@Before public void setUp() throws Exception { successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setDefaultTargetUrl("/logged_in.jsp"); failureHandler = new SimpleUrlAuthenticationFailureHandler(); failureHandler.setDefaultFailureUrl("/failed.jsp"); SecurityContextHolder.clearContext(); }
/** SEC-571 */ @Test public void testNoSessionIsCreatedIfAllowSessionCreationIsFalse() throws Exception { MockHttpServletRequest request = createMockAuthenticationRequest(); MockFilterConfig config = new MockFilterConfig(null, null); MockFilterChain chain = new MockFilterChain(true); MockHttpServletResponse response = new MockHttpServletResponse(); // Reject authentication, so exception would normally be stored in session MockAuthenticationFilter filter = new MockAuthenticationFilter(false); failureHandler.setAllowSessionCreation(false); filter.setAuthenticationFailureHandler(failureHandler); filter.doFilter(request, response, chain); assertNull(request.getSession(false)); }