@Test public void approveUnmodifiedRequest() { AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "state-1234", "read", Collections.singleton("code")); model.put("authorizationRequest", authorizationRequest); model.put("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST", uaaAuthorizationEndpoint.unmodifiableMap(authorizationRequest)); Map<String, String> approvalParameters = new HashMap<>(); approvalParameters.put("user_oauth_approval", "true"); when(authorizationCodeServices.createAuthorizationCode(any(OAuth2Authentication.class))).thenReturn("code"); View view = uaaAuthorizationEndpoint.approveOrDeny(approvalParameters, model, sessionStatus, principal); assertThat(view, notNullValue()); assertThat(view, instanceOf(RedirectView.class)); assertThat(((RedirectView)view).getUrl(), not(containsString("error=invalid_scope"))); }
@Test public void testApproveWithModifiedApprovalParameters() { AuthorizationRequest authorizationRequest = getAuthorizationRequest( "foo", "http://anywhere.com", "state-1234", "read", Collections.singleton("code")); authorizationRequest.setApproved(false); model.put("authorizationRequest", authorizationRequest); model.put("org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint.ORIGINAL_AUTHORIZATION_REQUEST", uaaAuthorizationEndpoint.unmodifiableMap(authorizationRequest)); Map<String, String> approvalParameters = new HashMap<>(); approvalParameters.put("user_oauth_approval", "true"); approvalParameters.put("scope.0", "foobar"); View view = uaaAuthorizationEndpoint.approveOrDeny(approvalParameters, model, sessionStatus, principal); assertThat(view, instanceOf(RedirectView.class)); assertThat(((RedirectView)view).getUrl(), containsString("error=invalid_scope")); }
private void doTestUrlBasedViewResolverWithPrefixes(UrlBasedViewResolver vr) throws Exception { StaticWebApplicationContext wac = new StaticWebApplicationContext(); wac.setServletContext(new MockServletContext()); wac.refresh(); vr.setPrefix("/WEB-INF/"); vr.setSuffix(".jsp"); vr.setApplicationContext(wac); View view = vr.resolveViewName("example1", Locale.getDefault()); assertEquals("Correct view class", JstlView.class, view.getClass()); assertEquals("Correct URL", "/WEB-INF/example1.jsp", ((InternalResourceView) view).getUrl()); view = vr.resolveViewName("example2", Locale.getDefault()); assertEquals("Correct view class", JstlView.class, view.getClass()); assertEquals("Correct URL", "/WEB-INF/example2.jsp", ((InternalResourceView) view).getUrl()); view = vr.resolveViewName("redirect:myUrl", Locale.getDefault()); assertEquals("Correct view class", RedirectView.class, view.getClass()); assertEquals("Correct URL", "myUrl", ((RedirectView) view).getUrl()); view = vr.resolveViewName("forward:myUrl", Locale.getDefault()); assertEquals("Correct view class", InternalResourceView.class, view.getClass()); assertEquals("Correct URL", "myUrl", ((InternalResourceView) view).getUrl()); }
assertEquals("Correct URL", "myUrl", ((RedirectView) view).getUrl()); assertSame("View not initialized as bean", wac, ((RedirectView) view).getApplicationContext());
@Test public void testValidOTPTakesToHomePage() throws Exception{ int code = 1234; when(userGoogleMfaCredentialsProvisioning.isValidCode(ArgumentMatchers.any(UserGoogleMfaCredentials.class), eq(code))).thenReturn(true); when(uaaAuthentication.getPrincipal()).thenReturn(new UaaPrincipal(userId, "Marissa", null, "uaa", null, null), null, null); when(mfaProviderProvisioning.retrieveByName(mfaProvider.getName(), IdentityZoneHolder.get().getId())).thenReturn(mfaProvider); when(userDb.retrieveUserByName("Marissa", "uaa")).thenReturn(new UaaUser(new UaaUserPrototype().withUsername("Marissa").withOrigin("uaa").withId("1234").withEmail("marissa@example.com"))); IdentityZoneHolder.get().getConfig().getMfaConfig().setEnabled(true).setProviderName(mfaProvider.getName()); SessionStatus sessionStatus = mock(SessionStatus.class); ModelAndView returnView = endpoint.validateCode( mock(Model.class), Integer.toString(code), mock(UserGoogleMfaCredentials.class), sessionStatus); assertEquals("/login/mfa/completed", ((RedirectView)returnView.getView()).getUrl()); verify(sessionStatus, times(1)).setComplete(); verifyMfaEvent(MfaAuthenticationSuccessEvent.class); }
@Test public void freeMarkerViewResolver() throws Exception { MockServletContext sc = new MockServletContext(); FreeMarkerConfigurer configurer = new FreeMarkerConfigurer(); configurer.setConfiguration(new TestConfiguration()); configurer.setServletContext(sc); StaticWebApplicationContext wac = new StaticWebApplicationContext(); wac.setServletContext(sc); wac.getBeanFactory().registerSingleton("configurer", configurer); wac.refresh(); FreeMarkerViewResolver vr = new FreeMarkerViewResolver("prefix_", "_suffix"); vr.setApplicationContext(wac); View view = vr.resolveViewName("test", Locale.CANADA); assertEquals("Correct view class", FreeMarkerView.class, view.getClass()); assertEquals("Correct URL", "prefix_test_suffix", ((FreeMarkerView) view).getUrl()); view = vr.resolveViewName("non-existing", Locale.CANADA); assertNull(view); view = vr.resolveViewName("redirect:myUrl", Locale.getDefault()); assertEquals("Correct view class", RedirectView.class, view.getClass()); assertEquals("Correct URL", "myUrl", ((RedirectView) view).getUrl()); view = vr.resolveViewName("forward:myUrl", Locale.getDefault()); assertEquals("Correct view class", InternalResourceView.class, view.getClass()); assertEquals("Correct URL", "myUrl", ((InternalResourceView) view).getUrl()); }
@RequestMapping(value = SEARCH_ADVANCED_URL, method = RequestMethod.POST, params = UriParamConst.SEARCH_CONFIGURATION) @Profiled(tag = "search.advanced") @ResponseBody public String advancedSearchFormRequest(Model model, HttpServletRequest request, Locale locale, @RequestParam(UriParamConst.SEARCH_CONFIGURATION) String searchConfiguration) throws Exception { SearchHandler handler = getSearchHandler(searchConfiguration); RedirectView redirectView = handler.buildAdvancedSearchRedirectView(request, locale); String url = redirectView.getUrl(); return request.getServletContext().getContextPath() + url; }
@RequestMapping(value="/{providerId}", method=RequestMethod.POST) public RedirectView connect(@PathVariable String providerId, NativeWebRequest request) { RedirectView redirectView = super.connect(providerId, request); if (overridenConnectCallbackBasePathsByProviderId.containsKey(providerId)) { String redirectUrl = redirectView.getUrl(); // Modify the redirect url to specify an alternate callback base path for the provider redirectUrl = redirectUrl.replaceAll(getEncodedProviderCallbackPath(providerId,DEFAULT_CONNECT_CALLBACK_BASE_PATH), getEncodedProviderCallbackPath(providerId,overridenConnectCallbackBasePathsByProviderId.get(providerId))); redirectView.setUrl(redirectUrl); return redirectView; } else { return redirectView; } }
public Map<String, Object> handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception { ModelAndView modelAndView = controller.handleRequest(request, response); if (modelAndView.getView() instanceof RedirectView) { RedirectView view = (RedirectView)modelAndView.getView(); response.sendRedirect(view.getUrl()); return new HashMap<>(); } else { return modelAndView.getModel(); } }
protected ModelAndView interceptOutOfBandRedirect(ModelAndView mav) { View view = mav.getView(); if (view instanceof RedirectView) { String location = ((RedirectView) view).getUrl(); if (location.startsWith(OOB_URI)) { UriComponents uriComponents = UriComponentsBuilder.newInstance().query(location.substring(OOB_URI.length() + 1)).build(); return new ModelAndView(new MappingJackson2JsonView(), uriComponents.getQueryParams().toSingleValueMap()); } } return mav; } }
assertEquals("matching URL", "https://www.somewebsite.com/", view.getUrl());