diff --git a/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy
index 00a4137fd0..85c2542709 100644
--- a/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy
@@ -20,6 +20,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
* @author Luke Taylor
*/
class OpenIDConfigTests extends AbstractHttpConfigTests {
+
def openIDAndFormLoginWorkTogether() {
xml.http() {
'openid-login'()
diff --git a/config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
index 862c5932ca..5607f2bb33 100644
--- a/config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/http/MiscHttpConfigTests.groovy
@@ -339,28 +339,6 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
getFilter(ExceptionTranslationFilter).getAuthenticationEntryPoint() instanceof MockEntryPoint
}
- def disablingSessionProtectionRemovesSessionManagementFilterIfNoInvalidSessionUrlSet() {
- httpAutoConfig {
- 'session-management'('session-fixation-protection': 'none')
- }
- createAppContext()
-
- expect:
- !(getFilters("/someurl")[8] instanceof SessionManagementFilter)
- }
-
- def disablingSessionProtectionRetainsSessionManagementFilterInvalidSessionUrlSet() {
- httpAutoConfig {
- 'session-management'('session-fixation-protection': 'none', 'invalid-session-url': '/timeoutUrl')
- }
- createAppContext()
- def filter = getFilters("/someurl")[8]
-
- expect:
- filter instanceof SessionManagementFilter
- filter.invalidSessionUrl == '/timeoutUrl'
- }
-
/**
* See SEC-750. If the http security post processor causes beans to be instantiated too eagerly, they way miss
* additional processing. In this method we have a UserDetailsService which is referenced from the namespace
diff --git a/config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy
index 9d5fd9cf89..7688c54f48 100644
--- a/config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy
@@ -172,4 +172,26 @@ class SessionManagementConfigTests extends AbstractHttpConfigTests {
mockResponse.redirectedUrl == "/max-exceeded";
}
+ def disablingSessionProtectionRemovesSessionManagementFilterIfNoInvalidSessionUrlSet() {
+ httpAutoConfig {
+ 'session-management'('session-fixation-protection': 'none')
+ }
+ createAppContext()
+
+ expect:
+ !(getFilters("/someurl")[8] instanceof SessionManagementFilter)
+ }
+
+ def disablingSessionProtectionRetainsSessionManagementFilterInvalidSessionUrlSet() {
+ httpAutoConfig {
+ 'session-management'('session-fixation-protection': 'none', 'invalid-session-url': '/timeoutUrl')
+ }
+ createAppContext()
+ def filter = getFilters("/someurl")[8]
+
+ expect:
+ filter instanceof SessionManagementFilter
+ filter.invalidSessionUrl == '/timeoutUrl'
+ }
+
}
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
deleted file mode 100644
index 51a5965806..0000000000
--- a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
+++ /dev/null
@@ -1,1239 +0,0 @@
-package org.springframework.security.config.http;
-
-import static org.hamcrest.Matchers.*;
-import static org.junit.Assert.*;
-import static org.springframework.security.config.ConfigTestUtils.AUTH_PROVIDER_XML;
-import static org.springframework.security.config.http.AuthenticationConfigBuilder.*;
-
-import java.lang.reflect.Method;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.regex.Pattern;
-
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
-
-import org.junit.After;
-import org.junit.Test;
-import org.springframework.beans.factory.BeanCreationException;
-import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
-import org.springframework.context.support.AbstractXmlApplicationContext;
-import org.springframework.mock.web.MockFilterChain;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.SecurityConfig;
-import org.springframework.security.authentication.ProviderManager;
-import org.springframework.security.authentication.RememberMeAuthenticationProvider;
-import org.springframework.security.authentication.TestingAuthenticationToken;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.config.BeanIds;
-import org.springframework.security.config.PostProcessedMockUserDetailsService;
-import org.springframework.security.config.util.InMemoryXmlApplicationContext;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.session.SessionRegistryImpl;
-import org.springframework.security.openid.OpenID4JavaConsumer;
-import org.springframework.security.openid.OpenIDAttribute;
-import org.springframework.security.openid.OpenIDAuthenticationFilter;
-import org.springframework.security.openid.OpenIDAuthenticationProvider;
-import org.springframework.security.openid.OpenIDAuthenticationToken;
-import org.springframework.security.openid.OpenIDConsumer;
-import org.springframework.security.openid.OpenIDConsumerException;
-import org.springframework.security.openid.RegexBasedAxFetchListFactory;
-import org.springframework.security.util.FieldUtils;
-import org.springframework.security.web.FilterChainProxy;
-import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.PortMapperImpl;
-import org.springframework.security.web.access.AccessDeniedHandlerImpl;
-import org.springframework.security.web.access.ExceptionTranslationFilter;
-import org.springframework.security.web.access.channel.ChannelProcessingFilter;
-import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
-import org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
-import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-import org.springframework.security.web.authentication.RememberMeServices;
-import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
-import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.security.web.authentication.logout.LogoutFilter;
-import org.springframework.security.web.authentication.logout.LogoutHandler;
-import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
-import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
-import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
-import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
-import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
-import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
-import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
-import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
-import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
-import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
-import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
-import org.springframework.security.web.context.NullSecurityContextRepository;
-import org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper;
-import org.springframework.security.web.context.SecurityContextPersistenceFilter;
-import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
-import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
-import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
-import org.springframework.security.web.session.ConcurrentSessionFilter;
-import org.springframework.security.web.session.SessionManagementFilter;
-import org.springframework.util.ReflectionUtils;
-
-/**
- * @author Luke Taylor
- */
-public class HttpSecurityBeanDefinitionParserTests {
- private static final int AUTO_CONFIG_FILTERS = 11;
- private AbstractXmlApplicationContext appContext;
-
- @After
- public void closeAppContext() {
- if (appContext != null) {
- appContext.close();
- appContext = null;
- }
- SecurityContextHolder.clearContext();
- }
-
- @Test
- public void minimalConfigurationParses() {
- setContext("" + AUTH_PROVIDER_XML);
- }
-
- @Test
- public void beanClassNamesAreCorrect() throws Exception {
- assertEquals(DefaultWebSecurityExpressionHandler.class.getName(), HttpSecurityBeanDefinitionParser.EXPRESSION_HANDLER_CLASS);
- assertEquals(ExpressionBasedFilterInvocationSecurityMetadataSource.class.getName(), HttpSecurityBeanDefinitionParser.EXPRESSION_FIMDS_CLASS);
- assertEquals(UsernamePasswordAuthenticationFilter.class.getName(), AUTHENTICATION_PROCESSING_FILTER_CLASS);
- assertEquals(OpenIDAuthenticationFilter.class.getName(), OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS);
- assertEquals(OpenIDAuthenticationProvider.class.getName(), OPEN_ID_AUTHENTICATION_PROVIDER_CLASS);
- }
-
- @Test
- public void httpAutoConfigSetsUpCorrectFilterList() throws Exception {
- setContext("" + AUTH_PROVIDER_XML);
-
- List filterList = getFilters("/anyurl");
-
- checkAutoConfigFilters(filterList);
- }
-
- private void checkAutoConfigFilters(List filterList) throws Exception {
- Iterator filters = filterList.iterator();
-
- assertTrue(filters.next() instanceof SecurityContextPersistenceFilter);
- assertTrue(filters.next() instanceof LogoutFilter);
- Object authProcFilter = filters.next();
- assertTrue(authProcFilter instanceof UsernamePasswordAuthenticationFilter);
- assertTrue(filters.next() instanceof DefaultLoginPageGeneratingFilter);
- assertTrue(filters.next() instanceof BasicAuthenticationFilter);
- assertTrue(filters.next() instanceof RequestCacheAwareFilter);
- assertTrue(filters.next() instanceof SecurityContextHolderAwareRequestFilter);
- assertTrue(filters.next() instanceof AnonymousAuthenticationFilter);
- assertTrue(filters.next() instanceof SessionManagementFilter);
- assertTrue(filters.next() instanceof ExceptionTranslationFilter);
- Object fsiObj = filters.next();
- assertTrue(fsiObj instanceof FilterSecurityInterceptor);
- FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) fsiObj;
- assertTrue(fsi.isObserveOncePerRequest());
- }
-
- @Test
- public void filterListShouldBeEmptyForPatternWithNoFilters() throws Exception {
- setContext(
- " " +
- " " + AUTH_PROVIDER_XML);
-
- List filters = getFilters("/unprotected");
-
- assertTrue(filters.size() == 0);
- }
-
- @Test
- public void filtersEqualsNoneSupportsPlaceholderForPattern() throws Exception {
- System.setProperty("pattern.nofilters", "/unprotected");
- setContext(
- " " +
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
-
- List filters = getFilters("/unprotected");
-
- assertTrue(filters.size() == 0);
- }
-
- @Test
- public void regexPathsWorkCorrectly() throws Exception {
- setContext(
- " " +
- " "
- + AUTH_PROVIDER_XML);
- assertEquals(0, getFilters("/imlowercase").size());
- List allFilters = getFilters("/ImCaughtByTheAnyRequestMatcher");
- checkAutoConfigFilters(allFilters);
- }
-
- @Test
- public void ciRegexPathsWorkCorrectly() throws Exception {
- setContext(
- " " +
- " "
- + AUTH_PROVIDER_XML);
- assertEquals(0, getFilters("/imMixedCase").size());
- // This will be matched by the default pattern ".*"
- List allFilters = getFilters("/Im_Caught_By_The_AnyRequestMatcher");
- assertTrue(allFilters.size() > 0);
- checkAutoConfigFilters(allFilters);
- }
-
- @Test
- public void formLoginWithNoLoginPageAddsDefaultLoginPageFilter() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- // These will be matched by the default pattern "/**"
- checkAutoConfigFilters(getFilters("/anything"));
- }
-
- @Test
- public void formLoginAlwaysUseDefaultSetsCorrectProperty() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- // These will be matched by the default pattern "/**"
- UsernamePasswordAuthenticationFilter filter = getFilter(UsernamePasswordAuthenticationFilter.class);
- assertEquals("/default", FieldUtils.getFieldValue(filter, "successHandler.defaultTargetUrl"));
- assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "successHandler.alwaysUseDefaultTargetUrl"));
- }
-
- // SEC-1152
- @Test
- public void anonymousFilterIsAddedByDefault() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- assertThat(getFilters("/anything").get(5), instanceOf(AnonymousAuthenticationFilter.class));
- }
-
- @Test
- public void anonymousFilterIsRemovedIfDisabledFlagSet() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML);
- assertThat(getFilters("/anything").get(5), not(instanceOf(AnonymousAuthenticationFilter.class)));
- }
-
- @Test
- public void anonymousCustomAttributesAreSetCorrectly() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML);
- AnonymousAuthenticationFilter filter = getFilter(AnonymousAuthenticationFilter.class);
- assertEquals("customKey", filter.getKey());
- assertEquals("joe", filter.getUserAttribute().getPassword());
- assertEquals("anonymity", filter.getUserAttribute().getAuthorities().get(0).getAuthority());
- }
-
- @Test(expected=BeanCreationException.class)
- public void invalidLoginPageIsDetected() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- }
-
- @Test(expected=BeanCreationException.class)
- public void invalidDefaultTargetUrlIsDetected() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- }
-
- @Test(expected=BeanCreationException.class)
- public void invalidLogoutUrlIsDetected() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML);
- }
-
- @Test(expected=BeanCreationException.class)
- public void invalidLogoutSuccessUrlIsDetected() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML);
- }
-
- @Test
- public void logoutSuccessHandlerIsSetCorrectly() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" +
- ""
- + AUTH_PROVIDER_XML);
-
- LogoutFilter filter = (LogoutFilter) getFilter(LogoutFilter.class);
- LogoutSuccessHandler handler = (LogoutSuccessHandler) FieldUtils.getFieldValue(filter, "logoutSuccessHandler");
- assertSame(appContext.getBean("logoutHandler"), handler);
- }
-
- // SEC-1201
- @Test
- public void interceptUrlsAndFormLoginSupportPropertyPlaceholders() throws Exception {
- System.setProperty("secure.Url", "/Secure");
- System.setProperty("secure.role", "ROLE_A");
- System.setProperty("login.page", "/loginPage");
- System.setProperty("default.target", "/defaultTarget");
- System.setProperty("auth.failure", "/authFailure");
- setContext(
- "" +
- "" +
- "" +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML);
- checkPropertyValues();
- assertEquals(0, getFilters("/loginPage").size());
- }
-
- // SEC-1309
- @Test
- public void interceptUrlsAndFormLoginSupportEL() throws Exception {
- System.setProperty("secure.url", "/Secure");
- System.setProperty("secure.role", "ROLE_A");
- System.setProperty("login.page", "/loginPage");
- System.setProperty("default.target", "/defaultTarget");
- System.setProperty("auth.failure", "/authFailure");
- setContext(
- "" +
- "" +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML);
- checkPropertyValues() ;
- }
-
- private void checkPropertyValues() throws Exception {
- // Check the security attribute
- FilterSecurityInterceptor fis = getFilter(FilterSecurityInterceptor.class);
- FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
- Collection attrs = fids.getAttributes(createFilterinvocation("/secure", null));
- assertNotNull(attrs);
- assertEquals(1, attrs.size());
- assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
-
- // Check the form login properties are set
- UsernamePasswordAuthenticationFilter apf = getFilter(UsernamePasswordAuthenticationFilter.class);
- assertEquals("/defaultTarget", FieldUtils.getFieldValue(apf, "successHandler.defaultTargetUrl"));
- assertEquals("/authFailure", FieldUtils.getFieldValue(apf, "failureHandler.defaultFailureUrl"));
-
- ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class);
- assertEquals("/loginPage", FieldUtils.getFieldValue(etf, "authenticationEntryPoint.loginFormUrl"));
- }
-
- @Test
- public void httpMethodMatchIsSupported() throws Exception {
- setContext(
- " " +
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
-
- FilterSecurityInterceptor fis = getFilter(FilterSecurityInterceptor.class);
- FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
- Collection attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
- assertEquals(2, attrs.size());
- assertTrue(attrs.contains(new SecurityConfig("ROLE_A")));
- assertTrue(attrs.contains(new SecurityConfig("ROLE_B")));
- }
-
- @Test
- public void oncePerRequestAttributeIsSupported() throws Exception {
- setContext("" + AUTH_PROVIDER_XML);
-
- FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class);
-
- assertFalse(fsi.isObserveOncePerRequest());
- }
-
- @Test
- public void httpBasicSupportsSeparateEntryPoint() throws Exception {
- setContext("" +
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
-
- BasicAuthenticationFilter baf = getFilter(BasicAuthenticationFilter.class);
- assertSame(appContext.getBean("ep"), FieldUtils.getFieldValue(baf, "authenticationEntryPoint"));
- // Since no other authentication system is in use, this should also end up on the ETF
- ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class);
- assertSame(appContext.getBean("ep"), FieldUtils.getFieldValue(etf, "authenticationEntryPoint"));
- }
-
- @Test
- public void accessDeniedPageAttributeIsSupported() throws Exception {
- setContext("" + AUTH_PROVIDER_XML);
-
- ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class);
-
- assertEquals("/access-denied", FieldUtils.getFieldValue(etf, "accessDeniedHandler.errorPage"));
- }
-
- @Test(expected=BeanCreationException.class)
- public void invalidAccessDeniedUrlIsDetected() throws Exception {
- setContext("" + AUTH_PROVIDER_XML);
- }
-
- @Test
- public void interceptUrlWithRequiresChannelAddsChannelFilterToStack() throws Exception {
- setContext(
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- List filters = getFilters("/someurl");
-
- assertEquals("Expected " + (AUTO_CONFIG_FILTERS + 1) +" filters in chain", AUTO_CONFIG_FILTERS + 1, filters.size());
-
- assertTrue(filters.get(0) instanceof ChannelProcessingFilter);
- }
-
- @Test
- public void requiresChannelSupportsPlaceholder() throws Exception {
- System.setProperty("secure.url", "/secure");
- System.setProperty("required.channel", "https");
- setContext(
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- List filters = getFilters("/secure");
-
- assertTrue(filters.get(0) instanceof ChannelProcessingFilter);
- ChannelProcessingFilter filter = (ChannelProcessingFilter) filters.get(0);
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setServletPath("/secure");
- MockHttpServletResponse response = new MockHttpServletResponse();
- filter.doFilter(request, response, new MockFilterChain());
- assertNotNull(response.getRedirectedUrl());
- assertTrue(response.getRedirectedUrl().startsWith("https"));
- }
-
- @Test
- public void portMappingsAreParsedCorrectly() throws Exception {
- setContext(
- " " +
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
-
- PortMapperImpl pm = getPortMapper();
- assertEquals(1, pm.getTranslatedPortMappings().size());
- assertEquals(Integer.valueOf(9080), pm.lookupHttpPort(9443));
- assertEquals(Integer.valueOf(9443), pm.lookupHttpsPort(9080));
- }
-
- @Test
- public void portMappingsWorkWithPlaceholdersAndEL() throws Exception {
- System.setProperty("http", "9080");
- System.setProperty("https", "9443");
- setContext(
- " " +
- " " +
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
-
- PortMapperImpl pm = getPortMapper();
- assertEquals(1, pm.getTranslatedPortMappings().size());
- assertEquals(Integer.valueOf(9080), pm.lookupHttpPort(9443));
- assertEquals(Integer.valueOf(9443), pm.lookupHttpsPort(9080));
- }
-
- private PortMapperImpl getPortMapper() {
- Map beans = appContext.getBeansOfType(PortMapperImpl.class);
- return new ArrayList(beans.values()).get(0);
- }
-
- @Test
- public void accessDeniedPageWorksWithPlaceholders() throws Exception {
- System.setProperty("accessDenied", "/go-away");
- setContext(
- " " +
- " " + AUTH_PROVIDER_XML);
- ExceptionTranslationFilter filter = (ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class);
- assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
- }
-
- @Test
- public void accessDeniedHandlerPageWorksWithEL() throws Exception {
- setContext(
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- ExceptionTranslationFilter filter = getFilter(ExceptionTranslationFilter.class);
- assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
- }
-
- @Test
- public void accessDeniedHandlerIsSetCorectly() throws Exception {
- setContext(
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- ExceptionTranslationFilter filter = getFilter(ExceptionTranslationFilter.class);
- AccessDeniedHandlerImpl adh = (AccessDeniedHandlerImpl) appContext.getBean("adh");
- assertSame(adh, FieldUtils.getFieldValue(filter, "accessDeniedHandler"));
- }
-
- @Test(expected=BeanDefinitionParsingException.class)
- public void accessDeniedPageAndAccessDeniedHandlerAreMutuallyExclusive() throws Exception {
- setContext(
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- ExceptionTranslationFilter filter = getFilter(ExceptionTranslationFilter.class);
- assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
- }
-
- @Test(expected=BeanDefinitionParsingException.class)
- public void accessDeniedHandlerPageAndRefAreMutuallyExclusive() throws Exception {
- setContext(
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- ExceptionTranslationFilter filter = getFilter(ExceptionTranslationFilter.class);
- assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
- }
-
- @Test
- public void externalFiltersAreTreatedCorrectly() throws Exception {
- // Decorated user-filters should be added to stack. The others should be ignored.
- String contextHolderFilterClass = SecurityContextHolderAwareRequestFilter.class.getName();
- String contextPersistenceFilterClass = SecurityContextPersistenceFilter.class.getName();
- System.setProperty("customFilterRef", "userFilter1");
-
- setContext(
- "" +
- "" +
- " " +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML +
- "" +
- "" +
- "" +
- "" +
- ""
- );
- List filters = getFilters("/someurl");
-
- assertEquals(AUTO_CONFIG_FILTERS + 3, filters.size());
- assertTrue(filters.get(0) instanceof SecurityContextPersistenceFilter);
- assertTrue(filters.get(1) instanceof SecurityContextPersistenceFilter);
- assertTrue(filters.get(4) instanceof SecurityContextHolderAwareRequestFilter);
- }
-
- @Test(expected=BeanDefinitionParsingException.class)
- public void twoFiltersWithSameOrderAreRejected() {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML +
- "");
- }
-
- @Test
- public void rememberMeServiceWorksWithTokenRepoRef() throws Exception {
- setContext(
- "" +
- " " +
- "" +
- " " + AUTH_PROVIDER_XML);
- RememberMeServices rememberMeServices = getRememberMeServices();
-
- assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
- assertFalse((Boolean)FieldUtils.getFieldValue(getRememberMeServices(), "useSecureCookie"));
- }
-
- @Test
- public void rememberMeServiceWorksWithDataSourceRef() throws Exception {
- setContext(
- "" +
- " " +
- "" +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML);
- RememberMeServices rememberMeServices = getRememberMeServices();
-
- assertTrue(rememberMeServices instanceof PersistentTokenBasedRememberMeServices);
- }
-
- @Test
- @SuppressWarnings("unchecked")
- public void rememberMeServiceWorksWithExternalServicesImpl() throws Exception {
- setContext(
- "" +
- " " +
- "" +
- " " +
- " " +
- " " +
- " " +
- "" +
- AUTH_PROVIDER_XML);
-
- assertEquals(5000, FieldUtils.getFieldValue(getRememberMeServices(), "tokenValiditySeconds"));
- // SEC-909
- List logoutHandlers = (List) FieldUtils.getFieldValue(getFilter(LogoutFilter.class), "handlers");
- assertEquals(2, logoutHandlers.size());
- assertEquals(getRememberMeServices(), logoutHandlers.get(1));
- // SEC-1281
- Map ams = appContext.getBeansOfType(ProviderManager.class);
- ams.remove(BeanIds.AUTHENTICATION_MANAGER);
- RememberMeAuthenticationProvider rmp = (RememberMeAuthenticationProvider) ((ProviderManager)ams.values().toArray()[0]).getProviders().get(1);
- assertEquals("ourkey", rmp.getKey());
- }
-
- @Test
- public void rememberMeTokenValidityIsParsedCorrectly() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- assertEquals(10000, FieldUtils.getFieldValue(getRememberMeServices(), "tokenValiditySeconds"));
- }
-
- @Test
- public void rememberMeTokenValidityAllowsNegativeValueForNonPersistentImplementation() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- assertEquals(-1, FieldUtils.getFieldValue(getRememberMeServices(), "tokenValiditySeconds"));
- }
-
- @Test
- public void rememberMeSecureCookieAttributeIsSetCorrectly() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- assertTrue((Boolean)FieldUtils.getFieldValue(getRememberMeServices(), "useSecureCookie"));
- }
-
- @Test(expected=BeanDefinitionParsingException.class)
- public void rememberMeTokenValidityRejectsNegativeValueForPersistentImplementation() throws Exception {
- setContext(
- "" +
- " " +
- "" +
- " " +
- AUTH_PROVIDER_XML);
- }
-
- @Test
- public void rememberMeServiceConfigurationParsesWithCustomUserService() {
- setContext(
- "" +
- " " +
- "" +
- " " +
- AUTH_PROVIDER_XML);
- }
-
- @Test
- public void x509SupportAddsFilterAtExpectedPosition() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- List filters = getFilters("/someurl");
-
- assertTrue(filters.get(2) instanceof X509AuthenticationFilter);
- }
-
- @Test
- public void x509SubjectPrincipalRegexCanBeSetUsingPropertyPlaceholder() throws Exception {
- System.setProperty("subject-principal-regex", "uid=(.*),");
- setContext(
- "" +
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
-
- X509AuthenticationFilter filter = getFilter(X509AuthenticationFilter.class);
- SubjectDnX509PrincipalExtractor pe = (SubjectDnX509PrincipalExtractor) FieldUtils.getFieldValue(filter, "principalExtractor");
- Pattern p = (Pattern) FieldUtils.getFieldValue(pe, "subjectDnPattern");
- assertEquals("uid=(.*),", p.pattern());
- }
-
- @Test
- public void concurrentSessionSupportAddsFilterAndExpectedBeans() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML);
- List filters = getFilters("/someurl");
-
- assertTrue(filters.get(0) instanceof ConcurrentSessionFilter);
- assertNotNull(appContext.getBean("sr"));
- SessionManagementFilter smf = getFilter(SessionManagementFilter.class);
- assertNotNull(smf);
- checkSessionRegistry();
- }
-
- @Test
- public void externalSessionStrategyIsSupported() throws Exception {
- setContext(
- "" +
- " " +
- "" +
- ""
- + AUTH_PROVIDER_XML);
- }
-
- @Test
- public void externalSessionRegistryBeanIsConfiguredCorrectly() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- " " +
- "" +
- "" +
- AUTH_PROVIDER_XML);
- checkSessionRegistry();
- }
-
- private void checkSessionRegistry() throws Exception {
- Object sessionRegistry = appContext.getBean("sr");
- Object sessionRegistryFromConcurrencyFilter = FieldUtils.getFieldValue(
- getFilter(ConcurrentSessionFilter.class), "sessionRegistry");
- Object sessionRegistryFromFormLoginFilter = FieldUtils.getFieldValue(
- getFilter(UsernamePasswordAuthenticationFilter.class),"sessionStrategy.sessionRegistry");
- Object sessionRegistryFromMgmtFilter = FieldUtils.getFieldValue(
- getFilter(SessionManagementFilter.class),"sessionStrategy.sessionRegistry");
-
- assertSame(sessionRegistry, sessionRegistryFromConcurrencyFilter);
- assertSame(sessionRegistry, sessionRegistryFromMgmtFilter);
- // SEC-1143
- assertSame(sessionRegistry, sessionRegistryFromFormLoginFilter);
- }
-
- @Test
- public void concurrentSessionMaxSessionsIsCorrectlyConfigured() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML);
- SessionManagementFilter seshFilter = getFilter(SessionManagementFilter.class);
- UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken("bob", "pass");
- SecurityContextHolder.getContext().setAuthentication(auth);
- // Register 2 sessions and then check a third
- MockHttpServletResponse mockResponse = new MockHttpServletResponse();
- SaveContextOnUpdateOrErrorResponseWrapper response = new SaveContextOnUpdateOrErrorResponseWrapper(mockResponse, false) {
- protected void saveContext(SecurityContext context) {
- }
- };
- seshFilter.doFilter(new MockHttpServletRequest(), response, new MockFilterChain());
- assertNull(mockResponse.getRedirectedUrl());
- seshFilter.doFilter(new MockHttpServletRequest(), response, new MockFilterChain());
- assertNull(mockResponse.getRedirectedUrl());
- seshFilter.doFilter(new MockHttpServletRequest(), response, new MockFilterChain());
- assertEquals("/max-exceeded", mockResponse.getRedirectedUrl());
- }
-
- @Test
- public void externalRequestCacheIsConfiguredCorrectly() throws Exception {
- setContext(
- "" +
- " " +
- "" +
- "" +
- AUTH_PROVIDER_XML);
- Object requestCache = appContext.getBean("cache");
- assertSame(requestCache, FieldUtils.getFieldValue(getFilter(ExceptionTranslationFilter.class), "requestCache"));
- }
-
- @Test
- public void customEntryPointIsSupported() throws Exception {
- setContext(
- "" +
- "" +
- "" + AUTH_PROVIDER_XML);
- assertTrue("ExceptionTranslationFilter should be configured with custom entry point",
- getFilter(ExceptionTranslationFilter.class).getAuthenticationEntryPoint() instanceof MockEntryPoint);
- }
-
- @SuppressWarnings("unused")
- private static class MockEntryPoint extends LoginUrlAuthenticationEntryPoint {
- public MockEntryPoint() {
- super.setLoginFormUrl("/notused");
- }
- }
-
- @Test
- /** SEC-742 */
- public void rememberMeServicesWorksWithoutBasicProcessingFilter() {
- setContext(
- " " +
- " " +
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- }
-
- @Test
- public void disablingSessionProtectionRemovesSessionManagementFilterIfNoInvalidSessionUrlSet() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- List filters = getFilters("/someurl");
- assertFalse(filters.get(8) instanceof SessionManagementFilter);
- }
-
- @Test
- public void disablingSessionProtectionRetainsSessionManagementFilterInvalidSessionUrlSet() throws Exception {
- setContext(
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- List filters = getFilters("/someurl");
- Object filter = filters.get(8);
- assertTrue(filter instanceof SessionManagementFilter);
- assertEquals("/timeoutUrl", FieldUtils.getProtectedFieldValue("invalidSessionUrl", filter));
- }
-
- /**
- * See SEC-750. If the http security post processor causes beans to be instantiated too eagerly, they way miss
- * additional processing. In this method we have a UserDetailsService which is referenced from the namespace
- * and also has a post processor registered which will modify it.
- */
- @Test
- public void httpElementDoesntInterfereWithBeanPostProcessing() {
- setContext(
- "" +
- "" +
- " " +
- "" +
- "" +
- ""
- );
-
- PostProcessedMockUserDetailsService service = (PostProcessedMockUserDetailsService)appContext.getBean("myUserService");
-
- assertEquals("Hello from the post processor!", service.getPostProcessorWasHere());
- }
-
- /**
- * SEC-795. Two methods that exercise the scenarios that will or won't result in a protected login page warning.
- * Check the log.
- */
- @Test
- public void unprotectedLoginPageDoesntResultInWarning() {
- // Anonymous access configured
- setContext(
- " " +
- " " +
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- closeAppContext();
- // No filters applied to login page
- setContext(
- " " +
- " " +
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- }
-
- @Test
- public void protectedLoginPageResultsInWarning() {
- // Protected, no anonymous filter configured.
- setContext(
- " " +
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- closeAppContext();
- // Protected, anonymous provider but no access
- setContext(
- " " +
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
- }
-
- @Test
- public void settingCreateSessionToAlwaysSetsFilterPropertiesCorrectly() throws Exception {
- setContext("" + AUTH_PROVIDER_XML);
- Object filter = getFilter(SecurityContextPersistenceFilter.class);
-
- assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
- assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
- // Just check that the repo has url rewriting enabled by default
- assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "repo.disableUrlRewriting"));
- }
-
- @Test
- public void settingCreateSessionToNeverSetsFilterPropertiesCorrectly() throws Exception {
- setContext("" + AUTH_PROVIDER_XML);
- Object filter = getFilter(SecurityContextPersistenceFilter.class);
- assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
- assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
- // Check that an invocation doesn't create a session
- FilterChainProxy fcp = (FilterChainProxy) appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setServletPath("/anything");
- fcp.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
- assertNull(request.getSession(false));
- }
-
- @Test
- public void settingCreateSessionToStatelessSetsFilterPropertiesCorrectly() throws Exception {
- setContext("" + AUTH_PROVIDER_XML);
- SecurityContextPersistenceFilter filter = getFilter(SecurityContextPersistenceFilter.class);
- assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
- assertTrue(FieldUtils.getFieldValue(filter, "repo") instanceof NullSecurityContextRepository);
- assertNull("Session management filter should not be in stack", getFilter(SessionManagementFilter.class));
- assertNull("Request cache filter should not be in stack", getFilter(RequestCacheAwareFilter.class));
-
- // Check that an invocation doesn't create a session
- FilterChainProxy fcp = (FilterChainProxy) appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setServletPath("/anything");
- fcp.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
- assertNull(request.getSession(false));
- }
-
- @Test
- public void settingCreateSessionToIfRequiredDoesntCreateASessionForPublicInvocation() throws Exception {
- setContext("" + AUTH_PROVIDER_XML);
- Object filter = getFilter(SecurityContextPersistenceFilter.class);
- assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
- assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
- // Check that an invocation doesn't create a session
- FilterChainProxy fcp = (FilterChainProxy) appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setServletPath("/anything");
- fcp.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
- assertNull(request.getSession(false));
- }
-
-
- /* SEC-934 */
- @Test
- public void supportsTwoIdenticalInterceptUrls() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" + AUTH_PROVIDER_XML);
- FilterSecurityInterceptor fis = getFilter(FilterSecurityInterceptor.class);
-
- FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
- Collection attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
- assertEquals(1, attrDef.size());
- assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
- }
-
- @Test
- public void supportsExternallyDefinedSecurityContextRepository() throws Exception {
- setContext(
- "" +
- "" +
- " " +
- "" + AUTH_PROVIDER_XML);
- SecurityContextPersistenceFilter filter = getFilter(SecurityContextPersistenceFilter.class);;
- HttpSessionSecurityContextRepository repo = (HttpSessionSecurityContextRepository) appContext.getBean("repo");
- assertSame(repo, FieldUtils.getFieldValue(filter, "repo"));
- assertTrue((Boolean)FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
- }
-
- @Test
- public void expressionBasedAccessAllowsAndDeniesAccessAsExpected() throws Exception {
- setContext(
- " " +
- " " +
- " " +
- " " + AUTH_PROVIDER_XML);
-
- FilterSecurityInterceptor fis = getFilter(FilterSecurityInterceptor.class);
-
- FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
- Collection attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
- assertEquals(1, attrDef.size());
-
- // Try an unprotected invocation
- SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("joe", "", "ROLE_A"));
- fis.invoke(createFilterinvocation("/permitallurl", null));
- // Try secure Url as a valid user
- fis.invoke(createFilterinvocation("/securex", null));
- // And as a user without the required role
- SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("joe", "", "ROLE_B"));
- try {
- fis.invoke(createFilterinvocation("/securex", null));
- fail("Expected AccessDeniedInvocation");
- } catch (AccessDeniedException expected) {
- }
- }
-
- @Test
- public void customSuccessAndFailureHandlersCanBeSetThroughTheNamespace() throws Exception {
- setContext(
- "" +
- " " +
- "" +
- "" +
- "" +
- AUTH_PROVIDER_XML);
- UsernamePasswordAuthenticationFilter apf = getFilter(UsernamePasswordAuthenticationFilter.class);
- AuthenticationSuccessHandler sh = (AuthenticationSuccessHandler) appContext.getBean("sh");
- AuthenticationFailureHandler fh = (AuthenticationFailureHandler) appContext.getBean("fh");
- assertSame(sh, FieldUtils.getFieldValue(apf, "successHandler"));
- assertSame(fh, FieldUtils.getFieldValue(apf, "failureHandler"));
- }
-
- @Test
- public void disablingUrlRewritingThroughTheNamespaceSetsCorrectPropertyOnContextRepo() throws Exception {
- setContext("" + AUTH_PROVIDER_XML);
- Object filter = getFilter(SecurityContextPersistenceFilter.class);
- assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.disableUrlRewriting"));
- }
-
- @Test
- public void userDetailsServiceInParentContextIsLocatedSuccessfully() throws Exception {
- appContext = new InMemoryXmlApplicationContext(AUTH_PROVIDER_XML);
-
- appContext = new InMemoryXmlApplicationContext(
- "" +
- " " +
- "", appContext);
- }
-
- @Test
- public void openIDAndFormLoginWorkTogether() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" +
- AUTH_PROVIDER_XML);
- ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class);
- LoginUrlAuthenticationEntryPoint ap = (LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint();
- assertEquals("/spring_security_login", ap.getLoginFormUrl());
- // Default login filter should be present since we haven't specified any login URLs
- getFilter(DefaultLoginPageGeneratingFilter.class);
- }
-
- @Test
- public void openIDAndRememberMeWorkTogether() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- " " +
- "" +
- AUTH_PROVIDER_XML);
- // Default login filter should be present since we haven't specified any login URLs
- DefaultLoginPageGeneratingFilter loginFilter = getFilter(DefaultLoginPageGeneratingFilter.class);
- OpenIDAuthenticationFilter openIDFilter = getFilter(OpenIDAuthenticationFilter.class);
- openIDFilter.setConsumer(new OpenIDConsumer() {
- public String beginConsumption(HttpServletRequest req, String claimedIdentity, String returnToUrl, String realm)
- throws OpenIDConsumerException {
- return "http://testopenid.com?openid.return_to=" + returnToUrl;
- }
-
- public OpenIDAuthenticationToken endConsumption(HttpServletRequest req) throws OpenIDConsumerException {
- throw new UnsupportedOperationException();
- }
- });
- Set returnToUrlParameters = new HashSet();
- returnToUrlParameters.add(AbstractRememberMeServices.DEFAULT_PARAMETER);
- openIDFilter.setReturnToUrlParameters(returnToUrlParameters);
- assertNotNull(FieldUtils.getFieldValue(loginFilter, "openIDrememberMeParameter"));
- MockHttpServletRequest request = new MockHttpServletRequest();
- MockHttpServletResponse response = new MockHttpServletResponse();
-
- FilterChainProxy fcp = (FilterChainProxy) appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
- request.setServletPath("/something.html");
- fcp.doFilter(request, response, new MockFilterChain());
- assertTrue(response.getRedirectedUrl().endsWith("/spring_security_login"));
- request.setServletPath("/spring_security_login");
- request.setRequestURI("/spring_security_login");
- response = new MockHttpServletResponse();
- fcp.doFilter(request, response, new MockFilterChain());
- assertTrue(response.getContentAsString().contains(AbstractRememberMeServices.DEFAULT_PARAMETER));
- request.setRequestURI("/j_spring_openid_security_check");
- request.setParameter(OpenIDAuthenticationFilter.DEFAULT_CLAIMED_IDENTITY_FIELD, "http://hey.openid.com/");
- request.setParameter(AbstractRememberMeServices.DEFAULT_PARAMETER, "on");
- response = new MockHttpServletResponse();
- fcp.doFilter(request, response, new MockFilterChain());
- String expectedReturnTo = request.getRequestURL().append("?")
- .append(AbstractRememberMeServices.DEFAULT_PARAMETER)
- .append("=").append("on").toString();
- assertEquals("http://testopenid.com?openid.return_to=" + expectedReturnTo, response.getRedirectedUrl());
- }
-
- @Test
- public void formLoginEntryPointTakesPrecedenceIfLoginUrlIsSet() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" +
- AUTH_PROVIDER_XML);
- ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class);
- LoginUrlAuthenticationEntryPoint ap = (LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint();
- assertEquals("/form_login_page", ap.getLoginFormUrl());
- assertNull(getFilter(DefaultLoginPageGeneratingFilter.class));
- }
-
- @Test
- public void openIDEntryPointTakesPrecedenceIfLoginUrlIsSet() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" +
- AUTH_PROVIDER_XML);
- ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class);
- LoginUrlAuthenticationEntryPoint ap = (LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint();
- assertEquals("/openid_login", ap.getLoginFormUrl());
- }
-
- @Test
- public void openIDWithAttributeExchangeConfigurationIsParsedCorrectly() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- " " +
- " " +
- " " +
- " " +
- "" +
- AUTH_PROVIDER_XML);
- OpenIDAuthenticationFilter apf = getFilter(OpenIDAuthenticationFilter.class);
-
- OpenID4JavaConsumer consumer = (OpenID4JavaConsumer) FieldUtils.getFieldValue(apf, "consumer");
- RegexBasedAxFetchListFactory axFactory = (RegexBasedAxFetchListFactory) FieldUtils.getFieldValue(consumer, "attributesToFetchFactory");
- List attributes = axFactory.createAttributeList("https://anyopenidprovider.com/");
- assertEquals(2, attributes.size());
- assertEquals("nickname", attributes.get(0).getName());
- assertEquals("http://schema.openid.net/namePerson/friendly", attributes.get(0).getType());
- assertFalse(attributes.get(0).isRequired());
- assertTrue(attributes.get(1).isRequired());
- assertEquals(2, attributes.get(1).getCount());
- }
-
- @Test(expected=BeanDefinitionParsingException.class)
- public void multipleLoginPagesCausesError() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" +
- AUTH_PROVIDER_XML);
- }
-
- @Test
- public void httpConfigWithNoAuthProvidersWorksOk() throws Exception {
- setContext(
- "" +
- " " +
- " " +
- "" +
- AUTH_PROVIDER_XML);
- FilterChainProxy fcp = (FilterChainProxy) appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
- MockHttpServletRequest request = new MockHttpServletRequest("POST", "/j_spring_security_check");
- request.setServletPath("/j_spring_security_check");
- request.addParameter("j_username", "bob");
- request.addParameter("j_password", "bob");
- fcp.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
- }
-
-
- private void setContext(String context) {
- appContext = new InMemoryXmlApplicationContext(context);
- }
-
- @SuppressWarnings("unchecked")
- private List getFilters(String url) throws Exception {
- FilterChainProxy fcp = (FilterChainProxy) appContext.getBean(BeanIds.FILTER_CHAIN_PROXY);
- Method getFilters = fcp.getClass().getDeclaredMethod("getFilters", String.class);
- getFilters.setAccessible(true);
- return (List) ReflectionUtils.invokeMethod(getFilters, fcp, new Object[] {url});
- }
-
- private FilterInvocation createFilterinvocation(String path, String method) {
- MockHttpServletRequest request = new MockHttpServletRequest();
- request.setMethod(method);
- request.setRequestURI(null);
- request.setServletPath(path);
-
- return new FilterInvocation(request, new MockHttpServletResponse(), new MockFilterChain());
- }
-
- private T getFilter(Class type) throws Exception {
- List filters = getFilters("/any");
-
- for (T f : filters) {
- if (f.getClass().isAssignableFrom(type)) {
- return f;
- }
- }
-
- return null;
- }
-
- private RememberMeServices getRememberMeServices() throws Exception {
- return getFilter(RememberMeAuthenticationFilter.class).getRememberMeServices();
- }
-
-}