Search in sources :

Example 1 with SimpleUrlAuthenticationSuccessHandler

use of org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler in project spring-security by spring-projects.

the class SwitchUserFilterTests method redirectToTargetUrlIsCorrect.

@Test
public void redirectToTargetUrlIsCorrect() throws Exception {
    MockHttpServletRequest request = createMockSwitchRequest();
    request.setContextPath("/webapp");
    request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
    request.setRequestURI("/webapp/login/impersonate");
    SwitchUserFilter filter = new SwitchUserFilter();
    filter.setSwitchUserUrl("/login/impersonate");
    filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl"));
    filter.setUserDetailsService(new MockUserDetailsService());
    FilterChain chain = mock(FilterChain.class);
    MockHttpServletResponse response = new MockHttpServletResponse();
    filter.doFilter(request, response, chain);
    verify(chain, never()).doFilter(request, response);
    assertThat(response.getRedirectedUrl()).isEqualTo("/webapp/someOtherUrl");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) SimpleUrlAuthenticationSuccessHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 2 with SimpleUrlAuthenticationSuccessHandler

use of org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler in project spring-security by spring-projects.

the class RememberMeAuthenticationFilterTests method authenticationSuccessHandlerIsInvokedOnSuccessfulAuthenticationIfSet.

@Test
public void authenticationSuccessHandlerIsInvokedOnSuccessfulAuthenticationIfSet() throws Exception {
    AuthenticationManager am = mock(AuthenticationManager.class);
    when(am.authenticate(remembered)).thenReturn(remembered);
    RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am, new MockRememberMeServices(remembered));
    filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/target"));
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterChain fc = mock(FilterChain.class);
    request.setRequestURI("x");
    filter.doFilter(request, response, fc);
    assertThat(response.getRedirectedUrl()).isEqualTo("/target");
    // Should return after success handler is invoked, so chain should not proceed
    verifyZeroInteractions(fc);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) SimpleUrlAuthenticationSuccessHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 3 with SimpleUrlAuthenticationSuccessHandler

use of org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler in project spring-security by spring-projects.

the class SwitchUserFilter method afterPropertiesSet.

// ~ Methods
// ========================================================================================================
@Override
public void afterPropertiesSet() {
    Assert.notNull(this.userDetailsService, "userDetailsService must be specified");
    Assert.isTrue(this.successHandler != null || this.targetUrl != null, "You must set either a successHandler or the targetUrl");
    if (this.targetUrl != null) {
        Assert.isNull(this.successHandler, "You cannot set both successHandler and targetUrl");
        this.successHandler = new SimpleUrlAuthenticationSuccessHandler(this.targetUrl);
    }
    if (this.failureHandler == null) {
        this.failureHandler = this.switchFailureUrl == null ? new SimpleUrlAuthenticationFailureHandler() : new SimpleUrlAuthenticationFailureHandler(this.switchFailureUrl);
    } else {
        Assert.isNull(this.switchFailureUrl, "You cannot set both a switchFailureUrl and a failureHandler");
    }
}
Also used : SimpleUrlAuthenticationSuccessHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)

Example 4 with SimpleUrlAuthenticationSuccessHandler

use of org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler in project spring-security by spring-projects.

the class SwitchUserFilterTests method testSwitchRequestFromDanoToJackLord.

@Test
public void testSwitchRequestFromDanoToJackLord() throws Exception {
    // set current user
    UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
    SecurityContextHolder.getContext().setAuthentication(auth);
    // http request
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRequestURI("/webapp/login/impersonate");
    request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
    // http response
    MockHttpServletResponse response = new MockHttpServletResponse();
    // setup filter
    SwitchUserFilter filter = new SwitchUserFilter();
    filter.setUserDetailsService(new MockUserDetailsService());
    filter.setSwitchUserUrl("/login/impersonate");
    filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
    FilterChain chain = mock(FilterChain.class);
    // test updates user token and context
    filter.doFilter(request, response, chain);
    verify(chain, never()).doFilter(request, response);
    // check current user
    Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication();
    assertThat(targetAuth).isNotNull();
    assertThat(targetAuth.getPrincipal() instanceof UserDetails).isTrue();
    assertThat(((User) targetAuth.getPrincipal()).getUsername()).isEqualTo("jacklord");
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) User(org.springframework.security.core.userdetails.User) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) FilterChain(javax.servlet.FilterChain) SimpleUrlAuthenticationSuccessHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 5 with SimpleUrlAuthenticationSuccessHandler

use of org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler in project spring-security by spring-projects.

the class SwitchUserFilterTests method redirectOmitsContextPathIfUseRelativeContextSet.

@Test
public void redirectOmitsContextPathIfUseRelativeContextSet() throws Exception {
    // set current user
    UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
    SecurityContextHolder.getContext().setAuthentication(auth);
    MockHttpServletRequest request = createMockSwitchRequest();
    request.setContextPath("/webapp");
    request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
    request.setRequestURI("/webapp/login/impersonate");
    SwitchUserFilter filter = new SwitchUserFilter();
    filter.setSwitchUserUrl("/login/impersonate");
    SimpleUrlAuthenticationSuccessHandler switchSuccessHandler = new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl");
    DefaultRedirectStrategy contextRelativeRedirector = new DefaultRedirectStrategy();
    contextRelativeRedirector.setContextRelative(true);
    switchSuccessHandler.setRedirectStrategy(contextRelativeRedirector);
    filter.setSuccessHandler(switchSuccessHandler);
    filter.setUserDetailsService(new MockUserDetailsService());
    FilterChain chain = mock(FilterChain.class);
    MockHttpServletResponse response = new MockHttpServletResponse();
    filter.doFilter(request, response, chain);
    verify(chain, never()).doFilter(request, response);
    assertThat(response.getRedirectedUrl()).isEqualTo("/someOtherUrl");
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) SimpleUrlAuthenticationSuccessHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) DefaultRedirectStrategy(org.springframework.security.web.DefaultRedirectStrategy) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Aggregations

SimpleUrlAuthenticationSuccessHandler (org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler)6 FilterChain (javax.servlet.FilterChain)5 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)5 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)5 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3 Authentication (org.springframework.security.core.Authentication)2 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1 User (org.springframework.security.core.userdetails.User)1 UserDetails (org.springframework.security.core.userdetails.UserDetails)1 DefaultRedirectStrategy (org.springframework.security.web.DefaultRedirectStrategy)1 SimpleUrlAuthenticationFailureHandler (org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)1