@Override public void putValue(String name, Object value) { setAttribute(name, value); }
/** * @since 4.0 */ @Test(expected = IllegalStateException.class) public void setAttributeOnInvalidatedSession() { session.invalidate(); session.setAttribute("name", "value"); }
@Test public void bindingListenerBindSameListenerTwice() { String bindingListenerName = "bindingListener"; CountingHttpSessionBindingListener bindingListener = new CountingHttpSessionBindingListener(); session.setAttribute(bindingListenerName, bindingListener); session.setAttribute(bindingListenerName, bindingListener); assertEquals(bindingListener.getCounter(), 1); }
@Override public void setAttribute(String name, Object value) { super.setAttribute(name, wrap(value)); }
@Test public void bindingListenerBindListenerOverwrite() { String bindingListenerName = "bindingListener"; CountingHttpSessionBindingListener bindingListener1 = new CountingHttpSessionBindingListener(); CountingHttpSessionBindingListener bindingListener2 = new CountingHttpSessionBindingListener(); session.setAttribute(bindingListenerName, bindingListener1); session.setAttribute(bindingListenerName, bindingListener2); assertEquals(bindingListener1.getCounter(), 0); assertEquals(bindingListener2.getCounter(), 1); }
@Test public void bindingListenerBindListener() { String bindingListenerName = "bindingListener"; CountingHttpSessionBindingListener bindingListener = new CountingHttpSessionBindingListener(); session.setAttribute(bindingListenerName, bindingListener); assertEquals(bindingListener.getCounter(), 1); }
private MockHttpServletRequest getMockHttpServletRequest() { MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpSession session = new MockHttpSession(); SavedRequest savedRequest = mock(SavedRequest.class); when(savedRequest.getParameterValues("client_id")).thenReturn(new String[]{"client-id"}); when(savedRequest.getRedirectUrl()) .thenReturn("http://localhost:8080/uaa/oauth/authorize?client_id=identity&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2Flogin&response_type=code&state=8tp0tR"); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); request.setSession(session); return request; }
public static MockHttpSession getSavedRequestSession() { MockHttpSession session = new MockHttpSession(); SavedRequest savedRequest = new MockSavedRequest(); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); return session; }
@Test public void bindingListenerBindListenerThenUnbind() { String bindingListenerName = "bindingListener"; CountingHttpSessionBindingListener bindingListener = new CountingHttpSessionBindingListener(); session.setAttribute(bindingListenerName, bindingListener); session.removeAttribute(bindingListenerName); assertEquals(bindingListener.getCounter(), 0); }
@Test public void session() { MockHttpSession session = new MockHttpSession(this.servletContext); session.setAttribute("foo", "bar"); this.builder.session(session); this.builder.sessionAttr("baz", "qux"); MockHttpServletRequest request = this.builder.buildRequest(this.servletContext); assertEquals(session, request.getSession()); assertEquals("bar", request.getSession().getAttribute("foo")); assertEquals("qux", request.getSession().getAttribute("baz")); }
public MockHttpSession getAuthenticatedSession(ScimUser user) { List<SimpleGrantedAuthority> authorities = user.getGroups().stream().map(g -> new SimpleGrantedAuthority(g.getValue())).collect(Collectors.toList()); UaaPrincipal p = new UaaPrincipal(user.getId(), user.getUserName(), user.getPrimaryEmail(), OriginKeys.UAA, "", IdentityZoneHolder.get().getId()); UaaAuthentication auth = new UaaAuthentication(p, authorities, null); Assert.assertTrue(auth.isAuthenticated()); SecurityContextHolder.getContext().setAuthentication(auth); MockHttpSession session = new MockHttpSession(); session.setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, new MockMvcUtils.MockSecurityContext(auth) ); return session; }
private void setAuthentication(MockHttpSession session, ScimUser developer, boolean forcePasswordChange, String... authMethods) { UaaPrincipal p = new UaaPrincipal(developer.getId(), developer.getUserName(), developer.getPrimaryEmail(), OriginKeys.UAA, "", IdentityZoneHolder.get().getId()); UaaAuthentication auth = new UaaAuthentication(p, UaaAuthority.USER_AUTHORITIES, new UaaAuthenticationDetails(false, "clientId", OriginKeys.ORIGIN, "sessionId")); auth.setRequiresPasswordChange(forcePasswordChange); auth.setAuthenticationMethods(new HashSet<>(Arrays.asList(authMethods))); assertTrue(auth.isAuthenticated()); SecurityContextHolder.getContext().setAuthentication(auth); session.setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, new MockSecurityContext(auth) ); }
@Test public void testErrorRedirect() throws IOException, ServletException { LoginSAMLAuthenticationFailureHandler handler = new LoginSAMLAuthenticationFailureHandler(); DefaultSavedRequest savedRequest = mock(DefaultSavedRequest.class); Map<String, String[]> parameterMap = new HashMap<String, String[]>(); parameterMap.put("redirect_uri", new String[] { "https://example.com" }); when(savedRequest.getParameterMap()).thenReturn(parameterMap); MockHttpSession session = new MockHttpSession(); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); LoginSAMLException exception = new LoginSAMLException("Denied!"); handler.onAuthenticationFailure(request, response, exception); String actual = response.getRedirectedUrl(); assertEquals("https://example.com/?error=access_denied&error_description=Denied%21", actual); int status = response.getStatus(); assertEquals(302, status); }
@Test public void testErrorRedirectWithExistingQueryParameters() throws IOException, ServletException { LoginSAMLAuthenticationFailureHandler handler = new LoginSAMLAuthenticationFailureHandler(); DefaultSavedRequest savedRequest = mock(DefaultSavedRequest.class); Map<String, String[]> parameterMap = new HashMap<String, String[]>(); parameterMap.put("redirect_uri", new String[] { "https://example.com?go=bears" }); when(savedRequest.getParameterMap()).thenReturn(parameterMap); MockHttpSession session = new MockHttpSession(); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); LoginSAMLException exception = new LoginSAMLException("Denied!"); handler.onAuthenticationFailure(request, response, exception); String actual = response.getRedirectedUrl(); assertEquals("https://example.com/?go=bears&error=access_denied&error_description=Denied%21", actual); int status = response.getStatus(); assertEquals(302, status); }
@Test public void testSomeOtherErrorCondition() throws IOException, ServletException { LoginSAMLAuthenticationFailureHandler handler = new LoginSAMLAuthenticationFailureHandler(); DefaultSavedRequest savedRequest = mock(DefaultSavedRequest.class); Map<String, String[]> parameterMap = new HashMap<String, String[]>(); parameterMap.put("redirect_uri", new String[] { "https://example.com?go=bears" }); when(savedRequest.getParameterMap()).thenReturn(parameterMap); MockHttpSession session = new MockHttpSession(); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); AuthenticationException exception = new AuthenticationException("Authentication Exception") { /** * */ private static final long serialVersionUID = 1L; }; handler.onAuthenticationFailure(request, response, exception); String actual = response.getRedirectedUrl(); assertEquals(null, actual); int status = response.getStatus(); assertEquals(401, status); }
@Test public void testNoRedirectURI() throws IOException, ServletException { LoginSAMLAuthenticationFailureHandler handler = new LoginSAMLAuthenticationFailureHandler(); DefaultSavedRequest savedRequest = mock(DefaultSavedRequest.class); Map<String, String[]> parameterMap = new HashMap<String, String[]>(); when(savedRequest.getParameterMap()).thenReturn(parameterMap); MockHttpSession session = new MockHttpSession(); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); MockHttpServletRequest request = new MockHttpServletRequest(); request.setSession(session); MockHttpServletResponse response = new MockHttpServletResponse(); LoginSAMLException exception = new LoginSAMLException("Denied!"); handler.onAuthenticationFailure(request, response, exception); String actual = response.getRedirectedUrl(); assertEquals(null, actual); int status = response.getStatus(); assertEquals(401, status); } }
@Test public void should_save_condition_works() throws MalformedURLException { assertFalse(cache.shouldSaveFormRedirectParameter(request)); request.setPathInfo("/login.do"); assertFalse(cache.shouldSaveFormRedirectParameter(request)); request.setParameter(FORM_REDIRECT_PARAMETER, redirectUri); request.setServerName(new URL(redirectUri).getHost()); assertTrue(cache.shouldSaveFormRedirectParameter(request)); request.setSession(session); assertTrue(cache.shouldSaveFormRedirectParameter(request)); ClientRedirectSavedRequest savedRequest = new ClientRedirectSavedRequest(request, redirectUri); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); assertFalse(cache.shouldSaveFormRedirectParameter(request)); }
@Test public void testLoginUsingPasscodeWithUnknownToken() throws Exception { RemoteUserAuthentication userAuthentication = new RemoteUserAuthentication( marissa.getId(), marissa.getName(), marissa.getEmail(), new ArrayList<GrantedAuthority>() ); final MockSecurityContext mockSecurityContext = new MockSecurityContext(userAuthentication); SecurityContextHolder.setContext(mockSecurityContext); MockHttpSession session = new MockHttpSession(); session.setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, mockSecurityContext ); MockHttpServletRequestBuilder get = get("/passcode") .accept(APPLICATION_JSON) .session(session); mockMvc.perform(get) .andExpect(status().isUnauthorized()); }
@Test public void browserCodeRequest() throws Exception { MockHttpSession session = new MockHttpSession(); session.setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, new MockMvcUtils.MockSecurityContext(principal) ); MockHttpServletRequestBuilder get = get("/oauth/authorize") .accept(APPLICATION_FORM_URLENCODED) .param(RESPONSE_TYPE, "code") .param(CLIENT_ID, "login") .param(SCOPE, "openid oauth.approvals") .param(REDIRECT_URI, "http://localhost/app") .param("login_hint", URLEncoder.encode("{\"origin\":\"uaa\"}", "utf-8")) .session(session); Snippet requestParameters = requestParameters( responseTypeParameter.description("Space-delimited list of response types. Here, `code` for requesting an authorization code for an access token, as per OAuth spec"), clientIdParameter, scopesParameter, redirectParameter, loginHintParameter ); mockMvc.perform(get) .andExpect(status().isFound()) .andDo(document("{ClassName}/{methodName}", requestParameters)); }
@Test void passcode_request() throws Exception { ScimUserProvisioning userProvisioning = webApplicationContext.getBean(JdbcScimUserProvisioning.class); ScimUser marissa = userProvisioning.query("username eq \"marissa\" and origin eq \"uaa\"", IdentityZoneHolder.get().getId()).get(0); UaaPrincipal uaaPrincipal = new UaaPrincipal(marissa.getId(), marissa.getUserName(), marissa.getPrimaryEmail(), marissa.getOrigin(), marissa.getExternalId(), IdentityZoneHolder.get().getId()); UaaAuthentication principal = new UaaAuthentication(uaaPrincipal, Arrays.asList(UaaAuthority.fromAuthorities("uaa.user")), null); MockHttpSession session = new MockHttpSession(); session.setAttribute( HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, new MockMvcUtils.MockSecurityContext(principal) ); MockHttpServletRequestBuilder get = MockMvcRequestBuilders.get("/passcode") .accept(APPLICATION_JSON_VALUE) .session(session) .header("Cookie","JSESSIONID="+session.getId()); mockMvc.perform(get) .andDo( document("{ClassName}/{methodName}", preprocessResponse(prettyPrint()), requestHeaders(headerWithName("Cookie").required().description("JSESSIONID cookie to match the server side session of the authenticated user.")) ) ) .andExpect(status().isOk()); }