@Override public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { request.setServerName(serverName); return request; } }
@Test public void getServerNameWithCustomName() { request.setServerName("example.com"); assertEquals("example.com", request.getServerName()); }
@Test public void getServiceUrlDoesNotUseHostHeaderExplicit() { this.casServiceUrl = "https://example.com/j_spring_security_cas"; this.request.setServerName("evil.com"); ServiceAuthenticationDetails details = loadServiceAuthenticationDetails( "defaultserviceauthenticationdetails-explicit.xml"); assertThat(details.getServiceUrl()) .isEqualTo("https://example.com/cas-sample/secure/"); }
@Test public void getServiceUrlDoesNotUseHostHeader() throws Exception { this.casServiceUrl = "https://example.com/j_spring_security_cas"; this.request.setServerName("evil.com"); this.details = new DefaultServiceAuthenticationDetails(this.casServiceUrl, this.request, this.artifactPattern); assertThat(this.details.getServiceUrl()) .isEqualTo("https://example.com/cas-sample/secure/"); }
@Override public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { request.setServerPort(8080); request.setRequestURI(fullPath); request.setServerName(host); return request; } })
@Override public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { request.setServerPort(8080); request.setRequestURI(fullPath); request.setServerName(host); return request; } })
@Test public void getRequestURL() { request.setServerPort(8080); request.setRequestURI("/path"); assertEquals("http://localhost:8080/path", request.getRequestURL().toString()); request.setScheme("https"); request.setServerName("example.com"); request.setServerPort(8443); assertEquals("https://example.com:8443/path", request.getRequestURL().toString()); }
@Test public void unapprovedFormRedirectRequestDoesNotSave() throws IOException, ServletException { request.setPathInfo("/login.do"); request.setRequestURI("/login.do"); request.setMethod(HttpMethod.POST.name()); request.setParameter(FORM_REDIRECT_PARAMETER, "http://test.com"); request.setServerName("not-test.com"); spy.doFilter(request, new MockHttpServletResponse(), mock(FilterChain.class)); verify(spy, never()).saveClientRedirect(any(HttpServletRequest.class), anyString()); } }
@Test public void saveFormRedirectRequest() throws Exception { String redirectUri = "http://login"; request.setSession(session); request.setParameter(FORM_REDIRECT_PARAMETER, redirectUri); request.setServerName(new URL(redirectUri).getHost()); spy.saveRequest(request, new MockHttpServletResponse()); verify(spy).saveClientRedirect(request, request.getParameter(FORM_REDIRECT_PARAMETER)); }
@Test public void testReferringSameHostSite() throws Exception { final MockHttpServletRequest request = new MockHttpServletRequest("GET", "/test.js"); request.addHeader("Referer", "https://www.myapp.com:8080/categories"); request.setServerName("www.myapp.com"); final MonitoredHttpRequest monitoredHttpRequest = createMonitoredHttpRequest(request); monitoredHttpRequest.createScope().close(); assertEquals(1, tracer.finishedSpans().size()); final MockSpan mockSpan = tracer.finishedSpans().get(0); assertNull(mockSpan.tags().get("http.referring_site")); }
@Test public void saveClientRedirect_On_Regular_Get() throws Exception { request.setSession(session); request.setScheme("http"); request.setServerName("localhost"); request.setRequestURI("/test"); request.setMethod(HttpMethod.GET.name()); spy.saveRequest(request, new MockHttpServletResponse()); verify(spy, times(1)).saveClientRedirect(request, "http://localhost/test"); }
@Before public void setUp() { this.casServiceUrl = "https://localhost:8443/j_spring_security_cas"; this.request = new MockHttpServletRequest(); this.request.setScheme("https"); this.request.setServerName("localhost"); this.request.setServerPort(8443); this.request.setRequestURI("/cas-sample/secure/"); this.artifactPattern = DefaultServiceAuthenticationDetails .createArtifactPattern(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER); }
@Test public void testXForwardedPrefixUrls() { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("login.localhost"); request.addHeader("X-Forwarded-Prefix", "/prefix"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); RequestContextHolder.setRequestAttributes(attrs); String url = UaaUrlUtils.getUaaUrl("/something"); assertThat(url, is("http://login.localhost/prefix/something")); }
@Test public void resolveWhenAuthorizationRequestIncludesPort443ThenExpandedRedirectUriExcludesPort() { ClientRegistration clientRegistration = this.registration1; String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setScheme("https"); request.setServerName("example.com"); request.setServerPort(443); request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=https://example.com/login/oauth2/code/registration-id"); }
@Test public void resolveWhenAuthorizationRequestIncludesPort80ThenExpandedRedirectUriExcludesPort() { ClientRegistration clientRegistration = this.registration1; String requestUri = this.authorizationRequestBaseUri + "/" + clientRegistration.getRegistrationId(); MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setScheme("http"); request.setServerName("example.com"); request.setServerPort(80); request.setServletPath(requestUri); OAuth2AuthorizationRequest authorizationRequest = this.resolver.resolve(request); assertThat(authorizationRequest.getAuthorizationRequestUri()) .matches("https://example.com/login/oauth/authorize\\?" + "response_type=code&client_id=client-id&" + "scope=read:user&state=.{15,}&" + "redirect_uri=http://example.com/login/oauth2/code/registration-id"); }
public MockHttpServletRequest buildRequest(ServletContext servletContext) { Charset charset = getCharset(); String httpMethod = this.webRequest.getHttpMethod().name(); UriComponents uriComponents = uriComponents(); String path = uriComponents.getPath(); MockHttpServletRequest request = new HtmlUnitMockHttpServletRequest( servletContext, httpMethod, (path != null ? path : "")); parent(request, this.parentBuilder); String host = uriComponents.getHost(); request.setServerName(host != null ? host : ""); // needs to be first for additional headers authType(request); request.setCharacterEncoding(charset.name()); content(request, charset); contextPath(request, uriComponents); contentType(request); cookies(request); headers(request); locales(request); servletPath(uriComponents, request); params(request, uriComponents); ports(uriComponents, request); request.setProtocol("HTTP/1.1"); request.setQueryString(uriComponents.getQuery()); String scheme = uriComponents.getScheme(); request.setScheme(scheme != null ? scheme : ""); request.setPathInfo(null); return postProcess(request); }
@Test public void testGetUaaUrlWithZoneAndPath() throws Exception { setIdentityZone("zone1"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("zone1.localhost"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); RequestContextHolder.setRequestAttributes(attrs); assertEquals("http://zone1.localhost/login", UaaUrlUtils.getUaaUrl("/login")); }
@Test public void testGetHostWithZone() throws Exception { setIdentityZone("zone1"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("zone1.localhost"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); RequestContextHolder.setRequestAttributes(attrs); assertEquals("zone1.localhost", UaaUrlUtils.getUaaHost()); }
@Test public void testGetUaaUrlWithZone() throws Exception { setIdentityZone("zone1"); MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("zone1.localhost"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); RequestContextHolder.setRequestAttributes(attrs); assertEquals("http://zone1.localhost", UaaUrlUtils.getUaaUrl()); }
@Test public void testGetBaseURLOnLocalhost() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(8080); request.setRequestURI("/uaa/something"); request.setServletPath("/something"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); RequestContextHolder.setRequestAttributes(attrs); assertEquals("http://localhost:8080/uaa", UaaUrlUtils.getBaseURL(request)); }