add test to replicate issue with OpenId Session serialization
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
parent
e014ba1775
commit
41d4a3263c
|
@ -13,6 +13,7 @@
|
||||||
|
|
||||||
package org.eclipse.jetty.security.openid;
|
package org.eclipse.jetty.security.openid;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
@ -28,7 +29,9 @@ import org.eclipse.jetty.security.ConstraintMapping;
|
||||||
import org.eclipse.jetty.security.ConstraintSecurityHandler;
|
import org.eclipse.jetty.security.ConstraintSecurityHandler;
|
||||||
import org.eclipse.jetty.server.Server;
|
import org.eclipse.jetty.server.Server;
|
||||||
import org.eclipse.jetty.server.ServerConnector;
|
import org.eclipse.jetty.server.ServerConnector;
|
||||||
|
import org.eclipse.jetty.server.session.FileSessionDataStoreFactory;
|
||||||
import org.eclipse.jetty.servlet.ServletContextHandler;
|
import org.eclipse.jetty.servlet.ServletContextHandler;
|
||||||
|
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
|
||||||
import org.eclipse.jetty.util.security.Constraint;
|
import org.eclipse.jetty.util.security.Constraint;
|
||||||
import org.junit.jupiter.api.AfterEach;
|
import org.junit.jupiter.api.AfterEach;
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
|
@ -107,6 +110,11 @@ public class OpenIdAuthenticationTest
|
||||||
securityHandler.setInitParameter(OpenIdAuthenticator.LOGOUT_REDIRECT_PATH, "/");
|
securityHandler.setInitParameter(OpenIdAuthenticator.LOGOUT_REDIRECT_PATH, "/");
|
||||||
context.setSecurityHandler(securityHandler);
|
context.setSecurityHandler(securityHandler);
|
||||||
|
|
||||||
|
File datastoreDir = MavenTestingUtils.getTargetTestingDir("datastore");
|
||||||
|
FileSessionDataStoreFactory fileSessionDataStoreFactory = new FileSessionDataStoreFactory();
|
||||||
|
fileSessionDataStoreFactory.setStoreDir(datastoreDir);
|
||||||
|
server.addBean(fileSessionDataStoreFactory);
|
||||||
|
|
||||||
server.start();
|
server.start();
|
||||||
String redirectUri = "http://localhost:" + connector.getLocalPort() + "/redirect_path";
|
String redirectUri = "http://localhost:" + connector.getLocalPort() + "/redirect_path";
|
||||||
openIdProvider.addRedirectUri(redirectUri);
|
openIdProvider.addRedirectUri(redirectUri);
|
||||||
|
@ -153,6 +161,19 @@ public class OpenIdAuthenticationTest
|
||||||
response = client.GET(appUriString + "/admin");
|
response = client.GET(appUriString + "/admin");
|
||||||
assertThat(response.getStatus(), is(HttpStatus.FORBIDDEN_403));
|
assertThat(response.getStatus(), is(HttpStatus.FORBIDDEN_403));
|
||||||
|
|
||||||
|
// We can restart the server and still be logged in as we have persistent session datastore.
|
||||||
|
server.stop();
|
||||||
|
server.start();
|
||||||
|
appUriString = "http://localhost:" + connector.getLocalPort();
|
||||||
|
|
||||||
|
// After restarting server the authentication is saved as a session authentication.
|
||||||
|
response = client.GET(appUriString + "/");
|
||||||
|
assertThat(response.getStatus(), is(HttpStatus.OK_200));
|
||||||
|
content = response.getContentAsString();
|
||||||
|
assertThat(content, containsString("userId: 123456789"));
|
||||||
|
assertThat(content, containsString("name: Alice"));
|
||||||
|
assertThat(content, containsString("email: Alice@example.com"));
|
||||||
|
|
||||||
// We are no longer authenticated after logging out
|
// We are no longer authenticated after logging out
|
||||||
response = client.GET(appUriString + "/logout");
|
response = client.GET(appUriString + "/logout");
|
||||||
assertThat(response.getStatus(), is(HttpStatus.OK_200));
|
assertThat(response.getStatus(), is(HttpStatus.OK_200));
|
||||||
|
|
Loading…
Reference in New Issue