@Test
  public void testFilterProcessesUrlVariationsRespected() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = createMockAuthenticationRequest();
    request.setServletPath("/j_OTHER_LOCATION");
    request.setRequestURI("/mycontext/j_OTHER_LOCATION");

    // Setup our filter configuration
    MockFilterConfig config = new MockFilterConfig(null, null);

    // Setup our expectation that the filter chain will not be invoked, as we redirect to
    // defaultTargetUrl
    MockFilterChain chain = new MockFilterChain(false);
    MockHttpServletResponse response = new MockHttpServletResponse();

    // Setup our test object, to grant access
    MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
    filter.setFilterProcessesUrl("/j_OTHER_LOCATION");
    filter.setAuthenticationSuccessHandler(successHandler);

    // Test
    filter.doFilter(request, response, chain);
    assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl());
    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
    assertEquals(
        "test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
  }
  @Test
  public void testSuccessfulAuthenticationInvokesSuccessHandlerAndSetsContext() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = createMockAuthenticationRequest();

    // Setup our filter configuration
    MockFilterConfig config = new MockFilterConfig(null, null);

    // Setup our expectation that the filter chain will be invoked, as we want to go to the location
    // requested in the session
    MockFilterChain chain = new MockFilterChain(true);
    MockHttpServletResponse response = new MockHttpServletResponse();

    // Setup our test object, to grant access
    MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
    filter.setFilterProcessesUrl("/j_mock_post");
    AuthenticationSuccessHandler successHandler = mock(AuthenticationSuccessHandler.class);
    filter.setAuthenticationSuccessHandler(successHandler);

    // Test
    filter.doFilter(request, response, chain);

    verify(successHandler)
        .onAuthenticationSuccess(
            any(HttpServletRequest.class),
            any(HttpServletResponse.class),
            any(Authentication.class));

    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
  }
  @Test
  public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = createMockAuthenticationRequest();
    HttpSession sessionPreAuth = request.getSession();

    // Setup our filter configuration
    MockFilterConfig config = new MockFilterConfig(null, null);

    // Setup our expectation that the filter chain will not be invoked, as we redirect to
    // defaultTargetUrl
    MockFilterChain chain = new MockFilterChain(false);
    MockHttpServletResponse response = new MockHttpServletResponse();

    // Setup our test object, to grant access
    MockAuthenticationFilter filter = new MockAuthenticationFilter(true);

    filter.setFilterProcessesUrl("/j_mock_post");
    filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class));
    filter.setAuthenticationSuccessHandler(successHandler);
    filter.setAuthenticationFailureHandler(failureHandler);
    filter.setAuthenticationManager(mock(AuthenticationManager.class));
    filter.afterPropertiesSet();

    // Test
    filter.doFilter(request, response, chain);
    assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl());
    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
    assertEquals(
        "test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
    // Should still have the same session
    assertEquals(sessionPreAuth, request.getSession());
  }
  @Test
  public void testDefaultProcessesFilterUrlMatchesWithPathParameter() {
    MockHttpServletRequest request = createMockAuthenticationRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockAuthenticationFilter filter = new MockAuthenticationFilter();
    filter.setFilterProcessesUrl("/j_spring_security_check");

    request.setRequestURI("/mycontext/j_spring_security_check;jsessionid=I8MIONOSTHOR");
    assertTrue(filter.requiresAuthentication(request, response));
  }
  @Test
  public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception {
    // Setup our HTTP request
    MockHttpServletRequest request = createMockAuthenticationRequest();

    // Setup our filter configuration
    MockFilterConfig config = new MockFilterConfig(null, null);

    // Setup our expectation that the filter chain will not be invoked, as we redirect to
    // defaultTargetUrl
    MockFilterChain chain = new MockFilterChain(false);
    MockHttpServletResponse response = new MockHttpServletResponse();

    // Setup our test object, to grant access
    MockAuthenticationFilter filter = new MockAuthenticationFilter(true);
    filter.setFilterProcessesUrl("/j_mock_post");
    filter.setAuthenticationSuccessHandler(successHandler);

    // Test
    filter.doFilter(request, response, chain);
    assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl());
    assertNotNull(SecurityContextHolder.getContext().getAuthentication());
    assertEquals(
        "test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());

    // Now try again but this time have filter deny access
    // Setup our HTTP request
    // Setup our expectation that the filter chain will not be invoked, as we redirect to
    // authenticationFailureUrl
    chain = new MockFilterChain(false);
    response = new MockHttpServletResponse();

    // Setup our test object, to deny access
    filter = new MockAuthenticationFilter(false);
    filter.setFilterProcessesUrl("/j_mock_post");
    filter.setAuthenticationFailureHandler(failureHandler);

    // Test
    filter.doFilter(request, response, chain);
    assertNull(SecurityContextHolder.getContext().getAuthentication());
  }