@Test public void delegatingFilterProxyRegistrationBeansSkipsTargetBeanNames() throws Exception { addEmbeddedServletContainerFactoryBean(); DelegatingFilterProxyRegistrationBean initializer = new DelegatingFilterProxyRegistrationBean( "filterBean"); this.context.registerBeanDefinition("initializerBean", beanDefinition(initializer)); BeanDefinition filterBeanDefinition = beanDefinition( new IllegalStateException("Create FilterBean Failure")); filterBeanDefinition.setLazyInit(true); this.context.registerBeanDefinition("filterBean", filterBeanDefinition); this.context.refresh(); ServletContext servletContext = getEmbeddedServletContainerFactory() .getServletContext(); verify(servletContext, atMost(1)).addFilter(anyString(), this.filterCaptor.capture()); // Up to this point the filterBean should not have been created, calling // the delegate proxy will trigger creation and an exception this.thrown.expect(BeanCreationException.class); this.thrown.expectMessage("Create FilterBean Failure"); this.filterCaptor.getValue().init(new MockFilterConfig()); this.filterCaptor.getValue().doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); }
@Before public void configureFilterConfig() { MockApplication application = new MockApplication(); MockServletContext context = new MockServletContext(application, ""); context.setAttribute("nada", ServerContext.WORKLIST); filterConfig = new MockFilterConfig(context); filterConfig.addInitParameter(SSOFilter.URL_EXCLUDE_PATTERN_PARAM, "/rest"); filterConfig.addInitParameter(SSOFilter.CLIENT_LOGOUT_URL, "/logout"); filterConfig.addInitParameter(SSOConfigurableFilter.SINGULAR_CONTEXT_ATTRIBUTE, "nada"); request = new MockHttpServletRequest(application, new MockHttpSession(context), context){ @Override public String getContextPath() { return ServerContext.WORKLIST.getUrlPath(); } }; response = new MockHttpServletResponse(request); }
@Test public void testTrustedUserFilterSecurityEnabled() throws Exception { // Override configuration. Map<String, Object> overrideMap = new HashMap<>(); overrideMap.put(ConfigurationValue.SECURITY_ENABLED_SPEL_EXPRESSION.getKey(), "true"); modifyPropertySourceInEnvironment(overrideMap); try { // Invalidate user session if exists. invalidateApplicationUser(null); trustedUserAuthenticationFilter.init(new MockFilterConfig()); trustedUserAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); assertNoUserInContext(); } finally { // Restore the property sources so we don't affect other tests. restorePropertySourceInEnvironment(); } }
@Test public void testTrustedUserFilterNoSpel() throws Exception { // Override configuration. Map<String, Object> overrideMap = new HashMap<>(); overrideMap.put(ConfigurationValue.SECURITY_ENABLED_SPEL_EXPRESSION.getKey(), ""); modifyPropertySourceInEnvironment(overrideMap); try { // Invalidate user session if exists. invalidateApplicationUser(null); trustedUserAuthenticationFilter.init(new MockFilterConfig()); trustedUserAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); assertNoUserInContext(); } finally { // Restore the property sources so we don't affect other tests. restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilterNoHeaders() throws Exception { modifyPropertySourceInEnvironment(getDefaultSecurityEnvironmentVariables()); try { // Invalidate user session if exists. invalidateApplicationUser(null); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); assertNull(authentication); } finally { restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilterNoRoles() throws Exception { modifyPropertySourceInEnvironment(getDefaultSecurityEnvironmentVariables()); try { MockHttpServletRequest request = getRequestWithHeaders(USER_ID, "testFirstName", "testLastName", "testEmail", null, "Wed, 11 Mar 2015 10:24:09"); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", (String) null, "Wed, 11 Mar 2015 10:24:09", null, null); } finally { restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilterNoSessionInitTime() throws Exception { modifyPropertySourceInEnvironment(getDefaultSecurityEnvironmentVariables()); try { MockHttpServletRequest request = getRequestWithHeaders(USER_ID, "testFirstName", "testLastName", "testEmail", null, null); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", (String) null, null, null, null); } finally { restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilterMultipleRoles() throws Exception { modifyPropertySourceInEnvironment(getDefaultSecurityEnvironmentVariables()); try { MockHttpServletRequest request = getRequestWithHeaders(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole1,testRole2", "Wed, 11 Mar 2015 10:24:09"); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); Set<String> expectedRoles = new HashSet<>(); expectedRoles.add("testRole1"); expectedRoles.add("testRole2"); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", expectedRoles, "Wed, 11 Mar 2015 10:24:09", null, null); } finally { restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilterEmptyRoleRegex() throws Exception { Map<String, Object> overrideMap = getDefaultSecurityEnvironmentVariables(); overrideMap.put(ConfigurationValue.SECURITY_HTTP_HEADER_ROLE_REGEX.getKey(), " "); modifyPropertySourceInEnvironment(overrideMap); try { MockHttpServletRequest request = getRequestWithHeaders(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole1,testRole2", "Wed, 11 Mar 2015 10:24:09"); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); Set<String> expectedRoles = new HashSet<>(); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", expectedRoles, "Wed, 11 Mar 2015 10:24:09", null, null); } finally { restorePropertySourceInEnvironment(); } }
@Test public void testLoggingNoUser() throws Exception { invalidateApplicationUser(null); // Apply user logging filter. Log4jMdcLoggingFilter filterUnderTest = new Log4jMdcLoggingFilter(); filterUnderTest.init(new MockFilterConfig()); MockFilterChain mockChain = new MockFilterChain(); MockHttpServletRequest req = new MockHttpServletRequest(); MockHttpServletResponse rsp = new MockHttpServletResponse(); filterUnderTest.doFilter(req, rsp, mockChain); filterUnderTest.destroy(); }
@Test public void testLoggingAnonymousUser() throws Exception { invalidateApplicationUser(null); // Apply AnonymousAuthenticationFilter AnonymousAuthenticationFilter anonymousAuthenticationFilter = new AnonymousAuthenticationFilter("AnonymousFilterKey"); anonymousAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); // Apply user logging filter. Log4jMdcLoggingFilter filterUnderTest = new Log4jMdcLoggingFilter(); filterUnderTest.init(new MockFilterConfig()); MockFilterChain mockChain = new MockFilterChain(); MockHttpServletRequest req = new MockHttpServletRequest(); MockHttpServletResponse rsp = new MockHttpServletResponse(); filterUnderTest.doFilter(req, rsp, mockChain); filterUnderTest.destroy(); }
@Test public void testAdapter() throws Exception { MockFilterConfig mockFilterConfig = new MockFilterConfig(); mockFilterConfig.addInitParameter("foo", "bar"); FilterServletConfigAdapter adapter = new FilterServletConfigAdapter(mockFilterConfig, "my-servlet"); assertEquals("my-servlet", adapter.getServletName()); assertEquals(mockFilterConfig.getServletContext(), adapter.getServletContext()); assertEquals("bar", adapter.getInitParameter("foo")); Enumeration<String> initParameterNames = adapter.getInitParameterNames(); assertNotNull(initParameterNames); assertTrue(initParameterNames.hasMoreElements()); assertEquals("foo", initParameterNames.nextElement()); assertFalse(initParameterNames.hasMoreElements()); }
@Test public void testRedirectWithQueryString() throws Exception { request.setQueryString("test=12456"); request.setRequestURI("/test"); request.setSecure(true); this.filter = new CasAuthenticationFilter(); final MockFilterConfig config = new MockFilterConfig(); config.addInitParameter("casServerLoginUrl", CAS_LOGIN_URL); config.addInitParameter("serverName", "localhost:8443"); this.filter.init(config); this.filter.doFilter(request, response, filterChain); assertEquals( CAS_LOGIN_URL + "?service=" + URLEncoder.encode("https://localhost:8443" + request.getRequestURI() + "?" + request.getQueryString(), "UTF-8"), response.getRedirectedUrl()); }
@Before public void before() throws Exception { filter = new CrnkFilter(); servletContext = new MockServletContext(); ((MockServletContext) servletContext).setContextPath(""); filterConfig = new MockFilterConfig(servletContext); ((MockFilterConfig) filterConfig).addInitParameter(CrnkProperties.WEB_PATH_PREFIX, "/api"); ((MockFilterConfig) filterConfig).addInitParameter(CrnkProperties.RESOURCE_SEARCH_PACKAGE, RESOURCE_SEARCH_PACKAGE); ((MockFilterConfig) filterConfig).addInitParameter(CrnkProperties.RESOURCE_DEFAULT_DOMAIN, RESOURCE_DEFAULT_DOMAIN); filter.init(filterConfig); }
@Test public void init() throws Exception { FilterConfig config = new MockFilterConfig(); filter = new PatternMappingFilterProxy(delegate, "/"); filter.init(config); assertThat(delegate.filterConfig, is(config)); }
@Before public void before() throws Exception { katharsisFilter = new KatharsisFilter(); servletContext = new MockServletContext(); ((MockServletContext) servletContext).setContextPath(""); filterConfig = new MockFilterConfig(servletContext); ((MockFilterConfig) filterConfig).addInitParameter(KatharsisProperties.WEB_PATH_PREFIX, "/api"); ((MockFilterConfig) filterConfig).addInitParameter(KatharsisProperties.RESOURCE_SEARCH_PACKAGE, RESOURCE_SEARCH_PACKAGE); ((MockFilterConfig) filterConfig).addInitParameter(KatharsisProperties.RESOURCE_DEFAULT_DOMAIN, RESOURCE_DEFAULT_DOMAIN); katharsisFilter.init(filterConfig); }
@Before public void before() throws Exception { katharsisFilter = new SampleKatharsisFilter(); servletContext = new MockServletContext(); ((MockServletContext) servletContext).setContextPath(""); filterConfig = new MockFilterConfig(servletContext); ((MockFilterConfig) filterConfig).addInitParameter(KatharsisProperties.WEB_PATH_PREFIX, "/api"); ((MockFilterConfig) filterConfig).addInitParameter(KatharsisProperties.RESOURCE_SEARCH_PACKAGE, RESOURCE_SEARCH_PACKAGE); ((MockFilterConfig) filterConfig).addInitParameter(KatharsisProperties.RESOURCE_DEFAULT_DOMAIN, RESOURCE_DEFAULT_DOMAIN); katharsisFilter.init(filterConfig); }
@Test public void initShouldNotCauseEarlyInitialization() throws Exception { this.applicationContext.registerBeanDefinition("mockFilter", new RootBeanDefinition(MockFilter.class)); AbstractFilterRegistrationBean registrationBean = createFilterRegistrationBean(); Filter filter = registrationBean.getFilter(); filter.init(new MockFilterConfig()); assertThat(mockFilterInitialized.get()).isNull(); filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); assertThat(mockFilterInitialized.get()).isEqualTo(true); }
@Test public void oncePerRequest() throws Exception { this.chain = new MockFilterChain() { @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { ((HttpServletResponse) response).sendError(400, "BAD"); assertThat(request.getAttribute("FILTER.FILTERED")).isNotNull(); super.doFilter(request, response); } }; this.filter.init(new MockFilterConfig("FILTER")); this.filter.doFilter(this.request, this.response, this.chain); }
/** * Test for BypassSessionTimeoutFilter#doFilter(ServletRequest,ServletResponse,FilterChain) * * @throws Exception * Exception. */ @Test public void testDoFilter() throws Exception { MockFilterConfig filterConfig = new MockFilterConfig(); String requestParameterName = UUID.randomUUID().toString(); MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletRequest request = new MockHttpServletRequest(); Filter filter = new BypassSessionTimeoutFilter(); try { filter.init(filterConfig); Assert.fail("This should fail, if there is no requestParameterName"); } catch (ServletException e) { // Do nothing. } filterConfig.addInitParameter("requestParameterName", requestParameterName); filter.init(filterConfig); // Filter without session filter.doFilter(request, response, new MockFilterChain()); MockHttpSession session = new MockHttpSession(); request.setSession(session); Assert.assertNull(session.getAttribute("lastInSessionRequestTime")); filter.doFilter(request, response, new MockFilterChain()); Assert.assertNotNull(session.getAttribute("lastInSessionRequestTime")); session.setMaxInactiveInterval(Integer.MAX_VALUE); request.addParameter(requestParameterName, Boolean.TRUE.toString()); filter.doFilter(request, response, new MockFilterChain()); Assert.assertFalse(session.isInvalid()); session.setMaxInactiveInterval(0); session.setAttribute("lastInSessionRequestTime", 0L); request.addParameter(requestParameterName, Boolean.TRUE.toString()); filter.doFilter(request, response, new MockFilterChain()); Assert.assertTrue(session.isInvalid()); }
@Test public void oncePerRequest() throws Exception { this.chain = new MockFilterChain() { @Override public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { ((HttpServletResponse) response).sendError(400, "BAD"); assertNotNull(request.getAttribute("FILTER.FILTERED")); super.doFilter(request, response); } }; this.filter.init(new MockFilterConfig("FILTER")); this.filter.doFilter(this.request, this.response, this.chain); }
@Test public void testTrustedUserFilter() throws Exception { // Override configuration. Map<String, Object> overrideMap = new HashMap<>(); overrideMap.put(ConfigurationValue.SECURITY_ENABLED_SPEL_EXPRESSION.getKey(), "false"); modifyPropertySourceInEnvironment(overrideMap); try { // Invalidate user session if exists. invalidateApplicationUser(null); trustedUserAuthenticationFilter.init(new MockFilterConfig()); trustedUserAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); validateTrustedApplicationUser(); // retry with same request. trustedUserAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); validateTrustedApplicationUser(); } finally { // Restore the property sources so we don't affect other tests. restorePropertySourceInEnvironment(); } }
@Test public void testTrustedUserFilterSwitchTrustedUser() throws Exception { // Override configuration. Map<String, Object> overrideMap = getDefaultSecurityEnvironmentVariables(); overrideMap.put(ConfigurationValue.SECURITY_ENABLED_SPEL_EXPRESSION.getKey(), "false"); modifyPropertySourceInEnvironment(overrideMap); // Create HttpHeader user in session. MockHttpServletRequest request = getRequestWithHeaders("testUser", "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09"); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); assertNoUserInContext(); // Now apply the trusted user filter to ensure that user is switched to trusted user try { trustedUserAuthenticationFilter.init(new MockFilterConfig()); trustedUserAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); validateTrustedApplicationUser(); } finally { // Restore the property sources so we don't affect other tests. restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilter() throws Exception { setupTestFunctions("testRole"); modifyPropertySourceInEnvironment(getDefaultSecurityEnvironmentVariables()); try { MockHttpServletRequest request = getRequestWithHeaders(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09"); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09", TEST_FUNCTIONS, null); // retry with same request. httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09", TEST_FUNCTIONS, null); } finally { restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilterAdminUser() throws Exception { // Create and persist the relative database entities. userDaoTestHelper.createUserEntity(USER_ID, true); namespaceDaoTestHelper.createNamespaceEntity(NAMESPACE); namespaceDaoTestHelper.createNamespaceEntity(NAMESPACE_2); // Create an ordered set of expected namespace authorizations. Set<NamespaceAuthorization> expectedNamespaceAuthorizations = new HashSet<>(); expectedNamespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE, SUPPORTED_NAMESPACE_PERMISSIONS)); expectedNamespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE_2, SUPPORTED_NAMESPACE_PERMISSIONS)); setupTestFunctions("testRole"); modifyPropertySourceInEnvironment(getDefaultSecurityEnvironmentVariables()); try { MockHttpServletRequest request = getRequestWithHeaders(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09"); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09", TEST_FUNCTIONS, expectedNamespaceAuthorizations); // retry with same request. httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09", TEST_FUNCTIONS, expectedNamespaceAuthorizations); } finally { restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilterUserAuthorizationInvalidConfigurationValue() throws Exception { // Create and persist the relative database entities. userDaoTestHelper.createUserEntity(USER_ID, true); namespaceDaoTestHelper.createNamespaceEntity(NAMESPACE); namespaceDaoTestHelper.createNamespaceEntity(NAMESPACE_2); // Create an ordered set of expected namespace authorizations. Set<NamespaceAuthorization> expectedNamespaceAuthorizations = new HashSet<>(); expectedNamespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE, SUPPORTED_NAMESPACE_PERMISSIONS)); expectedNamespaceAuthorizations.add(new NamespaceAuthorization(NAMESPACE_2, SUPPORTED_NAMESPACE_PERMISSIONS)); setupTestFunctions("testRole"); Map<String, Object> overrideMap = getDefaultSecurityEnvironmentVariables(); overrideMap.put(ConfigurationValue.USER_NAMESPACE_AUTHORIZATION_ENABLED.getKey(), "NOT_A_BOOLEAN"); modifyPropertySourceInEnvironment(overrideMap); try { MockHttpServletRequest request = getRequestWithHeaders(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09"); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); // Validate that there is no authentication. assertNull(SecurityContextHolder.getContext().getAuthentication()); } finally { restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilterUserChangedInHeaders() throws Exception { modifyPropertySourceInEnvironment(getDefaultSecurityEnvironmentVariables()); try { MockHttpServletRequest request = getRequestWithHeaders(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09"); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09", null, null); // Change the userId in the header. request = getRequestWithHeaders(USER_ID_2, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09"); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); validateHttpHeaderApplicationUser(USER_ID_2, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09", null, null); // Change the session init time in the header. request = getRequestWithHeaders(USER_ID_2, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 11:24:09"); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); validateHttpHeaderApplicationUser(USER_ID_2, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 11:24:09", null, null); } finally { restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilterInvalidateSessionOnWrongHeader() throws Exception { modifyPropertySourceInEnvironment(getDefaultSecurityEnvironmentVariables()); try { MockHttpServletRequest request = getRequestWithHeaders(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09"); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole", "Wed, 11 Mar 2015 10:24:09", null, null); // Try again with no header, user should be invalidated. httpHeaderAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain()); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); assertNull(authentication); } finally { restorePropertySourceInEnvironment(); } }
@Test public void testHttpHeaderAuthenticationFilterNoRegexGroup() throws Exception { Map<String, Object> overrideMap = getDefaultSecurityEnvironmentVariables(); overrideMap.put(ConfigurationValue.SECURITY_HTTP_HEADER_ROLE_REGEX_GROUP.getKey(), " "); modifyPropertySourceInEnvironment(overrideMap); try { MockHttpServletRequest request = getRequestWithHeaders(USER_ID, "testFirstName", "testLastName", "testEmail", "testRole1,testRole2", "Wed, 11 Mar 2015 10:24:09"); // Invalidate user session if exists. invalidateApplicationUser(request); httpHeaderAuthenticationFilter.init(new MockFilterConfig()); httpHeaderAuthenticationFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain()); Set<String> expectedRoles = new HashSet<>(); expectedRoles.add("testRole1,"); expectedRoles.add("testRole2"); validateHttpHeaderApplicationUser(USER_ID, "testFirstName", "testLastName", "testEmail", expectedRoles, "Wed, 11 Mar 2015 10:24:09", null, null); } finally { restorePropertySourceInEnvironment(); } }
@Before public void setUp() throws Exception { filter = new StaticFilter(); MockFilterConfig config = new MockFilterConfig(); config.addInitParameter("includes", "/scripts/*"); filter.init(config); }
/** * @throws ServletException if the filter cannot be initialized */ @Before public final void setUp() throws ServletException { clientParameterFilter = new ClientParameterFilter(); MockFilterConfig filterConfig = new MockFilterConfig(); filterConfig.addInitParameter( ClientParameterFilter.CONFIG_PARAMETER_NAME, "scratchpad"); clientParameterFilter.init(filterConfig); servletRequest = new MockHttpServletRequest(); servletResponse = new MockHttpServletResponse(); }
@Before public void setUp() throws Exception { mockFilterConfig = new MockFilterConfig(); mockFilterChain = new MockFilterChain(); mockRequest = new MockHttpServletRequest(); mockResponse = new MockHttpServletResponse(); filter = new LocalAddrFilter(); filter.init(mockFilterConfig); }
@Test public void testInitDestroy() throws ServletException { FilterConfig filterConfig = new MockFilterConfig(); ResponseHeaderFilter f = new ResponseHeaderFilter(); f.init(filterConfig); Assert.assertSame(filterConfig, f.filterConfig); f.destroy(); Assert.assertNull(f.filterConfig); }
@Test public void testFilter() throws IOException, ServletException { ResponseHeaderFilter f = new ResponseHeaderFilter(); MockFilterConfig config = new MockFilterConfig(); config.addInitParameter("Foo", "Bar"); f.init(config); f.doFilter(request, response, filterChain); Assert.assertEquals("Bar", response.getHeader("Foo")); Assert.assertSame(request, filterChain.getRequest()); Assert.assertSame(response, filterChain.getResponse()); }
protected Filter createLocaleChangeFilter() { try{ LocaleChangeFilter localeChangeFilter = new LocaleChangeFilter(); localeChangeFilter.init(new MockFilterConfig(applicationContext.getServletContext())); return localeChangeFilter; }catch(ServletException e){ e.printStackTrace(); return null; } }
