public void testRedirectedUrlDoesIncludeService() throws Exception {
commence();
assertTrue(
"service not present in response URL: " + response.getRedirectedUrl(),
response.getRedirectedUrl().contains("service=" + URLEncoder.encode(SERVICE, "UTF-8")));
}
public void testRedirectedUrlDoesNotIncludeJsessionid() throws Exception {
commence();
assertFalse(
"jsessionid present in response URL: " + response.getRedirectedUrl(),
response.getRedirectedUrl().contains("jsessionid"));
}
@Test
public void testFilterProcessesUrlVariationsRespected() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = createMockAuthenticationRequest();
request.setServletPath("/j_OTHER_LOCATION");
request.setRequestURI("/mycontext/j_OTHER_LOCATION");
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(null, null);
// Setup our expectation that the filter chain will not be invoked, as we redirect to
// defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
filter.setFilterProcessesUrl("/j_OTHER_LOCATION");
filter.setAuthenticationSuccessHandler(successHandler);
// Test
filter.doFilter(request, response, chain);
assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl());
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
assertEquals(
"test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
}
@Test
public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = createMockAuthenticationRequest();
HttpSession sessionPreAuth = request.getSession();
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(null, null);
// Setup our expectation that the filter chain will not be invoked, as we redirect to
// defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
filter.setFilterProcessesUrl("/j_mock_post");
filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
filter.setAuthenticationSuccessHandler(successHandler);
filter.setAuthenticationFailureHandler(failureHandler);
filter.setAuthenticationManager(mock(AuthenticationManager.class));
filter.afterPropertiesSet();
// Test
filter.doFilter(request, response, chain);
assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl());
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
assertEquals(
"test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
// Should still have the same session
assertEquals(sessionPreAuth, request.getSession());
}
@Test
public void didWeRedirect() throws Exception {
final String redirectUrl = "http://www.jasig.org";
final MockHttpServletRequest request = new MockHttpServletRequest();
final MockHttpServletResponse response = new MockHttpServletResponse();
this.strategy.redirect(request, response, redirectUrl);
assertEquals(redirectUrl, response.getRedirectedUrl());
}
public void testIncludeParameterInResult() throws Exception {
ResultConfig resultConfig =
new ResultConfig.Builder("", "")
.addParam("actionName", "someActionName")
.addParam("namespace", "someNamespace")
.addParam("encode", "true")
.addParam("parse", "true")
.addParam("location", "someLocation")
.addParam("prependServletContext", "true")
.addParam("method", "someMethod")
.addParam("param1", "value 1")
.addParam("param2", "value 2")
.addParam("param3", "value 3")
.addParam("anchor", "fragment")
.build();
ActionContext context = ActionContext.getContext();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();
context.put(ServletActionContext.HTTP_REQUEST, req);
context.put(ServletActionContext.HTTP_RESPONSE, res);
Map<String, ResultConfig> results = new HashMap<String, ResultConfig>();
results.put("myResult", resultConfig);
ActionConfig actionConfig =
new ActionConfig.Builder("", "", "").addResultConfigs(results).build();
ServletActionRedirectResult result = new ServletActionRedirectResult();
result.setActionName("myAction");
result.setNamespace("/myNamespace");
result.setParse(false);
result.setEncode(false);
result.setPrependServletContext(false);
result.setAnchor("fragment");
result.setUrlHelper(new DefaultUrlHelper());
IMocksControl control = createControl();
ActionProxy mockActionProxy = control.createMock(ActionProxy.class);
ActionInvocation mockInvocation = control.createMock(ActionInvocation.class);
expect(mockInvocation.getProxy()).andReturn(mockActionProxy);
expect(mockInvocation.getResultCode()).andReturn("myResult");
expect(mockActionProxy.getConfig()).andReturn(actionConfig);
expect(mockInvocation.getInvocationContext()).andReturn(context);
control.replay();
result.setActionMapper(container.getInstance(ActionMapper.class));
result.execute(mockInvocation);
assertEquals(
"/myNamespace/myAction.action?param1=value+1¶m2=value+2¶m3=value+3#fragment",
res.getRedirectedUrl());
control.verify();
}
@Test
public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = createMockAuthenticationRequest();
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(null, null);
// Setup our expectation that the filter chain will not be invoked, as we redirect to
// defaultTargetUrl
MockFilterChain chain = new MockFilterChain(false);
MockHttpServletResponse response = new MockHttpServletResponse();
// Setup our test object, to grant access
MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
filter.setFilterProcessesUrl("/j_mock_post");
filter.setAuthenticationSuccessHandler(successHandler);
// Test
filter.doFilter(request, response, chain);
assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl());
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
assertEquals(
"test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
// Now try again but this time have filter deny access
// Setup our HTTP request
// Setup our expectation that the filter chain will not be invoked, as we redirect to
// authenticationFailureUrl
chain = new MockFilterChain(false);
response = new MockHttpServletResponse();
// Setup our test object, to deny access
filter = new MockAuthenticationFilter(false);
filter.setFilterProcessesUrl("/j_mock_post");
filter.setAuthenticationFailureHandler(failureHandler);
// Test
filter.doFilter(request, response, chain);
assertNull(SecurityContextHolder.getContext().getAuthentication());
}