public void testRedirectedUrlDoesIncludeService() throws Exception { commence(); assertTrue( "service not present in response URL: " + response.getRedirectedUrl(), response.getRedirectedUrl().contains("service=" + URLEncoder.encode(SERVICE, "UTF-8"))); }
public void testRedirectedUrlDoesNotIncludeJsessionid() throws Exception { commence(); assertFalse( "jsessionid present in response URL: " + response.getRedirectedUrl(), response.getRedirectedUrl().contains("jsessionid")); }
@Test public void testFilterProcessesUrlVariationsRespected() throws Exception { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); request.setServletPath("/j_OTHER_LOCATION"); request.setRequestURI("/mycontext/j_OTHER_LOCATION"); // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); // Setup our expectation that the filter chain will not be invoked, as we redirect to // defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); filter.setFilterProcessesUrl("/j_OTHER_LOCATION"); filter.setAuthenticationSuccessHandler(successHandler); // Test filter.doFilter(request, response, chain); assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl()); assertNotNull(SecurityContextHolder.getContext().getAuthentication()); assertEquals( "test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()); }
@Test public void testNormalOperationWithDefaultFilterProcessesUrl() throws Exception { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); HttpSession sessionPreAuth = request.getSession(); // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); // Setup our expectation that the filter chain will not be invoked, as we redirect to // defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); filter.setFilterProcessesUrl("/j_mock_post"); filter.setSessionAuthenticationStrategy(mock(SessionAuthenticationStrategy.class)); filter.setAuthenticationSuccessHandler(successHandler); filter.setAuthenticationFailureHandler(failureHandler); filter.setAuthenticationManager(mock(AuthenticationManager.class)); filter.afterPropertiesSet(); // Test filter.doFilter(request, response, chain); assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl()); assertNotNull(SecurityContextHolder.getContext().getAuthentication()); assertEquals( "test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()); // Should still have the same session assertEquals(sessionPreAuth, request.getSession()); }
@Test public void didWeRedirect() throws Exception { final String redirectUrl = "http://www.jasig.org"; final MockHttpServletRequest request = new MockHttpServletRequest(); final MockHttpServletResponse response = new MockHttpServletResponse(); this.strategy.redirect(request, response, redirectUrl); assertEquals(redirectUrl, response.getRedirectedUrl()); }
public void testIncludeParameterInResult() throws Exception { ResultConfig resultConfig = new ResultConfig.Builder("", "") .addParam("actionName", "someActionName") .addParam("namespace", "someNamespace") .addParam("encode", "true") .addParam("parse", "true") .addParam("location", "someLocation") .addParam("prependServletContext", "true") .addParam("method", "someMethod") .addParam("param1", "value 1") .addParam("param2", "value 2") .addParam("param3", "value 3") .addParam("anchor", "fragment") .build(); ActionContext context = ActionContext.getContext(); MockHttpServletRequest req = new MockHttpServletRequest(); MockHttpServletResponse res = new MockHttpServletResponse(); context.put(ServletActionContext.HTTP_REQUEST, req); context.put(ServletActionContext.HTTP_RESPONSE, res); Map<String, ResultConfig> results = new HashMap<String, ResultConfig>(); results.put("myResult", resultConfig); ActionConfig actionConfig = new ActionConfig.Builder("", "", "").addResultConfigs(results).build(); ServletActionRedirectResult result = new ServletActionRedirectResult(); result.setActionName("myAction"); result.setNamespace("/myNamespace"); result.setParse(false); result.setEncode(false); result.setPrependServletContext(false); result.setAnchor("fragment"); result.setUrlHelper(new DefaultUrlHelper()); IMocksControl control = createControl(); ActionProxy mockActionProxy = control.createMock(ActionProxy.class); ActionInvocation mockInvocation = control.createMock(ActionInvocation.class); expect(mockInvocation.getProxy()).andReturn(mockActionProxy); expect(mockInvocation.getResultCode()).andReturn("myResult"); expect(mockActionProxy.getConfig()).andReturn(actionConfig); expect(mockInvocation.getInvocationContext()).andReturn(context); control.replay(); result.setActionMapper(container.getInstance(ActionMapper.class)); result.execute(mockInvocation); assertEquals( "/myNamespace/myAction.action?param1=value+1¶m2=value+2¶m3=value+3#fragment", res.getRedirectedUrl()); control.verify(); }
@Test public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken() throws Exception { // Setup our HTTP request MockHttpServletRequest request = createMockAuthenticationRequest(); // Setup our filter configuration MockFilterConfig config = new MockFilterConfig(null, null); // Setup our expectation that the filter chain will not be invoked, as we redirect to // defaultTargetUrl MockFilterChain chain = new MockFilterChain(false); MockHttpServletResponse response = new MockHttpServletResponse(); // Setup our test object, to grant access MockAuthenticationFilter filter = new MockAuthenticationFilter(true); filter.setFilterProcessesUrl("/j_mock_post"); filter.setAuthenticationSuccessHandler(successHandler); // Test filter.doFilter(request, response, chain); assertEquals("/mycontext/logged_in.jsp", response.getRedirectedUrl()); assertNotNull(SecurityContextHolder.getContext().getAuthentication()); assertEquals( "test", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString()); // Now try again but this time have filter deny access // Setup our HTTP request // Setup our expectation that the filter chain will not be invoked, as we redirect to // authenticationFailureUrl chain = new MockFilterChain(false); response = new MockHttpServletResponse(); // Setup our test object, to deny access filter = new MockAuthenticationFilter(false); filter.setFilterProcessesUrl("/j_mock_post"); filter.setAuthenticationFailureHandler(failureHandler); // Test filter.doFilter(request, response, chain); assertNull(SecurityContextHolder.getContext().getAuthentication()); }