Additional test classes for authentication and logout success/failure handling.

This commit is contained in:
Luke Taylor 2010-03-04 23:18:46 +00:00
parent a3263753d9
commit 89d8c8cc83
5 changed files with 163 additions and 14 deletions

View File

@ -22,7 +22,7 @@ import org.springframework.util.Assert;
* If the property has not been set it will send a 401 response to the client, with the error message from the * If the property has not been set it will send a 401 response to the client, with the error message from the
* <tt>AuthenticationException</tt> which caused the failure. * <tt>AuthenticationException</tt> which caused the failure.
* <p> * <p>
* If the <tt>forwardToDestination</tt> parameter is set, a <tt>RequestDispatcher.forward</tt> call will be made to * If the {@code useForward} property is set, a {@code RequestDispatcher.forward} call will be made to
* the destination instead of a redirect. * the destination instead of a redirect.
* *
* @author Luke Taylor * @author Luke Taylor

View File

@ -15,7 +15,8 @@
package org.springframework.security.web.authentication; package org.springframework.security.web.authentication;
import static org.mockito.Mockito.*; import static org.junit.Assert.*;
import static org.mockito.Mockito.mock;
import java.io.IOException; import java.io.IOException;
import java.util.Properties; import java.util.Properties;
@ -30,8 +31,9 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import junit.framework.TestCase; import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.mock.web.MockFilterConfig; import org.springframework.mock.web.MockFilterConfig;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
@ -44,10 +46,6 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.PortResolverImpl; import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices; import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.savedrequest.DefaultSavedRequest; import org.springframework.security.web.savedrequest.DefaultSavedRequest;
@ -57,9 +55,10 @@ import org.springframework.security.web.savedrequest.DefaultSavedRequest;
* Tests {@link AbstractAuthenticationProcessingFilter}. * Tests {@link AbstractAuthenticationProcessingFilter}.
* *
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor
*/ */
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
public class AbstractAuthenticationProcessingFilterTests extends TestCase { public class AbstractAuthenticationProcessingFilterTests {
SavedRequestAwareAuthenticationSuccessHandler successHandler; SavedRequestAwareAuthenticationSuccessHandler successHandler;
SimpleUrlAuthenticationFailureHandler failureHandler; SimpleUrlAuthenticationFailureHandler failureHandler;
//~ Methods ======================================================================================================== //~ Methods ========================================================================================================
@ -105,8 +104,8 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
// return new DefaultSavedRequest(request, new PortResolverImpl()); // return new DefaultSavedRequest(request, new PortResolverImpl());
// } // }
protected void setUp() throws Exception { @Before
super.setUp(); public void setUp() throws Exception {
successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setDefaultTargetUrl("/logged_in.jsp"); successHandler.setDefaultTargetUrl("/logged_in.jsp");
failureHandler = new SimpleUrlAuthenticationFailureHandler(); failureHandler = new SimpleUrlAuthenticationFailureHandler();
@ -114,11 +113,12 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
} }
protected void tearDown() throws Exception { @After
super.tearDown(); public void tearDown() throws Exception {
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
} }
@Test
public void testDefaultProcessesFilterUrlMatchesWithPathParameter() { public void testDefaultProcessesFilterUrlMatchesWithPathParameter() {
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
@ -129,6 +129,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
assertTrue(filter.requiresAuthentication(request, response)); assertTrue(filter.requiresAuthentication(request, response));
} }
@Test
public void testFailedAuthenticationRedirectsAppropriately() throws Exception { public void testFailedAuthenticationRedirectsAppropriately() throws Exception {
// Setup our HTTP request // Setup our HTTP request
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
@ -166,6 +167,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
assertNull(SecurityContextHolder.getContext().getAuthentication()); assertNull(SecurityContextHolder.getContext().getAuthentication());
} }
@Test
public void testFilterProcessesUrlVariationsRespected() throws Exception { public void testFilterProcessesUrlVariationsRespected() throws Exception {
// Setup our HTTP request // Setup our HTTP request
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
@ -191,6 +193,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
assertEquals("test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()); assertEquals("test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
} }
@Test
public void testGettersSetters() throws Exception { public void testGettersSetters() throws Exception {
AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter(); AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter();
filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.setAuthenticationManager(mock(AuthenticationManager.class));
@ -204,6 +207,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
assertEquals("/p", filter.getFilterProcessesUrl()); assertEquals("/p", filter.getFilterProcessesUrl());
} }
@Test
public void testIgnoresAnyServletPathOtherThanFilterProcessesUrl() throws Exception { public void testIgnoresAnyServletPathOtherThanFilterProcessesUrl() throws Exception {
// Setup our HTTP request // Setup our HTTP request
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
@ -224,6 +228,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
executeFilterInContainerSimulator(config, filter, request, response, chain); executeFilterInContainerSimulator(config, filter, request, response, chain);
} }
@Test
public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception { public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception {
// Setup our HTTP request // Setup our HTTP request
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
@ -255,6 +260,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
assertEquals(sessionPreAuth, request.getSession()); assertEquals(sessionPreAuth, request.getSession());
} }
@Test
public void testStartupDetectsInvalidAuthenticationManager() throws Exception { public void testStartupDetectsInvalidAuthenticationManager() throws Exception {
AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter(); AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter();
filter.setAuthenticationFailureHandler(failureHandler); filter.setAuthenticationFailureHandler(failureHandler);
@ -270,6 +276,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
} }
} }
@Test
public void testStartupDetectsInvalidFilterProcessesUrl() throws Exception { public void testStartupDetectsInvalidFilterProcessesUrl() throws Exception {
AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter(); AbstractAuthenticationProcessingFilter filter = new MockAuthenticationFilter();
filter.setAuthenticationFailureHandler(failureHandler); filter.setAuthenticationFailureHandler(failureHandler);
@ -285,6 +292,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
} }
} }
@Test
public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception { public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception {
// Setup our HTTP request // Setup our HTTP request
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
@ -323,6 +331,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
assertNull(SecurityContextHolder.getContext().getAuthentication()); assertNull(SecurityContextHolder.getContext().getAuthentication());
} }
@Test
public void testSuccessfulAuthenticationButWithAlwaysUseDefaultTargetUrlCausesRedirectToDefaultTargetUrl() public void testSuccessfulAuthenticationButWithAlwaysUseDefaultTargetUrlCausesRedirectToDefaultTargetUrl()
throws Exception { throws Exception {
// Setup our HTTP request // Setup our HTTP request
@ -349,6 +358,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
assertNotNull(SecurityContextHolder.getContext().getAuthentication()); assertNotNull(SecurityContextHolder.getContext().getAuthentication());
} }
@Test
public void testSuccessfulAuthenticationCausesRedirectToSessionSpecifiedUrl() throws Exception { public void testSuccessfulAuthenticationCausesRedirectToSessionSpecifiedUrl() throws Exception {
// Setup our HTTP request // Setup our HTTP request
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
@ -374,6 +384,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
/** /**
* SEC-297 fix. * SEC-297 fix.
*/ */
@Test
public void testFullDefaultTargetUrlDoesNotHaveContextPathPrepended() throws Exception { public void testFullDefaultTargetUrlDoesNotHaveContextPathPrepended() throws Exception {
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
MockFilterConfig config = new MockFilterConfig(null, null); MockFilterConfig config = new MockFilterConfig(null, null);
@ -395,6 +406,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
/** /**
* SEC-571 * SEC-571
*/ */
@Test
public void testNoSessionIsCreatedIfAllowSessionCreationIsFalse() throws Exception { public void testNoSessionIsCreatedIfAllowSessionCreationIsFalse() throws Exception {
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
@ -404,7 +416,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
// Reject authentication, so exception would normally be stored in session // Reject authentication, so exception would normally be stored in session
MockAuthenticationFilter filter = new MockAuthenticationFilter(false); MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
filter.setAllowSessionCreation(false); failureHandler.setAllowSessionCreation(false);
filter.setAuthenticationFailureHandler(failureHandler); filter.setAuthenticationFailureHandler(failureHandler);
successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/"); successHandler.setDefaultTargetUrl("http://monkeymachine.co.uk/");
filter.setAuthenticationSuccessHandler(successHandler); filter.setAuthenticationSuccessHandler(successHandler);
@ -417,6 +429,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
/** /**
* SEC-462 * SEC-462
*/ */
@Test
public void testLoginErrorWithNoFailureUrlSendsUnauthorizedStatus() throws Exception { public void testLoginErrorWithNoFailureUrlSendsUnauthorizedStatus() throws Exception {
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
@ -436,6 +449,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
/** /**
* SEC-462 * SEC-462
*/ */
@Test
public void testServerSideRedirectForwardsToFailureUrl() throws Exception { public void testServerSideRedirectForwardsToFailureUrl() throws Exception {
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
@ -458,6 +472,7 @@ public class AbstractAuthenticationProcessingFilterTests extends TestCase {
/** /**
* SEC-213 * SEC-213
*/ */
@Test
public void testTargetUrlParameterIsUsedIfPresent() throws Exception { public void testTargetUrlParameterIsUsedIfPresent() throws Exception {
MockHttpServletRequest request = createMockRequest(); MockHttpServletRequest request = createMockRequest();
request.setParameter("targetUrl", "/target"); request.setParameter("targetUrl", "/target");

View File

@ -0,0 +1,76 @@
package org.springframework.security.web.authentication;
import static org.junit.Assert.*;
import static org.mockito.Mockito.mock;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.WebAttributes;
/**
*
* @author Luke Taylor
*/
public class SimpleUrlAuthenticationFailureHandlerTests {
@Test
public void error401IsReturnedIfNoUrlIsSet() throws Exception {
SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler();
RedirectStrategy rs = mock(RedirectStrategy.class);
afh.setRedirectStrategy(rs);
assertSame(rs, afh.getRedirectStrategy());
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class));
assertEquals(401, response.getStatus());
}
@Test
public void exceptionIsSavedToSessionOnRedirect() throws Exception {
SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler();
afh.setDefaultFailureUrl("/target");
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
AuthenticationException e = mock(AuthenticationException.class);
afh.onAuthenticationFailure(request, response, e);
assertSame(e, request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION));
assertEquals("/target", response.getRedirectedUrl());
}
@Test
public void exceptionIsNotSavedIfAllowSessionCreationIsFalse() throws Exception {
SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler("/target");
afh.setAllowSessionCreation(false);
assertFalse(afh.isAllowSessionCreation());
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
afh.onAuthenticationFailure(request, response, mock(AuthenticationException.class));
assertNull(request.getSession(false));
}
@Test
public void responseIsForwardedIfUseForwardIsTrue() throws Exception {
SimpleUrlAuthenticationFailureHandler afh = new SimpleUrlAuthenticationFailureHandler("/target");
afh.setUseForward(true);
assertTrue(afh.isUseForward());
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
AuthenticationException e = mock(AuthenticationException.class);
afh.onAuthenticationFailure(request, response, e);
assertNull(request.getSession(false));
assertNull(response.getRedirectedUrl());
assertEquals("/target", response.getForwardedUrl());
// Request scope should be used for forward
assertSame(e, request.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION));
}
}

View File

@ -0,0 +1,29 @@
package org.springframework.security.web.authentication;
import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.Authentication;
/**
*
* @author Luke Taylor
*/
public class SimpleUrlAuthenticationSuccessHandlerTests {
// SEC-1428
@Test
public void redirectIsNotPerformedIfResponseIsCommitted() throws Exception {
SimpleUrlAuthenticationSuccessHandler ash = new SimpleUrlAuthenticationSuccessHandler("/target");
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
response.setCommitted(true);
ash.onAuthenticationSuccess(request, response, mock(Authentication.class));
assertNull(response.getRedirectedUrl());
}
}

View File

@ -0,0 +1,29 @@
package org.springframework.security.web.authentication.logout;
import static org.junit.Assert.*;
import static org.mockito.Mockito.mock;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.Authentication;
/**
*
* @author Luke Taylor
*/
public class SimpleUrlLogoutSuccessHandlerTests {
@Test
public void doesntRedirectIfResponseIsCommitted() throws Exception {
SimpleUrlLogoutSuccessHandler lsh = new SimpleUrlLogoutSuccessHandler();
lsh.setDefaultTargetUrl("/target");
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
response.setCommitted(true);
lsh.onLogoutSuccess(request, response, mock(Authentication.class));
assertNull(request.getSession(false));
assertNull(response.getRedirectedUrl());
assertNull(response.getForwardedUrl());
}
}