From 000bb1cbed0bf91f8edcaa8d347846b6f6f29088 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Thu, 31 Jul 2008 15:42:04 +0000
Subject: [PATCH] OPEN - issue SEC-881: PreAuthenticatedFilter continues filter
 chain after unsuccessfulAuthentication(...)
 http://jira.springframework.org/browse/SEC-881. Added test class.

---
 ...PreAuthenticatedProcessingFilterTests.java | 55 +++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 core/src/test/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilterTests.java

diff --git a/core/src/test/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilterTests.java b/core/src/test/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
new file mode 100644
index 0000000000..761f6fd079
--- /dev/null
+++ b/core/src/test/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilterTests.java
@@ -0,0 +1,55 @@
+package org.springframework.security.ui.preauth;
+
+import static org.junit.Assert.*;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.BadCredentialsException;
+import org.springframework.security.MockAuthenticationManager;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.util.MockFilterChain;
+
+public class AbstractPreAuthenticatedProcessingFilterTests {
+	private AbstractPreAuthenticatedProcessingFilter filter;
+	
+	@Before
+	public void createFilter() {
+		filter = new AbstractPreAuthenticatedProcessingFilter() {
+			protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
+				return "n/a";
+			}
+
+			protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
+				return "doesntmatter";
+			}
+
+			public int getOrder() {
+				return 0;
+			}
+		};
+		SecurityContextHolder.getContext().setAuthentication(null);
+	}
+
+	@Test
+	public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exception {
+		filter.setAuthenticationManager(new MockAuthenticationManager(false));
+		filter.afterPropertiesSet();		
+		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(true));
+		assertNull(SecurityContextHolder.getContext().getAuthentication());
+	}	
+	
+	/* SEC-881 */
+	@Test(expected=BadCredentialsException.class)
+	public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse() throws Exception {
+		filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
+		filter.setAuthenticationManager(new MockAuthenticationManager(false));
+		filter.afterPropertiesSet();		
+		filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false));
+		assertNull(SecurityContextHolder.getContext().getAuthentication());
+	}
+
+}