@Before
public void setUp() throws Exception {
successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setDefaultTargetUrl("/logged_in.jsp");
failureHandler = new SimpleUrlAuthenticationFailureHandler();
failureHandler.setDefaultFailureUrl("/failed.jsp");
SecurityContextHolder.clearContext();
}
/** SEC-571 */
@Test
public void testNoSessionIsCreatedIfAllowSessionCreationIsFalse() throws Exception {
MockHttpServletRequest request = createMockAuthenticationRequest();
MockFilterConfig config = new MockFilterConfig(null, null);
MockFilterChain chain = new MockFilterChain(true);
MockHttpServletResponse response = new MockHttpServletResponse();
// Reject authentication, so exception would normally be stored in session
MockAuthenticationFilter filter = new MockAuthenticationFilter(false);
failureHandler.setAllowSessionCreation(false);
filter.setAuthenticationFailureHandler(failureHandler);
filter.doFilter(request, response, chain);
assertNull(request.getSession(false));
}
