Example #1
0
  public void testRedirectedUrlDoesIncludeService() throws Exception {
    commence();

    assertTrue(
        "service not present in response URL: " + response.getRedirectedUrl(),
        response.getRedirectedUrl().contains("service=" + URLEncoder.encode(SERVICE, "UTF-8")));
  }
Example #2
0
  public void testRedirectedUrlDoesNotIncludeJsessionid() throws Exception {
    commence();

    assertFalse(
        "jsessionid present in response URL: " + response.getRedirectedUrl(),
        response.getRedirectedUrl().contains("jsessionid"));
  }
  @Test
  public void testFilterProcessesUrlVariationsRespected() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = createMockAuthenticationRequest();
    request.setServletPath("/j_OTHER_LOCATION");
    request.setRequestURI("/mycontext/j_OTHER_LOCATION");

    // Setup our filter configuration
    MockFilterConfig config = new MockFilterConfig(null, null);

    // Setup our expectation that the filter chain will not be invoked, as we redirect to
    // defaultTargetUrl
    MockFilterChain chain = new MockFilterChain(false);
    MockHttpServletResponse response = new MockHttpServletResponse();

    // Setup our test object, to grant access
    MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
    filter.setFilterProcessesUrl("/j_OTHER_LOCATION");
    filter.setAuthenticationSuccessHandler(successHandler);

    // Test
    filter.doFilter(request, response, chain);
    assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl());
    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
    assertEquals(
        "test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
  }
  @Test
  public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = createMockAuthenticationRequest();
    HttpSession sessionPreAuth = request.getSession();

    // Setup our filter configuration
    MockFilterConfig config = new MockFilterConfig(null, null);

    // Setup our expectation that the filter chain will not be invoked, as we redirect to
    // defaultTargetUrl
    MockFilterChain chain = new MockFilterChain(false);
    MockHttpServletResponse response = new MockHttpServletResponse();

    // Setup our test object, to grant access
    MockAuthenticationFilter filter = new MockAuthenticationFilter(true);

    filter.setFilterProcessesUrl("/j_mock_post");
    filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
    filter.setAuthenticationSuccessHandler(successHandler);
    filter.setAuthenticationFailureHandler(failureHandler);
    filter.setAuthenticationManager(mock(AuthenticationManager.class));
    filter.afterPropertiesSet();

    // Test
    filter.doFilter(request, response, chain);
    assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl());
    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
    assertEquals(
        "test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
    // Should still have the same session
    assertEquals(sessionPreAuth, request.getSession());
  }
  @Test
  public void didWeRedirect() throws Exception {
    final String redirectUrl = "http://www.jasig.org";
    final MockHttpServletRequest request = new MockHttpServletRequest();
    final MockHttpServletResponse response = new MockHttpServletResponse();

    this.strategy.redirect(request, response, redirectUrl);
    assertEquals(redirectUrl, response.getRedirectedUrl());
  }
  public void testIncludeParameterInResult() throws Exception {

    ResultConfig resultConfig =
        new ResultConfig.Builder("", "")
            .addParam("actionName", "someActionName")
            .addParam("namespace", "someNamespace")
            .addParam("encode", "true")
            .addParam("parse", "true")
            .addParam("location", "someLocation")
            .addParam("prependServletContext", "true")
            .addParam("method", "someMethod")
            .addParam("param1", "value 1")
            .addParam("param2", "value 2")
            .addParam("param3", "value 3")
            .addParam("anchor", "fragment")
            .build();

    ActionContext context = ActionContext.getContext();
    MockHttpServletRequest req = new MockHttpServletRequest();
    MockHttpServletResponse res = new MockHttpServletResponse();
    context.put(ServletActionContext.HTTP_REQUEST, req);
    context.put(ServletActionContext.HTTP_RESPONSE, res);

    Map<String, ResultConfig> results = new HashMap<String, ResultConfig>();
    results.put("myResult", resultConfig);

    ActionConfig actionConfig =
        new ActionConfig.Builder("", "", "").addResultConfigs(results).build();

    ServletActionRedirectResult result = new ServletActionRedirectResult();
    result.setActionName("myAction");
    result.setNamespace("/myNamespace");
    result.setParse(false);
    result.setEncode(false);
    result.setPrependServletContext(false);
    result.setAnchor("fragment");
    result.setUrlHelper(new DefaultUrlHelper());

    IMocksControl control = createControl();
    ActionProxy mockActionProxy = control.createMock(ActionProxy.class);
    ActionInvocation mockInvocation = control.createMock(ActionInvocation.class);
    expect(mockInvocation.getProxy()).andReturn(mockActionProxy);
    expect(mockInvocation.getResultCode()).andReturn("myResult");
    expect(mockActionProxy.getConfig()).andReturn(actionConfig);
    expect(mockInvocation.getInvocationContext()).andReturn(context);

    control.replay();
    result.setActionMapper(container.getInstance(ActionMapper.class));
    result.execute(mockInvocation);
    assertEquals(
        "/myNamespace/myAction.action?param1=value+1&param2=value+2&param3=value+3#fragment",
        res.getRedirectedUrl());

    control.verify();
  }
  @Test
  public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = createMockAuthenticationRequest();

    // Setup our filter configuration
    MockFilterConfig config = new MockFilterConfig(null, null);

    // Setup our expectation that the filter chain will not be invoked, as we redirect to
    // defaultTargetUrl
    MockFilterChain chain = new MockFilterChain(false);
    MockHttpServletResponse response = new MockHttpServletResponse();

    // Setup our test object, to grant access
    MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
    filter.setFilterProcessesUrl("/j_mock_post");
    filter.setAuthenticationSuccessHandler(successHandler);

    // Test
    filter.doFilter(request, response, chain);
    assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl());
    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
    assertEquals(
        "test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());

    // Now try again but this time have filter deny access
    // Setup our HTTP request
    // Setup our expectation that the filter chain will not be invoked, as we redirect to
    // authenticationFailureUrl
    chain = new MockFilterChain(false);
    response = new MockHttpServletResponse();

    // Setup our test object, to deny access
    filter = new MockAuthenticationFilter(false);
    filter.setFilterProcessesUrl("/j_mock_post");
    filter.setAuthenticationFailureHandler(failureHandler);

    // Test
    filter.doFilter(request, response, chain);
    assertNull(SecurityContextHolder.getContext().getAuthentication());
  }