Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

OPEN - issue SEC-881: PreAuthenticatedFilter continues filter chain after unsuccessfulAuthentication(...) 

http://jira.springframework.org/browse/SEC-881. Added test class.
This commit is contained in:
Luke Taylor 2008-07-31 15:42:04 +00:00
parent 243c4f22d4
commit 000bb1cbed
1 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
core/src/test/java/org/springframework/security/ui/preauth/AbstractPreAuthenticatedProcessingFilterTests.java Normal file
View File

@ -0,0 +1,55 @@
package org.springframework.security.ui.preauth;
import static org.junit.Assert.*;
import javax.servlet.http.HttpServletRequest;
import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.MockAuthenticationManager;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.util.MockFilterChain;
public class AbstractPreAuthenticatedProcessingFilterTests {
private AbstractPreAuthenticatedProcessingFilter filter;
@Before
public void createFilter() {
filter = new AbstractPreAuthenticatedProcessingFilter() {
protected Object getPreAuthenticatedCredentials(HttpServletRequest request) {
return "n/a";
}
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
return "doesntmatter";
}
public int getOrder() {
return 0;
}
};
SecurityContextHolder.getContext().setAuthentication(null);
}
@Test
public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exception {
filter.setAuthenticationManager(new MockAuthenticationManager(false));
filter.afterPropertiesSet();
filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(true));
assertNull(SecurityContextHolder.getContext().getAuthentication());
}
/* SEC-881 */
@Test(expected=BadCredentialsException.class)
public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse() throws Exception {
filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
filter.setAuthenticationManager(new MockAuthenticationManager(false));
filter.afterPropertiesSet();
filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain(false));
assertNull(SecurityContextHolder.getContext().getAuthentication());
}
}