Codota Logo
SecurityMockMvcRequestPostProcessors.securityContext
Code IndexAdd Codota to your IDE (free)

How to use
securityContext
method
in
org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors

Best Java code snippets using org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.securityContext (Showing top 13 results out of 315)

  • Add the Codota plugin to your IDE and get smart completions
private void myMethod () {
 Connection c =
  • Codota IconDataSource dataSource;dataSource.getConnection()
  • Codota IconString url;DriverManager.getConnection(url)
  • Codota IconIdentityDatabaseUtil.getDBConnection()
  • Smart code suggestions by Codota
}
origin: cloudfoundry/uaa

@Test
void testChangeEmailPageHasCsrf() throws Exception {
  SecurityContext marissaContext = getMarissaSecurityContext(webApplicationContext);
  MockHttpServletRequestBuilder get = get("/change_email")
      .accept(TEXT_HTML)
      .with(securityContext(marissaContext));
  mockMvc.perform(get)
      .andExpect(status().isOk())
      .andExpect(content().string(containsString("X-Uaa-Csrf")));
}
origin: cloudfoundry/uaa

@Test
void testChangePasswordPageDoesHaveCsrf() throws Exception {
  mockMvc.perform(
      get("/change_password")
          .with(securityContext(MockMvcUtils.getMarissaSecurityContext(webApplicationContext)))
  )
      .andExpect(status().isOk())
      .andExpect(view().name("change_password"))
      .andExpect(content().string(containsString("action=\"/change_password.do\"")))
      .andExpect(content().string(containsString("name=\"X-Uaa-Csrf\"")));
}
origin: cloudfoundry/uaa

@Test
void access_login_page_while_logged_in() throws Exception {
  SecurityContext securityContext = MockMvcUtils.getMarissaSecurityContext(webApplicationContext);
  mockMvc.perform(
      get("/login")
          .header("Accept", MediaType.TEXT_HTML_VALUE)
          .with(securityContext(securityContext))
  )
      .andExpect(status().isFound())
      .andExpect(redirectedUrl("/home"));
}
origin: cloudfoundry/uaa

@Test
void testChangeEmailNoCsrfReturns403AndInvalidRequest() throws Exception {
  assumeFalse(isLimitedMode(limitedModeUaaFilter), "Test only runs in non limited mode.");
  SecurityContext marissaContext = getMarissaSecurityContext(webApplicationContext);
  MockHttpServletRequestBuilder get = get("/change_email")
      .accept(TEXT_HTML)
      .with(securityContext(marissaContext));
  mockMvc.perform(get)
      .andExpect(status().isOk())
      .andExpect(content().string(containsString("X-Uaa-Csrf")))
      .andReturn();
  MockHttpServletRequestBuilder changeEmail = post("/change_email.do")
      .accept(TEXT_HTML)
      .with(securityContext(marissaContext))
      .with(cookieCsrf().useInvalidToken())
      .param("newEmail", "test@test.org")
      .param("client_id", "");
  mockMvc.perform(changeEmail)
      .andExpect(status().isForbidden())
      .andExpect(forwardedUrl("/invalid_request"));
}
origin: cloudfoundry/uaa

public String performIdpAuthentication() throws Exception {
  RequestPostProcessor marissa = securityContext(getUaaSecurityContext("marissa", getWebApplicationContext(), idpZone.getIdentityZone()));
  return getMockMvc().perform(
    get("/saml/idp/initiate")
      .header("Host", idpZone.getIdentityZone().getSubdomain()+".localhost")
      .param("sp", entityId)
      .with(marissa)
  )
    .andDo(print())
    .andReturn().getResponse().getContentAsString();
}
origin: cloudfoundry/uaa

@Test
void testChangeEmailSubmitWithSpringSecurityForcedCsrf() throws Exception {
  assumeFalse(isLimitedMode(limitedModeUaaFilter), "Test only runs in non limited mode.");
  SecurityContext marissaContext = getMarissaSecurityContext(webApplicationContext);
  //example shows to to test a request that is secured by csrf and you wish to bypass it
  MockHttpServletRequestBuilder changeEmail = post("/change_email.do")
      .accept(TEXT_HTML)
      .with(securityContext(marissaContext))
      .with(cookieCsrf())
      .param("newEmail", "test@test.org")
      .param("client_id", "");
  HttpSession session = mockMvc.perform(changeEmail)
      .andExpect(status().isFound())
      .andExpect(redirectedUrl("email_sent?code=email_change"))
      .andReturn().getRequest().getSession(false);
  System.out.println("session = " + session);
}
origin: cloudfoundry/uaa

@Test
void testChangeEmailSubmitWithMissingCsrf() throws Exception {
  assumeFalse(isLimitedMode(limitedModeUaaFilter), "Test only runs in non limited mode.");
  SecurityContext marissaContext = getMarissaSecurityContext(webApplicationContext);
  MockHttpServletRequestBuilder get = get("/change_email")
      .accept(TEXT_HTML)
      .with(securityContext(marissaContext));
  MockHttpSession session = (MockHttpSession) mockMvc.perform(get)
      .andExpect(status().isOk())
      .andExpect(content().string(containsString("X-Uaa-Csrf")))
      .andReturn().getRequest().getSession();
  MockHttpServletRequestBuilder changeEmail = post("/change_email.do")
      .accept(TEXT_HTML)
      .session(session)
      .with(cookieCsrf().useInvalidToken())
      .with(securityContext(marissaContext))
      .param("newEmail", "test@test.org")
      .param("client_id", "");
  mockMvc.perform(changeEmail)
      .andExpect(status().isForbidden())
      .andExpect(forwardedUrl("/invalid_request"));
}
origin: cloudfoundry/uaa

@Test
void testChangeEmailSubmitWithCorrectCsrf() throws Exception {
  assumeFalse(isLimitedMode(limitedModeUaaFilter), "Test only runs in non limited mode.");
  SecurityContext marissaContext = getMarissaSecurityContext(webApplicationContext);
  MockHttpServletRequestBuilder get = get("/change_email")
      .accept(TEXT_HTML)
      .with(securityContext(marissaContext));
  MvcResult result = mockMvc.perform(get)
      .andExpect(status().isOk())
      .andExpect(content().string(containsString("X-Uaa-Csrf")))
      .andReturn();
  MockHttpSession session = (MockHttpSession) result.getRequest().getSession();
  MockHttpServletRequestBuilder changeEmail = post("/change_email.do")
      .accept(TEXT_HTML)
      .with(securityContext(marissaContext))
      .with(cookieCsrf())
      .session(session)
      .param("newEmail", "test@test.org")
      .param("client_id", "");
  mockMvc.perform(changeEmail)
      .andExpect(status().isFound())
      .andExpect(redirectedUrl("email_sent?code=email_change"));
}
origin: cloudfoundry/uaa

@Test
void testChangeEmailSubmitWithInvalidCsrf() throws Exception {
  assumeFalse(isLimitedMode(limitedModeUaaFilter), "Test only runs in non limited mode.");
  SecurityContext marissaContext = getMarissaSecurityContext(webApplicationContext);
  MockHttpServletRequestBuilder get = get("/change_email")
      .accept(TEXT_HTML)
      .with(securityContext(marissaContext));
  MockHttpSession session = (MockHttpSession) mockMvc.perform(get)
      .andExpect(status().isOk())
      .andExpect(content().string(containsString("X-Uaa-Csrf")))
      .andReturn().getRequest().getSession();
  MockHttpServletRequestBuilder changeEmail = post("/change_email.do")
      .accept(TEXT_HTML)
      .session(session)
      .with(securityContext(marissaContext))
      .param("newEmail", "test@test.org")
      .param("client_id", "")
      .with(cookieCsrf().useInvalidToken());
  mockMvc.perform(changeEmail)
      .andExpect(status().isForbidden())
      .andExpect(forwardedUrl("/invalid_request"));
}
origin: cloudfoundry/uaa

        .with(securityContext(getUaaSecurityContext(marissa.getUserName(), webApplicationContext, zone)))
        .header("Host", zone.getSubdomain() + ".localhost")
        .with(securityContext(getUaaSecurityContext(marissa.getUserName(), webApplicationContext, zone)))
        .header("Host", zone.getSubdomain() + ".localhost")
mockMvc.perform(
    get("/")
        .with(securityContext(getUaaSecurityContext(marissa.getUserName(), webApplicationContext, zone)))
        .header("Host", zone.getSubdomain() + ".localhost")
origin: cloudfoundry/uaa

@Test
void testChangePasswordSubmitDoesValidateCsrf(
    @Autowired ScimUserProvisioning scimUserProvisioning
) throws Exception {
  assumeFalse(isLimitedMode(limitedModeUaaFilter), "Test only runs in non limited mode.");
  ScimUser user = createUser(scimUserProvisioning, generator, getUaa().getId());
  mockMvc.perform(
      post("/change_password.do")
          .with(securityContext(MockMvcUtils.getUaaSecurityContext(user.getUserName(), webApplicationContext)))
          .param("current_password", user.getPassword())
          .param("new_password", "newSecr3t")
          .param("confirm_password", "newSecr3t")
          .with(cookieCsrf().useInvalidToken()))
      .andExpect(status().isForbidden())
      .andExpect(forwardedUrl("/invalid_request"));
  mockMvc.perform(
      post("/change_password.do")
          .with(securityContext(MockMvcUtils.getUaaSecurityContext(user.getUserName(), webApplicationContext)))
          .param("current_password", user.getPassword())
          .param("new_password", "newSecr3t")
          .param("confirm_password", "newSecr3t")
          .with(cookieCsrf()))
      .andExpect(status().isFound())
      .andExpect(redirectedUrl("profile"));
}
origin: cloudfoundry/uaa

.param("sp", spEntityID)
.with(new SetServerNameRequestPostProcessor(zone.getSubdomain()+".localhost"))
.with(securityContext(getUaaSecurityContext(marissa.getUserName(), webApplicationContext, zone)))
origin: cloudfoundry/uaa

@Test
void testChangeEmailDoNotLoggedIn() throws Exception {
  assumeFalse(isLimitedMode(limitedModeUaaFilter), "Test only runs in non limited mode.");
  SecurityContext marissaContext = getMarissaSecurityContext(webApplicationContext);
  MockHttpServletRequestBuilder changeEmail = post("/change_email.do")
      .accept(TEXT_HTML)
      .with(cookieCsrf());
  mockMvc.perform(changeEmail)
      .andExpect(status().isFound())
      .andExpect(redirectedUrl("http://localhost/login"));
  changeEmail = post("/change_email.do")
      .accept(TEXT_HTML)
      .with(cookieCsrf());
  mockMvc.perform(changeEmail)
      .andExpect(status().isFound())
      .andExpect(redirectedUrl("http://localhost/login"));
  changeEmail = post("/change_email.do")
      .accept(TEXT_HTML)
      .with(cookieCsrf().useInvalidToken())
      .with(securityContext(marissaContext));
  mockMvc.perform(changeEmail)
      .andExpect(status().isForbidden())
      .andExpect(forwardedUrl("/invalid_request"));
}
org.springframework.security.test.web.servlet.requestSecurityMockMvcRequestPostProcessorssecurityContext

Javadoc

Establish the specified SecurityContext to be used.

This works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder you need to ensure that the SecurityContextPersistenceFilter (i.e. Spring Security's FilterChainProxy will typically do this) is associated with the MockMvc instance.

Popular methods of SecurityMockMvcRequestPostProcessors

  • httpBasic
    Convenience mechanism for setting the Authorization header to use HTTP Basic with the given username
  • user
    Establish a SecurityContext that has a UsernamePasswordAuthenticationToken for the Authentication#ge
  • csrf
    Creates a RequestPostProcessor that will automatically populate a valid CsrfToken in the request.
  • testSecurityContext
    Creates a RequestPostProcessor that can be used to ensure that the resulting request is ran with the
  • x509
    Populates the provided X509Certificate instances on the request.
  • digest
    Creates a DigestRequestPostProcessor that enables easily adding digest based authentication to a req
  • authentication
    Establish a SecurityContext that uses the specified Authenticationfor the Authentication#getPrincipa

Popular in Java

  • Creating JSON documents from java classes using gson
  • setContentView (Activity)
  • getContentResolver (Context)
  • getExternalFilesDir (Context)
  • VirtualMachine (com.sun.tools.attach)
    A Java virtual machine. A VirtualMachine represents a Java virtual machine to which this Java vir
  • Permission (java.security)
    Abstract class for representing access to a system resource. All permissions have a name (whose inte
  • Comparator (java.util)
    A Comparator is used to compare two objects to determine their ordering with respect to each other.
  • GregorianCalendar (java.util)
    GregorianCalendar is a concrete subclass of Calendarand provides the standard calendar used by most
  • TimeUnit (java.util.concurrent)
    A TimeUnit represents time durations at a given unit of granularity and provides utility methods to
  • LogFactory (org.apache.commons.logging)
    A minimal incarnation of Apache Commons Logging's LogFactory API, providing just the common Log look
Codota Logo

  • Products

    Search for Java codeSearch for JavaScript codeEnterprise

  • IDE Plugins

    IntelliJ IDEAWebStormAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimAtomGoLandRubyMineEmacsJupyter

  • Company

    About UsContact UsCareers

  • Resources

    FAQBlogCodota Academy Plugin user guide Terms of usePrivacy policyJava Code IndexJavascript Code Index
Get Codota for your IDE now