@Test public void redirectWithMatchingPattern() throws Exception { redirectedUrlPattern("/resource/*").match(getRedirectedUrlStubMvcResult("/resource/1")); }
@Test(expected = AssertionError.class) public void redirectWithNonMatchingPattern() throws Exception { redirectedUrlPattern("/resource/").match(getRedirectedUrlStubMvcResult("/resource/1")); }
@Test public void testRedirectPattern() throws Exception { this.mockMvc.perform(get("/persons")).andExpect(redirectedUrlPattern("/persons/*")); }
@Test // http@entry-point-ref public void configureWhenAuthenticationEntryPointSetAndRequestUnauthorizedThenRedirectedToAuthenticationEntryPoint() throws Exception { this.spring.register(EntryPointRefConfig.class).autowire(); this.mockMvc.perform(get("/")) .andExpect(status().is3xxRedirection()) .andExpect(redirectedUrlPattern("**/entry-point")); }
@Test void testSilentAuthHonorsAntRedirect_whenSessionHasBeenInvalidated() throws Exception { MockHttpSession session = new MockHttpSession(); login(session); session.invalidate(); mockMvc.perform( get("/oauth/authorize?response_type=token&scope=openid&client_id=ant&prompt=none&redirect_uri=http://example.com/with/path.html") .session(session) ).andExpect(redirectedUrlPattern("http://example.com/**/*")); }
@Test public void accept_invitation_should_not_log_you_in() throws Exception { String email = new RandomValueStringGenerator().generate().toLowerCase()+"@test.org"; URL inviteLink = inviteUser(email, userInviteToken, null, clientId, OriginKeys.UAA); assertEquals(OriginKeys.UAA, getWebApplicationContext().getBean(JdbcTemplate.class).queryForObject("select origin from users where username=?", new Object[]{email}, String.class)); String code = extractInvitationCode(inviteLink.toString()); MvcResult result = getMockMvc().perform(get("/invitations/accept") .param("code", code) .accept(MediaType.TEXT_HTML) ) .andExpect(status().isOk()) .andExpect(content().string(containsString("Email: " + email))) .andReturn(); MockHttpSession session = (MockHttpSession) result.getRequest().getSession(false); getMockMvc().perform( get("/profile") .session(session) .accept(MediaType.TEXT_HTML) ) .andExpect(status().isFound()) .andExpect(redirectedUrlPattern("**/login")); }
.andExpect(redirectedUrlPattern("accept?error_message_code=form_error&code=*"))
.andExpect(redirectedUrlPattern("**/login"));
@Test public void test_post_approval_csrf() throws Exception { test_get_approvals(); MockHttpSession session = getAuthenticatedSession(user1); MockHttpServletRequestBuilder post = post("/profile") .session(session) .param("checkScopes", client1.getClientId() + "-test.scope1", client1.getClientId() + "-test.scope2"); mockMvc.perform( post ) .andDo(print()) .andExpect(status().isForbidden()); mockMvc.perform( post.with(cookieCsrf().useInvalidToken()) ).andExpect(status().isForbidden()); mockMvc.perform( post.with(cookieCsrf()) ) .andExpect(status().isFound()) .andExpect(redirectedUrlPattern("**/profile")); }
@Test public void test_oauth_authorize_modified_scope() throws Exception { String state = generator.generate(); MockHttpSession session = getAuthenticatedSession(user1); mockMvc.perform( get("/oauth/authorize") .session(session) .param(RESPONSE_TYPE, "code") .param(STATE, state) .param(CLIENT_ID, client1.getClientId())) .andExpect(status().isOk()); //200 means the approvals page assertNotNull(session.getAttribute("authorizationRequest")); assertNotNull(session.getAttribute("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST")); mockMvc.perform( post("/oauth/authorize") .with(cookieCsrf()) .session(session) .param(USER_OAUTH_APPROVAL, "true") .param("scope.0","scope.different.scope") .param("scope.1","scope.test.scope2") ) .andDo(print()) .andExpect(status().is3xxRedirection()) .andExpect(redirectedUrlPattern("http://test.example.org/redirect?error=invalid_scope&error_description=The%20requested%20scopes%20are%20invalid.%20Please%20use%20valid%20scope%20names%20in%20the%20request*")); assertNull(session.getAttribute("authorizationRequest")); assertNull(session.getAttribute("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST")); }
.andExpect(redirectedUrlPattern("**/*code=*"));