Josh Cummings
8 years ago
3 changed files with 146 additions and 79 deletions
@ -1,79 +0,0 @@
@@ -1,79 +0,0 @@
|
||||
/* |
||||
* Copyright 2002-2012 the original author or authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0 |
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
*/ |
||||
package org.springframework.security.config.http |
||||
|
||||
import static org.mockito.Matchers.any |
||||
import static org.mockito.Matchers.eq |
||||
import static org.mockito.Mockito.* |
||||
|
||||
import javax.servlet.http.HttpServletResponse |
||||
import javax.servlet.http.HttpServletResponseWrapper |
||||
|
||||
import org.springframework.mock.web.MockFilterChain |
||||
import org.springframework.mock.web.MockHttpServletRequest |
||||
import org.springframework.mock.web.MockHttpServletResponse |
||||
|
||||
/** |
||||
* |
||||
* @author Rob Winch |
||||
*/ |
||||
class HttpConfigTests extends AbstractHttpConfigTests { |
||||
MockHttpServletRequest request = new MockHttpServletRequest('GET','/secure') |
||||
MockHttpServletResponse response = new MockHttpServletResponse() |
||||
MockFilterChain chain = new MockFilterChain() |
||||
|
||||
def 'http minimal configuration works'() { |
||||
setup: |
||||
xml.http() {} |
||||
createAppContext("""<user-service> |
||||
<user name="user" password="password" authorities="ROLE_USER" /> |
||||
</user-service>""") |
||||
when: 'request protected URL' |
||||
springSecurityFilterChain.doFilter(request,response,chain) |
||||
then: 'sent to login page' |
||||
response.status == HttpServletResponse.SC_MOVED_TEMPORARILY |
||||
response.redirectedUrl == 'http://localhost/login' |
||||
} |
||||
|
||||
def 'http disable-url-rewriting defaults to true'() { |
||||
setup: |
||||
xml.http() {} |
||||
createAppContext("""<user-service> |
||||
<user name="user" password="password" authorities="ROLE_USER" /> |
||||
</user-service>""") |
||||
HttpServletResponse testResponse = new HttpServletResponseWrapper(response) { |
||||
public String encodeURL(String url) { |
||||
throw new RuntimeException("Unexpected invocation of encodeURL") |
||||
} |
||||
public String encodeRedirectURL(String url) { |
||||
throw new RuntimeException("Unexpected invocation of encodeURL") |
||||
} |
||||
public String encodeUrl(String url) { |
||||
throw new RuntimeException("Unexpected invocation of encodeURL") |
||||
} |
||||
public String encodeRedirectUrl(String url) { |
||||
throw new RuntimeException("Unexpected invocation of encodeURL") |
||||
} |
||||
} |
||||
when: 'request protected URL' |
||||
springSecurityFilterChain.doFilter(request,testResponse,{ request,response-> |
||||
response.encodeURL("/url") |
||||
response.encodeRedirectURL("/url") |
||||
response.encodeUrl("/url") |
||||
response.encodeRedirectUrl("/url") |
||||
}) |
||||
then: 'sent to login page' |
||||
response.status == HttpServletResponse.SC_MOVED_TEMPORARILY |
||||
response.redirectedUrl == 'http://localhost/login' |
||||
} |
||||
} |
||||
@ -0,0 +1,114 @@
@@ -0,0 +1,114 @@
|
||||
/* |
||||
* Copyright 2002-2018 the original author or authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
package org.springframework.security.config.http; |
||||
|
||||
import org.apache.http.HttpStatus; |
||||
import org.junit.Rule; |
||||
import org.junit.Test; |
||||
import org.springframework.beans.factory.annotation.Autowired; |
||||
import org.springframework.mock.web.MockHttpServletRequest; |
||||
import org.springframework.mock.web.MockHttpServletResponse; |
||||
import org.springframework.security.config.test.SpringTestRule; |
||||
import org.springframework.security.web.FilterChainProxy; |
||||
import org.springframework.test.web.servlet.MockMvc; |
||||
|
||||
import javax.servlet.http.HttpServletResponse; |
||||
import javax.servlet.http.HttpServletResponseWrapper; |
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat; |
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; |
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl; |
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; |
||||
|
||||
/** |
||||
* |
||||
* @author Rob Winch |
||||
* @author Josh Cummings |
||||
*/ |
||||
public class HttpConfigTests { |
||||
|
||||
private static final String CONFIG_LOCATION_PREFIX = |
||||
"classpath:org/springframework/security/config/http/HttpConfigTests"; |
||||
|
||||
@Rule |
||||
public final SpringTestRule spring = new SpringTestRule(); |
||||
|
||||
@Autowired |
||||
MockMvc mvc; |
||||
|
||||
@Test |
||||
public void getWhenUsingMinimalConfigurationThenRedirectsToLogin() |
||||
throws Exception { |
||||
|
||||
this.spring.configLocations(this.xml("Minimal")).autowire(); |
||||
|
||||
this.mvc.perform(get("/")) |
||||
.andExpect(status().isFound()) |
||||
.andExpect(redirectedUrl("http://localhost/login")); |
||||
} |
||||
|
||||
@Test |
||||
public void getWhenUsingMinimalConfigurationThenPreventsSessionAsUrlParameter() |
||||
throws Exception { |
||||
|
||||
this.spring.configLocations(this.xml("Minimal")).autowire(); |
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/"); |
||||
MockHttpServletResponse response = new MockHttpServletResponse(); |
||||
|
||||
FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class); |
||||
|
||||
proxy.doFilter( |
||||
request, |
||||
new EncodeUrlDenyingHttpServletResponseWrapper(response), |
||||
(req, resp) -> {}); |
||||
|
||||
assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); |
||||
assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login"); |
||||
} |
||||
|
||||
private static class EncodeUrlDenyingHttpServletResponseWrapper |
||||
extends HttpServletResponseWrapper { |
||||
|
||||
public EncodeUrlDenyingHttpServletResponseWrapper(HttpServletResponse response) { |
||||
super(response); |
||||
} |
||||
|
||||
@Override |
||||
public String encodeURL(String url) { |
||||
throw new RuntimeException("Unexpected invocation of encodeURL"); |
||||
} |
||||
|
||||
@Override |
||||
public String encodeRedirectURL(String url) { |
||||
throw new RuntimeException("Unexpected invocation of encodeURL"); |
||||
} |
||||
|
||||
@Override |
||||
public String encodeUrl(String url) { |
||||
throw new RuntimeException("Unexpected invocation of encodeURL"); |
||||
} |
||||
|
||||
@Override |
||||
public String encodeRedirectUrl(String url) { |
||||
throw new RuntimeException("Unexpected invocation of encodeURL"); |
||||
} |
||||
} |
||||
|
||||
private String xml(String configName) { |
||||
return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml"; |
||||
} |
||||
} |
||||
@ -0,0 +1,32 @@
@@ -0,0 +1,32 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!-- |
||||
~ Copyright 2002-2018 the original author or authors. |
||||
~ |
||||
~ Licensed under the Apache License, Version 2.0 (the "License"); |
||||
~ you may not use this file except in compliance with the License. |
||||
~ You may obtain a copy of the License at |
||||
~ |
||||
~ http://www.apache.org/licenses/LICENSE-2.0 |
||||
~ |
||||
~ Unless required by applicable law or agreed to in writing, software |
||||
~ distributed under the License is distributed on an "AS IS" BASIS, |
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
~ See the License for the specific language governing permissions and |
||||
~ limitations under the License. |
||||
--> |
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xmlns="http://www.springframework.org/schema/security" |
||||
xsi:schemaLocation=" |
||||
http://www.springframework.org/schema/security |
||||
http://www.springframework.org/schema/security/spring-security.xsd |
||||
http://www.springframework.org/schema/beans |
||||
http://www.springframework.org/schema/beans/spring-beans.xsd"> |
||||
|
||||
<http auto-config="true" use-expressions="false"> |
||||
<intercept-url pattern="/**" access="ROLE_USER"/> |
||||
</http> |
||||
|
||||
<b:import resource="userservice.xml"/> |
||||
</b:beans> |
||||
Loading…
Reference in new issue