Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 13:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish Tests

Browse Source 
Closes gh-14768
This commit is contained in:
Josh Cummings 2024-10-23 16:42:43 -06:00
parent 6dbbe89b83
commit 981fbd5c2c
7 changed files with 108 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerAfterMethodInterceptorTests.java
View File

@ -50,6 +50,7 @@ import static org.mockito.Mockito.verify;
* Tests for {@link AuthorizationManagerAfterMethodInterceptor}. * Tests for {@link AuthorizationManagerAfterMethodInterceptor}.
* *
* @author Evgeniy Cheban * @author Evgeniy Cheban
* @author Gengwu Zhao
*/ */
public class AuthorizationManagerAfterMethodInterceptorTests { public class AuthorizationManagerAfterMethodInterceptorTests {
@ -84,9 +85,9 @@ public class AuthorizationManagerAfterMethodInterceptorTests {
@Test @Test
public void afterWhenMockSecurityContextHolderStrategyThenUses() throws Throwable { public void afterWhenMockSecurityContextHolderStrategyThenUses() throws Throwable {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
Authentication authentication = TestAuthentication.authenticatedUser(); Authentication authentication = TestAuthentication.authenticatedUser();
given(strategy.getContext()).willReturn(new SecurityContextImpl(authentication)); SecurityContextHolderStrategy strategy = mockSecurityContextHolderStrategy(
new SecurityContextImpl(authentication));
MethodInvocation invocation = mock(MethodInvocation.class); MethodInvocation invocation = mock(MethodInvocation.class);
AuthorizationManager<MethodInvocationResult> authorizationManager = AuthenticatedAuthorizationManager AuthorizationManager<MethodInvocationResult> authorizationManager = AuthenticatedAuthorizationManager
.authenticated(); .authenticated();
@ -100,10 +101,10 @@ public class AuthorizationManagerAfterMethodInterceptorTests {
// gh-12877 // gh-12877
@Test @Test
public void afterWhenStaticSecurityContextHolderStrategyAfterConstructorThenUses() throws Throwable { public void afterWhenStaticSecurityContextHolderStrategyAfterConstructorThenUses() throws Throwable {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
Authentication authentication = new TestingAuthenticationToken("john", "password", Authentication authentication = new TestingAuthenticationToken("john", "password",
AuthorityUtils.createAuthorityList("authority")); AuthorityUtils.createAuthorityList("authority"));
given(strategy.getContext()).willReturn(new SecurityContextImpl(authentication)); SecurityContextHolderStrategy strategy = mockSecurityContextHolderStrategy(
new SecurityContextImpl(authentication));
MethodInvocation invocation = mock(MethodInvocation.class); MethodInvocation invocation = mock(MethodInvocation.class);
AuthorizationManager<MethodInvocationResult> authorizationManager = AuthenticatedAuthorizationManager AuthorizationManager<MethodInvocationResult> authorizationManager = AuthenticatedAuthorizationManager
.authenticated(); .authenticated();
@ -159,6 +160,12 @@ public class AuthorizationManagerAfterMethodInterceptorTests {
assertThatExceptionOfType(MyAuthzDeniedException.class).isThrownBy(() -> advice.invoke(mi)); assertThatExceptionOfType(MyAuthzDeniedException.class).isThrownBy(() -> advice.invoke(mi));
} }
private SecurityContextHolderStrategy mockSecurityContextHolderStrategy(SecurityContextImpl securityContextImpl) {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
given(strategy.getContext()).willReturn(securityContextImpl);
return strategy;
}
static class MyAuthzDeniedException extends AuthorizationDeniedException { static class MyAuthzDeniedException extends AuthorizationDeniedException {
MyAuthzDeniedException(String msg, AuthorizationResult authorizationResult) { MyAuthzDeniedException(String msg, AuthorizationResult authorizationResult) {

17
core/src/test/java/org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptorTests.java
View File

@ -49,6 +49,7 @@ import static org.mockito.Mockito.verify;
* Tests for {@link AuthorizationManagerBeforeMethodInterceptor}. * Tests for {@link AuthorizationManagerBeforeMethodInterceptor}.
* *
* @author Evgeniy Cheban * @author Evgeniy Cheban
* @author Gengwu Zhao
*/ */
public class AuthorizationManagerBeforeMethodInterceptorTests { public class AuthorizationManagerBeforeMethodInterceptorTests {
@ -79,10 +80,10 @@ public class AuthorizationManagerBeforeMethodInterceptorTests {
@Test @Test
public void beforeWhenMockSecurityContextHolderStrategyThenUses() throws Throwable { public void beforeWhenMockSecurityContextHolderStrategyThenUses() throws Throwable {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
Authentication authentication = new TestingAuthenticationToken("user", "password", Authentication authentication = new TestingAuthenticationToken("user", "password",
AuthorityUtils.createAuthorityList("authority")); AuthorityUtils.createAuthorityList("authority"));
given(strategy.getContext()).willReturn(new SecurityContextImpl(authentication)); SecurityContextHolderStrategy strategy = mockSecurityContextHolderStrategy(
new SecurityContextImpl(authentication));
MethodInvocation invocation = mock(MethodInvocation.class); MethodInvocation invocation = mock(MethodInvocation.class);
AuthorizationManager<MethodInvocation> authorizationManager = AuthenticatedAuthorizationManager.authenticated(); AuthorizationManager<MethodInvocation> authorizationManager = AuthenticatedAuthorizationManager.authenticated();
AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor( AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor(
@ -95,10 +96,11 @@ public class AuthorizationManagerBeforeMethodInterceptorTests {
// gh-12877 // gh-12877
@Test @Test
public void beforeWhenStaticSecurityContextHolderStrategyAfterConstructorThenUses() throws Throwable { public void beforeWhenStaticSecurityContextHolderStrategyAfterConstructorThenUses() throws Throwable {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
Authentication authentication = new TestingAuthenticationToken("john", "password", Authentication authentication = new TestingAuthenticationToken("john", "password",
AuthorityUtils.createAuthorityList("authority")); AuthorityUtils.createAuthorityList("authority"));
given(strategy.getContext()).willReturn(new SecurityContextImpl(authentication)); SecurityContextHolderStrategy strategy = mockSecurityContextHolderStrategy(
new SecurityContextImpl(authentication));
MethodInvocation invocation = mock(MethodInvocation.class); MethodInvocation invocation = mock(MethodInvocation.class);
AuthorizationManager<MethodInvocation> authorizationManager = AuthenticatedAuthorizationManager.authenticated(); AuthorizationManager<MethodInvocation> authorizationManager = AuthenticatedAuthorizationManager.authenticated();
AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor( AuthorizationManagerBeforeMethodInterceptor advice = new AuthorizationManagerBeforeMethodInterceptor(
@ -150,6 +152,13 @@ public class AuthorizationManagerBeforeMethodInterceptorTests {
assertThatExceptionOfType(MyAuthzDeniedException.class).isThrownBy(() -> advice.invoke(null)); assertThatExceptionOfType(MyAuthzDeniedException.class).isThrownBy(() -> advice.invoke(null));
} }
private SecurityContextHolderStrategy mockSecurityContextHolderStrategy(SecurityContextImpl securityContextImpl) {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
given(strategy.getContext()).willReturn(securityContextImpl);
return strategy;
}
static class MyAuthzDeniedException extends AuthorizationDeniedException { static class MyAuthzDeniedException extends AuthorizationDeniedException {
MyAuthzDeniedException(String msg, AuthorizationResult authorizationResult) { MyAuthzDeniedException(String msg, AuthorizationResult authorizationResult) {

18
core/src/test/java/org/springframework/security/authorization/method/PostFilterAuthorizationMethodInterceptorTests.java
View File

@ -49,6 +49,7 @@ import static org.mockito.Mockito.verify;
* Tests for {@link PostFilterAuthorizationMethodInterceptor}. * Tests for {@link PostFilterAuthorizationMethodInterceptor}.
* *
* @author Evgeniy Cheban * @author Evgeniy Cheban
* @author Gengwu Zhao
*/ */
public class PostFilterAuthorizationMethodInterceptorTests { public class PostFilterAuthorizationMethodInterceptorTests {
@ -120,10 +121,11 @@ public class PostFilterAuthorizationMethodInterceptorTests {
@Test @Test
public void postFilterWhenMockSecurityContextHolderStrategyThenUses() throws Throwable { public void postFilterWhenMockSecurityContextHolderStrategyThenUses() throws Throwable {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
Authentication authentication = new TestingAuthenticationToken("john", "password", Authentication authentication = new TestingAuthenticationToken("john", "password",
AuthorityUtils.createAuthorityList("authority")); AuthorityUtils.createAuthorityList("authority"));
given(strategy.getContext()).willReturn(new SecurityContextImpl(authentication)); SecurityContextHolderStrategy strategy = mockSecurityContextHolderStrategy(
new SecurityContextImpl(authentication));
String[] array = { "john", "bob" }; String[] array = { "john", "bob" };
MockMethodInvocation invocation = new MockMethodInvocation(new TestClass(), TestClass.class, MockMethodInvocation invocation = new MockMethodInvocation(new TestClass(), TestClass.class,
"doSomethingArrayAuthentication", new Class[] { String[].class }, new Object[] { array }) { "doSomethingArrayAuthentication", new Class[] { String[].class }, new Object[] { array }) {
@ -141,10 +143,11 @@ public class PostFilterAuthorizationMethodInterceptorTests {
// gh-12877 // gh-12877
@Test @Test
public void postFilterWhenStaticSecurityContextHolderStrategyAfterConstructorThenUses() throws Throwable { public void postFilterWhenStaticSecurityContextHolderStrategyAfterConstructorThenUses() throws Throwable {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
Authentication authentication = new TestingAuthenticationToken("john", "password", Authentication authentication = new TestingAuthenticationToken("john", "password",
AuthorityUtils.createAuthorityList("authority")); AuthorityUtils.createAuthorityList("authority"));
given(strategy.getContext()).willReturn(new SecurityContextImpl(authentication)); SecurityContextHolderStrategy strategy = mockSecurityContextHolderStrategy(
new SecurityContextImpl(authentication));
String[] array = { "john", "bob" }; String[] array = { "john", "bob" };
MockMethodInvocation invocation = new MockMethodInvocation(new TestClass(), TestClass.class, MockMethodInvocation invocation = new MockMethodInvocation(new TestClass(), TestClass.class,
"doSomethingArrayAuthentication", new Class[] { String[].class }, new Object[] { array }) { "doSomethingArrayAuthentication", new Class[] { String[].class }, new Object[] { array }) {
@ -161,6 +164,13 @@ public class PostFilterAuthorizationMethodInterceptorTests {
SecurityContextHolder.setContextHolderStrategy(saved); SecurityContextHolder.setContextHolderStrategy(saved);
} }
private SecurityContextHolderStrategy mockSecurityContextHolderStrategy(SecurityContextImpl securityContextImpl) {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
given(strategy.getContext()).willReturn(securityContextImpl);
return strategy;
}
@PostFilter("filterObject == 'john'") @PostFilter("filterObject == 'john'")
public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo { public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo {

16
core/src/test/java/org/springframework/security/authorization/method/PreFilterAuthorizationMethodInterceptorTests.java
View File

@ -51,6 +51,7 @@ import static org.mockito.Mockito.verify;
* Tests for {@link PreFilterAuthorizationMethodInterceptor}. * Tests for {@link PreFilterAuthorizationMethodInterceptor}.
* *
* @author Evgeniy Cheban * @author Evgeniy Cheban
* @author Gengwu Zhao
*/ */
public class PreFilterAuthorizationMethodInterceptorTests { public class PreFilterAuthorizationMethodInterceptorTests {
@ -180,10 +181,10 @@ public class PreFilterAuthorizationMethodInterceptorTests {
@Test @Test
public void preFilterWhenMockSecurityContextHolderStrategyThenUses() throws Throwable { public void preFilterWhenMockSecurityContextHolderStrategyThenUses() throws Throwable {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
Authentication authentication = new TestingAuthenticationToken("john", "password", Authentication authentication = new TestingAuthenticationToken("john", "password",
AuthorityUtils.createAuthorityList("authority")); AuthorityUtils.createAuthorityList("authority"));
given(strategy.getContext()).willReturn(new SecurityContextImpl(authentication)); SecurityContextHolderStrategy strategy = mockSecurityContextHolderStrategy(
new SecurityContextImpl(authentication));
List<String> list = new ArrayList<>(); List<String> list = new ArrayList<>();
list.add("john"); list.add("john");
list.add("bob"); list.add("bob");
@ -198,10 +199,10 @@ public class PreFilterAuthorizationMethodInterceptorTests {
// gh-12877 // gh-12877
@Test @Test
public void preFilterWhenStaticSecurityContextHolderStrategyAfterConstructorThenUses() throws Throwable { public void preFilterWhenStaticSecurityContextHolderStrategyAfterConstructorThenUses() throws Throwable {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
Authentication authentication = new TestingAuthenticationToken("john", "password", Authentication authentication = new TestingAuthenticationToken("john", "password",
AuthorityUtils.createAuthorityList("authority")); AuthorityUtils.createAuthorityList("authority"));
given(strategy.getContext()).willReturn(new SecurityContextImpl(authentication)); SecurityContextHolderStrategy strategy = mockSecurityContextHolderStrategy(
new SecurityContextImpl(authentication));
List<String> list = new ArrayList<>(); List<String> list = new ArrayList<>();
list.add("john"); list.add("john");
list.add("bob"); list.add("bob");
@ -215,6 +216,13 @@ public class PreFilterAuthorizationMethodInterceptorTests {
SecurityContextHolder.setContextHolderStrategy(saved); SecurityContextHolder.setContextHolderStrategy(saved);
} }
private SecurityContextHolderStrategy mockSecurityContextHolderStrategy(SecurityContextImpl securityContextImpl) {
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
given(strategy.getContext()).willReturn(securityContextImpl);
return strategy;
}
@PreFilter("filterObject == 'john'") @PreFilter("filterObject == 'john'")
public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo { public static class TestClass implements InterfaceAnnotationsOne, InterfaceAnnotationsTwo {

60
ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -59,6 +59,7 @@ import static org.mockito.Mockito.verify;
/** /**
* @author Luke Taylor * @author Luke Taylor
* @author Rob Winch * @author Rob Winch
* @author Gengwu Zhao
*/ */
public class ActiveDirectoryLdapAuthenticationProviderTests { public class ActiveDirectoryLdapAuthenticationProviderTests {
@ -70,9 +71,13 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
UsernamePasswordAuthenticationToken joe = UsernamePasswordAuthenticationToken.unauthenticated("joe", "password"); UsernamePasswordAuthenticationToken joe = UsernamePasswordAuthenticationToken.unauthenticated("joe", "password");
DirContext ctx;
@BeforeEach @BeforeEach
public void setUp() { public void setUp() throws NamingException {
this.provider = new ActiveDirectoryLdapAuthenticationProvider("mydomain.eu", "ldap://192.168.1.200/"); this.provider = new ActiveDirectoryLdapAuthenticationProvider("mydomain.eu", "ldap://192.168.1.200/");
this.ctx = mock(DirContext.class);
given(this.ctx.getNameInNamespace()).willReturn("");
} }
@Test @Test
@ -90,15 +95,13 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
@Test @Test
public void customSearchFilterIsUsedForSuccessfulAuthentication() throws Exception { public void customSearchFilterIsUsedForSuccessfulAuthentication() throws Exception {
String customSearchFilter = "(&(objectClass=user)(sAMAccountName={0}))"; String customSearchFilter = "(&(objectClass=user)(sAMAccountName={0}))";
DirContext ctx = mock(DirContext.class);
given(ctx.getNameInNamespace()).willReturn("");
DirContextAdapter dca = new DirContextAdapter(); DirContextAdapter dca = new DirContextAdapter();
SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
given(ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class))) given(this.ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class)))
.willReturn(new MockNamingEnumeration(sr)); .willReturn(new MockNamingEnumeration(sr));
ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
"mydomain.eu", "ldap://192.168.1.200/"); "mydomain.eu", "ldap://192.168.1.200/");
customProvider.contextFactory = createContextFactoryReturning(ctx); customProvider.contextFactory = createContextFactoryReturning(this.ctx);
customProvider.setSearchFilter(customSearchFilter); customProvider.setSearchFilter(customSearchFilter);
Authentication result = customProvider.authenticate(this.joe); Authentication result = customProvider.authenticate(this.joe);
assertThat(result.isAuthenticated()).isTrue(); assertThat(result.isAuthenticated()).isTrue();
@ -107,18 +110,17 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
@Test @Test
public void defaultSearchFilter() throws Exception { public void defaultSearchFilter() throws Exception {
final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))"; final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
DirContext ctx = mock(DirContext.class);
given(ctx.getNameInNamespace()).willReturn("");
DirContextAdapter dca = new DirContextAdapter(); DirContextAdapter dca = new DirContextAdapter();
SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
given(ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class))) given(this.ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class)))
.willReturn(new MockNamingEnumeration(sr)); .willReturn(new MockNamingEnumeration(sr));
ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
"mydomain.eu", "ldap://192.168.1.200/"); "mydomain.eu", "ldap://192.168.1.200/");
customProvider.contextFactory = createContextFactoryReturning(ctx); customProvider.contextFactory = createContextFactoryReturning(this.ctx);
Authentication result = customProvider.authenticate(this.joe); Authentication result = customProvider.authenticate(this.joe);
assertThat(result.isAuthenticated()).isTrue(); assertThat(result.isAuthenticated()).isTrue();
verify(ctx).search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class)); verify(this.ctx).search(any(Name.class), eq(defaultSearchFilter), any(Object[].class),
any(SearchControls.class));
} }
// SEC-2897,SEC-2224 // SEC-2897,SEC-2224
@ -126,15 +128,13 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
public void bindPrincipalAndUsernameUsed() throws Exception { public void bindPrincipalAndUsernameUsed() throws Exception {
final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))"; final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
ArgumentCaptor<Object[]> captor = ArgumentCaptor.forClass(Object[].class); ArgumentCaptor<Object[]> captor = ArgumentCaptor.forClass(Object[].class);
DirContext ctx = mock(DirContext.class);
given(ctx.getNameInNamespace()).willReturn("");
DirContextAdapter dca = new DirContextAdapter(); DirContextAdapter dca = new DirContextAdapter();
SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
given(ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class))) given(this.ctx.search(any(Name.class), eq(defaultSearchFilter), captor.capture(), any(SearchControls.class)))
.willReturn(new MockNamingEnumeration(sr)); .willReturn(new MockNamingEnumeration(sr));
ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider( ActiveDirectoryLdapAuthenticationProvider customProvider = new ActiveDirectoryLdapAuthenticationProvider(
"mydomain.eu", "ldap://192.168.1.200/"); "mydomain.eu", "ldap://192.168.1.200/");
customProvider.contextFactory = createContextFactoryReturning(ctx); customProvider.contextFactory = createContextFactoryReturning(this.ctx);
Authentication result = customProvider.authenticate(this.joe); Authentication result = customProvider.authenticate(this.joe);
assertThat(captor.getValue()).containsExactly("joe@mydomain.eu", "joe"); assertThat(captor.getValue()).containsExactly("joe@mydomain.eu", "joe");
assertThat(result.isAuthenticated()).isTrue(); assertThat(result.isAuthenticated()).isTrue();
@ -153,36 +153,30 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
@Test @Test
public void nullDomainIsSupportedIfAuthenticatingWithFullUserPrincipal() throws Exception { public void nullDomainIsSupportedIfAuthenticatingWithFullUserPrincipal() throws Exception {
this.provider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldap://192.168.1.200/"); this.provider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldap://192.168.1.200/");
DirContext ctx = mock(DirContext.class);
given(ctx.getNameInNamespace()).willReturn("");
DirContextAdapter dca = new DirContextAdapter(); DirContextAdapter dca = new DirContextAdapter();
SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
given(ctx.search(eq(LdapNameBuilder.newInstance("DC=mydomain,DC=eu").build()), any(String.class), given(this.ctx.search(eq(LdapNameBuilder.newInstance("DC=mydomain,DC=eu").build()), any(String.class),
any(Object[].class), any(SearchControls.class))) any(Object[].class), any(SearchControls.class)))
.willReturn(new MockNamingEnumeration(sr)); .willReturn(new MockNamingEnumeration(sr));
this.provider.contextFactory = createContextFactoryReturning(ctx); this.provider.contextFactory = createContextFactoryReturning(this.ctx);
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe)); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
this.provider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("joe@mydomain.eu", "password")); this.provider.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("joe@mydomain.eu", "password"));
} }
@Test @Test
public void failedUserSearchCausesBadCredentials() throws Exception { public void failedUserSearchCausesBadCredentials() throws Exception {
DirContext ctx = mock(DirContext.class); given(this.ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
given(ctx.getNameInNamespace()).willReturn("");
given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
.willThrow(new NameNotFoundException()); .willThrow(new NameNotFoundException());
this.provider.contextFactory = createContextFactoryReturning(ctx); this.provider.contextFactory = createContextFactoryReturning(this.ctx);
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe)); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
} }
// SEC-2017 // SEC-2017
@Test @Test
public void noUserSearchCausesUsernameNotFound() throws Exception { public void noUserSearchCausesUsernameNotFound() throws Exception {
DirContext ctx = mock(DirContext.class); given(this.ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
given(ctx.getNameInNamespace()).willReturn("");
given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
.willReturn(new EmptyEnumeration<>()); .willReturn(new EmptyEnumeration<>());
this.provider.contextFactory = createContextFactoryReturning(ctx); this.provider.contextFactory = createContextFactoryReturning(this.ctx);
assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe)); assertThatExceptionOfType(BadCredentialsException.class).isThrownBy(() -> this.provider.authenticate(this.joe));
} }
@ -196,16 +190,14 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
@Test @Test
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public void duplicateUserSearchCausesError() throws Exception { public void duplicateUserSearchCausesError() throws Exception {
DirContext ctx = mock(DirContext.class);
given(ctx.getNameInNamespace()).willReturn("");
NamingEnumeration<SearchResult> searchResults = mock(NamingEnumeration.class); NamingEnumeration<SearchResult> searchResults = mock(NamingEnumeration.class);
given(searchResults.hasMore()).willReturn(true, true, false); given(searchResults.hasMore()).willReturn(true, true, false);
SearchResult searchResult = mock(SearchResult.class); SearchResult searchResult = mock(SearchResult.class);
given(searchResult.getObject()).willReturn(new DirContextAdapter("ou=1"), new DirContextAdapter("ou=2")); given(searchResult.getObject()).willReturn(new DirContextAdapter("ou=1"), new DirContextAdapter("ou=2"));
given(searchResults.next()).willReturn(searchResult); given(searchResults.next()).willReturn(searchResult);
given(ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class))) given(this.ctx.search(any(Name.class), any(String.class), any(Object[].class), any(SearchControls.class)))
.willReturn(searchResults); .willReturn(searchResults);
this.provider.contextFactory = createContextFactoryReturning(ctx); this.provider.contextFactory = createContextFactoryReturning(this.ctx);
assertThatExceptionOfType(IncorrectResultSizeDataAccessException.class) assertThatExceptionOfType(IncorrectResultSizeDataAccessException.class)
.isThrownBy(() -> this.provider.authenticate(this.joe)); .isThrownBy(() -> this.provider.authenticate(this.joe));
} }
@ -357,16 +349,14 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
private void checkAuthentication(String rootDn, ActiveDirectoryLdapAuthenticationProvider provider) private void checkAuthentication(String rootDn, ActiveDirectoryLdapAuthenticationProvider provider)
throws NamingException { throws NamingException {
DirContext ctx = mock(DirContext.class);
given(ctx.getNameInNamespace()).willReturn("");
DirContextAdapter dca = new DirContextAdapter(); DirContextAdapter dca = new DirContextAdapter();
SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes()); SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
Name searchBaseDn = LdapNameBuilder.newInstance(rootDn).build(); Name searchBaseDn = LdapNameBuilder.newInstance(rootDn).build();
given(ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class), any(SearchControls.class))) given(this.ctx.search(eq(searchBaseDn), any(String.class), any(Object[].class), any(SearchControls.class)))
.willReturn(new MockNamingEnumeration(sr)) .willReturn(new MockNamingEnumeration(sr))
.willReturn(new MockNamingEnumeration(sr)); .willReturn(new MockNamingEnumeration(sr));
provider.contextFactory = createContextFactoryReturning(ctx); provider.contextFactory = createContextFactoryReturning(this.ctx);
Authentication result = provider.authenticate(this.joe); Authentication result = provider.authenticate(this.joe);
assertThat(result.getAuthorities()).isEmpty(); assertThat(result.getAuthorities()).isEmpty();
dca.addAttributeValue("memberOf", "CN=Admin,CN=Users,DC=mydomain,DC=eu"); dca.addAttributeValue("memberOf", "CN=Admin,CN=Users,DC=mydomain,DC=eu");

36
web/src/test/java/org/springframework/security/web/access/ExceptionTranslationFilterTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2004-2020 the original author or authors. * Copyright 2004-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -61,6 +61,7 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
* Tests {@link ExceptionTranslationFilter}. * Tests {@link ExceptionTranslationFilter}.
* *
* @author Ben Alex * @author Ben Alex
* @author Gengwu Zhao
*/ */
public class ExceptionTranslationFilterTests { public class ExceptionTranslationFilterTests {
@ -91,9 +92,7 @@ public class ExceptionTranslationFilterTests {
request.setContextPath("/mycontext"); request.setContextPath("/mycontext");
request.setRequestURI("/mycontext/secure/page.html"); request.setRequestURI("/mycontext/secure/page.html");
// Setup the FilterChain to thrown an access denied exception // Setup the FilterChain to thrown an access denied exception
FilterChain fc = mock(FilterChain.class); FilterChain fc = mockFilterChainWithException(new AccessDeniedException(""));
willThrow(new AccessDeniedException("")).given(fc)
.doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
// Setup SecurityContextHolder, as filter needs to check if user is // Setup SecurityContextHolder, as filter needs to check if user is
// anonymous // anonymous
SecurityContextHolder.getContext() SecurityContextHolder.getContext()
@ -119,9 +118,7 @@ public class ExceptionTranslationFilterTests {
request.setContextPath("/mycontext"); request.setContextPath("/mycontext");
request.setRequestURI("/mycontext/secure/page.html"); request.setRequestURI("/mycontext/secure/page.html");
// Setup the FilterChain to thrown an access denied exception // Setup the FilterChain to thrown an access denied exception
FilterChain fc = mock(FilterChain.class); FilterChain fc = mockFilterChainWithException(new AccessDeniedException(""));
willThrow(new AccessDeniedException("")).given(fc)
.doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
// Setup SecurityContextHolder, as filter needs to check if user is remembered // Setup SecurityContextHolder, as filter needs to check if user is remembered
SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
securityContext.setAuthentication( securityContext.setAuthentication(
@ -142,9 +139,7 @@ public class ExceptionTranslationFilterTests {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/secure/page.html"); request.setServletPath("/secure/page.html");
// Setup the FilterChain to thrown an access denied exception // Setup the FilterChain to thrown an access denied exception
FilterChain fc = mock(FilterChain.class); FilterChain fc = mockFilterChainWithException(new AccessDeniedException(""));
willThrow(new AccessDeniedException("")).given(fc)
.doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
// Setup SecurityContextHolder, as filter needs to check if user is // Setup SecurityContextHolder, as filter needs to check if user is
// anonymous // anonymous
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
@ -167,9 +162,7 @@ public class ExceptionTranslationFilterTests {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/secure/page.html"); request.setServletPath("/secure/page.html");
// Setup the FilterChain to thrown an access denied exception // Setup the FilterChain to thrown an access denied exception
FilterChain fc = mock(FilterChain.class); FilterChain fc = mockFilterChainWithException(new AccessDeniedException(""));
willThrow(new AccessDeniedException("")).given(fc)
.doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
// Setup SecurityContextHolder, as filter needs to check if user is // Setup SecurityContextHolder, as filter needs to check if user is
// anonymous // anonymous
SecurityContextHolder.getContext() SecurityContextHolder.getContext()
@ -198,9 +191,7 @@ public class ExceptionTranslationFilterTests {
request.setContextPath("/mycontext"); request.setContextPath("/mycontext");
request.setRequestURI("/mycontext/secure/page.html"); request.setRequestURI("/mycontext/secure/page.html");
// Setup the FilterChain to thrown an authentication failure exception // Setup the FilterChain to thrown an authentication failure exception
FilterChain fc = mock(FilterChain.class); FilterChain fc = mockFilterChainWithException(new BadCredentialsException(""));
willThrow(new BadCredentialsException("")).given(fc)
.doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
// Test // Test
RequestCache requestCache = new HttpSessionRequestCache(); RequestCache requestCache = new HttpSessionRequestCache();
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint, requestCache); ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint, requestCache);
@ -223,9 +214,7 @@ public class ExceptionTranslationFilterTests {
request.setContextPath("/mycontext"); request.setContextPath("/mycontext");
request.setRequestURI("/mycontext/secure/page.html"); request.setRequestURI("/mycontext/secure/page.html");
// Setup the FilterChain to thrown an authentication failure exception // Setup the FilterChain to thrown an authentication failure exception
FilterChain fc = mock(FilterChain.class); FilterChain fc = mockFilterChainWithException(new BadCredentialsException(""));
willThrow(new BadCredentialsException("")).given(fc)
.doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
// Test // Test
HttpSessionRequestCache requestCache = new HttpSessionRequestCache(); HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint, requestCache); ExceptionTranslationFilter filter = new ExceptionTranslationFilter(this.mockEntryPoint, requestCache);
@ -265,8 +254,7 @@ public class ExceptionTranslationFilterTests {
filter.afterPropertiesSet(); filter.afterPropertiesSet();
Exception[] exceptions = { new IOException(), new ServletException(), new RuntimeException() }; Exception[] exceptions = { new IOException(), new ServletException(), new RuntimeException() };
for (Exception exception : exceptions) { for (Exception exception : exceptions) {
FilterChain fc = mock(FilterChain.class); FilterChain fc = mockFilterChainWithException(exception);
willThrow(exception).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
assertThatExceptionOfType(Exception.class) assertThatExceptionOfType(Exception.class)
.isThrownBy(() -> filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), fc)) .isThrownBy(() -> filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), fc))
.isSameAs(exception); .isSameAs(exception);
@ -305,6 +293,12 @@ public class ExceptionTranslationFilterTests {
verify(source).getMessage(eq(code), any(), any()); verify(source).getMessage(eq(code), any(), any());
} }
private FilterChain mockFilterChainWithException(Exception exception) throws ServletException, IOException {
FilterChain fc = mock(FilterChain.class);
willThrow(exception).given(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
return fc;
}
private AuthenticationEntryPoint mockEntryPoint = (request, response, authException) -> response private AuthenticationEntryPoint mockEntryPoint = (request, response, authException) -> response
.sendRedirect(request.getContextPath() + "/login.jsp"); .sendRedirect(request.getContextPath() + "/login.jsp");

55
web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -59,6 +59,7 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor * @author Luke Taylor
* @author Onur Kagan Ozcan * @author Onur Kagan Ozcan
* @author Gengwu Zhao
*/ */
public class ConcurrentSessionFilterTests { public class ConcurrentSessionFilterTests {
@ -164,13 +165,8 @@ public class ConcurrentSessionFilterTests {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
RedirectStrategy redirect = mock(RedirectStrategy.class); RedirectStrategy redirect = mock(RedirectStrategy.class);
SessionRegistry registry = mock(SessionRegistry.class);
SessionInformation information = new SessionInformation("user", "sessionId",
new Date(System.currentTimeMillis() - 1000));
information.expireNow();
given(registry.getSessionInformation(anyString())).willReturn(information);
String expiredUrl = "/expired"; String expiredUrl = "/expired";
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(mockSessionRegistry(), expiredUrl);
filter.setRedirectStrategy(redirect); filter.setRedirectStrategy(redirect);
MockFilterChain chain = new MockFilterChain(); MockFilterChain chain = new MockFilterChain();
filter.doFilter(request, response, chain); filter.doFilter(request, response, chain);
@ -199,13 +195,8 @@ public class ConcurrentSessionFilterTests {
request.setSession(session); request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
RedirectStrategy redirect = mock(RedirectStrategy.class); RedirectStrategy redirect = mock(RedirectStrategy.class);
SessionRegistry registry = mock(SessionRegistry.class);
SessionInformation information = new SessionInformation("user", "sessionId",
new Date(System.currentTimeMillis() - 1000));
information.expireNow();
given(registry.getSessionInformation(anyString())).willReturn(information);
String expiredUrl = "/expired"; String expiredUrl = "/expired";
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(mockSessionRegistry(), expiredUrl);
filter.setRedirectStrategy(redirect); filter.setRedirectStrategy(redirect);
filter.doFilter(request, response, new MockFilterChain()); filter.doFilter(request, response, new MockFilterChain());
verify(redirect).sendRedirect(request, response, expiredUrl); verify(redirect).sendRedirect(request, response, expiredUrl);
@ -218,13 +209,9 @@ public class ConcurrentSessionFilterTests {
request.setSession(session); request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
RedirectStrategy redirect = mock(RedirectStrategy.class); RedirectStrategy redirect = mock(RedirectStrategy.class);
SessionRegistry registry = mock(SessionRegistry.class);
SessionInformation information = new SessionInformation("user", "sessionId",
new Date(System.currentTimeMillis() - 1000));
information.expireNow();
given(registry.getSessionInformation(anyString())).willReturn(information);
final String expiredUrl = "/expired"; final String expiredUrl = "/expired";
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry, expiredUrl + "will-be-overrridden") { ConcurrentSessionFilter filter = new ConcurrentSessionFilter(mockSessionRegistry(),
expiredUrl + "will-be-overrridden") {
@Override @Override
protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) { protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) {
return expiredUrl; return expiredUrl;
@ -241,12 +228,7 @@ public class ConcurrentSessionFilterTests {
MockHttpSession session = new MockHttpSession(); MockHttpSession session = new MockHttpSession();
request.setSession(session); request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
SessionRegistry registry = mock(SessionRegistry.class); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(mockSessionRegistry());
SessionInformation information = new SessionInformation("user", "sessionId",
new Date(System.currentTimeMillis() - 1000));
information.expireNow();
given(registry.getSessionInformation(anyString())).willReturn(information);
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
filter.doFilter(request, response, new MockFilterChain()); filter.doFilter(request, response, new MockFilterChain());
assertThat(response.getContentAsString()).contains( assertThat(response.getContentAsString()).contains(
"This session has been expired (possibly due to multiple concurrent logins being attempted as the same user)."); "This session has been expired (possibly due to multiple concurrent logins being attempted as the same user).");
@ -259,12 +241,7 @@ public class ConcurrentSessionFilterTests {
MockHttpSession session = new MockHttpSession(); MockHttpSession session = new MockHttpSession();
request.setSession(session); request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
SessionRegistry registry = mock(SessionRegistry.class); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(mockSessionRegistry());
SessionInformation information = new SessionInformation("user", "sessionId",
new Date(System.currentTimeMillis() - 1000));
information.expireNow();
given(registry.getSessionInformation(anyString())).willReturn(information);
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
filter.setLogoutHandlers(new LogoutHandler[] { handler }); filter.setLogoutHandlers(new LogoutHandler[] { handler });
filter.doFilter(request, response, new MockFilterChain()); filter.doFilter(request, response, new MockFilterChain());
verify(handler).logout(eq(request), eq(response), any()); verify(handler).logout(eq(request), eq(response), any());
@ -276,12 +253,7 @@ public class ConcurrentSessionFilterTests {
MockHttpSession session = new MockHttpSession(); MockHttpSession session = new MockHttpSession();
request.setSession(session); request.setSession(session);
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
SessionRegistry registry = mock(SessionRegistry.class); ConcurrentSessionFilter filter = new ConcurrentSessionFilter(mockSessionRegistry());
SessionInformation information = new SessionInformation("user", "sessionId",
new Date(System.currentTimeMillis() - 1000));
information.expireNow();
given(registry.getSessionInformation(anyString())).willReturn(information);
ConcurrentSessionFilter filter = new ConcurrentSessionFilter(registry);
SecurityContextHolderStrategy securityContextHolderStrategy = spy( SecurityContextHolderStrategy securityContextHolderStrategy = spy(
new MockSecurityContextHolderStrategy(new TestingAuthenticationToken("user", "password"))); new MockSecurityContextHolderStrategy(new TestingAuthenticationToken("user", "password")));
filter.setSecurityContextHolderStrategy(securityContextHolderStrategy); filter.setSecurityContextHolderStrategy(securityContextHolderStrategy);
@ -301,4 +273,13 @@ public class ConcurrentSessionFilterTests {
assertThatIllegalArgumentException().isThrownBy(() -> filter.setLogoutHandlers(new LogoutHandler[0])); assertThatIllegalArgumentException().isThrownBy(() -> filter.setLogoutHandlers(new LogoutHandler[0]));
} }
private SessionRegistry mockSessionRegistry() {
SessionRegistry registry = mock(SessionRegistry.class);
SessionInformation information = new SessionInformation("user", "sessionId",
new Date(System.currentTimeMillis() - 1000));
information.expireNow();
given(registry.getSessionInformation(anyString())).willReturn(information);
return registry;
}
} }