use of org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler in project spring-security by spring-projects.
the class SwitchUserFilterTests method redirectToTargetUrlIsCorrect.
@Test
public void redirectToTargetUrlIsCorrect() throws Exception {
MockHttpServletRequest request = createMockSwitchRequest();
request.setContextPath("/webapp");
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
request.setRequestURI("/webapp/login/impersonate");
SwitchUserFilter filter = new SwitchUserFilter();
filter.setSwitchUserUrl("/login/impersonate");
filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl"));
filter.setUserDetailsService(new MockUserDetailsService());
FilterChain chain = mock(FilterChain.class);
MockHttpServletResponse response = new MockHttpServletResponse();
filter.doFilter(request, response, chain);
verify(chain, never()).doFilter(request, response);
assertThat(response.getRedirectedUrl()).isEqualTo("/webapp/someOtherUrl");
}
use of org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler in project spring-security by spring-projects.
the class RememberMeAuthenticationFilterTests method authenticationSuccessHandlerIsInvokedOnSuccessfulAuthenticationIfSet.
@Test
public void authenticationSuccessHandlerIsInvokedOnSuccessfulAuthenticationIfSet() throws Exception {
AuthenticationManager am = mock(AuthenticationManager.class);
when(am.authenticate(remembered)).thenReturn(remembered);
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am, new MockRememberMeServices(remembered));
filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/target"));
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain fc = mock(FilterChain.class);
request.setRequestURI("x");
filter.doFilter(request, response, fc);
assertThat(response.getRedirectedUrl()).isEqualTo("/target");
// Should return after success handler is invoked, so chain should not proceed
verifyZeroInteractions(fc);
}
use of org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler in project spring-security by spring-projects.
the class SwitchUserFilter method afterPropertiesSet.
// ~ Methods
// ========================================================================================================
@Override
public void afterPropertiesSet() {
Assert.notNull(this.userDetailsService, "userDetailsService must be specified");
Assert.isTrue(this.successHandler != null || this.targetUrl != null, "You must set either a successHandler or the targetUrl");
if (this.targetUrl != null) {
Assert.isNull(this.successHandler, "You cannot set both successHandler and targetUrl");
this.successHandler = new SimpleUrlAuthenticationSuccessHandler(this.targetUrl);
}
if (this.failureHandler == null) {
this.failureHandler = this.switchFailureUrl == null ? new SimpleUrlAuthenticationFailureHandler() : new SimpleUrlAuthenticationFailureHandler(this.switchFailureUrl);
} else {
Assert.isNull(this.switchFailureUrl, "You cannot set both a switchFailureUrl and a failureHandler");
}
}
use of org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler in project spring-security by spring-projects.
the class SwitchUserFilterTests method testSwitchRequestFromDanoToJackLord.
@Test
public void testSwitchRequestFromDanoToJackLord() throws Exception {
// set current user
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
SecurityContextHolder.getContext().setAuthentication(auth);
// http request
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestURI("/webapp/login/impersonate");
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
// http response
MockHttpServletResponse response = new MockHttpServletResponse();
// setup filter
SwitchUserFilter filter = new SwitchUserFilter();
filter.setUserDetailsService(new MockUserDetailsService());
filter.setSwitchUserUrl("/login/impersonate");
filter.setSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/webapp/someOtherUrl"));
FilterChain chain = mock(FilterChain.class);
// test updates user token and context
filter.doFilter(request, response, chain);
verify(chain, never()).doFilter(request, response);
// check current user
Authentication targetAuth = SecurityContextHolder.getContext().getAuthentication();
assertThat(targetAuth).isNotNull();
assertThat(targetAuth.getPrincipal() instanceof UserDetails).isTrue();
assertThat(((User) targetAuth.getPrincipal()).getUsername()).isEqualTo("jacklord");
}
use of org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler in project spring-security by spring-projects.
the class SwitchUserFilterTests method redirectOmitsContextPathIfUseRelativeContextSet.
@Test
public void redirectOmitsContextPathIfUseRelativeContextSet() throws Exception {
// set current user
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("dano", "hawaii50");
SecurityContextHolder.getContext().setAuthentication(auth);
MockHttpServletRequest request = createMockSwitchRequest();
request.setContextPath("/webapp");
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
request.setRequestURI("/webapp/login/impersonate");
SwitchUserFilter filter = new SwitchUserFilter();
filter.setSwitchUserUrl("/login/impersonate");
SimpleUrlAuthenticationSuccessHandler switchSuccessHandler = new SimpleUrlAuthenticationSuccessHandler("/someOtherUrl");
DefaultRedirectStrategy contextRelativeRedirector = new DefaultRedirectStrategy();
contextRelativeRedirector.setContextRelative(true);
switchSuccessHandler.setRedirectStrategy(contextRelativeRedirector);
filter.setSuccessHandler(switchSuccessHandler);
filter.setUserDetailsService(new MockUserDetailsService());
FilterChain chain = mock(FilterChain.class);
MockHttpServletResponse response = new MockHttpServletResponse();
filter.doFilter(request, response, chain);
verify(chain, never()).doFilter(request, response);
assertThat(response.getRedirectedUrl()).isEqualTo("/someOtherUrl");
}
Aggregations