Example 26 with MockHttpServletRequestBuilder
use of org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder in project spring-security by spring-projects.
the class WebMvcSecurityConfigurationTests method csrfToken.
@Test
public void csrfToken() throws Exception {
CsrfToken csrfToken = new DefaultCsrfToken("headerName", "paramName", "token");
MockHttpServletRequestBuilder request = get("/csrf").requestAttr(CsrfToken.class.getName(), csrfToken);
mockMvc.perform(request).andExpect(assertResult(csrfToken));
}
Also used :
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
Test(org.junit.Test)
Example 27 with MockHttpServletRequestBuilder
use of org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder in project spring-security by spring-projects.
the class ConcurrentSessionManagementTests method maxConcurrentLoginsValueIsRespected.
@Test
public void maxConcurrentLoginsValueIsRespected() throws Exception {
final MockHttpSession session1 = new MockHttpSession();
final MockHttpSession session2 = new MockHttpSession();
MockMvc mockMvc = createMockMvc("classpath:/spring/http-security-concurrency.xml", "classpath:/spring/in-memory-provider.xml", "classpath:/spring/testapp-servlet.xml");
mockMvc.perform(get("secure/index").session(session1)).andExpect(status().is3xxRedirection());
MockHttpServletRequestBuilder login1 = login().session(session1);
mockMvc.perform(login1).andExpect(authenticated().withUsername("jimi"));
MockHttpServletRequestBuilder login2 = login().session(session2);
mockMvc.perform(login2).andExpect(redirectedUrl("/login.jsp?login_error=true"));
Exception exception = (Exception) session2.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
assertThat(exception).isNotNull();
assertThat(exception.getMessage()).contains("Maximum sessions of 1 for this principal exceeded");
// Now logout to kill first session
mockMvc.perform(post("/logout").with(csrf())).andExpect(status().is3xxRedirection()).andDo(new ResultHandler() {
@SuppressWarnings("serial")
@Override
public void handle(MvcResult result) throws Exception {
context.publishEvent(new SessionDestroyedEvent(session1) {
@Override
public List<SecurityContext> getSecurityContexts() {
return Collections.emptyList();
}
@Override
public String getId() {
return session1.getId();
}
});
}
});
// Try second session again
login2 = login().session(session2);
mockMvc.perform(login2).andExpect(authenticated().withUsername("jimi"));
mockMvc.perform(get("/secure/index").session(session2)).andExpect(content().string(containsString("A Secure Page")));
}
Also used :
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
SecurityContext(org.springframework.security.core.context.SecurityContext)
MockHttpSession(org.springframework.mock.web.MockHttpSession)
ResultHandler(org.springframework.test.web.servlet.ResultHandler)
SessionDestroyedEvent(org.springframework.security.core.session.SessionDestroyedEvent)
MvcResult(org.springframework.test.web.servlet.MvcResult)
MockMvc(org.springframework.test.web.servlet.MockMvc)
Test(org.junit.Test)
Example 28 with MockHttpServletRequestBuilder
use of org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder in project spring-security by spring-projects.
the class SecurityMockMvcRequestPostProcessorsCsrfTests method csrfWhenUsedThenDoesNotImpactOriginalRepository.
// gh-4016
@Test
public void csrfWhenUsedThenDoesNotImpactOriginalRepository() throws Exception {
// @formatter:off
this.mockMvc.perform(post("/").with(csrf()));
MockHttpServletRequest request = new MockHttpServletRequest();
HttpSessionCsrfTokenRepository repo = new HttpSessionCsrfTokenRepository();
CsrfToken token = repo.generateToken(request);
repo.saveToken(token, request, new MockHttpServletResponse());
MockHttpServletRequestBuilder requestWithCsrf = post("/").param(token.getParameterName(), token.getToken()).session((MockHttpSession) request.getSession());
this.mockMvc.perform(requestWithCsrf).andExpect(status().isOk());
// @formatter:on
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)
CsrfToken(org.springframework.security.web.csrf.CsrfToken)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.Test)
Example 29 with MockHttpServletRequestBuilder
use of org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder in project hub-alert by blackducksoftware.
the class CommonDistributionConfigControllerTestIT method testDeleteConfig.
@Test
@Override
public void testDeleteConfig() throws Exception {
entityRepository.deleteAll();
final CommonDistributionConfigEntity savedEntity = entityRepository.save(entity);
final MockHttpServletRequestBuilder request = MockMvcRequestBuilders.delete(restUrl).with(SecurityMockMvcRequestPostProcessors.user("admin").roles("ADMIN"));
restModel.setId(String.valueOf(savedEntity.getId()));
request.content(gson.toJson(restModel));
request.contentType(contentType);
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isAccepted());
}
Also used :
CommonDistributionConfigEntity(com.blackducksoftware.integration.hub.alert.datasource.entity.CommonDistributionConfigEntity)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
Test(org.junit.Test)
Example 30 with MockHttpServletRequestBuilder
use of org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder in project hub-alert by blackducksoftware.
the class HomeControllerTestIT method testVerifyNoToken.
@Test
@WithMockUser(roles = "ADMIN")
public void testVerifyNoToken() throws Exception {
final HttpHeaders headers = new HttpHeaders();
headers.add("X-CSRF-TOKEN", UUID.randomUUID().toString());
final MockHttpServletRequestBuilder request = MockMvcRequestBuilders.get(homeVerifyUrl).with(SecurityMockMvcRequestPostProcessors.user("admin").roles("ADMIN"));
request.headers(headers);
mockMvc.perform(request).andExpect(MockMvcResultMatchers.status().isUnauthorized());
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
WithMockUser(org.springframework.security.test.context.support.WithMockUser)
ExternalConnectionTest(com.blackducksoftware.integration.test.annotation.ExternalConnectionTest)
Test(org.junit.Test)
Aggregations
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)37
Test (org.junit.Test)35
WithMockUser (org.springframework.security.test.context.support.WithMockUser)23
ExternalConnectionTest (com.blackducksoftware.integration.test.annotation.ExternalConnectionTest)18
DatabaseConnectionTest (com.blackducksoftware.integration.test.annotation.DatabaseConnectionTest)14
CommonDistributionConfigEntity (com.blackducksoftware.integration.hub.alert.datasource.entity.CommonDistributionConfigEntity)5
GlobalControllerTest (com.blackducksoftware.integration.hub.alert.web.controller.GlobalControllerTest)4
HttpHeaders (org.springframework.http.HttpHeaders)4
CsrfToken (org.springframework.security.web.csrf.CsrfToken)3
MockAuditEntryEntity (com.blackducksoftware.integration.hub.alert.audit.mock.MockAuditEntryEntity)2
AuditEntryEntity (com.blackducksoftware.integration.hub.alert.audit.repository.AuditEntryEntity)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
MockHttpSession (org.springframework.mock.web.MockHttpSession)2
MockMvc (org.springframework.test.web.servlet.MockMvc)2
MvcResult (org.springframework.test.web.servlet.MvcResult)2
TestProperties (com.blackducksoftware.integration.hub.alert.TestProperties)1
AuditNotificationRelation (com.blackducksoftware.integration.hub.alert.audit.repository.relation.AuditNotificationRelation)1
NotificationEntity (com.blackducksoftware.integration.hub.alert.datasource.entity.NotificationEntity)1
GlobalHubConfigRestModel (com.blackducksoftware.integration.hub.alert.hub.controller.global.GlobalHubConfigRestModel)1
MockNotificationEntity (com.blackducksoftware.integration.hub.alert.mock.entity.MockNotificationEntity)1
