Example 1 with RequestRejectedHandler
use of org.springframework.security.web.firewall.RequestRejectedHandler in project spring-security by spring-projects.
the class MiscHttpConfigTests method getWhenUsingCustomRequestRejectedHandlerThenRequestRejectedHandlerIsInvoked.
@Test
public void getWhenUsingCustomRequestRejectedHandlerThenRequestRejectedHandlerIsInvoked() throws Exception {
this.spring.configLocations(xml("RequestRejectedHandler")).autowire();
HttpServletResponse response = new MockHttpServletResponse();
RequestRejectedException rejected = new RequestRejectedException("failed");
HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class);
RequestRejectedHandler requestRejectedHandler = this.spring.getContext().getBean(RequestRejectedHandler.class);
given(firewall.getFirewalledRequest(any(HttpServletRequest.class))).willThrow(rejected);
this.mvc.perform(get("/unprotected"));
verify(requestRejectedHandler).handle(any(), any(), any());
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
RequestRejectedException(org.springframework.security.web.firewall.RequestRejectedException)
HttpFirewall(org.springframework.security.web.firewall.HttpFirewall)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
RequestRejectedHandler(org.springframework.security.web.firewall.RequestRejectedHandler)
Test(org.junit.jupiter.api.Test)
Example 2 with RequestRejectedHandler
use of org.springframework.security.web.firewall.RequestRejectedHandler in project spring-security by spring-projects.
the class FilterChainProxyTests method requestRejectedHandlerIsCalledIfFirewallThrowsRequestRejectedException.
@Test
public void requestRejectedHandlerIsCalledIfFirewallThrowsRequestRejectedException() throws Exception {
HttpFirewall fw = mock(HttpFirewall.class);
RequestRejectedHandler rjh = mock(RequestRejectedHandler.class);
this.fcp.setFirewall(fw);
this.fcp.setRequestRejectedHandler(rjh);
RequestRejectedException requestRejectedException = new RequestRejectedException("Contains illegal chars");
given(fw.getFirewalledRequest(this.request)).willThrow(requestRejectedException);
this.fcp.doFilter(this.request, this.response, this.chain);
verify(rjh).handle(eq(this.request), eq(this.response), eq((requestRejectedException)));
}
Also used :
RequestRejectedException(org.springframework.security.web.firewall.RequestRejectedException)
HttpFirewall(org.springframework.security.web.firewall.HttpFirewall)
RequestRejectedHandler(org.springframework.security.web.firewall.RequestRejectedHandler)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)2
HttpFirewall (org.springframework.security.web.firewall.HttpFirewall)2
RequestRejectedException (org.springframework.security.web.firewall.RequestRejectedException)2
RequestRejectedHandler (org.springframework.security.web.firewall.RequestRejectedHandler)2
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1
