@Test public void antMatchersMethodAndNoPatterns() throws Exception { loadConfig(AntMatchersNoPatternsConfig.class); request.setMethod("POST"); springSecurityFilterChain.doFilter(request, response, chain); assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN); }
@Test public void clearAuthenticationFalse() throws Exception { loadConfig(ClearAuthenticationFalseConfig.class); SecurityContext currentContext = SecurityContextHolder.createEmptyContext(); currentContext.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, currentContext); request.setMethod("POST"); request.setServletPath("/logout"); springSecurityFilterChain.doFilter(request, response, chain); assertThat(currentContext.getAuthentication()).isNotNull(); }
@Test public void customConfiguerCustomizeDisablesCsrf() throws Exception { loadContext(ConfigCustomize.class); request.setPathInfo("/public/something"); request.setMethod("POST"); springSecurityFilterChain.doFilter(request, response, chain); assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); }
@Test public void resolveWhenQueryParameterIsPresentAndSupportedThenTokenIsResolved() { this.resolver.setAllowUriQueryParameter(true); MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("GET"); request.addParameter("access_token", TEST_TOKEN); assertThat(this.resolver.resolve(request)).isEqualTo(TEST_TOKEN); }
private MockHttpServletRequest sockjsHttpRequest(String mapping) { MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); request.setMethod("GET"); request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE, "/289/tpyx6mde/websocket"); request.setRequestURI(mapping + "/289/tpyx6mde/websocket"); request.getSession().setAttribute(sessionAttr, "sessionValue"); request.setAttribute(CsrfToken.class.getName(), token); return request; }
@Test public void readmeSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception { this.spring.register(SampleWebSecurityConfigurerAdapter.class).autowire(); this.request.setServletPath("/login"); this.request.setMethod("POST"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error"); }
@Test public void multiHttpSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); this.request.setServletPath("/login"); this.request.setMethod("POST"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error"); }
@Test public void resolveWhenQueryParameterIsPresentAndNotSupportedThenTokenIsNotResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("GET"); request.addParameter("access_token", TEST_TOKEN); assertThat(this.resolver.resolve(request)).isNull(); } }
@Before public void setup() { this.servletContext = spy(new MockServletContext()); this.request = new MockHttpServletRequest("GET", ""); this.request.setMethod("GET"); this.response = new MockHttpServletResponse(); this.chain = new MockFilterChain(); }
private RequestPostProcessor cors(boolean preflight) { return (request) -> { request.addHeader(HttpHeaders.ORIGIN, "https://example.com"); if ( preflight ) { request.setMethod(HttpMethod.OPTIONS.name()); request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.POST.name()); } return request; }; }
@Before public void setup() { this.request = new MockHttpServletRequest("GET", ""); this.request.setMethod("GET"); this.response = new MockHttpServletResponse(); this.chain = new MockFilterChain(); }
@Test public void helloWorldSampleWhenRequestLoginWithoutCredentialsThenRedirectToLogin() throws Exception { this.spring.register(HelloWorldWebSecurityConfigurerAdapter.class).autowire(); this.request.setServletPath("/login"); this.request.setMethod("POST"); this.request.addHeader("Accept", "text/html"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); assertThat(this.response.getRedirectedUrl()).isEqualTo("/login?error"); }
@Before public void setup() { this.request = new MockHttpServletRequest("GET", ""); this.request.setMethod("GET"); this.response = new MockHttpServletResponse(); this.chain = new MockFilterChain(); }
@Before public void setup() { this.request = new MockHttpServletRequest("GET", ""); this.request.setMethod("GET"); this.response = new MockHttpServletResponse(); this.chain = new MockFilterChain(); }
@Before public void setup() { this.request = new MockHttpServletRequest("GET", ""); this.request.setMethod("GET"); this.response = new MockHttpServletResponse(); this.chain = new MockFilterChain(); }
@Test public void resolveWhenFormParameterIsPresentAndNotSupportedThenTokenIsNotResolved() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setMethod("POST"); request.setContentType("application/x-www-form-urlencoded"); request.addParameter("access_token", TEST_TOKEN); assertThat(this.resolver.resolve(request)).isNull(); }
@Test public void multiHttpSampleWhenRequestLoginWithValidCredentialsThenRedirectToIndex() throws Exception { this.spring.register(SampleMultiHttpSecurityConfig.class).autowire(); this.request.setServletPath("/login"); this.request.setMethod("POST"); this.request.addParameter("username", "user"); this.request.addParameter("password", "password"); this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain); assertThat(this.response.getRedirectedUrl()).isEqualTo("/"); }
@Before public void setup() { setup("USER"); request = new MockHttpServletRequest("GET", ""); request.setMethod("GET"); response = new MockHttpServletResponse(); chain = new MockFilterChain(); }
@Test public void resolveWhenValidHeaderIsPresentTogetherWithQueryParameterThenAuthenticationExceptionIsThrown() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + TEST_TOKEN); request.setMethod("GET"); request.addParameter("access_token", TEST_TOKEN); assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("Found multiple bearer tokens in the request"); }
@Test public void resolveWhenValidHeaderIsPresentTogetherWithFormParameterThenAuthenticationExceptionIsThrown() { MockHttpServletRequest request = new MockHttpServletRequest(); request.addHeader("Authorization", "Bearer " + TEST_TOKEN); request.setMethod("POST"); request.setContentType("application/x-www-form-urlencoded"); request.addParameter("access_token", TEST_TOKEN); assertThatCode(() -> this.resolver.resolve(request)).isInstanceOf(OAuth2AuthenticationException.class) .hasMessageContaining("Found multiple bearer tokens in the request"); }