Example 11 with SessionAuthenticationStrategy
use of org.springframework.security.web.authentication.session.SessionAuthenticationStrategy in project spring-security by spring-projects.
the class SessionManagementFilterTests method responseIsRedirectedToRequestedUrlIfSetAndSessionIsInvalid.
@Test
public void responseIsRedirectedToRequestedUrlIfSetAndSessionIsInvalid() throws Exception {
SecurityContextRepository repo = mock(SecurityContextRepository.class);
// repo will return false to containsContext()
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setRequestedSessionId("xxx");
request.setRequestedSessionIdValid(false);
MockHttpServletResponse response = new MockHttpServletResponse();
filter.doFilter(request, response, new MockFilterChain());
assertThat(response.getRedirectedUrl()).isNull();
// Now set a redirect URL
request = new MockHttpServletRequest();
request.setRequestedSessionId("xxx");
request.setRequestedSessionIdValid(false);
request.setRequestURI("/requested");
RequestedUrlRedirectInvalidSessionStrategy iss = new RequestedUrlRedirectInvalidSessionStrategy();
iss.setCreateNewSession(true);
filter.setInvalidSessionStrategy(iss);
FilterChain fc = mock(FilterChain.class);
filter.doFilter(request, response, fc);
verifyZeroInteractions(fc);
assertThat(response.getRedirectedUrl()).isEqualTo("/requested");
}
Also used :
SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
FilterChain(jakarta.servlet.FilterChain)
SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
SessionAuthenticationStrategy (org.springframework.security.web.authentication.session.SessionAuthenticationStrategy)11
Test (org.junit.jupiter.api.Test)6
MockFilterChain (org.springframework.mock.web.MockFilterChain)6
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)6
SecurityContextRepository (org.springframework.security.web.context.SecurityContextRepository)6
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)4
FilterChain (jakarta.servlet.FilterChain)3
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)2
RememberMeServices (org.springframework.security.web.authentication.RememberMeServices)2
Authentication (org.springframework.security.core.Authentication)1
SessionRegistry (org.springframework.security.core.session.SessionRegistry)1
PortMapper (org.springframework.security.web.PortMapper)1
AuthenticationFailureHandler (org.springframework.security.web.authentication.AuthenticationFailureHandler)1
CompositeSessionAuthenticationStrategy (org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy)1
ConcurrentSessionControlAuthenticationStrategy (org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy)1
RegisterSessionAuthenticationStrategy (org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy)1
SessionAuthenticationException (org.springframework.security.web.authentication.session.SessionAuthenticationException)1
RequestCache (org.springframework.security.web.savedrequest.RequestCache)1
