Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-588: Added extra tests to check cookie values.

This commit is contained in:
Luke Taylor 2007-11-04 12:07:49 +00:00
parent 55b1f9348d
commit 4c44bd782f
3 changed files with 31 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
core/src/main/java/org/springframework/security/ui/rememberme/AbstractRememberMeServices.java
View File

@ -211,7 +211,8 @@ public abstract class AbstractRememberMeServices implements RememberMeServices {
* The default is to return true if <tt>alwaysRemember</tt> is set or the configured parameter name has * The default is to return true if <tt>alwaysRemember</tt> is set or the configured parameter name has
* been included in the request and is set to the value "true". * been included in the request and is set to the value "true".
* *
* @param request the request which may include * @param request the request submitted from an interactive login, which may include additional information
* indicating that a persistent login is desired.
* @param parameter the configured remember-me parameter name. * @param parameter the configured remember-me parameter name.
* *
* @return true if the request includes information indicating that a persistent login has been * @return true if the request includes information indicating that a persistent login has been

1
core/src/test/java/org/springframework/security/ui/rememberme/AbstractRememberMeServicesTests.java
View File

@ -220,7 +220,6 @@ public class AbstractRememberMeServicesTests {
} }
private Cookie[] createLoginCookie(String cookieToken) { private Cookie[] createLoginCookie(String cookieToken) {
MockRememberMeServices services = new MockRememberMeServices(); MockRememberMeServices services = new MockRememberMeServices();
Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_PERSISTENT_REMEMBER_ME_COOKIE_KEY, Cookie cookie = new Cookie(AbstractRememberMeServices.SPRING_SECURITY_PERSISTENT_REMEMBER_ME_COOKIE_KEY,

38
core/src/test/java/org/springframework/security/ui/rememberme/PersistentTokenBasedRememberMeServicesTests.java
View File

@ -19,26 +19,40 @@ public class PersistentTokenBasedRememberMeServicesTests {
@Before @Before
public void setUpData() throws Exception { public void setUpData() throws Exception {
services = new PersistentTokenBasedRememberMeServices(); services = new PersistentTokenBasedRememberMeServices();
services.setCookieName("mycookiename");
} }
@Test(expected = InvalidCookieException.class) @Test(expected = InvalidCookieException.class)
public void loginIsRejectedWithWrongNumberOfCookieTokens() { public void loginIsRejectedWithWrongNumberOfCookieTokens() {
services.setCookieName("mycookiename");
services.processAutoLoginCookie(new String[] {"series", "token", "extra"}, new MockHttpServletRequest(), services.processAutoLoginCookie(new String[] {"series", "token", "extra"}, new MockHttpServletRequest(),
new MockHttpServletResponse()); new MockHttpServletResponse());
} }
@Test(expected = RememberMeAuthenticationException.class) @Test(expected = RememberMeAuthenticationException.class)
public void loginIsRejectedWhenNoTokenMatchingSeriesIsFound() { public void loginIsRejectedWhenNoTokenMatchingSeriesIsFound() {
services.setCookieName("mycookiename");
services.setTokenRepository(new MockTokenRepository(null)); services.setTokenRepository(new MockTokenRepository(null));
services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(), services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(),
new MockHttpServletResponse()); new MockHttpServletResponse());
} }
@Test(expected = RememberMeAuthenticationException.class)
public void loginIsRejectedWhenTokenIsExpired() {
MockTokenRepository repo =
new MockTokenRepository(new PersistentRememberMeToken("joe", "series","token", new Date()));
services.setTokenRepository(repo);
services.setTokenValiditySeconds(1);
try {
Thread.sleep(1100);
} catch (InterruptedException e) {
}
services.setTokenRepository(repo);
services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(),
new MockHttpServletResponse());
}
@Test(expected = CookieTheftException.class) @Test(expected = CookieTheftException.class)
public void cookieTheftIsDetectedWhenSeriesAndTokenDontMatch() { public void cookieTheftIsDetectedWhenSeriesAndTokenDontMatch() {
services.setCookieName("mycookiename");
PersistentRememberMeToken token = new PersistentRememberMeToken("joe", "series","wrongtoken", new Date()); PersistentRememberMeToken token = new PersistentRememberMeToken("joe", "series","wrongtoken", new Date());
services.setTokenRepository(new MockTokenRepository(token)); services.setTokenRepository(new MockTokenRepository(token));
services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(), services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(),
@ -47,16 +61,18 @@ public class PersistentTokenBasedRememberMeServicesTests {
@Test @Test
public void successfulAutoLoginCreatesNewTokenAndCookieWithSameSeries() { public void successfulAutoLoginCreatesNewTokenAndCookieWithSameSeries() {
services.setCookieName("mycookiename");
MockTokenRepository repo = MockTokenRepository repo =
new MockTokenRepository(new PersistentRememberMeToken("joe", "series","token", new Date())); new MockTokenRepository(new PersistentRememberMeToken("joe", "series","token", new Date()));
services.setTokenRepository(repo); services.setTokenRepository(repo);
// 12 => b64 length will be 16 // 12 => b64 length will be 16
services.setTokenLength(12); services.setTokenLength(12);
services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(), MockHttpServletResponse response = new MockHttpServletResponse();
new MockHttpServletResponse()); services.processAutoLoginCookie(new String[] {"series", "token"}, new MockHttpServletRequest(), response);
assertEquals("series",repo.getStoredToken().getSeries()); assertEquals("series",repo.getStoredToken().getSeries());
assertEquals(16, repo.getStoredToken().getTokenValue().length()); assertEquals(16, repo.getStoredToken().getTokenValue().length());
String[] cookie = services.decodeCookie(response.getCookie("mycookiename").getValue());
assertEquals("series", cookie[0]);
assertEquals(repo.getStoredToken().getTokenValue(), cookie[1]);
} }
@Test @Test
@ -66,14 +82,18 @@ public class PersistentTokenBasedRememberMeServicesTests {
services.setTokenRepository(repo); services.setTokenRepository(repo);
services.setTokenLength(12); services.setTokenLength(12);
services.setSeriesLength(12); services.setSeriesLength(12);
MockHttpServletResponse response = new MockHttpServletResponse();
services.loginSuccess(new MockHttpServletRequest(), services.loginSuccess(new MockHttpServletRequest(),
new MockHttpServletResponse(), new UsernamePasswordAuthenticationToken("joe","password")); response, new UsernamePasswordAuthenticationToken("joe","password"));
assertEquals(16, repo.getStoredToken().getSeries().length()); assertEquals(16, repo.getStoredToken().getSeries().length());
assertEquals(16, repo.getStoredToken().getTokenValue().length()); assertEquals(16, repo.getStoredToken().getTokenValue().length());
String[] cookie = services.decodeCookie(response.getCookie("mycookiename").getValue());
assertEquals(repo.getStoredToken().getSeries(), cookie[0]);
assertEquals(repo.getStoredToken().getTokenValue(), cookie[1]);
} }
private class MockTokenRepository implements PersistentTokenRepository { private class MockTokenRepository implements PersistentTokenRepository {
private PersistentRememberMeToken storedToken; private PersistentRememberMeToken storedToken;