Search in sources :

Example 1 with RequestRejectedException

use of org.springframework.security.web.firewall.RequestRejectedException in project gocd by gocd.

the class MainFilterChain method doFilter.

@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    try {
        super.doFilter(request, response, chain);
    } catch (RequestRejectedException e) {
        REQUEST_REJECTED_EXCEPTION_HANDLER.handle(request, response, e.getMessage(), HttpStatus.BAD_REQUEST);
    } catch (HttpRequestMethodNotSupportedException e) {
        REQUEST_REJECTED_EXCEPTION_HANDLER.handle(request, response, e.getMessage(), HttpStatus.METHOD_NOT_ALLOWED);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RequestRejectedException(org.springframework.security.web.firewall.RequestRejectedException) HttpServletResponse(javax.servlet.http.HttpServletResponse) HttpRequestMethodNotSupportedException(org.springframework.web.HttpRequestMethodNotSupportedException)

Example 2 with RequestRejectedException

use of org.springframework.security.web.firewall.RequestRejectedException in project spring-security by spring-projects.

the class MiscHttpConfigTests method getWhenUsingCustomRequestRejectedHandlerThenRequestRejectedHandlerIsInvoked.

@Test
public void getWhenUsingCustomRequestRejectedHandlerThenRequestRejectedHandlerIsInvoked() throws Exception {
    this.spring.configLocations(xml("RequestRejectedHandler")).autowire();
    HttpServletResponse response = new MockHttpServletResponse();
    RequestRejectedException rejected = new RequestRejectedException("failed");
    HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class);
    RequestRejectedHandler requestRejectedHandler = this.spring.getContext().getBean(RequestRejectedHandler.class);
    given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willThrow(rejected);
    this.mvc.perform(get("/unprotected"));
    verify(requestRejectedHandler).handle(any(), any(), any());
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) RequestRejectedException(org.springframework.security.web.firewall.RequestRejectedException) HttpFirewall(org.springframework.security.web.firewall.HttpFirewall) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RequestRejectedHandler(org.springframework.security.web.firewall.RequestRejectedHandler) Test(org.junit.jupiter.api.Test)

Example 3 with RequestRejectedException

use of org.springframework.security.web.firewall.RequestRejectedException in project spring-security by spring-projects.

the class FilterChainProxyTests method requestRejectedHandlerIsCalledIfFirewallThrowsRequestRejectedException.

@Test
public void requestRejectedHandlerIsCalledIfFirewallThrowsRequestRejectedException() throws Exception {
    HttpFirewall fw = mock(HttpFirewall.class);
    RequestRejectedHandler rjh = mock(RequestRejectedHandler.class);
    this.fcp.setFirewall(fw);
    this.fcp.setRequestRejectedHandler(rjh);
    RequestRejectedException requestRejectedException = new RequestRejectedException("Contains illegal chars");
    given(fw.getFirewalledRequest(this.request)).willThrow(requestRejectedException);
    this.fcp.doFilter(this.request, this.response, this.chain);
    verify(rjh).handle(eq(this.request), eq(this.response), eq((requestRejectedException)));
}
Also used : RequestRejectedException(org.springframework.security.web.firewall.RequestRejectedException) HttpFirewall(org.springframework.security.web.firewall.HttpFirewall) RequestRejectedHandler(org.springframework.security.web.firewall.RequestRejectedHandler) Test(org.junit.jupiter.api.Test)

Aggregations

RequestRejectedException (org.springframework.security.web.firewall.RequestRejectedException)3 Test (org.junit.jupiter.api.Test)2 HttpFirewall (org.springframework.security.web.firewall.HttpFirewall)2 RequestRejectedHandler (org.springframework.security.web.firewall.RequestRejectedHandler)2 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 HttpRequestMethodNotSupportedException (org.springframework.web.HttpRequestMethodNotSupportedException)1