@Test public void authenticated_password_expired() throws Exception { request.setPathInfo("/oauth/authorize"); SecurityContextHolder.getContext().setAuthentication(authentication); when(authentication.isAuthenticated()).thenReturn(true); when(authentication.isRequiresPasswordChange()).thenReturn(true); filter.doFilterInternal(request, response, chain); verify(chain, never()).doFilter(any(), any()); verify(response, times(1)).sendRedirect("/force_password_change"); verify(cache, times(1)).saveRequest(any(), any()); }
case MFA_REQUIRED: logger.debug("Request requires MFA, redirecting to MFA flow for " + getAuthenticationLogInfo()); cache.saveRequest(request, response); sendRedirect(redirect, request, response); break;
@Test public void doFilterWhenNotAuthorizationRequestAndClientAuthorizationRequiredExceptionThrownThenRedirectForAuthorization() throws Exception { String requestUri = "/path"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); doThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())) .when(filterChain).doFilter(any(ServletRequest.class), any(ServletResponse.class)); this.filter.doFilter(request, response, filterChain); verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class)); assertThat(response.getRedirectedUrl()).matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://localhost/authorize/oauth2/code/registration-id"); verify(this.requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); }
@Test public void getWhenUnauthenticatedThenUsesConfiguredRequestCache() throws Exception { this.spring.configLocations(xml("RequestCache")).autowire(); RequestCache requestCache = this.spring.getContext().getBean(RequestCache.class); this.mvc.perform(get("/")); verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); }
@Test public void do_filter_mfa_required() throws Exception { request.setContextPath("/uaa"); when(spyFilter.getNextStep(any(HttpServletRequest.class))).thenReturn(MFA_REQUIRED); spyFilter.doFilter(request, response, chain); verify(requestCache, times(1)).saveRequest(same(request), same(response)); verify(spyFilter, times(1)).sendRedirect(eq("/login/mfa/register"), same(request), same(response)); }
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (isIgnored(request, response)) { //pass through even though 'change' is required request filterChain.doFilter(request, response); } else if (isCompleted(request)) { logger.debug("Forced password change has been completed."); SavedRequest savedRequest = cache.getRequest(request, response); if (savedRequest != null) { sendRedirect(savedRequest.getRedirectUrl(), request, response); } else { sendRedirect("/", request, response); } } else if (needsPasswordReset() && !matcher.matches(request)) { logger.debug("Password change is required for user."); cache.saveRequest(request, response); sendRedirect(redirectUri, request, response); } else if (matcher.matches(request) && isAuthenticated() && !needsPasswordReset()) { sendRedirect("/", request, response); } else { //pass through filterChain.doFilter(request, response); } }
this.requestCache.saveRequest(request, response); } catch (Exception failed) { this.unsuccessfulRedirectForAuthorization(request, response, failed);
@Test public void configureWhenRequestCacheProvidedAndClientAuthorizationRequiredExceptionThrownThenRequestCacheUsed() throws Exception { this.spring.register(OAuth2ClientConfig.class).autowire(); MvcResult mvcResult = this.mockMvc.perform(get("/resource1").with(user("user1"))) .andExpect(status().is3xxRedirection()) .andReturn(); assertThat(mvcResult.getResponse().getRedirectedUrl()).matches("https://provider.com/oauth2/authorize\\?" + "response_type=code&client_id=client-1&" + "scope=user&state=.{15,}&" + "redirect_uri=http://localhost/client-1"); verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class)); }
@Test public void doFilterWhenAuthorizationResponseSuccessHasSavedRequestThenRedirectedToSavedRequest() throws Exception { String requestUri = "/saved-request"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); MockHttpServletResponse response = new MockHttpServletResponse(); RequestCache requestCache = new HttpSessionRequestCache(); requestCache.saveRequest(request, response); requestUri = "/callback/client-1"; request.setRequestURI(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(request, response, this.registration1); this.setUpAuthenticationResult(this.registration1); this.filter.doFilter(request, response, filterChain); assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/saved-request"); }
protected void sendStartAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, AuthenticationException reason) throws ServletException, IOException { // SEC-112: Clear the SecurityContextHolder's Authentication, as the // existing Authentication is no longer considered valid SecurityContextHolder.getContext().setAuthentication(null); requestCache.saveRequest(request, response); logger.debug("Calling Authentication entry point."); authenticationEntryPoint.commence(request, response, reason); }
protected void saveRequest(RequestContext context) { logger.debug("Saving current request for use after login"); requestCache.saveRequest(context.getRequest(), context.getResponse()); }
requestCache.saveRequest(request, response);
this.requestCache.saveRequest(request, response); } catch (Exception failed) { this.unsuccessfulRedirectForAuthorization(request, response, failed);