@Test public void testExists() throws Exception { this.mockMvc.perform(get("/")).andExpect(cookie().exists(COOKIE_NAME)); }
@Test public void testHttpOnly() throws Exception { this.mockMvc.perform(get("/")).andExpect(cookie().httpOnly(COOKIE_NAME, true)); }
@Test public void testNotExists() throws Exception { this.mockMvc.perform(get("/")).andExpect(cookie().doesNotExist("unknownCookie")); }
@Test public void testMaxAge() throws Exception { this.mockMvc.perform(get("/")).andExpect(cookie().maxAge(COOKIE_NAME, -1)); }
@Test public void testPath() throws Exception { this.mockMvc.perform(get("/")).andExpect(cookie().path(COOKIE_NAME, "/")); }
@Test public void testDomain() throws Exception { this.mockMvc.perform(get("/")).andExpect(cookie().domain(COOKIE_NAME, "domain")); }
@Test public void testVersion() throws Exception { this.mockMvc.perform(get("/")).andExpect(cookie().version(COOKIE_NAME, 0)); }
@Test public void testSecured() throws Exception { this.mockMvc.perform(get("/")).andExpect(cookie().secure(COOKIE_NAME, false)); }
@Test public void testMatcher() throws Exception { this.mockMvc.perform(get("/")).andExpect(cookie().value(COOKIE_NAME, startsWith("en"))); }
@Test public void requestWithRememberMeWhenUseSecureCookieIsTrueThenCookieIsSecure() throws Exception { this.spring.configLocations(this.xml("SecureCookie")).autowire(); this.rememberAuthentication("user", "password") .andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, true)); }
/** * SEC-1827 */ @Test public void requestWithRememberMeWhenUseSecureCookieIsFalseThenCookieIsNotSecure() throws Exception { this.spring.configLocations(this.xml("Sec1827")).autowire(); this.rememberAuthentication("user", "password") .andExpect(cookie().secure(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, false)); }
/** * SEC-2826 */ @Test public void authenticateWhenUsingCustomRememberMeCookieNameThenIssuesCookieWithThatName() throws Exception { this.spring.configLocations(this.xml("WithRememberMeCookie")).autowire(); this.rememberAuthentication("user", "password") .andExpect(cookie().exists("custom-remember-me-cookie")); }
@Test public void requestWithRememberMeWhenTokenValidityIsNegativeThenCookieReflectsCorrectExpiration() throws Exception { this.spring.configLocations(this.xml("NegativeTokenValidity")).autowire(); this.rememberAuthentication("user", "password") .andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, -1)); }
@Test public void requestWithRememberMeWhenTokenValidityIsResolvedByPropertyPlaceholderThenCookieReflectsCorrectExpiration() throws Exception { this.spring.configLocations(this.xml("Sec2165")).autowire(); this.rememberAuthentication("user", "password") .andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 30)); }
@Test public void requestWhenConcurrencyControlAndCustomLogoutHandlersAreSetThenAllAreInvokedWhenSessionExpires() throws Exception { this.spring.configLocations(this.xml("ConcurrencyControlLogoutAndRememberMeHandlers")).autowire(); this.mvc.perform(get("/auth") .session(this.expiredSession()) .with(httpBasic("user", "password"))) .andExpect(status().isOk()) .andExpect(cookie().maxAge("testCookie", 0)) .andExpect(cookie().exists("rememberMeCookie")) .andExpect(session().valid(true)); }
@Test public void logoutWhenUsingRememberMeDefaultsThenCookieIsCancelled() throws Exception { this.spring.configLocations(this.xml("DefaultConfig")).autowire(); MvcResult result = this.rememberAuthentication("user", "password").andReturn(); Cookie cookie = rememberMeCookie(result); this.mvc.perform(post("/logout") .cookie(cookie) .with(csrf())) .andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 0)); }
@Test public void requestWithRememberMeWhenTokenValidityIsConfiguredThenCookieReflectsCorrectExpiration() throws Exception { this.spring.configLocations(this.xml("TokenValidity")).autowire(); MvcResult result = this.rememberAuthentication("user", "password") .andExpect(cookie().maxAge(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY, 10000)) .andReturn(); Cookie cookie = rememberMeCookie(result); this.mvc.perform(get("/authenticated") .cookie(cookie)) .andExpect(status().isOk()); }
/** * http/logout custom */ @Test @WithMockUser public void logoutWhenUsingVariousCustomizationsMatchesNamespace() throws Exception { this.spring.register(CustomHttpLogoutConfig.class).autowire(); this.mvc.perform(post("/custom-logout").with(csrf())) .andExpect(authenticated(false)) .andExpect(redirectedUrl("/logout-success")) .andExpect(result -> assertThat(result.getResponse().getCookies()).hasSize(1)) .andExpect(cookie().maxAge("remove", 0)) .andExpect(session(Objects::nonNull)); }
@Test public void requestWhenConcurrencyControlAndRememberMeAreSetThenInvokedWhenSessionExpires() throws Exception { this.spring.configLocations(this.xml("ConcurrencyControlRememberMeHandler")).autowire(); this.mvc.perform(get("/auth") .session(this.expiredSession()) .with(httpBasic("user", "password"))) .andExpect(status().isOk()) .andExpect(cookie().exists("rememberMeCookie")) .andExpect(session().exists(false)); }