@Test public void requestWhenCreateSessionIsSetToNeverThenUsesExistingSession() throws Exception { this.spring.configLocations(this.xml("CreateSessionNever")).autowire(); MockHttpServletRequest request = post("/login") .param("username", "user") .param("password", "password") .buildRequest(this.servletContext()); request = csrf().postProcessRequest(request); MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = request(request, this.spring.getContext()); assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); assertThat(request.getSession(false).getAttribute(SPRING_SECURITY_CONTEXT_KEY)) .isNotNull(); }
@Test public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLogin() throws Exception { this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire(); ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext(); MockHttpServletRequest request = post("/login") .param("username", "user") .param("password", "password") .buildRequest(servletContext); request = csrf().postProcessRequest(request); MockHttpServletResponse response = request(request, this.spring.getContext()); assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); }
@Test public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLogin() throws Exception { this.spring.configLocations(this.xml("CreateSessionNever")).autowire(); MockHttpServletRequest request = post("/login") .param("username", "user") .param("password", "password") .buildRequest(this.servletContext()); request = csrf().postProcessRequest(request); MockHttpServletResponse response = request(request, this.spring.getContext()); assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNull(); }