Search in sources :

Example 1 with SecureChannelProcessor

use of org.springframework.security.web.access.channel.SecureChannelProcessor in project spring-security by spring-projects.

the class SecureChannelProcessorTests method testDecideDetectsUnacceptableChannel.

@Test
public void testDecideDetectsUnacceptableChannel() throws Exception {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setQueryString("info=true");
    request.setServerName("localhost");
    request.setContextPath("/bigapp");
    request.setServletPath("/servlet");
    request.setScheme("http");
    request.setServerPort(8080);
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
    SecureChannelProcessor processor = new SecureChannelProcessor();
    processor.decide(fi, SecurityConfig.createList(new String[] { "SOME_IGNORED_ATTRIBUTE", "REQUIRES_SECURE_CHANNEL" }));
    assertThat(fi.getResponse().isCommitted()).isTrue();
}
Also used : SecureChannelProcessor(org.springframework.security.web.access.channel.SecureChannelProcessor) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) FilterInvocation(org.springframework.security.web.FilterInvocation) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 2 with SecureChannelProcessor

use of org.springframework.security.web.access.channel.SecureChannelProcessor in project spring-security by spring-projects.

the class SecureChannelProcessorTests method testMissingSecureChannelKeyword.

@Test
public void testMissingSecureChannelKeyword() throws Exception {
    SecureChannelProcessor processor = new SecureChannelProcessor();
    processor.setSecureKeyword(null);
    try {
        processor.afterPropertiesSet();
        fail("Should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
        assertThat(expected.getMessage()).isEqualTo("secureKeyword required");
    }
    processor.setSecureKeyword("");
    try {
        processor.afterPropertiesSet();
        fail("Should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
        assertThat(expected.getMessage()).isEqualTo("secureKeyword required");
    }
}
Also used : SecureChannelProcessor(org.springframework.security.web.access.channel.SecureChannelProcessor) Test(org.junit.Test)

Example 3 with SecureChannelProcessor

use of org.springframework.security.web.access.channel.SecureChannelProcessor in project spring-security by spring-projects.

the class SecureChannelProcessorTests method testSupports.

@Test
public void testSupports() {
    SecureChannelProcessor processor = new SecureChannelProcessor();
    assertThat(processor.supports(new SecurityConfig("REQUIRES_SECURE_CHANNEL"))).isTrue();
    assertThat(processor.supports(null)).isFalse();
    assertThat(processor.supports(new SecurityConfig("NOT_SUPPORTED"))).isFalse();
}
Also used : SecureChannelProcessor(org.springframework.security.web.access.channel.SecureChannelProcessor) SecurityConfig(org.springframework.security.access.SecurityConfig) Test(org.junit.Test)

Example 4 with SecureChannelProcessor

use of org.springframework.security.web.access.channel.SecureChannelProcessor in project spring-security by spring-projects.

the class SecureChannelProcessorTests method testMissingEntryPoint.

@Test
public void testMissingEntryPoint() throws Exception {
    SecureChannelProcessor processor = new SecureChannelProcessor();
    processor.setEntryPoint(null);
    try {
        processor.afterPropertiesSet();
        fail("Should have thrown IllegalArgumentException");
    } catch (IllegalArgumentException expected) {
        assertThat(expected.getMessage()).isEqualTo("entryPoint required");
    }
}
Also used : SecureChannelProcessor(org.springframework.security.web.access.channel.SecureChannelProcessor) Test(org.junit.Test)

Example 5 with SecureChannelProcessor

use of org.springframework.security.web.access.channel.SecureChannelProcessor in project spring-security by spring-projects.

the class ChannelSecurityConfigurer method getChannelProcessors.

private List<ChannelProcessor> getChannelProcessors(H http) {
    if (channelProcessors != null) {
        return channelProcessors;
    }
    InsecureChannelProcessor insecureChannelProcessor = new InsecureChannelProcessor();
    SecureChannelProcessor secureChannelProcessor = new SecureChannelProcessor();
    PortMapper portMapper = http.getSharedObject(PortMapper.class);
    if (portMapper != null) {
        RetryWithHttpEntryPoint httpEntryPoint = new RetryWithHttpEntryPoint();
        httpEntryPoint.setPortMapper(portMapper);
        insecureChannelProcessor.setEntryPoint(httpEntryPoint);
        RetryWithHttpsEntryPoint httpsEntryPoint = new RetryWithHttpsEntryPoint();
        httpsEntryPoint.setPortMapper(portMapper);
        secureChannelProcessor.setEntryPoint(httpsEntryPoint);
    }
    insecureChannelProcessor = postProcess(insecureChannelProcessor);
    secureChannelProcessor = postProcess(secureChannelProcessor);
    return Arrays.<ChannelProcessor>asList(insecureChannelProcessor, secureChannelProcessor);
}
Also used : SecureChannelProcessor(org.springframework.security.web.access.channel.SecureChannelProcessor) RetryWithHttpsEntryPoint(org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint) PortMapper(org.springframework.security.web.PortMapper) RetryWithHttpEntryPoint(org.springframework.security.web.access.channel.RetryWithHttpEntryPoint) InsecureChannelProcessor(org.springframework.security.web.access.channel.InsecureChannelProcessor) InsecureChannelProcessor(org.springframework.security.web.access.channel.InsecureChannelProcessor) SecureChannelProcessor(org.springframework.security.web.access.channel.SecureChannelProcessor) ChannelProcessor(org.springframework.security.web.access.channel.ChannelProcessor)

Aggregations

SecureChannelProcessor (org.springframework.security.web.access.channel.SecureChannelProcessor)8 Test (org.junit.Test)7 FilterChain (javax.servlet.FilterChain)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 FilterInvocation (org.springframework.security.web.FilterInvocation)2 SecurityConfig (org.springframework.security.access.SecurityConfig)1 PortMapper (org.springframework.security.web.PortMapper)1 ChannelProcessor (org.springframework.security.web.access.channel.ChannelProcessor)1 InsecureChannelProcessor (org.springframework.security.web.access.channel.InsecureChannelProcessor)1 RetryWithHttpEntryPoint (org.springframework.security.web.access.channel.RetryWithHttpEntryPoint)1 RetryWithHttpsEntryPoint (org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint)1