@Test public void requestWhenCustomSessionAuthenticationStrategyProvidedThenCalled() throws Exception { this.spring.register(CustomSessionAuthenticationStrategyConfig.class).autowire(); this.mvc.perform(formLogin().user("user").password("password")); verify(CustomSessionAuthenticationStrategyConfig.customSessionAuthenticationStrategy) .onAuthentication(any(Authentication.class), any(HttpServletRequest.class), any(HttpServletResponse.class)); }
@Test // http@authentication-manager-ref public void configureWhenAuthenticationManagerProvidedThenVerifyUse() throws Exception { AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER = mock(AuthenticationManager.class); this.spring.register(AuthenticationManagerRefConfig.class).autowire(); this.mockMvc.perform(formLogin()); verify(AuthenticationManagerRefConfig.AUTHENTICATION_MANAGER, times(1)).authenticate(any(Authentication.class)); }
@Test public void requestWhenCreateSessionIsSetToNeverThenDoesNotCreateSessionOnLogin() throws Exception { this.spring.configLocations(this.xml("CreateSessionNever")).autowire(); MockHttpServletRequest request = post("/login") .param("username", "user") .param("password", "password") .buildRequest(this.servletContext()); request = csrf().postProcessRequest(request); MockHttpServletResponse response = request(request, this.spring.getContext()); assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNull(); }
@Test public void passwordEncoderBeanUsed() throws Exception { this.spring.context("<b:bean id='passwordEncoder' class='org.springframework.security.crypto.password.NoOpPasswordEncoder' factory-method='getInstance'/>" + "<user-service>" + " <user name='user' password='password' authorities='ROLE_A,ROLE_B' />" + "</user-service>" + "<http/>") .mockMvcAfterSpringSecurityOk() .autowire(); this.mockMvc.perform(get("/").with(httpBasic("user", "password"))) .andExpect(status().isOk()); }
private static RequestBuilder formLogin(MockHttpSession session) { return post("/login") .param("username", "user") .param("password", "password") .session(session) .with(csrf()); } }
@Test @WithMockUser public void postWhenCsrfMismatchesThenForbidden() throws Exception { this.spring.configLocations( this.xml("shared-controllers"), this.xml("AutoConfig") ).autowire(); MvcResult result = this.mvc.perform(get("/ok")).andReturn(); MockHttpSession session = (MockHttpSession) result.getRequest().getSession(); this.mvc.perform(post("/ok") .session(session) .with(csrf().useInvalidToken())) .andExpect(status().isForbidden()); }
@Test public void passwordEncoderRefWhenAuthenticationManagerBuilderThenAuthenticationSuccess() throws Exception { this.spring.register(PasswordEncoderNoAuthManagerLoadsConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated()); }
@Test public void requestWhenCreateSessionIsSetToNeverThenUsesExistingSession() throws Exception { this.spring.configLocations(this.xml("CreateSessionNever")).autowire(); MockHttpServletRequest request = post("/login") .param("username", "user") .param("password", "password") .buildRequest(this.servletContext()); request = csrf().postProcessRequest(request); MockHttpSession session = new MockHttpSession(); request.setSession(session); MockHttpServletResponse response = request(request, this.spring.getContext()); assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); assertThat(request.getSession(false).getAttribute(SPRING_SECURITY_CONTEXT_KEY)) .isNotNull(); }
@Test public void authenticationManagerWhenMultipleProvidersThenWorks() throws Exception { this.spring.register(MultiAuthenticationProvidersConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withUsername("user").withRoles("USER")); this.mockMvc.perform(formLogin().user("admin")) .andExpect(authenticated().withUsername("admin").withRoles("USER", "ADMIN")); }
private ResultActions rememberAuthentication(String username, String password) throws Exception { return this.mvc.perform(login(username, password) .param(DEFAULT_PARAMETER, "true") .with(csrf())) .andExpect(redirectedUrl("/")); }
@Test public void passwordEncoderRefWithJdbc() throws Exception { this.spring.register(PasswordEncoderWithJdbcConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated()); }
@Test public void requestWhenCreateSessionIsSetToIfRequiredThenCreatesSessionOnLogin() throws Exception { this.spring.configLocations(this.xml("CreateSessionIfRequired")).autowire(); ServletContext servletContext = this.mvc.getDispatcherServlet().getServletContext(); MockHttpServletRequest request = post("/login") .param("username", "user") .param("password", "password") .buildRequest(servletContext); request = csrf().postProcessRequest(request); MockHttpServletResponse response = request(request, this.spring.getContext()); assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY); assertThat(request.getSession(false)).isNotNull(); }
@Test public void passwordEncoderRefWithInMemory() throws Exception { this.spring.register(PasswordEncoderWithInMemoryConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated()); }
@Test public void passwordEncoderRefWithUserDetailsService() throws Exception { this.spring.register(PasswordEncoderWithUserDetailsServiceConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated()); }
@Test // http@security-context-repository-ref public void configureWhenNullSecurityContextRepositoryThenSecurityContextNotSavedInSession() throws Exception { this.spring.register(SecurityContextRepoConfig.class).autowire(); MvcResult mvcResult = this.mockMvc.perform(formLogin()).andReturn(); HttpSession session = mvcResult.getRequest().getSession(false); assertThat(session).isNull(); }
@Test // authentication-provider@ref public void authenticationProviderRef() throws Exception { this.spring.register(AuthenticationProviderRefConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withUsername("user")); }
@Test // authentication-provider@user-service-ref public void authenticationProviderUserServiceRef() throws Exception { this.spring.register(AuthenticationProviderRefConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withUsername("user")); }
@Test public void jdbcUserService() throws Exception { this.spring.register(DataSourceConfig.class, JdbcUserServiceConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withUsername("user")); }
@Test public void jdbcUserServiceCustom() throws Exception { this.spring.register(CustomDataSourceConfig.class, CustomJdbcUserServiceSampleConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(authenticated().withUsername("user").withRoles("DBA", "USER")); }