Example 6 with RequestHeaderAuthenticationFilter
use of org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter in project spring-security by spring-projects.
the class RequestHeaderAuthenticationFilterTests method userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIsSet.
@Test
public void userIsReauthenticatedIfPrincipalChangesAndCheckForPrincipalChangesIsSet() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
filter.setAuthenticationManager(createAuthenticationManager());
filter.setCheckForPrincipalChanges(true);
request.addHeader("SM_USER", "cat");
filter.doFilter(request, response, new MockFilterChain());
request = new MockHttpServletRequest();
request.addHeader("SM_USER", "dog");
filter.doFilter(request, response, new MockFilterChain());
Authentication dog = SecurityContextHolder.getContext().getAuthentication();
assertThat(dog).isNotNull();
assertThat(dog.getName()).isEqualTo("dog");
// Make sure authentication doesn't occur every time (i.e. if the header *doesn't
// change)
filter.setAuthenticationManager(mock(AuthenticationManager.class));
filter.doFilter(request, response, new MockFilterChain());
assertThat(SecurityContextHolder.getContext().getAuthentication()).isSameAs(dog);
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
RequestHeaderAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Authentication(org.springframework.security.core.Authentication)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 7 with RequestHeaderAuthenticationFilter
use of org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter in project spring-security by spring-projects.
the class RequestHeaderAuthenticationFilterTests method missingHeaderCausesException.
@Test(expected = PreAuthenticatedCredentialsNotFoundException.class)
public void missingHeaderCausesException() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
filter.setAuthenticationManager(createAuthenticationManager());
filter.doFilter(request, response, chain);
}
Also used :
RequestHeaderAuthenticationFilter(org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)7
MockFilterChain (org.springframework.mock.web.MockFilterChain)7
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)7
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)7
RequestHeaderAuthenticationFilter (org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter)7
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1
Authentication (org.springframework.security.core.Authentication)1
