From a7fbae8355929f9e7f59b9e0dee823a6de08ddd8 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Fri, 16 Apr 2021 12:24:05 -0400 Subject: [PATCH] Add test for RequestedUrlRedirectInvalidSessionStrategy --- .../session/SessionManagementFilterTests.java | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java index 7d5cc504a1..54802e3c07 100644 --- a/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java @@ -150,6 +150,32 @@ public class SessionManagementFilterTests { assertThat(response.getRedirectedUrl()).isEqualTo("/timedOut"); } + @Test + public void responseIsRedirectedToRequestedUrlIfSetAndSessionIsInvalid() throws Exception { + SecurityContextRepository repo = mock(SecurityContextRepository.class); + // repo will return false to containsContext() + SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class); + SessionManagementFilter filter = new SessionManagementFilter(repo, strategy); + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setRequestedSessionId("xxx"); + request.setRequestedSessionIdValid(false); + MockHttpServletResponse response = new MockHttpServletResponse(); + filter.doFilter(request, response, new MockFilterChain()); + assertThat(response.getRedirectedUrl()).isNull(); + // Now set a redirect URL + request = new MockHttpServletRequest(); + request.setRequestedSessionId("xxx"); + request.setRequestedSessionIdValid(false); + request.setRequestURI("/requested"); + RequestedUrlRedirectInvalidSessionStrategy iss = new RequestedUrlRedirectInvalidSessionStrategy(); + iss.setCreateNewSession(true); + filter.setInvalidSessionStrategy(iss); + FilterChain fc = mock(FilterChain.class); + filter.doFilter(request, response, fc); + verifyZeroInteractions(fc); + assertThat(response.getRedirectedUrl()).isEqualTo("/requested"); + } + @Test public void customAuthenticationTrustResolver() throws Exception { AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);