@Test // SPR-12945 public void mergeInvokesDefaultRequestPostProcessorFirst() { final String ATTR = "ATTR"; final String EXPECTED = "override"; MockHttpServletRequestBuilder defaultBuilder = new MockHttpServletRequestBuilder(HttpMethod.GET, "/foo/bar") .with(requestAttr(ATTR).value("default")) .with(requestAttr(ATTR).value(EXPECTED)); builder.merge(defaultBuilder); MockHttpServletRequest request = builder.buildRequest(servletContext); request = builder.postProcessRequest(request); assertEquals(EXPECTED, request.getAttribute(ATTR)); }
@Test public void loginWhenUsingJaasApiProvisionThenJaasSubjectContainsUsername() throws Exception { this.spring.configLocations(xml("Jaas")).autowire(); AuthorityGranter granter = this.spring.getContext().getBean(AuthorityGranter.class); when(granter.grant(any(Principal.class))).thenReturn(new HashSet<>(Arrays.asList("USER"))); this.mvc.perform(get("/username") .with(httpBasic("user", "password"))) .andExpect(content().string("user")); }
/** * http/http-basic@authentication-details-source-ref equivalent */ @Test public void basicAuthenticationWhenUsingAuthenticationDetailsSourceRefThenMatchesNamespace() throws Exception { this.spring.register(AuthenticationDetailsSourceHttpBasicConfig.class, UserConfig.class).autowire(); AuthenticationDetailsSource<HttpServletRequest, ?> source = this.spring.getContext().getBean(AuthenticationDetailsSource.class); this.mvc.perform(get("/") .with(httpBasic("user", "password"))); verify(source).buildDetails(any(HttpServletRequest.class)); }
@Test public void requestWhenJwtAuthenticationConverterCustomizedAuthoritiesThenThoseAuthoritiesArePropagated() throws Exception { this.spring.register(JwtDecoderConfig.class, CustomAuthorityMappingConfig.class, BasicController.class) .autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); when(decoder.decode(JWT_TOKEN)).thenReturn(JWT); this.mvc.perform(get("/requires-read-scope") .with(bearerToken(JWT_TOKEN))) .andExpect(status().isOk()); }
private static RequestBuilder formLogin(MockHttpSession session) { return post("/login") .param("username", "user") .param("password", "password") .session(session) .with(csrf()); } }
@Test public void barHeader() throws Exception { this.mockMvc.perform(get("/").with(headers().bar("a=b"))).andExpect(content().string("Bar")); }
@Test public void fooHeader() throws Exception { this.mockMvc.perform(get("/").with(headers().foo("a=b"))).andExpect(content().string("Foo")); }
@Test public void requestWhenCustomJwtDecoderExposedAsBeanThenUsed() throws Exception { this.spring.register(CustomJwtDecoderAsBean.class, BasicController.class).autowire(); JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class); when(decoder.decode(anyString())).thenReturn(JWT); this.mvc.perform(get("/authenticated") .with(bearerToken(JWT_TOKEN))) .andExpect(status().isOk()) .andExpect(content().string(JWT_SUBJECT)); }
@Test public void requestWhenSessionManagementConfiguredThenUserConfigurationOverrides() throws Exception { this.spring.register(RestOperationsConfig.class, AlwaysSessionCreationConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidNoScopes"); MvcResult result = this.mvc.perform(get("/") .with(bearerToken(token))) .andExpect(status().isOk()) .andReturn(); assertThat(result.getRequest().getSession(false)).isNotNull(); }
@Test public void requestWhenUsingPublicKeyAlgorithmDoesNotMatchThenReturnsInvalidToken() throws Exception { this.spring.register(SingleKeyConfig.class).autowire(); String token = this.token("WrongAlgorithm"); this.mvc.perform(get("/") .with(bearerToken(token))) .andExpect(invalidTokenHeader("algorithm")); }
@Test public void requestWhenUsingPublicKeyAndSignatureFailsThenReturnsInvalidToken() throws Exception { this.spring.register(SingleKeyConfig.class).autowire(); String token = this.token("WrongSignature"); this.mvc.perform(get("/") .with(bearerToken(token))) .andExpect(invalidTokenHeader("signature")); }
@Test public void getWhenUsingCorsThenDoesSpringSecurityCorsHandshake() throws Exception { this.spring.configLocations(this.xml("WithCors")).autowire(); this.mvc.perform(get("/").with(this.approved())) .andExpect(corsResponseHeaders()) .andExpect((status().isIAmATeapot())); this.mvc.perform(options("/").with(this.preflight())) .andExpect(corsResponseHeaders()) .andExpect(status().isOk()); }
@Test public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception { this.spring.register(AuthenticationPrincipalConfig.class).autowire(); this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password")))) .andExpect(content().string("user1")); }
@Test public void requestWhenUsingPublicKeyAndValidTokenThenAuthenticates() throws Exception { this.spring.register(SingleKeyConfig.class, BasicController.class).autowire(); String token = this.token("ValidNoScopes"); this.mvc.perform(get("/") .with(bearerToken(token))) .andExpect(status().isOk()); }
/** * http@realm equivalent */ @Test public void basicAuthenticationWhenUsingCustomRealmThenMatchesNamespace() throws Exception { this.spring.register(CustomHttpBasicConfig.class, UserConfig.class).autowire(); this.mvc.perform(get("/") .with(httpBasic("user", "invalid"))) .andExpect(status().isUnauthorized()) .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Custom Realm\"")); }
@Test public void getWhenUsingDefaultsWithExpiredBearerTokenThenInvalidToken() throws Exception { this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); this.mvc.perform(get("/").with(bearerToken(token))) .andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); }
@Test public void getWhenUsingMethodSecurityWithInsufficientScpThenInsufficientScopeError() throws Exception { this.spring.register(RestOperationsConfig.class, MethodSecurityConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageWriteScp"); this.mvc.perform(get("/ms-requires-read-scope") .with(bearerToken(token))) .andExpect(status().isForbidden()) .andExpect(insufficientScopeHeader("message:write")); }
@Test public void postWhenUsingDefaultsWithExpiredBearerTokenAndNoCsrfThenInvalidToken() throws Exception { this.spring.register(RestOperationsConfig.class, DefaultConfig.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("Expired"); this.mvc.perform(post("/authenticated") .with(bearerToken(token))) .andExpect(status().isUnauthorized()) .andExpect(invalidTokenHeader("An error occurred while attempting to decode the Jwt")); }
@Test public void getWhenUsingDefaultsWithSufficientlyScopedBearerTokenThenAcceptsRequest() throws Exception { this.spring.register(RestOperationsConfig.class, DefaultConfig.class, BasicController.class).autowire(); mockRestOperations(jwks("Default")); String token = this.token("ValidMessageReadScope"); this.mvc.perform(get("/requires-read-scope") .with(bearerToken(token))) .andExpect(status().isOk()) .andExpect(content().string("SCOPE_message:read")); }
@Test public void getWhenUsingJwkSetUriThenAcceptsRequest() throws Exception { this.spring.register(WebServerConfig.class, JwkSetUriConfig.class, BasicController.class).autowire(); mockWebServer(jwks("Default")); String token = this.token("ValidNoScopes"); this.mvc.perform(get("/").with(bearerToken(token))) .andExpect(status().isOk()) .andExpect(content().string("ok")); }