@Test public void testDoFilterAuthenticationUnauthorizedExpired() throws Exception { // Expired period is reached, MaxInActiveInterval is not reached. long maxInactives = System.currentTimeMillis() + TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() - TOKEN_VALIDITY_SEC; boolean authorized = false; _testDoFilterAuthenticationMaxInactiveInterval(maxInactives, expires, authorized); }
@Test public void testDoFilterAuthenticationUnauthorizedExpired() throws Exception { // Expired period is reached, MaxInActiveInterval is not reached. long maxInactives = System.currentTimeMillis() + TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() - TOKEN_VALIDITY_SEC; boolean authorized = false; _testDoFilterAuthenticationMaxInactiveInterval(maxInactives, expires, authorized); }
@Test public void testDoFilterAuthenticationAuthorized() throws Exception { // Both expired period and MaxInActiveInterval are not reached. long maxInactives = System.currentTimeMillis() + TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; boolean authorized = true; _testDoFilterAuthenticationMaxInactiveInterval(maxInactives, expires, authorized); }
@Test public void testDoFilterAuthenticationUnauthorizedInactived() throws Exception { // Expired period is not reached, MaxInActiveInterval is reached. long maxInactives = System.currentTimeMillis() - TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; boolean authorized = false; _testDoFilterAuthenticationMaxInactiveInterval(maxInactives, expires, authorized); }
@Test public void testDoFilterAuthenticationAuthorized() throws Exception { // Both expired period and MaxInActiveInterval are not reached. long maxInactives = System.currentTimeMillis() + TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; boolean authorized = true; _testDoFilterAuthenticationMaxInactiveInterval(maxInactives, expires, authorized); }
@Test public void testDoFilterAuthenticationUnauthorizedInactived() throws Exception { // Expired period is not reached, MaxInActiveInterval is reached. long maxInactives = System.currentTimeMillis() - TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; boolean authorized = false; _testDoFilterAuthenticationMaxInactiveInterval(maxInactives, expires, authorized); }
@Test public void testDoFilterAuthenticationUnauthorizedInactivedExpired() throws Exception { // Both expired period and MaxInActiveInterval is reached. long maxInactives = System.currentTimeMillis() - TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() - TOKEN_VALIDITY_SEC; boolean authorized = false; _testDoFilterAuthenticationMaxInactiveInterval(maxInactives, expires, authorized); }
@Test public void testDoFilterAuthenticationUnauthorizedInactivedExpired() throws Exception { // Both expired period and MaxInActiveInterval is reached. long maxInactives = System.currentTimeMillis() - TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() - TOKEN_VALIDITY_SEC; boolean authorized = false; _testDoFilterAuthenticationMaxInactiveInterval(maxInactives, expires, authorized); }
@Test public void testTokenWithNoActivityIntervals() throws Exception { // Provide token which does not contain maxInactive value. // The server has maxInactiveInterval configured to -1. // The server shall authorize the access, but should not drop a new cookie long expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( -1, -1, expires, true, //authorized false //newCookie ); // Provide token which does not contain maxInactive value. // The server has maxInactiveInterval to some value // The server shall authorize the access and drop a new cookie // with renewed activity interval expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( -1, TOKEN_MAX_INACTIVE_INTERVAL, expires, true, //authorized true //newCookie ); }
@Test public void testTokenWithNoActivityIntervals() throws Exception { // Provide token which does not contain maxInactive value. // The server has maxInactiveInterval configured to -1. // The server shall authorize the access, but should not drop a new cookie long expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( -1, -1, expires, true, //authorized false //newCookie ); // Provide token which does not contain maxInactive value. // The server has maxInactiveInterval to some value // The server shall authorize the access and drop a new cookie // with renewed activity interval expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( -1, TOKEN_MAX_INACTIVE_INTERVAL, expires, true, //authorized true //newCookie ); }
- TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( maxInactives, -1, + TOKEN_MAX_INACTIVE_INTERVAL; expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( maxInactives, -1,
+ TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( maxInactives, -1, + TOKEN_MAX_INACTIVE_INTERVAL; expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( maxInactives, TOKEN_MAX_INACTIVE_INTERVAL,
- TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( maxInactives, -1, + TOKEN_MAX_INACTIVE_INTERVAL; expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( maxInactives, -1,
+ TOKEN_MAX_INACTIVE_INTERVAL; long expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( maxInactives, -1, + TOKEN_MAX_INACTIVE_INTERVAL; expires = System.currentTimeMillis() + TOKEN_VALIDITY_SEC; _testDoFilterAuthenticationMaxInactiveInterval( maxInactives, TOKEN_MAX_INACTIVE_INTERVAL,
private void _testDoFilterAuthenticationMaxInactiveInterval(long maxInactivesInToken, long maxInactivesOnServer, long expires, boolean authorized, boolean newCookie) throws Exception { String secret = "secret"; AuthenticationFilter filter = new AuthenticationFilter(); try { FilterConfig config = Mockito.mock(FilterConfig.class); Mockito.when(config.getInitParameter("management.operation.return")). thenReturn("true"); Mockito.when(config.getInitParameter( AuthenticationFilter.AUTH_TYPE)).thenReturn( DummyAuthenticationHandler.class.getName()); Mockito.when(config.getInitParameter( AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(secret); Mockito.when(config.getInitParameter( AuthenticationFilter.AUTH_TOKEN_MAX_INACTIVE_INTERVAL)).thenReturn( Long.toString(maxInactivesOnServer)); Mockito.when(config.getInitParameterNames()).thenReturn( new Vector<String>( Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, AuthenticationFilter.AUTH_TOKEN_MAX_INACTIVE_INTERVAL, "management.operation.return")).elements()); getMockedServletContextWithStringSigner(config); filter.init(config);
private void _testDoFilterAuthenticationMaxInactiveInterval(long maxInactivesInToken, long maxInactivesOnServer, long expires, boolean authorized, boolean newCookie) throws Exception { String secret = "secret"; AuthenticationFilter filter = new AuthenticationFilter(); try { FilterConfig config = Mockito.mock(FilterConfig.class); Mockito.when(config.getInitParameter("management.operation.return")). thenReturn("true"); Mockito.when(config.getInitParameter( AuthenticationFilter.AUTH_TYPE)).thenReturn( DummyAuthenticationHandler.class.getName()); Mockito.when(config.getInitParameter( AuthenticationFilter.SIGNATURE_SECRET)).thenReturn(secret); Mockito.when(config.getInitParameter( AuthenticationFilter.AUTH_TOKEN_MAX_INACTIVE_INTERVAL)).thenReturn( Long.toString(maxInactivesOnServer)); Mockito.when(config.getInitParameterNames()).thenReturn( new Vector<String>( Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, AuthenticationFilter.AUTH_TOKEN_MAX_INACTIVE_INTERVAL, "management.operation.return")).elements()); getMockedServletContextWithStringSigner(config); filter.init(config);