|
|
@@ -3,18 +3,22 @@ package org.springframework.security.web;
|
|
|
import static org.junit.Assert.*;
|
|
|
import static org.mockito.Mockito.*;
|
|
|
|
|
|
+import org.junit.After;
|
|
|
import org.junit.Before;
|
|
|
import org.junit.Test;
|
|
|
import org.mockito.invocation.InvocationOnMock;
|
|
|
import org.mockito.stubbing.Answer;
|
|
|
import org.springframework.mock.web.MockHttpServletRequest;
|
|
|
import org.springframework.mock.web.MockHttpServletResponse;
|
|
|
+import org.springframework.security.authentication.TestingAuthenticationToken;
|
|
|
+import org.springframework.security.core.context.SecurityContextHolder;
|
|
|
import org.springframework.security.web.firewall.FirewalledRequest;
|
|
|
import org.springframework.security.web.firewall.HttpFirewall;
|
|
|
import org.springframework.security.web.util.RequestMatcher;
|
|
|
|
|
|
import javax.servlet.Filter;
|
|
|
import javax.servlet.FilterChain;
|
|
|
+import javax.servlet.ServletException;
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
import javax.servlet.http.HttpServletRequestWrapper;
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
@@ -55,6 +59,11 @@ public class FilterChainProxyTests {
|
|
|
chain = mock(FilterChain.class);
|
|
|
}
|
|
|
|
|
|
+ @After
|
|
|
+ public void teardown() {
|
|
|
+ SecurityContextHolder.clearContext();
|
|
|
+ }
|
|
|
+
|
|
|
@Test
|
|
|
public void toStringCallSucceeds() throws Exception {
|
|
|
fcp.afterPropertiesSet();
|
|
|
@@ -155,4 +164,37 @@ public class FilterChainProxyTests {
|
|
|
verify(firstFwr).reset();
|
|
|
verify(fwr).reset();
|
|
|
}
|
|
|
+
|
|
|
+ @Test
|
|
|
+ public void doFilterClearsSecurityContextHolder() throws Exception {
|
|
|
+ when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
|
|
|
+ doAnswer(new Answer<Object>() {
|
|
|
+ public Object answer(InvocationOnMock inv) throws Throwable {
|
|
|
+ SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("username", "password"));
|
|
|
+ return null;
|
|
|
+ }
|
|
|
+ }).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
|
|
|
+
|
|
|
+ fcp.doFilter(request, response, chain);
|
|
|
+
|
|
|
+ assertNull(SecurityContextHolder.getContext().getAuthentication());
|
|
|
+ }
|
|
|
+
|
|
|
+ @Test
|
|
|
+ public void doFilterClearsSecurityContextHolderWithException() throws Exception {
|
|
|
+ when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
|
|
|
+ doAnswer(new Answer<Object>() {
|
|
|
+ public Object answer(InvocationOnMock inv) throws Throwable {
|
|
|
+ SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("username", "password"));
|
|
|
+ throw new ServletException("oops");
|
|
|
+ }
|
|
|
+ }).when(filter).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class), any(FilterChain.class));
|
|
|
+
|
|
|
+ try {
|
|
|
+ fcp.doFilter(request, response, chain);
|
|
|
+ fail("Expected Exception");
|
|
|
+ }catch(ServletException success) {}
|
|
|
+
|
|
|
+ assertNull(SecurityContextHolder.getContext().getAuthentication());
|
|
|
+ }
|
|
|
}
|
Rob Winch