Package com.mockrunner.mock.web

Examples of com.mockrunner.mock.web.MockFilterChain


    private void dispatch(HttpServletRequest request, HttpServletResponse response) throws Exception {
        final DispatcherServlet dispatcher = getDispatcher();
       
        // build a filter chain so that we can test with filters as well
        MockFilterChain chain = new MockFilterChain();
        List<Filter> filters = getFilters();
        if(filters != null) {
            for (Filter filter : filters) {
                chain.addFilter(filter);
            }
        }
        chain.setServlet(new HttpServlet() {
            @Override
            protected void service(HttpServletRequest request, HttpServletResponse response)
                    throws ServletException, IOException {
                try {
                    //excute the pre handler step
                    Collection interceptors =
                        GeoServerExtensions.extensions(HandlerInterceptor.class, applicationContext );
                    for ( Iterator i = interceptors.iterator(); i.hasNext(); ) {
                        HandlerInterceptor interceptor = (HandlerInterceptor) i.next();
                        interceptor.preHandle( request, response, dispatcher );
                    }
                   
                    //execute
                    //dispatcher.handleRequest( request, response );
                    dispatcher.service(request, response);
                   
                    //execute the post handler step
                    for ( Iterator i = interceptors.iterator(); i.hasNext(); ) {
                        HandlerInterceptor interceptor = (HandlerInterceptor) i.next();
                        interceptor.postHandle( request, response, dispatcher, null );
                    }
                } catch(RuntimeException e) {
                    throw e;
                } catch(IOException e) {
                    throw e;
                } catch(ServletException e) {
                    throw e;
                } catch(Exception e) {
                    throw (IOException) new IOException("Failed to handle the request").initCause(e);
                }
            }
        });
       
        chain.doFilter(request, response);
       
    }
View Full Code Here


        SecurityContextHolder.getContext().setAuthentication(null);
       
        // Test entry point               
        MockHttpServletRequest request= createRequest("/foo/bar");
        MockHttpServletResponse response= new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();       
       
       
        getProxy().doFilter(request, response, chain);
        String tmp = response.getHeader("WWW-Authenticate");
        assertNotNull(tmp);
        assert(tmp.indexOf(GeoServerSecurityManager.REALM) !=-1 );
        assert(tmp.indexOf("Basic") !=-1 );
        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
        assertNull(SecurityContextHolder.getContext().getAuthentication());

       
        // check success
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       

        request.addHeader("Authorization""Basic " +
                new String(Base64.encodeBytes((testUserName+":"+testPassword).getBytes())));
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        Authentication auth = getAuth(testFilterName, testUserName,null,null);
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(testUserName, ((UserDetails) auth.getPrincipal()).getUsername());
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));
       
        // check wrong password
//        request= createRequest("/foo/bar");
//        response= new MockHttpServletResponse();
//        chain = new MockFilterChain();
//
//        request.addHeader("Authorization",  "Basic " +
//                new String(Base64.encodeBytes((testUserName+":wrongpass").getBytes())));
//        getProxy().doFilter(request, response, chain);
//        tmp = response.getHeader("WWW-Authenticate");
//        assertNotNull(tmp);
//        assert(tmp.indexOf(GeoServerSecurityManager.REALM) !=-1 );
//        assert(tmp.indexOf("Basic") !=-1 );
//        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
//        assertNull(SecurityContextHolder.getContext().getAuthentication());
//        auth = getAuth(testFilterName, testUserName,null,null);
//        assertNull(auth);

       
        // check unknown user
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();

        request.addHeader("Authorization""Basic " +
                new String(Base64.encodeBytes(("unknwon:"+testPassword).getBytes())));
        getProxy().doFilter(request, response, chain);
        tmp = response.getHeader("WWW-Authenticate");
        assertNotNull(tmp);
        assert(tmp.indexOf(GeoServerSecurityManager.REALM) !=-1 );
        assert(tmp.indexOf("Basic") !=-1 );
        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
        auth = getAuth("unknow", testPassword,null,null);
        assertNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());

        // check root user
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       
       
        request.addHeader("Authorization""Basic " +
                new String(Base64.encodeBytes((GeoServerUser.ROOT_USERNAME+":"+getMasterPassword()).getBytes())));
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        auth = getAuth(GeoServerUser.ROOT_USERNAME, "geoserver",null,null);
        assertNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
       

       
        // check disabled user       
        updateUser("ug1", testUserName, false);
       
        // since the cache is working, disabling has no effect
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();
        request.addHeader("Authorization""Basic " +
                new String(Base64.encodeBytes((testUserName+":"+testPassword).getBytes())));
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        auth = getAuth(testFilterName, testUserName,null,null);
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(testUserName, ((UserDetails) auth.getPrincipal()).getUsername());
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));

        // clear cache, user should be disabled
        getCache().removeAll();

        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();
        request.addHeader("Authorization""Basic " +
                new String(Base64.encodeBytes((testUserName+":"+testPassword).getBytes())));
        getProxy().doFilter(request, response, chain);
        tmp = response.getHeader("WWW-Authenticate");
        assertNotNull(tmp);
View Full Code Here

        SecurityContextHolder.getContext().setAuthentication(null);
       
        // Test entry point               
        MockHttpServletRequest request= createRequest("/foo/bar");
        MockHttpServletResponse response= new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();               
       
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_FORBIDDEN,response.getErrorCode());
        assertNull(SecurityContextHolder.getContext().getAuthentication());


        // test preauthenticated with dedicated role service       
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();               
        request.setUserPrincipal(new Principal() {           
            @Override
            public String getName() {
                return testUserName;
            }
        });
        request.setUserInRole(derivedRole,true);
        request.setUserInRole(rootRole,false);
        getProxy().doFilter(request, response, chain);
       
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        Authentication auth = getAuth(testFilterName3, testUserName,null,null);
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(testUserName, auth.getPrincipal());
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));
       
        // test root               
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();               
        request.setUserPrincipal(new Principal() {           
            @Override
            public String getName() {
                return GeoServerUser.ROOT_USERNAME;
            }
        });
        getProxy().doFilter(request, response, chain);
       
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        auth = getAuth(testFilterName3, GeoServerUser.ROOT_USERNAME,null,null);
        assertNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        //checkForAuthenticatedRole(auth);

        config.setRoleServiceName(null);
        getSecurityManager().saveFilter(config);
       
        // test preauthenticated with active role service               
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();               
        request.setUserPrincipal(new Principal() {           
            @Override
            public String getName() {
                return testUserName;
            }
        });
        request.setUserInRole(derivedRole,true);
        request.setUserInRole(rootRole,false);
        getProxy().doFilter(request, response, chain);
       
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        auth = getAuth(testFilterName3, testUserName,null,null);
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(testUserName, auth.getPrincipal());
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));
       
        // Test anonymous
        insertAnonymousFilter();
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();                       
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        // Anonymous context is not stored in http session, no further testing
        removeAnonymousFilter();
View Full Code Here

        SecurityContextHolder.getContext().setAuthentication(null);
       
        // Test entry point               
        MockHttpServletRequest request= createRequest("/foo/bar");
        MockHttpServletResponse response= new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();               
       
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_FORBIDDEN,response.getErrorCode());
        assertNull(SecurityContextHolder.getContext().getAuthentication());
       
       
        for (PreAuthenticatedUserNameRoleSource rs : PreAuthenticatedUserNameRoleSource.values()) {           
            getCache().removeAll();
           
            config.setRoleSource(rs);
            getSecurityManager().saveFilter(config);
            request= createRequest("/foo/bar");
            response= new MockHttpServletResponse();
            chain = new MockFilterChain();           
            request.setHeader("principal", testUserName);
            if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) {
                request.setHeader("roles", derivedRole+";"+rootRole);
            }
            getProxy().doFilter(request, response, chain);           
            assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
            Authentication auth = getAuth(testFilterName4, testUserName,null,null);
            if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) {
                continue; // no cache
            }
            assertNotNull(auth);
            assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(auth);
            assertEquals(testUserName, auth.getPrincipal());
            assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
            assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));       
        }

        // unknown user
        for (PreAuthenticatedUserNameRoleSource rs : PreAuthenticatedUserNameRoleSource.values()) {
            getCache().removeAll();           
            config.setRoleSource(rs);
            getSecurityManager().saveFilter(config);

            config.setRoleSource(rs);
            request= createRequest("/foo/bar");
            response= new MockHttpServletResponse();
            chain = new MockFilterChain();           
            request.setHeader("principal", "unknown");
            getProxy().doFilter(request, response, chain);           
            assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
            if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) {
                continue; // no cache
            }
            Authentication auth = getAuth(testFilterName4, "unknown",null,null);
            assertNotNull(auth);
            assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(auth);
            assertEquals("unknown", auth.getPrincipal());
        }

        // test disabled user, should not work since cache is active
       
        config.setRoleSource(PreAuthenticatedUserNameRoleSource.UserGroupService);
        // saving a filter empties the cache
        getSecurityManager().saveFilter(config);
        updateUser("ug1", testUserName, false);
               
        request= createRequest("/foo/bar");
        request.setHeader("principal", testUserName);
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();           
        getProxy().doFilter(request, response, chain);                                   
        assertEquals(HttpServletResponse.SC_FORBIDDEN,response.getErrorCode());
        Authentication auth = getAuth(testFilterName4, testUserName,null,null);
        assertNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
       
        updateUser("ug1", testUserName, true);
       
        // Test anonymous
        insertAnonymousFilter();
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();                       
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        // Anonymous context is not stored in http session, no further testing
        removeAnonymousFilter();
View Full Code Here

        SecurityContextHolder.getContext().setAuthentication(null);
           
        // Test entry point               
        MockHttpServletRequest request= createRequest("/foo/bar");
        MockHttpServletResponse response= new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();               
           
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_UNAUTHORIZED,response.getErrorCode());
        String tmp = response.getHeader("WWW-Authenticate");
        assertNotNull(tmp);
        assert(tmp.indexOf(GeoServerSecurityManager.REALM) !=-1 );
        assert(tmp.indexOf("Digest") !=-1 );
        assertNull(SecurityContextHolder.getContext().getAuthentication());
       
       
        // test successful login
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       

        String headerValue=clientDigestString(tmp, testUserName, testPassword, request.getMethod());
        request.addHeader("Authorization",  headerValue);
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        Authentication auth = getAuth(testFilterName2, testUserName,300,300);
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(testUserName, ((UserDetails) auth.getPrincipal()).getUsername());
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));
       
       
        // check wrong password
//        request= createRequest("/foo/bar");
//        response= new MockHttpServletResponse();
//        chain = new MockFilterChain();
//       
//        headerValue=clientDigestString(tmp, testUserName, "wrongpass", request.getMethod());
//        request.addHeader("Authorization",  headerValue);       
//        getProxy().doFilter(request, response, chain);
//        tmp = response.getHeader("WWW-Authenticate");
//        assertNotNull(tmp);
//        assert(tmp.indexOf(GeoServerSecurityManager.REALM) !=-1 );
//        assert(tmp.indexOf("Digest") !=-1 );
//        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
//        auth = getAuth(testFilterName2, testUserName,300,300);
//        assertNull(auth);
//        assertNull(SecurityContextHolder.getContext().getAuthentication());
       
        // check unknown user
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();

        headerValue=clientDigestString(tmp, "unknown", testPassword, request.getMethod());
        request.addHeader("Authorization",  headerValue);       
        getProxy().doFilter(request, response, chain);
        tmp = response.getHeader("WWW-Authenticate");
        assertNotNull(tmp);
        assert(tmp.indexOf(GeoServerSecurityManager.REALM) !=-1 );
        assert(tmp.indexOf("Digest") !=-1 );
        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
        auth = getAuth(testFilterName2, "unknown",300,300);
        assertNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());

        // check root user
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       
       
        headerValue=clientDigestString(tmp, GeoServerUser.ROOT_USERNAME, getMasterPassword(), request.getMethod());
        request.addHeader("Authorization",  headerValue);       
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        auth = getAuth(testFilterName2, GeoServerUser.ROOT_USERNAME,300,300);
        assertNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
       
        // check root user with wrong password
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       
       
        headerValue=clientDigestString(tmp, GeoServerUser.ROOT_USERNAME, "geoserver1", request.getMethod());
        request.addHeader("Authorization",  headerValue);       
        getProxy().doFilter(request, response, chain);
        tmp = response.getHeader("WWW-Authenticate");
        assertNotNull(tmp);
        assert(tmp.indexOf(GeoServerSecurityManager.REALM) !=-1 );
        assert(tmp.indexOf("Digest") !=-1 );
        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
        auth = getAuth(testFilterName2, GeoServerUser.ROOT_USERNAME,300,300);
        assertNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());


       
        // check disabled user, should not work becaus of cache
        updateUser("ug1", testUserName, false);
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       

        headerValue=clientDigestString(tmp, testUserName, testPassword, request.getMethod());
        request.addHeader("Authorization",  headerValue);
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        auth = getAuth(testFilterName2, testUserName,300,300);
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(testUserName, ((UserDetails) auth.getPrincipal()).getUsername());
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));

        // clear cache, now disabling should work
        getCache().removeAll();
       
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       

        headerValue=clientDigestString(tmp, "unknown", testPassword, request.getMethod());
        request.addHeader("Authorization",  headerValue);       
        getProxy().doFilter(request, response, chain);
        tmp = response.getHeader("WWW-Authenticate");
        assertNotNull(tmp);
        assert(tmp.indexOf(GeoServerSecurityManager.REALM) !=-1 );
        assert(tmp.indexOf("Digest") !=-1 );
        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
        auth = getAuth(testFilterName2, testUserName,300,300);
        assertNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());       
        updateUser("ug1", testUserName, true);       


        // Test anonymous
        insertAnonymousFilter();
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();                       
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        // Anonymous context is not stored in http session, no further testing
        removeAnonymousFilter();
    }
View Full Code Here

       
        // Test entry point               
        MockHttpServletRequest request= createRequest("/foo/bar");
        request.setupAddParameter("_spring_security_remember_me", "yes");
        MockHttpServletResponse response= new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();       
               
        getProxy().doFilter(request, response, chain);
        assertEquals(0, response.getCookies().size());
        String tmp = response.getHeader("WWW-Authenticate");
        assertNotNull(tmp);
   
       
        // check success
        request= createRequest("/foo/bar");
        request.setupAddParameter("_spring_security_remember_me", "yes");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       
   
               
        request.addHeader("Authorization""Basic " +
                new String(Base64.encodeBytes(("abc@xyz.com:abc").getBytes())));
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        Authentication auth = getAuth(testFilterName5, "abc@xyz.com", null,null);
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(1,response.getCookies().size());
        Cookie cookie = (Cookie) response.getCookies().get(0);

        request= createRequest("/foo/bar");
        request.setupAddParameter("_spring_security_remember_me", "yes");
        request.addCookie(cookie);
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        auth = getAuth(testFilterName5, "abc@xyz.com", null,null);
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals("abc@xyz.com", ((UserDetails) auth.getPrincipal()).getUsername());
//        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
//        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));

        // send cookie + auth header
        request= createRequest("/foo/bar");
        request.setupAddParameter("_spring_security_remember_me", "yes");
        request.addCookie(cookie);
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();
        request.addHeader("Authorization""Basic " +
                new String(Base64.encodeBytes(("abc@xyz.com:abc").getBytes())));
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        auth = getAuth(testFilterName5, "abc@xyz.com", null,null);
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals("abc@xyz.com", ((UserDetails) auth.getPrincipal()).getUsername());

        // check no remember me for root user
        request= createRequest("/foo/bar");
        request.setupAddParameter("_spring_security_remember_me", "yes");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       
   
               
        request.addHeader("Authorization""Basic " +
                new String(Base64.encodeBytes((GeoServerUser.ROOT_USERNAME+":"+getMasterPassword()).getBytes())));
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        auth = getAuth(testFilterName5, GeoServerUser.ROOT_USERNAME, null,null);       
        assertNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        //checkForAuthenticatedRole(auth);
        // no cookie for root user
        assertEquals(0,response.getCookies().size());
       
        // check disabled user
        updateUser("ug1", "abc@xyz.com", false);
       
        request= createRequest("/foo/bar");
        request.setupAddParameter("_spring_security_remember_me", "yes");
        request.addCookie(cookie);
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getErrorCode());
        // check for cancel cookie
        assertEquals(1,response.getCookies().size());
        Cookie cancelCookie = (Cookie) response.getCookies().get(0);
View Full Code Here

        SecurityContextHolder.getContext().setAuthentication(null);
       
        // Test entry point               
        MockHttpServletRequest request= createRequest("/foo/bar");
        MockHttpServletResponse response= new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();               
       
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_FORBIDDEN,response.getErrorCode());
        assertNull(SecurityContextHolder.getContext().getAuthentication());
       
       
        for (PreAuthenticatedUserNameRoleSource rs :
            PreAuthenticatedUserNameRoleSource.values()) {
            getCache().removeAll();
            config.setRoleSource(rs);
            getSecurityManager().saveFilter(config);
            request= createRequest("/foo/bar");
            response= new MockHttpServletResponse();
            chain = new MockFilterChain();
            if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) {
                request.setHeader("roles", derivedRole+";"+rootRole);
            }
            setCertifacteForUser(testUserName, request);                       
            getProxy().doFilter(request, response, chain);           
            assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
           
            if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) {
                continue; // no cache
            }
            Authentication auth = getAuth(testFilterName8, testUserName,null,null);
            assertNotNull(auth);
            assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(auth);
            assertEquals(testUserName, auth.getPrincipal());
            assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
            assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));       
        }

        // unknown user
        for (PreAuthenticatedUserNameRoleSource rs :
            PreAuthenticatedUserNameRoleSource.values()) {
            getCache().removeAll();
            config.setRoleSource(rs);
            getSecurityManager().saveFilter(config);

            config.setRoleSource(rs);
            request= createRequest("/foo/bar");
            response= new MockHttpServletResponse();
            chain = new MockFilterChain();
            //TODO
            setCertifacteForUser("unknown", request);
            getProxy().doFilter(request, response, chain);           
            assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
            if (rs.equals(PreAuthenticatedUserNameRoleSource.Header)) {
                continue; // no cache
            }
            Authentication auth = getAuth(testFilterName8, "unknown",null,null);
            assertNotNull(auth);
            assertNull(SecurityContextHolder.getContext().getAuthentication());
            checkForAuthenticatedRole(auth);
            assertEquals("unknown", auth.getPrincipal());
        }

        // test disabled user, should not work because of active cache
        updateUser("ug1", testUserName, false);
        config.setRoleSource(PreAuthenticatedUserNameRoleSource.UserGroupService);
        // saving the filter clears the cache
        getSecurityManager().saveFilter(config);
               
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();
        setCertifacteForUser(testUserName, request);
        getProxy().doFilter(request, response, chain);           
        assertEquals(HttpServletResponse.SC_FORBIDDEN,response.getErrorCode());
        Authentication auth = getAuth(testFilterName8, testUserName,0,0);
        assertNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
       
        updateUser("ug1", testUserName, true);
       
        // Test anonymous
        insertAnonymousFilter();
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();                       
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        // Anonymous context is not stored in http session, no further testing
        removeAnonymousFilter();
View Full Code Here

        SecurityContextHolder.getContext().setAuthentication(null);
           
        // Test entry point, must be digest               
        MockHttpServletRequest request= createRequest("/foo/bar");
        MockHttpServletResponse response= new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();               
           
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_UNAUTHORIZED,response.getErrorCode());
        String tmp = response.getHeader("WWW-Authenticate");
        assertNotNull(tmp);
        assert(tmp.indexOf(GeoServerSecurityManager.REALM) !=-1 );
        assert(tmp.indexOf("Digest") !=-1 );
        assertNull(SecurityContextHolder.getContext().getAuthentication());
       
       
        // test successful login for digest
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       

        String headerValue=clientDigestString(tmp, testUserName, testPassword, request.getMethod());
        request.addHeader("Authorization",  headerValue);
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
        Authentication auth = getAuth(testFilterName2, testUserName, 300,300);       
        assertNotNull(auth);
        assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(auth);
        assertEquals(testUserName, ((UserDetails) auth.getPrincipal()).getUsername());
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(rootRole)));
        assertTrue(auth.getAuthorities().contains(new GeoServerRole(derivedRole)));
       
        // check success for basic authentication
        request= createRequest("/foo/bar");
        response= new MockHttpServletResponse();
        chain = new MockFilterChain();       

        request.addHeader("Authorization""Basic " +
                new String(Base64.encodeBytes((testUserName+":"+testPassword).getBytes())));
        getProxy().doFilter(request, response, chain);
        assertEquals(HttpServletResponse.SC_OK, response.getErrorCode());
View Full Code Here

       
        MockHttpServletRequest request = createRequest("/foo");
       
        MockHttpServletResponse response = new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();
        chain.addFilter(getSecurityManager().loadFilter("roleConverter"));
       
        GeoServerSecurityFilterChainProxy filterChainProxy =
            GeoServerExtensions.bean(GeoServerSecurityFilterChainProxy.class);
        filterChainProxy.doFilter(request, response, chain);
        assertEquals(GeoServerRole.ANONYMOUS_ROLE.getAuthority(),response.getHeader("ROLES"));       
View Full Code Here

    public void testFilterChainWithDisabled() throws Exception {

        MockHttpServletRequest request = createRequest("/foo");
       
        MockHttpServletResponse response = new MockHttpServletResponse();
        MockFilterChain chain = new MockFilterChain();
       
        GeoServerSecurityFilterChainProxy filterChainProxy =
            GeoServerExtensions.bean(GeoServerSecurityFilterChainProxy.class);
        filterChainProxy.doFilter(request, response, chain);
        assertNull(response.getHeader("ROLES"));
View Full Code Here

TOP

Related Classes of com.mockrunner.mock.web.MockFilterChain

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.