Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 14:22:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated tests to relocate common filter authentication functionality to an abstract parent.

Browse Source
This commit is contained in:
Ben Alex 2004-04-18 12:57:49 +00:00
parent 4500aba050
commit b3f9f6f4e9
3 changed files with 433 additions and 383 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

410
core/src/test/java/org/acegisecurity/ui/AbstractProcessingFilterTests.java Normal file
View File

@ -0,0 +1,410 @@
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.sf.acegisecurity.ui;
import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.AuthenticationException;
import net.sf.acegisecurity.BadCredentialsException;
import net.sf.acegisecurity.GrantedAuthority;
import net.sf.acegisecurity.GrantedAuthorityImpl;
import net.sf.acegisecurity.MockAuthenticationManager;
import net.sf.acegisecurity.MockFilterConfig;
import net.sf.acegisecurity.MockHttpServletRequest;
import net.sf.acegisecurity.MockHttpServletResponse;
import net.sf.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import net.sf.acegisecurity.ui.webapp.HttpSessionIntegrationFilter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
/**
* Tests {@link AbstractProcessingFilter}.
*
* @author Ben Alex
* @version $Id$
*/
public class AbstractProcessingFilterTests extends TestCase {
//~ Constructors ===========================================================
public AbstractProcessingFilterTests() {
super();
}
public AbstractProcessingFilterTests(String arg0) {
super(arg0);
}
//~ Methods ================================================================
public final void setUp() throws Exception {
super.setUp();
}
public static void main(String[] args) {
junit.textui.TestRunner.run(AbstractProcessingFilterTests.class);
}
public void testDoFilterWithNonHttpServletRequestDetected()
throws Exception {
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
try {
filter.doFilter(null, new MockHttpServletResponse(),
new MockFilterChain());
fail("Should have thrown ServletException");
} catch (ServletException expected) {
assertEquals("Can only process HttpServletRequest",
expected.getMessage());
}
}
public void testDoFilterWithNonHttpServletResponseDetected()
throws Exception {
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
try {
filter.doFilter(new MockHttpServletRequest(null, null), null,
new MockFilterChain());
fail("Should have thrown ServletException");
} catch (ServletException expected) {
assertEquals("Can only process HttpServletResponse",
expected.getMessage());
}
}
public void testFailedAuthenticationRedirectsAppropriately()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest("");
request.setServletPath("/j_mock_post");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will not be invoked, as we redirect to authenticationFailureUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to deny access
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(false);
filter.setAuthenticationFailureUrl("/myApp/failed.jsp");
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/myApp/failed.jsp", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
}
public void testFilterProcessesUrlVariationsRespected()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest("");
request.setServletPath("/j_OTHER_LOCATION");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
filter.setFilterProcessesUrl("/j_OTHER_LOCATION");
filter.setDefaultTargetUrl("/logged_in.jsp");
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/logged_in.jsp", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) != null);
assertEquals("test",
((Authentication) request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY)).getPrincipal()
.toString());
}
public void testGettersSetters() {
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
filter.setAuthenticationFailureUrl("/x");
assertEquals("/x", filter.getAuthenticationFailureUrl());
filter.setAuthenticationManager(new MockAuthenticationManager());
assertTrue(filter.getAuthenticationManager() != null);
filter.setDefaultTargetUrl("/default");
assertEquals("/default", filter.getDefaultTargetUrl());
filter.setFilterProcessesUrl("/p");
assertEquals("/p", filter.getFilterProcessesUrl());
}
public void testIgnoresAnyServletPathOtherThanFilterProcessesUrl()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest("");
request.setServletPath("/some.file.html");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will be invoked, as our request is for a page the filter isn't monitoring
MockFilterChain chain = new MockFilterChain(true);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to deny access
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(false);
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
}
public void testNormalOperationWithDefaultFilterProcessesUrl()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest("");
request.setServletPath("/j_mock_post");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
filter.setFilterProcessesUrl("/j_mock_post");
filter.setDefaultTargetUrl("/logged_in.jsp");
filter.setAuthenticationFailureUrl("/failure.jsp");
filter.setAuthenticationManager(new MockAuthenticationManager(true));
filter.afterPropertiesSet();
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/logged_in.jsp", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) != null);
assertEquals("test",
((Authentication) request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY)).getPrincipal()
.toString());
}
public void testStartupDetectsInvalidAuthenticationFailureUrl()
throws Exception {
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
filter.setAuthenticationManager(new MockAuthenticationManager());
filter.setDefaultTargetUrl("/");
filter.setFilterProcessesUrl("/j_acegi_security_check");
try {
filter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("authenticationFailureUrl must be specified",
expected.getMessage());
}
}
public void testStartupDetectsInvalidAuthenticationManager()
throws Exception {
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
filter.setAuthenticationFailureUrl("/failed.jsp");
filter.setDefaultTargetUrl("/");
filter.setFilterProcessesUrl("/j_acegi_security_check");
try {
filter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("authenticationManager must be specified",
expected.getMessage());
}
}
public void testStartupDetectsInvalidDefaultTargetUrl()
throws Exception {
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
filter.setAuthenticationFailureUrl("/failed.jsp");
filter.setAuthenticationManager(new MockAuthenticationManager());
filter.setFilterProcessesUrl("/j_acegi_security_check");
try {
filter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("defaultTargetUrl must be specified",
expected.getMessage());
}
}
public void testStartupDetectsInvalidFilterProcessesUrl()
throws Exception {
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
filter.setAuthenticationFailureUrl("/failed.jsp");
filter.setAuthenticationManager(new MockAuthenticationManager());
filter.setDefaultTargetUrl("/");
filter.setFilterProcessesUrl(null);
try {
filter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("filterProcessesUrl must be specified",
expected.getMessage());
}
}
public void testSuccessLoginThenFailureLoginResultsInSessionLoosingToken()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest("");
request.setServletPath("/j_mock_post");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
filter.setFilterProcessesUrl("/j_mock_post");
filter.setDefaultTargetUrl("/logged_in.jsp");
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/logged_in.jsp", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) != null);
assertEquals("test",
((Authentication) request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY)).getPrincipal()
.toString());
// Now try again but this time have filter deny access
// Setup our HTTP request
// Setup our expectation that the filter chain will not be invoked, as we redirect to authenticationFailureUrl
chain = new MockFilterChain(false);
response = new MockHttpServletResponse();
// Setup our test object, to deny access
filter = new MockAbstractProcessingFilter(false);
filter.setFilterProcessesUrl("/j_mock_post");
filter.setAuthenticationFailureUrl("/failed.jsp");
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
}
public void testSuccessfulAuthenticationCausesRedirectToSessionSpecifiedUrl()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest("");
request.setServletPath("/j_mock_post");
request.getSession().setAttribute(AbstractProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
"/my-destination");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will be invoked, as we want to go to the location requested in the session
MockFilterChain chain = new MockFilterChain(true);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter(true);
filter.setFilterProcessesUrl("/j_mock_post");
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/my-destination", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) != null);
}
private void executeFilterInContainerSimulator(FilterConfig filterConfig,
Filter filter, ServletRequest request, ServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
filter.init(filterConfig);
filter.doFilter(request, response, filterChain);
filter.destroy();
}
//~ Inner Classes ==========================================================
private class MockAbstractProcessingFilter extends AbstractProcessingFilter {
private boolean grantAccess;
public MockAbstractProcessingFilter(boolean grantAccess) {
this.grantAccess = grantAccess;
}
private MockAbstractProcessingFilter() {
super();
}
public String getDefaultFilterProcessesUrl() {
return "/j_mock_post";
}
public Authentication attemptAuthentication(HttpServletRequest request)
throws AuthenticationException {
if (grantAccess) {
return new UsernamePasswordAuthenticationToken("test", "test",
new GrantedAuthority[] {new GrantedAuthorityImpl("TEST")});
} else {
throw new BadCredentialsException("Mock requested to do so");
}
}
public void init(FilterConfig arg0) throws ServletException {}
}
private class MockFilterChain implements FilterChain {
private boolean expectToProceed;
public MockFilterChain(boolean expectToProceed) {
this.expectToProceed = expectToProceed;
}
private MockFilterChain() {
super();
}
public void doFilter(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
if (expectToProceed) {
assertTrue(true);
} else {
fail("Did not expect filter chain to proceed");
}
}
}
}

4
core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterEntryPointTests.java
View File

@ -71,10 +71,12 @@ public class AuthenticationProcessingFilterEntryPointTests extends TestCase {
MockHttpServletRequest request = new MockHttpServletRequest( MockHttpServletRequest request = new MockHttpServletRequest(
"/some_path"); "/some_path");
request.setContextPath("/bigWebApp");
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
ep.afterPropertiesSet(); ep.afterPropertiesSet();
ep.commence(request, response); ep.commence(request, response);
assertEquals("/hello", response.getRedirect()); assertEquals("/bigWebApp/hello", response.getRedirect());
} }
} }

402
core/src/test/java/org/acegisecurity/ui/webapp/AuthenticationProcessingFilterTests.java
View File

@ -19,23 +19,9 @@ import junit.framework.TestCase;
import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.Authentication;
import net.sf.acegisecurity.MockAuthenticationManager; import net.sf.acegisecurity.MockAuthenticationManager;
import net.sf.acegisecurity.MockFilterConfig;
import net.sf.acegisecurity.MockHttpServletRequest; import net.sf.acegisecurity.MockHttpServletRequest;
import net.sf.acegisecurity.MockHttpServletResponse;
import net.sf.acegisecurity.MockHttpSession; import net.sf.acegisecurity.MockHttpSession;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
/** /**
* Tests {@link AuthenticationProcessingFilter}. * Tests {@link AuthenticationProcessingFilter}.
@ -64,407 +50,59 @@ public class AuthenticationProcessingFilterTests extends TestCase {
junit.textui.TestRunner.run(AuthenticationProcessingFilterTests.class); junit.textui.TestRunner.run(AuthenticationProcessingFilterTests.class);
} }
public void testDoFilterWithNonHttpServletRequestDetected() public void testGetters() {
throws Exception {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
assertEquals("/j_acegi_security_check",
try { filter.getDefaultFilterProcessesUrl());
filter.doFilter(null, new MockHttpServletResponse(),
new MockFilterChain());
fail("Should have thrown ServletException");
} catch (ServletException expected) {
assertEquals("Can only process HttpServletRequest",
expected.getMessage());
}
} }
public void testDoFilterWithNonHttpServletResponseDetected() public void testNormalOperation() throws Exception {
throws Exception {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
try {
filter.doFilter(new MockHttpServletRequest(null, null), null,
new MockFilterChain());
fail("Should have thrown ServletException");
} catch (ServletException expected) {
assertEquals("Can only process HttpServletResponse",
expected.getMessage());
}
}
public void testFailedAuthenticationRedirectsAppropriately()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession());
request.setContextPath("/myApp");
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY,
"marissa");
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY,
"WRONG_PASSWORD");
request.setServletPath("/j_acegi_security_check");
// Launch an application context and access our bean
ApplicationContext ctx = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
.getBean("authenticationProcessingFilter");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will not be invoked, as we redirect to authenticationFailureUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
System.out.println(response.getRedirect());
assertEquals("/myApp/failed.jsp", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
}
public void testFilterProcessesUrlVariationsRespected()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest(null, MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession()); new MockHttpSession());
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY,
"marissa"); "marissa");
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY,
"koala"); "koala");
request.setServletPath("/j_THIS_IS_MY_security_check");
// Launch an application context and access our bean MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
ApplicationContext ctx = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
.getBean("authenticationProcessingFilter");
// Must override the XML defined authenticationProcessesUrl
filter.setFilterProcessesUrl("/j_THIS_IS_MY_security_check");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) != null);
assertEquals("marissa",
((Authentication) request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY)).getPrincipal()
.toString());
}
public void testGettersSetters() {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationFailureUrl("/x"); filter.setAuthenticationManager(authMgr);
assertEquals("/x", filter.getAuthenticationFailureUrl()); filter.init(null);
filter.setAuthenticationManager(new MockAuthenticationManager()); Authentication result = filter.attemptAuthentication(request);
assertTrue(filter.getAuthenticationManager() != null); assertTrue(result != null);
filter.setDefaultTargetUrl("/default");
assertEquals("/default", filter.getDefaultTargetUrl());
filter.setFilterProcessesUrl("/p");
assertEquals("/p", filter.getFilterProcessesUrl());
}
public void testIgnoresAnyServletPathOtherThanFilterProcessesUrl()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession());
request.setServletPath("/j_some_other_url");
// Launch an application context and access our bean
ApplicationContext ctx = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
.getBean("authenticationProcessingFilter");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will be invoked, as should just proceed with chain
MockFilterChain chain = new MockFilterChain(true);
// Test
executeFilterInContainerSimulator(config, filter, request,
new MockHttpServletResponse(), chain);
}
public void testNormalOperationWithDefaultFilterProcessesUrl()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession());
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY,
"marissa");
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY,
"koala");
request.setServletPath("/j_acegi_security_check");
// Launch an application context and access our bean
ApplicationContext ctx = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
.getBean("authenticationProcessingFilter");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) != null);
assertEquals("marissa",
((Authentication) request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY)).getPrincipal()
.toString());
} }
public void testNullPasswordHandledGracefully() throws Exception { public void testNullPasswordHandledGracefully() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest(null, MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession()); new MockHttpSession());
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY, request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY,
"marissa"); "marissa");
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY,
null);
request.setServletPath("/j_acegi_security_check");
// Launch an application context and access our bean MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
ApplicationContext ctx = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
.getBean("authenticationProcessingFilter");
// Setup our filter configuration AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
MockFilterConfig config = new MockFilterConfig(); filter.setAuthenticationManager(authMgr);
filter.init(null);
// Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl Authentication result = filter.attemptAuthentication(request);
MockFilterChain chain = new MockFilterChain(false); assertTrue(result != null);
MockHttpServletResponse response = new MockHttpServletResponse();
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/failed.jsp", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
} }
public void testNullUsernameHandledGracefully() throws Exception { public void testNullUsernameHandledGracefully() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest(null, MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession()); new MockHttpSession());
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY,
null);
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY, request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY,
"koala"); "koala");
request.setServletPath("/j_acegi_security_check");
// Launch an application context and access our bean MockAuthenticationManager authMgr = new MockAuthenticationManager(true);
ApplicationContext ctx = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
.getBean("authenticationProcessingFilter");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/failed.jsp", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
}
public void testStartupDetectsInvalidAuthenticationFailureUrl()
throws Exception {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter(); AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationManager(new MockAuthenticationManager()); filter.setAuthenticationManager(authMgr);
filter.setDefaultTargetUrl("/"); filter.init(null);
filter.setFilterProcessesUrl("/j_acegi_security_check");
try { Authentication result = filter.attemptAuthentication(request);
filter.afterPropertiesSet(); assertTrue(result != null);
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("authenticationFailureUrl must be specified",
expected.getMessage());
}
}
public void testStartupDetectsInvalidAuthenticationManager()
throws Exception {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationFailureUrl("/failed.jsp");
filter.setDefaultTargetUrl("/");
filter.setFilterProcessesUrl("/j_acegi_security_check");
try {
filter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("authenticationManager must be specified",
expected.getMessage());
}
}
public void testStartupDetectsInvalidDefaultTargetUrl()
throws Exception {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationFailureUrl("/failed.jsp");
filter.setAuthenticationManager(new MockAuthenticationManager());
filter.setFilterProcessesUrl("/j_acegi_security_check");
try {
filter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("defaultTargetUrl must be specified",
expected.getMessage());
}
}
public void testStartupDetectsInvalidFilterProcessesUrl()
throws Exception {
AuthenticationProcessingFilter filter = new AuthenticationProcessingFilter();
filter.setAuthenticationFailureUrl("/failed.jsp");
filter.setAuthenticationManager(new MockAuthenticationManager());
filter.setDefaultTargetUrl("/");
filter.setFilterProcessesUrl(null);
try {
filter.afterPropertiesSet();
fail("Should have thrown IllegalArgumentException");
} catch (IllegalArgumentException expected) {
assertEquals("filterProcessesUrl must be specified",
expected.getMessage());
}
}
public void testSuccessLoginThenFailureLoginResultsInSessionLoosingToken()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession());
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY,
"marissa");
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY,
"koala");
request.setServletPath("/j_acegi_security_check");
// Launch an application context and access our bean
ApplicationContext ctx = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
.getBean("authenticationProcessingFilter");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will not be invoked, as we redirect to authenticationFailureUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) != null);
// Now try again with a wrong password
MockHttpServletRequest request2 = new MockHttpServletRequest(null,
new MockHttpSession());
request2.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY,
"marissa");
request2.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY,
"WRONG_PASSWORD");
request2.setServletPath("/j_acegi_security_check");
executeFilterInContainerSimulator(config, filter, request2, response,
chain);
assertTrue(request2.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) == null);
}
public void testSuccessfulAuthenticationCausesRedirectToSessionSpecifiedUrl()
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = new MockHttpServletRequest(null,
new MockHttpSession());
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_USERNAME_KEY,
"marissa");
request.setParameter(AuthenticationProcessingFilter.ACEGI_SECURITY_FORM_PASSWORD_KEY,
"koala");
request.setServletPath("/j_acegi_security_check");
request.getSession().setAttribute(AuthenticationProcessingFilter.ACEGI_SECURITY_TARGET_URL_KEY,
"/my-destination");
// Launch an application context and access our bean
ApplicationContext ctx = new ClassPathXmlApplicationContext(
"net/sf/acegisecurity/ui/webapp/filtertest-valid.xml");
AuthenticationProcessingFilter filter = (AuthenticationProcessingFilter) ctx
.getBean("authenticationProcessingFilter");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig();
// Setup our expectation that the filter chain will not be invoked, as we redirect to defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Test
executeFilterInContainerSimulator(config, filter, request, response,
chain);
assertEquals("/my-destination", response.getRedirect());
assertTrue(request.getSession().getAttribute(HttpSessionIntegrationFilter.ACEGI_SECURITY_AUTHENTICATION_KEY) != null);
}
private void executeFilterInContainerSimulator(FilterConfig filterConfig,
Filter filter, ServletRequest request, ServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
filter.init(filterConfig);
filter.doFilter(request, response, filterChain);
filter.destroy();
}
//~ Inner Classes ==========================================================
private class MockFilterChain implements FilterChain {
private boolean expectToProceed;
public MockFilterChain(boolean expectToProceed) {
this.expectToProceed = expectToProceed;
}
private MockFilterChain() {
super();
}
public void doFilter(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
if (expectToProceed) {
assertTrue(true);
} else {
fail("Did not expect filter chain to proceed");
}
}
} }
} }