilterInvocation) Test(org.junit.Test)

Example 45 with FilterInvocation

use of org.springframework.security.web.FilterInvocation in project spring-security by spring-projects.

the class SecureChannelProcessorTests method testDecideDetectsAcceptableChannel.

// ~ Methods
// ========================================================================================================
@Test
public void testDecideDetectsAcceptableChannel() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setQueryString("info=true");
    request.setServerName("localhost");
    request.setContextPath("/bigapp");
    request.setServletPath("/servlet");
    request.setScheme("https");
    request.setSecure(true);
    request.setServerPort(8443);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
    SecureChannelProcessor processor = new SecureChannelProcessor();
    processor.decide(fi, SecurityConfig.createList("SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL"));
    assertThat(fi.getResponse().isCommitted()).isFalse();
}
Also used : SecureChannelProcessor(org.springframework.security.web.access.channel.SecureChannelProcessor) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) FilterInvocation(org.springframework.security.web.FilterInvocation) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Aggregations

FilterInvocation (org.springframework.security.web.FilterInvocation)50 Test (org.junit.Test)32 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)20 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)18 FilterChain (javax.servlet.FilterChain)16 ConfigAttribute (org.springframework.security.access.ConfigAttribute)15 Authentication (org.springframework.security.core.Authentication)10 Expression (org.springframework.expression.Expression)7 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 AccessDeniedException (org.springframework.security.access.AccessDeniedException)4 List (java.util.List)3 Vector (java.util.Vector)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3 ArrayList (java.util.ArrayList)2 Collection (java.util.Collection)2 HashMap (java.util.HashMap)2 LinkedHashMap (java.util.LinkedHashMap)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial