@Override public Object getValue(String name) { return getAttribute(name); }
public void sessionScope() throws Exception { assertThat(mySessionBean) .isSameAs(session.getAttribute("mySessionBean")); assertThat(mySessionBean) .isSameAs(wac.getBean("mySessionBean", MySessionBean.class));
@Test public void sessionScope() throws Exception { final String beanName = "sessionScopedTestBean"; assertNull(session.getAttribute(beanName)); TestBean testBean = wac.getBean(beanName, TestBean.class); assertSame(testBean, session.getAttribute(beanName)); assertSame(testBean, wac.getBean(beanName, TestBean.class)); }
/** * @since 4.0 */ @Test(expected = IllegalStateException.class) public void getAttributeOnInvalidatedSession() { session.invalidate(); session.getAttribute("foo"); }
@Override public Object getAttribute(String name) { return wrap(super.getAttribute(name)); }
public static int getMFACodeFromSession(MockHttpSession session) { UserGoogleMfaCredentials activeCreds = (UserGoogleMfaCredentials) session.getAttribute("uaaMfaCredentials"); return getMfaCodeFromCredentials(activeCreds); }
@Test public void testQRCodeRedirectIfCodeNotValidated() throws Exception { redirectToMFARegistration(); performGetMfaRegister().andExpect(view().name("mfa/qr_code")); UserGoogleMfaCredentials inActiveCreds = (UserGoogleMfaCredentials) session.getAttribute("uaaMfaCredentials"); assertNotNull(inActiveCreds); performGetMfaRegister().andExpect(view().name("mfa/qr_code")); }
@Test void test_previous_login_time_upon_authentication( @Autowired ScimUserProvisioning scimUserProvisioning ) throws Exception { ScimUser user = createUser(scimUserProvisioning, generator, getUaa().getId()); MockHttpSession session = new MockHttpSession(); long beforeAuthTime = System.currentTimeMillis(); mockMvc.perform(post("/uaa/login.do") .session(session) .with(cookieCsrf()) .contextPath("/uaa") .param("username", user.getUserName()) .param("password", user.getPassword())); long afterAuthTime = System.currentTimeMillis(); SecurityContext securityContext = (SecurityContext) session.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); assertNull(((UaaAuthentication) securityContext.getAuthentication()).getLastLoginSuccessTime()); session = new MockHttpSession(); mockMvc.perform(post("/uaa/login.do") .session(session) .with(cookieCsrf()) .contextPath("/uaa") .param("username", user.getUserName()) .param("password", user.getPassword())); securityContext = (SecurityContext) session.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); Long lastLoginTime = ((UaaAuthentication) securityContext.getAuthentication()).getLastLoginSuccessTime(); assertThat(lastLoginTime, greaterThanOrEqualTo(beforeAuthTime)); assertThat(lastLoginTime, lessThanOrEqualTo(afterAuthTime)); }
@Test public void test_oauth_authorize_modified_scope() throws Exception { String state = generator.generate(); MockHttpSession session = getAuthenticatedSession(user1); mockMvc.perform( get("/oauth/authorize") .session(session) .param(RESPONSE_TYPE, "code") .param(STATE, state) .param(CLIENT_ID, client1.getClientId())) .andExpect(status().isOk()); //200 means the approvals page assertNotNull(session.getAttribute("authorizationRequest")); assertNotNull(session.getAttribute("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST")); mockMvc.perform( post("/oauth/authorize") .with(cookieCsrf()) .session(session) .param(USER_OAUTH_APPROVAL, "true") .param("scope.0","scope.different.scope") .param("scope.1","scope.test.scope2") ) .andDo(print()) .andExpect(status().is3xxRedirection()) .andExpect(redirectedUrlPattern("http://test.example.org/redirect?error=invalid_scope&error_description=The%20requested%20scopes%20are%20invalid.%20Please%20use%20valid%20scope%20names%20in%20the%20request*")); assertNull(session.getAttribute("authorizationRequest")); assertNull(session.getAttribute("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST")); }
@Test void redirectToSavedRequest_ifPresent() throws Exception { MockHttpSession session = MockMvcUtils.getSavedRequestSession(); PredictableGenerator generator = new PredictableGenerator(); JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator); mockMvc.perform(post("/create_account.do") .with(cookieCsrf()) .session(session) .param("email", "testuser@test.org") .param("password", "test-password") .param("password_confirmation", "test-password")) .andExpect(redirectedUrl("accounts/email_sent")); mockMvc.perform(get("/verify_user") .session(session) .param("code", "test" + generator.counter.get())) .andExpect(status().isFound()) .andExpect(redirectedUrl(LOGIN_REDIRECT)) .andReturn(); assertNotNull(((SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE)).getRedirectUrl()); }
assertNotNull(session.getAttribute("authorizationRequest")); assertNotNull(session.getAttribute("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST")); assertNotNull(session.getAttribute("authorizationRequest")); assertNotNull(session.getAttribute("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST")); .andExpect(redirectedUrlPattern("**/*code=*")); assertNull(session.getAttribute("authorizationRequest")); assertNull(session.getAttribute("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST"));
private MockHttpSession getUserSession(String username, String password) throws Exception { MockHttpSession session = new MockHttpSession(); session.invalidate(); MockHttpSession afterLoginSession = (MockHttpSession) mockMvc.perform(post("/login.do") .with(cookieCsrf()) .session(session) .accept(ACCEPT_TEXT_HTML) .param("username", username) .param("password", password)) .andDo(print()) .andReturn().getRequest().getSession(false); assertNotNull(afterLoginSession); assertNotNull(afterLoginSession.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)); return afterLoginSession; }
MockHttpSession inviteSession = (MockHttpSession) result.getRequest().getSession(false); assertNotNull(inviteSession); assertNotNull(inviteSession.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)); String redirectUri = "https://example.com/dashboard/?appGuid=app-guid"; String clientId = "authclient-"+new RandomValueStringGenerator().generate();
SavedRequest savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); assertNotNull(savedRequest); assertEquals(authUrl, savedRequest.getRedirectUrl()); savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE); assertNotNull(savedRequest);
assertNull(session.getAttribute("SPRING_SECURITY_CONTEXT"));
assertNotNull(afterLoginSessionA.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)); assertNotNull(afterLoginSessionB.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)); assertNotNull(afterPasswordChange.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)); assertNotSame(afterLoginSessionA, afterPasswordChange); mockMvc.perform(
assertNotNull(afterLoginSession.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)); assertNotNull(afterPasswordChange.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)); assertNotSame(afterLoginSession, afterPasswordChange);
@RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(...) @WebAppConfiguration public class SessionTest { @Autowired MockHttpSession session; @Test public void sessionAttributeTest() throws Exception { MyObject myObject = session.getAttribute("myObject"); ... } }
@Override public Object getValue(String name) { return getAttribute(name); }
MockHttpSession session = new MockHttpSession(); session.putValue("TTL", Instant.now().minusSeconds(60).toEpochMilli()); mockMvc.perform(get("/rest/message").session(session)) .andExpect(status().isOk()); assertThat((Long) session.getAttribute("TTL"), Matchers.greaterThan(Instant.now().toEpochMilli()));