Additional test classes for authentication and logout success/failure handling.
This commit is contained in:
parent
a3263753d9
commit
89d8c8cc83
|
@ -22,7 +22,7 @@ import org.springframework.util.Assert;
|
|||
* If the property has not been set it will send a 401 response to the client, with the error message from the
|
||||
* <tt>AuthenticationException</tt> which caused the failure.
|
||||
* <p>
|
||||
* If the <tt>forwardToDestination</tt> parameter is set, a <tt>RequestDispatcher.forward</tt> call will be made to
|
||||
* If the {@code useForward} property is set, a {@code RequestDispatcher.forward} call will be made to
|
||||
* the destination instead of a redirect.
|
||||
*
|
||||
* @author Luke Taylor
|
||||
|
|
|
@ -15,7 +15,8 @@
|
|||
|
||||
package org.springframework.security.web.authentication;
|
||||
|
||||
import static org.mockito.Mockito.*;
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Properties;
|
||||
|
@ -30,8 +31,9 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockFilterConfig;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
@ -44,10 +46,6 @@ import org.springframework.security.core.AuthenticationException;
|
|||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.PortResolverImpl;
|
||||
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
|
||||
import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
|
||||
|
@ -57,9 +55,10 @@ import org.springframework.security.web.savedrequest.DefaultSavedRequest;
|
|||
* Tests {@link AbstractAuthenticationProcessingFilter}.
|
||||
*
|
||||
* @author Ben Alex
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
||||
public class AbstractAuthenticationProcessingFilterTests {
|
||||
SavedRequestAwareAuthenticationSuccessHandler successHandler;
|
||||
SimpleUrlAuthenticationFailureHandler failureHandler;
|
||||
//~ Methods ========================================================================================================
|
||||
|
@ -105,8 +104,8 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
// return new DefaultSavedRequest(request, new PortResolverImpl());
|
||||
// }
|
||||
|
||||
protected void setUp() throws Exception {
|
||||
super.setUp();
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
|
||||
successHandler.setDefaultTargetUrl("/logged_in.jsp");
|
||||
failureHandler = new SimpleUrlAuthenticationFailureHandler();
|
||||
|
@ -114,11 +113,12 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
protected void tearDown() throws Exception {
|
||||
super.tearDown();
|
||||
@After
|
||||
public void tearDown() throws Exception {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultProcessesFilterUrlMatchesWithPathParameter() {
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
@ -129,6 +129,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
assertTrue(filter.requiresAuthentication(request, response));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailedAuthenticationRedirectsAppropriately() throws Exception {
|
||||
// Setup our HTTP request
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
|
@ -166,6 +167,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFilterProcessesUrlVariationsRespected() throws Exception {
|
||||
// Setup our HTTP request
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
|
@ -191,6 +193,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
assertEquals("test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGettersSetters() throws Exception {
|
||||
AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter();
|
||||
filter.setAuthenticationManager(mock(AuthenticationManager.class));
|
||||
|
@ -204,6 +207,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
assertEquals("/p", filter.getFilterProcessesUrl());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testIgnoresAnyServletPathOtherThanFilterProcessesUrl() throws Exception {
|
||||
// Setup our HTTP request
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
|
@ -224,6 +228,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
executeFilterInContainerSimulator(config, filter, request, response, chain);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception {
|
||||
// Setup our HTTP request
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
|
@ -255,6 +260,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
assertEquals(sessionPreAuth, request.getSession());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testStartupDetectsInvalidAuthenticationManager() throws Exception {
|
||||
AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter();
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
|
@ -270,6 +276,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testStartupDetectsInvalidFilterProcessesUrl() throws Exception {
|
||||
AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter();
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
|
@ -285,6 +292,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception {
|
||||
// Setup our HTTP request
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
|
@ -323,6 +331,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
assertNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccessfulAuthenticationButWithAlwaysUseDefaultTargetUrlCausesRedirectToDefaultTargetUrl()
|
||||
throws Exception {
|
||||
// Setup our HTTP request
|
||||
|
@ -349,6 +358,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccessfulAuthenticationCausesRedirectToSessionSpecifiedUrl() throws Exception {
|
||||
// Setup our HTTP request
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
|
@ -374,6 +384,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
/**
|
||||
* SEC-297 fix.
|
||||
*/
|
||||
@Test
|
||||
public void testFullDefaultTargetUrlDoesNotHaveContextPathPrepended() throws Exception {
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
MockFilterConfig config = new MockFilterConfig(null, null);
|
||||
|
@ -395,6 +406,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
/**
|
||||
* SEC-571
|
||||
*/
|
||||
@Test
|
||||
public void testNoSessionIsCreatedIfAllowSessionCreationIsFalse() throws Exception {
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
|
||||
|
@ -404,7 +416,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
|
||||
// Reject authentication, so exception would normally be stored in session
|
||||
MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
|
||||
filter.setAllowSessionCreation(false);
|
||||
failureHandler.setAllowSessionCreation(false);
|
||||
filter.setAuthenticationFailureHandler(failureHandler);
|
||||
successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/");
|
||||
filter.setAuthenticationSuccessHandler(successHandler);
|
||||
|
@ -417,6 +429,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
/**
|
||||
* SEC-462
|
||||
*/
|
||||
@Test
|
||||
public void testLoginErrorWithNoFailureUrlSendsUnauthorizedStatus() throws Exception {
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
|
||||
|
@ -436,6 +449,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
/**
|
||||
* SEC-462
|
||||
*/
|
||||
@Test
|
||||
public void testServerSideRedirectForwardsToFailureUrl() throws Exception {
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
|
||||
|
@ -458,6 +472,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
|
|||
/**
|
||||
* SEC-213
|
||||
*/
|
||||
@Test
|
||||
public void testTargetUrlParameterIsUsedIfPresent() throws Exception {
|
||||
MockHttpServletRequest request = createMockRequest();
|
||||
request.setParameter("targetUrl", "/target");
|
||||
|
|
|
@ -0,0 +1,76 @@
|
|||
package org.springframework.security.web.authentication;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.RedirectStrategy;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class SimpleUrlAuthenticationFailureHandlerTests {
|
||||
|
||||
@Test
|
||||
public void error401IsReturnedIfNoUrlIsSet() throws Exception {
|
||||
SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler();
|
||||
RedirectStrategy rs = mock(RedirectStrategy.class);
|
||||
afh.setRedirectStrategy(rs);
|
||||
assertSame(rs, afh.getRedirectStrategy());
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class));
|
||||
assertEquals(401, response.getStatus());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void exceptionIsSavedToSessionOnRedirect() throws Exception {
|
||||
SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler();
|
||||
afh.setDefaultFailureUrl("/target");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
AuthenticationException e = mock(AuthenticationException.class);
|
||||
|
||||
afh.onAuthenticationFailure(request, response, e);
|
||||
assertSame(e, request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION));
|
||||
assertEquals("/target", response.getRedirectedUrl());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void exceptionIsNotSavedIfAllowSessionCreationIsFalse() throws Exception {
|
||||
SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler("/target");
|
||||
afh.setAllowSessionCreation(false);
|
||||
assertFalse(afh.isAllowSessionCreation());
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class));
|
||||
assertNull(request.getSession(false));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void responseIsForwardedIfUseForwardIsTrue() throws Exception {
|
||||
SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler("/target");
|
||||
afh.setUseForward(true);
|
||||
assertTrue(afh.isUseForward());
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
AuthenticationException e = mock(AuthenticationException.class);
|
||||
|
||||
afh.onAuthenticationFailure(request, response, e);
|
||||
assertNull(request.getSession(false));
|
||||
assertNull(response.getRedirectedUrl());
|
||||
assertEquals("/target", response.getForwardedUrl());
|
||||
// Request scope should be used for forward
|
||||
assertSame(e, request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION));
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
package org.springframework.security.web.authentication;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class SimpleUrlAuthenticationSuccessHandlerTests {
|
||||
|
||||
// SEC-1428
|
||||
@Test
|
||||
public void redirectIsNotPerformedIfResponseIsCommitted() throws Exception {
|
||||
SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler("/target");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
response.setCommitted(true);
|
||||
|
||||
ash.onAuthenticationSuccess(request, response, mock(Authentication.class));
|
||||
assertNull(response.getRedirectedUrl());
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,29 @@
|
|||
package org.springframework.security.web.authentication.logout;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class SimpleUrlLogoutSuccessHandlerTests {
|
||||
|
||||
@Test
|
||||
public void doesntRedirectIfResponseIsCommitted() throws Exception {
|
||||
SimpleUrlLogoutSuccessHandler lsh = new SimpleUrlLogoutSuccessHandler();
|
||||
lsh.setDefaultTargetUrl("/target");
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
response.setCommitted(true);
|
||||
lsh.onLogoutSuccess(request, response, mock(Authentication.class));
|
||||
assertNull(request.getSession(false));
|
||||
assertNull(response.getRedirectedUrl());
|
||||
assertNull(response.getForwardedUrl());
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue