/** * Set a single value for the specified HTTP parameter. * <p>If there are already one or more values registered for the given * parameter name, they will be replaced. */ public void setParameter(String name, String value) { setParameter(name, new String[] {value}); }
@Test public void setMultipleParameters() { request.setParameter("key1", "value1"); request.setParameter("key2", "value2"); Map<String, Object> params = new HashMap<>(2); params.put("key1", "newValue1"); params.put("key3", new String[] { "value3A", "value3B" }); request.setParameters(params); String[] values1 = request.getParameterValues("key1"); assertEquals(1, values1.length); assertEquals("newValue1", request.getParameter("key1")); assertEquals("value2", request.getParameter("key2")); String[] values3 = request.getParameterValues("key3"); assertEquals(2, values3.length); assertEquals("value3A", values3[0]); assertEquals("value3B", values3[1]); }
/** * Set all provided parameters <strong>replacing</strong> any existing * values for the provided parameter names. To add without replacing * existing values, use {@link #addParameters(java.util.Map)}. */ public void setParameters(Map<String, ?> params) { Assert.notNull(params, "Parameter map must not be null"); params.forEach((key, value) -> { if (value instanceof String) { setParameter(key, (String) value); } else if (value instanceof String[]) { setParameter(key, (String[]) value); } else { throw new IllegalArgumentException( "Parameter map value must be single value " + " or array of type [" + String.class.getName() + "]"); } }); }
@Override public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { if (this.asRequestParameter) { request.setParameter("access_token", this.token); } else { request.addHeader("Authorization", "Bearer " + this.token); } return request; } }
@Test public void removeAllParameters() { request.setParameter("key1", "value1"); Map<String, Object> params = new HashMap<>(2); params.put("key2", "value2"); params.put("key3", new String[] { "value3A", "value3B" }); request.addParameters(params); assertEquals(3, request.getParameterMap().size()); request.removeAllParameters(); assertEquals(0, request.getParameterMap().size()); }
@Test public void request_with_max_age_redirect_not_expected() throws Exception { SecurityContextHolder.getContext().setAuthentication(authentication); when(authentication.getAuthenticatedTime()).thenReturn(System.currentTimeMillis()); request.setParameter("client_id", "testclient"); request.setParameter("max_age", "1"); request.setParameter("scope", "openid"); filter.doFilterInternal(request, response, chain); verify(chain, times(1)).doFilter(same(request), same(response)); verify(response, never()).sendRedirect(anyString()); }
@Test public void request_with_prompt_login() throws Exception { SecurityContextHolder.getContext().setAuthentication(authentication); request.setParameter("client_id", "testclient"); request.setParameter("prompt", "login"); request.setParameter("scope", "openid"); filter.doFilterInternal(request, response, chain); verify(chain, never()).doFilter(same(request), same(response)); // verify that the redirect is happening and the redirect url does not contain the prompt parameter verify(response, times(1)).sendRedirect(matches("^((?!prompt).)*$")); }
@Test public void testJsessionId() throws ServletException, IOException { // Given MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest(); mockHttpServletRequest.setParameter("ty", "pl"); mockHttpServletRequest.setParameter("r", "1496751574200"); mockHttpServletRequest.setParameter("u", "http://localhost:9966/petclinic;jsessionid=xyz"); mockHttpServletRequest.setParameter("d", "518"); // When servlet.doPost(mockHttpServletRequest, new MockHttpServletResponse()); // Then assertThat(mockTracer.finishedSpans().get(0).operationName()).isEqualTo("/petclinic"); }
@Test public void request_with_max_age_redirect_expected() throws Exception { SecurityContextHolder.getContext().setAuthentication(authentication); when(authentication.getAuthenticatedTime()).thenReturn(System.currentTimeMillis() - 2000); request.setParameter("client_id", "testclient"); request.setParameter("max_age", "1"); request.setParameter("scope", "openid"); filter.doFilterInternal(request, response, chain); verify(chain, never()).doFilter(same(request), same(response)); // verify that the redirect was happening and the url does not contain the max_age parameter verify(response, times(1)).sendRedirect(matches("^((?!max_age).)*$")); }
@Test public void nullCharactersInSingleValueParams_1() throws Exception { request.setParameter("test", new String(new char[] {'a','b','\u0000'})); verifyChain(0); }
@Test public void nullCharactersInSingleValueParams_2() throws Exception { request.setParameter("test", new String(new char[] {'a','b',(char)0})); verifyChain(0); } }
@Test public void invalid_code_password_reset() throws Exception { request.setParameter("code", "invalid"); error_during_password_reset(InvalidCodeException.class); }
@Test public void test_client_redirect_using_wildcard() throws Exception { handler.setWhitelist(Arrays.asList("http://testing.com")); handler.setAlwaysUseDefaultTargetUrl(false); request.setParameter(CLIENT_ID, CLIENT_ID); request.setParameter("redirect", "http://www.testing.com"); assertEquals("http://www.testing.com", handler.determineTargetUrl(request, response)); }
@Test public void addMultipleParameters() { request.setParameter("key1", "value1"); request.setParameter("key2", "value2"); Map<String, Object> params = new HashMap<>(2); params.put("key1", "newValue1"); params.put("key3", new String[] { "value3A", "value3B" }); request.addParameters(params); String[] values1 = request.getParameterValues("key1"); assertEquals(2, values1.length); assertEquals("value1", values1[0]); assertEquals("newValue1", values1[1]); assertEquals("value2", request.getParameter("key2")); String[] values3 = request.getParameterValues("key3"); assertEquals(2, values3.length); assertEquals("value3A", values3[0]); assertEquals("value3B", values3[1]); }
@Test public void changeSessionId() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest("GET", ""); request.getSession(); request.setServletPath("/login"); request.setMethod("POST"); request.setParameter("username", "user"); request.setParameter("password", "password"); String id = request.getSession().getId(); loadContext("<http>\n" + " <form-login/>\n" + " <session-management session-fixation-protection='changeSessionId'/>\n" + " <csrf disabled='true'/>\n" + " </http>" + XML_AUTHENTICATION_MANAGER); springSecurityFilterChain.doFilter(request, response, chain); assertThat(request.getSession().getId()).isNotEqualTo(id); }
@Test public void test_whitelist_redirect() throws Exception { handler.setWhitelist(Arrays.asList("http://somethingelse.com")); handler.setAlwaysUseDefaultTargetUrl(false); request.setParameter("redirect", "http://somethingelse.com"); assertEquals("http://somethingelse.com", handler.determineTargetUrl(request, response)); }
@Test public void invalidFormRedirectIsNotReturned() { String redirectUri = "http://test.com/test"; request.setParameter(FORM_REDIRECT_PARAMETER, redirectUri); assertEquals("/", handler.determineTargetUrl(request, new MockHttpServletResponse())); } }
@Test public void saveFormRedirectRequest_GET_Method() throws Exception { request.setSession(session); request.setParameter(FORM_REDIRECT_PARAMETER, "http://login"); request.setMethod(HttpMethod.GET.name()); spy.saveRequest(request, new MockHttpServletResponse()); verify(spy, never()).saveClientRedirect(request, request.getParameter(FORM_REDIRECT_PARAMETER)); }
@Test public void by_default_query_string_is_allowed() throws Exception { OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); request.setQueryString("token="+ accessToken.getValue()); request.setParameter("token", accessToken.getValue()); Claims claims = endpoint.checkToken(request); assertNotNull(claims); }
@Before public void setup() { this.request = new MockHttpServletRequest("GET", ""); this.response = new MockHttpServletResponse(); this.chain = new MockFilterChain(); CsrfToken csrfToken = new DefaultCsrfToken("X-CSRF-TOKEN", "_csrf", "CSRF-TOKEN-TEST"); new HttpSessionCsrfTokenRepository().saveToken(csrfToken, this.request, this.response); this.request.setParameter(csrfToken.getParameterName(), csrfToken.getToken()); }