private HttpServletRequest getRequest() { return (HttpServletRequest) this.chain.getRequest(); }
private void assertFilterNotInvoked(String requestUri, String pattern) throws Exception { request.setRequestURI(request.getContextPath() + requestUri); filter = new PatternMappingFilterProxy(delegate, pattern); filter.doFilter(request, response, filterChain); assertThat(delegate.request, equalTo((ServletRequest) null)); assertThat(delegate.response, equalTo((ServletResponse) null)); assertThat(delegate.chain, equalTo((FilterChain) null)); assertThat(filterChain.getRequest(), equalTo((ServletRequest) request)); assertThat(filterChain.getResponse(), equalTo((ServletResponse) response)); filterChain = new MockFilterChain(); }
@Test public void doFilterIsUserInRole() throws Exception { SecurityContext context = SecurityContextHolder.getContext(); request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); chain = new MockFilterChain() { @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; assertThat(httpRequest.isUserInRole("USER")).isTrue(); assertThat(httpRequest.isUserInRole("INVALID")).isFalse(); super.doFilter(request, response); } }; springSecurityFilterChain.doFilter(request, response, chain); assertThat(chain.getRequest()).isNotNull(); }
@Test public void doFilterIsUserInRole() throws Exception { SecurityContext context = SecurityContextHolder.getContext(); request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context); chain = new MockFilterChain() { @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; assertThat(httpRequest.isUserInRole("USER")).isTrue(); assertThat(httpRequest.isUserInRole("INVALID")).isFalse(); super.doFilter(request, response); } }; springSecurityFilterChain.doFilter(request, response, chain); assertThat(chain.getRequest()).isNotNull(); }
@Test public void doFilterEmptyChain() throws Exception { MockFilterChain chain = new MockFilterChain(); chain.doFilter(this.request, this.response); assertThat(chain.getRequest(), is(request)); assertThat(chain.getResponse(), is(response)); try { chain.doFilter(this.request, this.response); fail("Expected Exception"); } catch (IllegalStateException ex) { assertEquals("This FilterChain has already been called!", ex.getMessage()); } }
@Test public void doFilterAdapterOnNewSession() throws Exception { this.filter.setHttpSessionIdResolver(this.strategy); doFilter(new DoInFilter() { @Override public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { wrappedRequest.getSession(); } }); HttpServletRequest request = (HttpServletRequest) this.chain.getRequest(); Session session = this.sessionRepository.findById(request.getSession().getId()); verify(this.strategy).setSessionId(any(HttpServletRequest.class), any(HttpServletResponse.class), eq(session.getId())); }
@Test public void doFilterRequestSessionNoRequestSessionDoesNotInvalidate() throws Exception { this.filter.setHttpSessionIdResolver(this.strategy); doFilter(new DoInFilter() { @Override public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { wrappedRequest.getSession().getId(); } }); HttpServletRequest request = (HttpServletRequest) this.chain.getRequest(); String id = request.getSession().getId(); given(this.strategy.resolveSessionIds(any(HttpServletRequest.class))) .willReturn(Collections.singletonList(id)); doFilter(new DoInFilter() { @Override public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { } }); verify(this.strategy, never()).expireSession(any(HttpServletRequest.class), any(HttpServletResponse.class)); }
@Test public void doFilterAdapterOnInvalidate() throws Exception { this.filter.setHttpSessionIdResolver(this.strategy); doFilter(new DoInFilter() { @Override public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { wrappedRequest.getSession().getId(); } }); HttpServletRequest request = (HttpServletRequest) this.chain.getRequest(); String id = request.getSession().getId(); given(this.strategy.resolveSessionIds(any(HttpServletRequest.class))) .willReturn(Collections.singletonList(id)); setupRequest(); doFilter(new DoInFilter() { @Override public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { wrappedRequest.getSession().invalidate(); } }); verify(this.strategy).expireSession(any(HttpServletRequest.class), any(HttpServletResponse.class)); }