Fix Spring IO Tests

2015-07-08 11:09:29 -05:00 · 2015-07-08 11:09:29 -05:00 · 1f74ac811e
parent 350b48e3fd
commit 1f74ac811e
5 changed files with 41 additions and 16 deletions
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy
@ -80,10 +80,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
 			authFilter.requiresAuthentication(new MockHttpServletRequest(servletPath : "/login", method: "POST"), new MockHttpServletResponse())
 			!authFilter.requiresAuthentication(new MockHttpServletRequest(servletPath : "/login", method: "GET"), new MockHttpServletResponse())

-		and: "SessionFixationProtectionStrategy is configured correctly"
-			SessionFixationProtectionStrategy sessionStrategy = ReflectionTestUtils.getField(authFilter,"sessionStrategy").delegateStrategies.find { SessionFixationProtectionStrategy }
-			sessionStrategy.migrateSessionAttributes
-
 		and: "Exception handling is configured correctly"
 			AuthenticationEntryPoint authEntryPoint = filterChains[1].filters.find { it instanceof ExceptionTranslationFilter}.authenticationEntryPoint
 			MockHttpServletResponse response = new MockHttpServletResponse()
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.groovy
@ -24,6 +24,8 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.core.session.SessionRegistry
+import org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy;
+import org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy;
 import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
 import org.springframework.security.web.authentication.session.SessionFixationProtectionEvent
@ -41,7 +43,7 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
 		when:
 			loadConfig(SessionManagementConfig)
 		then:
-			findSessionAuthenticationStrategy(SessionFixationProtectionStrategy)
+			findSessionAuthenticationStrategy(AbstractSessionFixationProtectionStrategy)
 	}

 	@EnableWebSecurity
@ -124,8 +126,12 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
 		when:
 			loadConfig(SFPMigrateSessionManagementConfig)
 		then:
+			if(isChangeSession()) {
+				findSessionAuthenticationStrategy(ChangeSessionIdAuthenticationStrategy)
+			} else {
 				findSessionAuthenticationStrategy(SessionFixationProtectionStrategy).migrateSessionAttributes
 			}
+	}

 	@EnableWebSecurity
 	static class SFPMigrateSessionManagementConfig extends WebSecurityConfigurerAdapter {
@ -140,7 +146,7 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
 		setup:
 			loadConfig(SFPPostProcessedConfig)
 		when:
-			findSessionAuthenticationStrategy(SessionFixationProtectionStrategy).onSessionChange("id", new MockHttpSession(), new TestingAuthenticationToken("u","p","ROLE_USER"))
+			findSessionAuthenticationStrategy(AbstractSessionFixationProtectionStrategy).onSessionChange("id", new MockHttpSession(), new TestingAuthenticationToken("u","p","ROLE_USER"))
 		then:
 			context.getBean(MockEventListener).events
 	}
@ -167,7 +173,7 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
 	}

 	def findSessionAuthenticationStrategy(def c) {
-		findFilter(SessionManagementFilter).sessionAuthenticationStrategy.delegateStrategies.find { it.class.isAssignableFrom(c) }
+		findFilter(SessionManagementFilter).sessionAuthenticationStrategy.delegateStrategies.find { c.isAssignableFrom(it.class) }
 	}

 	@EnableWebSecurity
@ -189,4 +195,12 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
 		}

 	}
+
+	boolean isChangeSession() {
+		try {
+			new ChangeSessionIdAuthenticationStrategy()
+			return true
+		} catch(Exception e) {}
+		return false
+	}
 }
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.groovy
@ -17,11 +17,10 @@ package org.springframework.security.config.annotation.web.configurers

 import javax.servlet.http.HttpServletResponse

-import org.springframework.context.annotation.Configuration
 import org.springframework.mock.web.MockFilterChain
 import org.springframework.mock.web.MockHttpServletRequest
 import org.springframework.mock.web.MockHttpServletResponse
-import org.springframework.security.authentication.AuthenticationTrustResolver;
+import org.springframework.security.authentication.AuthenticationTrustResolver
 import org.springframework.security.config.annotation.AnyObjectPostProcessor
 import org.springframework.security.config.annotation.BaseSpringSpec
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
@ -29,18 +28,17 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.http.SessionCreationPolicy
-import org.springframework.security.core.session.SessionDestroyedEvent
 import org.springframework.security.web.access.ExceptionTranslationFilter
+import org.springframework.security.web.authentication.session.AbstractSessionFixationProtectionStrategy
 import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy
 import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy
 import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
-import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
 import org.springframework.security.web.context.NullSecurityContextRepository
 import org.springframework.security.web.context.SecurityContextPersistenceFilter
 import org.springframework.security.web.context.SecurityContextRepository
 import org.springframework.security.web.savedrequest.RequestCache
 import org.springframework.security.web.session.ConcurrentSessionFilter
-import org.springframework.security.web.session.HttpSessionDestroyedEvent;
+import org.springframework.security.web.session.HttpSessionDestroyedEvent
 import org.springframework.security.web.session.SessionManagementFilter

 /**
@ -229,7 +227,7 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
 		and: "RegisterSessionAuthenticationStrategy is registered with ObjectPostProcessor"
 			1 * opp.postProcess(_ as RegisterSessionAuthenticationStrategy) >> {RegisterSessionAuthenticationStrategy o -> o}
 		and: "SessionFixationProtectionStrategy is registered with ObjectPostProcessor"
-			1 * opp.postProcess(_ as SessionFixationProtectionStrategy) >> {SessionFixationProtectionStrategy o -> o}
+			1 * opp.postProcess(_ as AbstractSessionFixationProtectionStrategy) >> {AbstractSessionFixationProtectionStrategy o -> o}
 	}

 	def "use sharedObject trustResolver"() {
--- a/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
+++ b/web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
@ -17,6 +17,7 @@ import java.io.PrintWriter;
 import java.util.Locale;

 import javax.servlet.ServletOutputStream;
+import javax.servlet.WriteListener;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpServletResponseWrapper;

@ -469,5 +470,15 @@ public abstract class SaveContextOnUpdateOrErrorResponseWrapper extends
 		public String toString() {
 			return getClass().getName() + "[delegate=" + delegate.toString() + "]";
 		}
+
+		@Override
+		public boolean isReady() {
+			return delegate.isReady();
+		}
+
+		@Override
+		public void setWriteListener(WriteListener writeListener) {
+			delegate.setWriteListener(writeListener);
+		}
 	}
 }
--- a/web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/session/ChangeSessionIdAuthenticationStrategyTests.java
@ -42,6 +42,12 @@ public class ChangeSessionIdAuthenticationStrategyTests {

 	@Test(expected = IllegalStateException.class)
 	public void constructChangeIdMethodNotFound() {
+		spy(ReflectionUtils.class);
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.getSession();
+		when(ReflectionUtils.findMethod(HttpServletRequest.class, "changeSessionId"))
+				.thenReturn(null);
+
 		new ChangeSessionIdAuthenticationStrategy();
 	}