private MockHttpSession expiredSession() { MockHttpSession session = new MockHttpSession(); SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class); sessionRegistry.registerNewSession(session.getId(), "user"); sessionRegistry.getSessionInformation(session.getId()).expireNow(); return session; }
@Override public void match(MvcResult result) { if (!this.exists) { assertThat(result.getRequest().getSession(false)).isNull(); return; } assertThat(result.getRequest().getSession(false)).isNotNull(); MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); if (this.valid != null) { if (this.valid) { assertThat(session.isInvalid()).isFalse(); } else { assertThat(session.isInvalid()).isTrue(); } } if (this.id != null) { assertThat(session.getId()).isEqualTo(this.id); } } }
@Test public void requestWhenSessionFixationProtectionIsMigrateSessionThenSessionIsReplaced() throws Exception { this.spring.configLocations(this.xml("SessionFixationProtectionMigrateSession")).autowire(); MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); MvcResult result = this.mvc.perform(get("/auth") .session(session) .with(httpBasic("user", "password"))) .andExpect(session()) .andReturn(); assertThat(result.getRequest().getSession(false).getId()).isNotEqualTo(sessionId); }
@Test public void requestWhenSessionFixationProtectionIsNoneThenSessionNotInvalidated() throws Exception { this.spring.configLocations(this.xml("SessionFixationProtectionNone")).autowire(); MockHttpSession session = new MockHttpSession(); String sessionId = session.getId(); this.mvc.perform(get("/auth") .session(session) .with(httpBasic("user", "password"))) .andExpect(session().id(sessionId)); }
/** * SEC-2137 */ @Test public void requestWhenSessionFixationProtectionDisabledAndConcurrencyControlEnabledThenSessionNotInvalidated() throws Exception { this.spring.configLocations(this.xml("Sec2137")).autowire(); MockHttpSession session = new MockHttpSession(); this.mvc.perform(get("/auth") .session(session) .with(httpBasic("user", "password"))) .andExpect(status().isOk()) .andExpect(session().id(session.getId())); }
/** * SEC-2057 */ @Test public void autowireWhenConcurrencyControlIsSetThenLogoutHandlersGetAuthenticationObject() throws Exception { this.spring.configLocations(this.xml("ConcurrencyControlCustomLogoutHandler")).autowire(); MvcResult result = this.mvc.perform(get("/auth") .with(httpBasic("user", "password"))) .andExpect(session()) .andReturn(); MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); SessionRegistry sessionRegistry = this.spring.getContext().getBean(SessionRegistry.class); sessionRegistry.getSessionInformation(session.getId()).expireNow(); this.mvc.perform(get("/auth") .session(session)) .andExpect(header().string("X-Username", "user")); }
@Test void passcode_request() throws Exception { ScimUserProvisioning userProvisioning = webApplicationContext.getBean(JdbcScimUserProvisioning.class); ScimUser marissa = userProvisioning.query("username eq \"marissa\" and origin eq \"uaa\"", IdentityZoneHolder.get().getId()).get(0); UaaPrincipal uaaPrincipal = new UaaPrincipal(marissa.getId(), marissa.getUserName(), marissa.getPrimaryEmail(), marissa.getOrigin(), marissa.getExternalId(), IdentityZoneHolder.get().getId()); UaaAuthentication principal = new UaaAuthentication(uaaPrincipal, Arrays.asList(UaaAuthority.fromAuthorities("uaa.user")), null); MockHttpSession session = new MockHttpSession(); session.setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, new MockMvcUtils.MockSecurityContext(principal) ); MockHttpServletRequestBuilder get = MockMvcRequestBuilders.get("/passcode") .accept(APPLICATION_JSON_VALUE) .session(session) .header("Cookie","JSESSIONID="+session.getId()); mockMvc.perform(get) .andDo( document("{ClassName}/{methodName}", preprocessResponse(prettyPrint()), requestHeaders(headerWithName("Cookie").required().description("JSESSIONID cookie to match the server side session of the authenticated user.")) ) ) .andExpect(status().isOk()); }
@Test public void read_method_should_return_correct_cart_Json_object () throws Exception { //Arrange this.mockMvc.perform(put("/rest/cart/add/P1234").session(session)) .andExpect(status().is(204)); //Act this.mockMvc.perform(get("/rest/cart/"+ session.getId()).session(session)) .andExpect(status().isOk()) .andExpect(jsonPath("$.cartItems.P1234.product.productId").value("P1234")); }