@Before
public void setUp() throws Exception {
MockHttpSession mockHttpSession = new MockHttpSession();
httpServletRequest.setSession(mockHttpSession);
mockHttpSession.setAttribute(USER, USER);
mockHttpSession.setAttribute(USER_ID, 1L);
}
@Before
public void setUp() throws Exception {
request = new MockHttpServletRequest();
MockHttpSession session = new MockHttpSession();
session.setAttribute(UserAuthenticationSuccessHandler.USER, USER);
session.setAttribute(UserAuthenticationSuccessHandler.USER_ID, USER_ID);
when(permissionService.hasPermissionOnZone(USER_ID, ZONE_ID)).thenReturn(true);
request.setSession(session);
}
@Before
public void setup() {
logger.info("setup");
this.mockMvc =
MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain).build();
User user = null;
try {
user = userService.findByLogin("johndoe");
} catch (ServiceException e) {
logger.error(e.getLocalizedMessage());
}
Authentication authentication = null;
if (user != null) {
authentication = new UsernamePasswordAuthenticationToken(user.getLogin(), user.getPassword());
}
Authentication result = authenticationManager.authenticate(authentication);
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(result);
session = new MockHttpSession();
session.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, securityContext);
}
@Test
@Rollback(true)
@Transactional
public void positiveTestGetAllCompanies() throws Exception {
session.setAttribute("googleUser", user);
this.mockMvc
.perform(get("/getAllCompanies").accept(MediaType.ALL).session(session))
.andExpect(status().isOk());
}
@Test
@Rollback(true)
@Transactional
public void negativeGoogleUserTestGetAllCompanies() throws Exception {
session.setAttribute("googleUser", null);
this.mockMvc
.perform(get("/getAllCompanies").accept(MediaType.ALL).session(session))
.andExpect(status().isUnauthorized());
}
@Test
public void session() throws Exception {
MockHttpSession session = new MockHttpSession(this.servletContext);
session.setAttribute("foo", "bar");
this.builder.session(session);
this.builder.sessionAttr("baz", "qux");
MockHttpServletRequest request = this.builder.buildRequest(this.servletContext);
assertEquals(session, request.getSession());
assertEquals("bar", request.getSession().getAttribute("foo"));
assertEquals("qux", request.getSession().getAttribute("baz"));
}
public MockHttpSession mockAnonymousHttpSession() {
MockHttpSession mockSession = new MockHttpSession();
SecurityContext mockSecurityContext = mock(SecurityContext.class);
AnonymousAuthenticationToken principal =
new AnonymousAuthenticationToken(ANONYMOUS_USER_KEY, ANONYMOUS_USER_PRINCIPAL, AUTHORITIES);
when(mockSecurityContext.getAuthentication()).thenReturn(principal);
SecurityContextHolder.setContext(mockSecurityContext);
mockSession.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, mockSecurityContext);
return mockSession;
}
public MockHttpSession mockHttpSession(boolean secured) {
MockHttpSession mockSession = new MockHttpSession();
SecurityContext mockSecurityContext = mock(SecurityContext.class);
if (secured) {
ExpiringUsernameAuthenticationToken principal =
new ExpiringUsernameAuthenticationToken(null, USER_DETAILS, USER_NAME, AUTHORITIES);
principal.setDetails(USER_DETAILS);
when(mockSecurityContext.getAuthentication()).thenReturn(principal);
}
SecurityContextHolder.setContext(mockSecurityContext);
mockSession.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, mockSecurityContext);
return mockSession;
}
/** @see {@link HtmlFormEntryUtil#getLocation(String, FormEntryContext)} */
@Test
@Verifies(
value = "should find a location by session attribute",
method = "getLocation(String,FormEntrySession)")
public void getLocation_shouldFindALocationBySessionAttribute() throws Exception {
String attrName = "emr.sessionLocation";
MockHttpSession httpSession = new MockHttpSession();
httpSession.setAttribute(attrName, "2");
FormEntryContext formEntryContext = new FormEntryContext(FormEntryContext.Mode.ENTER);
formEntryContext.setHttpSession(httpSession);
Assert.assertEquals(
"2",
HtmlFormEntryUtil.getLocation("SessionAttribute:" + attrName, formEntryContext)
.getId()
.toString());
}
@Test
@ConfigureAgentEnabled(false)
@ConfigureServletProbeUsernameSessionAttribute("username")
@WrapInMockProbeExecution
public void testUsernameSessionAttributeCaptureUnderDisabledAgent()
throws ServletException, IOException {
Servlet servlet = new MockServlet();
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/test");
MockHttpServletResponse response = new MockHttpServletResponse();
servlet.service(request, response);
MockHttpSession session = new MockHttpSession();
session.setAttribute("username", "abc");
// perform assertions
OperationSafeImpl operation = Agent.getInstance().getCurrentOperation();
assertNull(operation);
}
@Test
public void testLoginUsingPasscodeWithUnknownToken() throws Exception {
RemoteUserAuthentication userAuthentication =
new RemoteUserAuthentication(
marissa.getId(),
marissa.getName(),
marissa.getEmail(),
new ArrayList<GrantedAuthority>());
final MockSecurityContext mockSecurityContext = new MockSecurityContext(userAuthentication);
SecurityContextHolder.setContext(mockSecurityContext);
MockHttpSession session = new MockHttpSession();
session.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, mockSecurityContext);
MockHttpServletRequestBuilder get = get("/passcode").accept(APPLICATION_JSON).session(session);
getMockMvc().perform(get).andExpect(status().isForbidden());
}
/** Test that the store code is resolved and cached by <code>resolveStoreCodeParam</code>. */
@Test
public void testResolveStoreCodeParamIsCached() {
final String storeCode = "store3";
request.addParameter(STORE_CODE, storeCode);
session.setAttribute(STORE_CODE, storeCode);
request.setSession(session);
context.checking(
new Expectations() {
{
oneOf(delegate).resolveStoreCodeParam(request, STORE_CODE);
will(returnValue(storeCode));
}
});
assertEquals(
SAME_CODE_AS_DELEGATE_EXPECTED,
storeCode,
cachingResolver.resolveStoreCodeParam(request, STORE_CODE));
assertEquals(
SAME_CODE_EXPECTED_ON_SECOND_CALL,
storeCode,
cachingResolver.resolveStoreCodeParam(request, STORE_CODE));
}
/** Test that the store code is resolved and cached by <code>resolveStoreCodeHeader</code>. */
@Test
public void testResolveDomainSessionIsCached() {
final String domain = "domain";
MockHttpSession session = new MockHttpSession();
session.setAttribute(domain, "http://www.store6.com");
request.setSession(session);
context.checking(
new Expectations() {
{
oneOf(delegate).resolveDomainSession(request, STORE_CODE);
will(returnValue("store6"));
}
});
assertEquals(
SAME_CODE_AS_DELEGATE_EXPECTED,
"store6",
cachingResolver.resolveDomainSession(request, STORE_CODE));
assertEquals(
SAME_CODE_EXPECTED_ON_SECOND_CALL,
"store6",
cachingResolver.resolveDomainSession(request, STORE_CODE));
}
@Before
public void setup() {
logger.info("setup");
this.mockMvc =
MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain).build();
User user = null;
try {
user = userService.findByLogin("johndoe");
} catch (ServiceException e) {
logger.error(e.getLocalizedMessage());
}
Authentication authentication =
new UsernamePasswordAuthenticationToken(user.getLogin(), user.getPassword());
Authentication result = authenticationManager.authenticate(authentication);
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(result);
session = new MockHttpSession();
session.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, securityContext);
try {
logger.info("Create Tomcat server");
String jsonString =
"{\"applicationName\":\"" + applicationName + "\", \"serverName\":\"" + release + "\"}";
ResultActions resultats =
mockMvc.perform(
post("/application")
.session(session)
.contentType(MediaType.APPLICATION_JSON)
.content(jsonString));
resultats.andExpect(status().isOk());
} catch (Exception e) {
logger.error(e.getMessage());
}
}
@Test
public void testLoginUsingPasscodeWithSamlToken() throws Exception {
ExpiringUsernameAuthenticationToken et =
new ExpiringUsernameAuthenticationToken(USERNAME, null);
LoginSamlAuthenticationToken auth = new LoginSamlAuthenticationToken(marissa, et);
final MockSecurityContext mockSecurityContext = new MockSecurityContext(auth);
SecurityContextHolder.setContext(mockSecurityContext);
MockHttpSession session = new MockHttpSession();
session.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, mockSecurityContext);
MockHttpServletRequestBuilder get = get("/passcode").accept(APPLICATION_JSON).session(session);
String passcode =
JsonUtils.readValue(
getMockMvc()
.perform(get)
.andExpect(status().isOk())
.andReturn()
.getResponse()
.getContentAsString(),
String.class);
mockSecurityContext.setAuthentication(null);
session = new MockHttpSession();
session.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, mockSecurityContext);
String basicDigestHeaderValue = "Basic " + new String(Base64.encodeBase64(("cf:").getBytes()));
MockHttpServletRequestBuilder post =
post("/oauth/token")
.accept(APPLICATION_JSON)
.contentType(APPLICATION_FORM_URLENCODED)
.header("Authorization", basicDigestHeaderValue)
.param("grant_type", "password")
.param("passcode", passcode)
.param("response_type", "token");
Map accessToken =
JsonUtils.readValue(
getMockMvc()
.perform(post)
.andExpect(status().isOk())
.andReturn()
.getResponse()
.getContentAsString(),
Map.class);
assertEquals("bearer", accessToken.get("token_type"));
assertNotNull(accessToken.get("access_token"));
assertNotNull(accessToken.get("refresh_token"));
String[] scopes = ((String) accessToken.get("scope")).split(" ");
assertThat(
Arrays.asList(scopes),
containsInAnyOrder(
"uaa.user",
"scim.userids",
"password.write",
"cloud_controller.write",
"openid",
"cloud_controller.read"));
Authentication authentication = captureSecurityContextFilter.getAuthentication();
assertNotNull(authentication);
assertTrue(authentication instanceof OAuth2Authentication);
assertTrue(
((OAuth2Authentication) authentication).getUserAuthentication()
instanceof UsernamePasswordAuthenticationToken);
assertTrue(authentication.getPrincipal() instanceof UaaPrincipal);
assertEquals(marissa.getOrigin(), ((UaaPrincipal) authentication.getPrincipal()).getOrigin());
}
