Josh Cummings
parent
aa2b96e4b8
commit
306e9ed91c
|
|
@ -1,79 +0,0 @@
|
|||
/*
|
||||
* Copyright 2002-2012 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.http
|
||||
|
||||
import static org.mockito.Matchers.any
|
||||
import static org.mockito.Matchers.eq
|
||||
import static org.mockito.Mockito.*
|
||||
|
||||
import javax.servlet.http.HttpServletResponse
|
||||
import javax.servlet.http.HttpServletResponseWrapper
|
||||
|
||||
import org.springframework.mock.web.MockFilterChain
|
||||
import org.springframework.mock.web.MockHttpServletRequest
|
||||
import org.springframework.mock.web.MockHttpServletResponse
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Rob Winch
|
||||
*/
|
||||
class HttpConfigTests extends AbstractHttpConfigTests {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest('GET','/secure')
|
||||
MockHttpServletResponse response = new MockHttpServletResponse()
|
||||
MockFilterChain chain = new MockFilterChain()
|
||||
|
||||
def 'http minimal configuration works'() {
|
||||
setup:
|
||||
xml.http() {}
|
||||
createAppContext("""<user-service>
|
||||
<user name="user" password="password" authorities="ROLE_USER" />
|
||||
</user-service>""")
|
||||
when: 'request protected URL'
|
||||
springSecurityFilterChain.doFilter(request,response,chain)
|
||||
then: 'sent to login page'
|
||||
response.status == HttpServletResponse.SC_MOVED_TEMPORARILY
|
||||
response.redirectedUrl == 'http://localhost/login'
|
||||
}
|
||||
|
||||
def 'http disable-url-rewriting defaults to true'() {
|
||||
setup:
|
||||
xml.http() {}
|
||||
createAppContext("""<user-service>
|
||||
<user name="user" password="password" authorities="ROLE_USER" />
|
||||
</user-service>""")
|
||||
HttpServletResponse testResponse = new HttpServletResponseWrapper(response) {
|
||||
public String encodeURL(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL")
|
||||
}
|
||||
public String encodeRedirectURL(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL")
|
||||
}
|
||||
public String encodeUrl(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL")
|
||||
}
|
||||
public String encodeRedirectUrl(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL")
|
||||
}
|
||||
}
|
||||
when: 'request protected URL'
|
||||
springSecurityFilterChain.doFilter(request,testResponse,{ request,response->
|
||||
response.encodeURL("/url")
|
||||
response.encodeRedirectURL("/url")
|
||||
response.encodeUrl("/url")
|
||||
response.encodeRedirectUrl("/url")
|
||||
})
|
||||
then: 'sent to login page'
|
||||
response.status == HttpServletResponse.SC_MOVED_TEMPORARILY
|
||||
response.redirectedUrl == 'http://localhost/login'
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,114 @@
|
|||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.http;
|
||||
|
||||
import org.apache.http.HttpStatus;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.config.test.SpringTestRule;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpServletResponseWrapper;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @author Josh Cummings
|
||||
*/
|
||||
public class HttpConfigTests {
|
||||
|
||||
private static final String CONFIG_LOCATION_PREFIX =
|
||||
"classpath:org/springframework/security/config/http/HttpConfigTests";
|
||||
|
||||
@Rule
|
||||
public final SpringTestRule spring = new SpringTestRule();
|
||||
|
||||
@Autowired
|
||||
MockMvc mvc;
|
||||
|
||||
@Test
|
||||
public void getWhenUsingMinimalConfigurationThenRedirectsToLogin()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(this.xml("Minimal")).autowire();
|
||||
|
||||
this.mvc.perform(get("/"))
|
||||
.andExpect(status().isFound())
|
||||
.andExpect(redirectedUrl("http://localhost/login"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenUsingMinimalConfigurationThenPreventsSessionAsUrlParameter()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(this.xml("Minimal")).autowire();
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
|
||||
|
||||
proxy.doFilter(
|
||||
request,
|
||||
new EncodeUrlDenyingHttpServletResponseWrapper(response),
|
||||
(req, resp) -> {});
|
||||
|
||||
assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
|
||||
assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login");
|
||||
}
|
||||
|
||||
private static class EncodeUrlDenyingHttpServletResponseWrapper
|
||||
extends HttpServletResponseWrapper {
|
||||
|
||||
public EncodeUrlDenyingHttpServletResponseWrapper(HttpServletResponse response) {
|
||||
super(response);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encodeURL(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL");
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encodeRedirectURL(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL");
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encodeUrl(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL");
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encodeRedirectUrl(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL");
|
||||
}
|
||||
}
|
||||
|
||||
private String xml(String configName) {
|
||||
return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true" use-expressions="false">
|
||||
<intercept-url pattern="/**" access="ROLE_USER"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
Loading…
Reference in New Issue