Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-399: Added tests for new session creation/attribute migration options.

This commit is contained in:
Luke Taylor 2008-01-08 15:44:21 +00:00
parent c5e6a4cdfd
commit 41d90e9bdb
2 changed files with 77 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
core/src/main/java/org/springframework/security/ui/AbstractProcessingFilter.java
View File

@ -127,8 +127,7 @@ import javax.servlet.http.HttpSession;
* is true. * is true.
* *
* @author Ben Alex * @author Ben Alex
* @version $Id: AbstractProcessingFilter.java 1909 2007-06-19 04:08:19Z * @version $Id$
* vishalpuri $
*/ */
public abstract class AbstractProcessingFilter extends SpringSecurityFilter implements InitializingBean, public abstract class AbstractProcessingFilter extends SpringSecurityFilter implements InitializingBean,
ApplicationEventPublisherAware, MessageSourceAware { ApplicationEventPublisherAware, MessageSourceAware {
@ -364,45 +363,46 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
private void startNewSessionIfRequired(HttpServletRequest request) { private void startNewSessionIfRequired(HttpServletRequest request) {
HttpSession session = request.getSession(false); HttpSession session = request.getSession(false);
if (session != null) { if (session == null) {
return;
}
if (!migrateInvalidatedSessionAttributes) { if (!migrateInvalidatedSessionAttributes) {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Invalidating session without migrating attributes."); logger.debug("Invalidating session without migrating attributes.");
} }
session.invalidate(); session.invalidate();
session = null; session = null;
// this is probably not necessary, but seems cleaner since // this is probably not necessary, but seems cleaner since
// there already was a session going. // there already was a session going.
request.getSession(true); request.getSession(true);
} else { } else {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
logger.debug("Invalidating session and migrating attributes."); logger.debug("Invalidating session and migrating attributes.");
} }
HashMap migratedAttributes = new HashMap(); HashMap migratedAttributes = new HashMap();
Enumeration enumer = session.getAttributeNames(); Enumeration enumer = session.getAttributeNames();
while (enumer.hasMoreElements()) { while (enumer.hasMoreElements()) {
String key = (String) enumer.nextElement(); String key = (String) enumer.nextElement();
migratedAttributes.put(key, session.getAttribute(key)); migratedAttributes.put(key, session.getAttribute(key));
} }
session.invalidate(); session.invalidate();
session = request.getSession(true); // we now have a new session session = request.getSession(true); // we now have a new session
Iterator iter = migratedAttributes.entrySet().iterator(); Iterator iter = migratedAttributes.entrySet().iterator();
while (iter.hasNext()) { while (iter.hasNext()) {
Map.Entry entry = (Map.Entry) iter.next(); Map.Entry entry = (Map.Entry) iter.next();
session.setAttribute((String) entry.getKey(), entry.getValue()); session.setAttribute((String) entry.getKey(), entry.getValue());
}
} }
} }
} }
@ -558,5 +558,4 @@ public abstract class AbstractProcessingFilter extends SpringSecurityFilter impl
public void setUseRelativeContext(boolean useRelativeContext) { public void setUseRelativeContext(boolean useRelativeContext) {
this.useRelativeContext = useRelativeContext; this.useRelativeContext = useRelativeContext;
} }
} }

50
core/src/test/java/org/springframework/security/ui/AbstractProcessingFilterTests.java
View File

@ -31,6 +31,7 @@ import org.springframework.security.util.PortResolverImpl;
import org.springframework.mock.web.MockFilterConfig; import org.springframework.mock.web.MockFilterConfig;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockHttpSession;
import javax.servlet.Filter; import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
@ -40,6 +41,7 @@ import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException; import java.io.IOException;
import java.util.Properties; import java.util.Properties;
@ -254,6 +256,7 @@ public class AbstractProcessingFilterTests extends TestCase {
public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception { public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception {
// Setup our HTTP request // Setup our HTTP request
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
HttpSession sessionPreAuth = request.getSession();
// Setup our filter configuration // Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(null, null); MockFilterConfig config = new MockFilterConfig(null, null);
@ -275,6 +278,8 @@ public class AbstractProcessingFilterTests extends TestCase {
assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl()); assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl());
assertNotNull(SecurityContextHolder.getContext().getAuthentication()); assertNotNull(SecurityContextHolder.getContext().getAuthentication());
assertEquals("test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()); assertEquals("test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
// Should still have the same session
assertEquals(sessionPreAuth, request.getSession());
} }
public void testStartupDetectsInvalidAuthenticationFailureUrl() throws Exception { public void testStartupDetectsInvalidAuthenticationFailureUrl() throws Exception {
@ -373,7 +378,7 @@ public class AbstractProcessingFilterTests extends TestCase {
} }
public void testSuccessfulAuthenticationButWithAlwaysUseDefaultTargetUrlCausesRedirectToDefaultTargetUrl() public void testSuccessfulAuthenticationButWithAlwaysUseDefaultTargetUrlCausesRedirectToDefaultTargetUrl()
throws Exception { throws Exception {
// Setup our HTTP request // Setup our HTTP request
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY, makeSavedRequestForUrl()); request.getSession().setAttribute(AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
@ -433,7 +438,6 @@ public class AbstractProcessingFilterTests extends TestCase {
// Setup our test object, to grant access // Setup our test object, to grant access
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true); MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
filter.setFilterProcessesUrl("/j_mock_post");
filter.setDefaultTargetUrl("http://monkeymachine.co.uk/"); filter.setDefaultTargetUrl("http://monkeymachine.co.uk/");
filter.setAlwaysUseDefaultTargetUrl(true); filter.setAlwaysUseDefaultTargetUrl(true);
@ -442,6 +446,48 @@ public class AbstractProcessingFilterTests extends TestCase {
assertNotNull(SecurityContextHolder.getContext().getAuthentication()); assertNotNull(SecurityContextHolder.getContext().getAuthentication());
} }
public void testNewSessionIsCreatedIfInvalidateSessionOnSuccessfulAuthenticationIsSet() throws Exception {
MockHttpServletRequest request = createMockRequest();
HttpSession oldSession = request.getSession();
oldSession.setAttribute("test","test");
MockFilterConfig config = new MockFilterConfig(null, null);
MockFilterChain chain = new MockFilterChain(true);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
filter.setInvalidateSessionOnSuccessfulAuthentication(true);
filter.setDefaultTargetUrl("http://monkeymachine.co.uk/");
executeFilterInContainerSimulator(config, filter, request, response, chain);
HttpSession newSession = request.getSession();
assertFalse(newSession.getId().equals(oldSession.getId()));
assertEquals("test", newSession.getAttribute("test"));
}
public void testAttributesAreNotMigratedToNewlyCreatedSessionIfMigrateAttributesIsFalse() throws Exception {
MockHttpServletRequest request = createMockRequest();
HttpSession oldSession = request.getSession();
MockFilterConfig config = new MockFilterConfig(null, null);
MockFilterChain chain = new MockFilterChain(true);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
filter.setInvalidateSessionOnSuccessfulAuthentication(true);
filter.setMigrateInvalidatedSessionAttributes(false);
filter.setDefaultTargetUrl("http://monkeymachine.co.uk/");
executeFilterInContainerSimulator(config, filter, request, response, chain);
HttpSession newSession = request.getSession();
assertFalse(newSession.getId().equals(oldSession.getId()));
assertNull(newSession.getAttribute("test"));
}
//~ Inner Classes ================================================================================================== //~ Inner Classes ==================================================================================================
private class MockAbstractProcessingFilter extends AbstractProcessingFilter { private class MockAbstractProcessingFilter extends AbstractProcessingFilter {