List of usage examples for org.springframework.mock.web MockHttpSession MockHttpSession
public MockHttpSession()
From source file:org.cloudfoundry.identity.uaa.mock.token.TokenMvcMockTests.java
@Test public void ensure_that_form_redirect_is_not_a_parameter_unless_there_is_a_saved_request() throws Exception { //make sure we don't create a session on the homepage assertNull(getMockMvc().perform(get("/login")).andDo(print()) .andExpect(content().string(not(containsString(FORM_REDIRECT_PARAMETER)))).andReturn().getRequest() .getSession(false));//from ww w. j a v a 2s.c om //if there is a session, but no saved request getMockMvc().perform(get("/login").session(new MockHttpSession())).andDo(print()) .andExpect(content().string(not(containsString(FORM_REDIRECT_PARAMETER)))); }
From source file:org.cloudfoundry.identity.uaa.mock.token.TokenMvcMockTests.java
@Test public void testOpenIdToken() throws Exception { RandomValueStringGenerator generator = this.generator; String clientId = "testclient" + generator.generate(); String scopes = "space.*.developer,space.*.admin,org.*.reader,org.123*.admin,*.*,*,openid"; setUpClients(clientId, scopes, scopes, GRANT_TYPES, true); String username = "testuser" + generator.generate(); String userScopes = "space.1.developer,space.2.developer,org.1.reader,org.2.reader,org.12345.admin,scope.one,scope.two,scope.three,openid"; ScimUser developer = setUpUser(username, userScopes, OriginKeys.UAA, IdentityZoneHolder.get().getId()); getWebApplicationContext().getBean(UaaUserDatabase.class).updateLastLogonTime(developer.getId()); getWebApplicationContext().getBean(UaaUserDatabase.class).updateLastLogonTime(developer.getId()); String authCodeClientId = "testclient" + generator.generate(); setUpClients(authCodeClientId, scopes, scopes, "authorization_code", true); String implicitClientId = "testclient" + generator.generate(); setUpClients(implicitClientId, scopes, scopes, "implicit", true); String basicDigestHeaderValue = "Basic " + new String( org.apache.commons.codec.binary.Base64.encodeBase64((clientId + ":" + SECRET).getBytes())); String authCodeBasicDigestHeaderValue = "Basic " + new String( org.apache.commons.codec.binary.Base64.encodeBase64((authCodeClientId + ":" + SECRET).getBytes())); //password grant - request for id_token MockHttpServletRequestBuilder oauthTokenPost = post("/oauth/token") .header("Authorization", basicDigestHeaderValue).param(OAuth2Utils.RESPONSE_TYPE, "token id_token") .param(OAuth2Utils.GRANT_TYPE, "password").param(OAuth2Utils.CLIENT_ID, clientId) .param("username", username).param("password", SECRET).param(OAuth2Utils.SCOPE, "openid"); MvcResult result = getMockMvc().perform(oauthTokenPost).andExpect(status().isOk()).andReturn(); Map token = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); assertNotNull(token.get("access_token")); assertNotNull(token.get(REFRESH_TOKEN)); assertNotNull(token.get("id_token")); assertNotEquals(token.get("access_token"), token.get("id_token")); validateOpenIdConnectToken((String) token.get("id_token"), developer.getId(), clientId); //request for id_token using our old-style direct authentication //this returns a redirect with a fragment in the URL/Location header String credentials = String.format("{ \"username\":\"%s\", \"password\":\"%s\" }", username, SECRET); oauthTokenPost = post("/oauth/authorize").header("Accept", "application/json") .param(OAuth2Utils.RESPONSE_TYPE, "token id_token").param(OAuth2Utils.CLIENT_ID, implicitClientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI).param("credentials", credentials) .param(OAuth2Utils.STATE, generator.generate()).param(OAuth2Utils.SCOPE, "openid"); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); URL url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url);//from ww w . ja v a 2 s .com assertNotNull(((List<String>) token.get("access_token")).get(0)); assertNotNull(((List<String>) token.get("id_token")).get(0)); assertNotEquals(((List<String>) token.get("access_token")).get(0), ((List<String>) token.get("id_token")).get(0)); validateOpenIdConnectToken(((List<String>) token.get("id_token")).get(0), developer.getId(), implicitClientId); //authorization_code grant - requesting id_token MockHttpSession session = new MockHttpSession(); setAuthentication(session, developer); String state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code").param(OAuth2Utils.SCOPE, "openid") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, authCodeClientId) .param(ClaimConstants.NONCE, "testnonce").param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(token.get("code")); assertNotNull(((List<String>) token.get(OAuth2Utils.STATE)).get(0)); String code = ((List<String>) token.get("code")).get(0); oauthTokenPost = post("/oauth/token").header("Authorization", authCodeBasicDigestHeaderValue) .session(session).param(OAuth2Utils.GRANT_TYPE, "authorization_code").param("code", code) .param(OAuth2Utils.RESPONSE_TYPE, "token id_token").param(OAuth2Utils.SCOPE, "openid") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, authCodeClientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().isOk()).andReturn(); token = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); assertNotNull(token.get("access_token")); assertNotNull(token.get(REFRESH_TOKEN)); assertNotNull(token.get("id_token")); assertNotEquals(token.get("access_token"), token.get("id_token")); validateOpenIdConnectToken((String) token.get("id_token"), developer.getId(), authCodeClientId); //nonce must be in id_token if was in auth request, see http://openid.net/specs/openid-connect-core-1_0.html#IDToken Map<String, Object> claims = getClaimsForToken((String) token.get("id_token")); assertEquals("testnonce", claims.get(ClaimConstants.NONCE)); //hybrid flow defined in - response_types=code token id_token //http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code id_token token").param(OAuth2Utils.SCOPE, "openid") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, clientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(token.get("code")); assertNotNull(((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(((List<String>) token.get("access_token")).get(0)); assertNotNull(((List<String>) token.get("id_token")).get(0)); assertNotEquals(((List<String>) token.get("access_token")).get(0), ((List<String>) token.get("id_token")).get(0)); validateOpenIdConnectToken(((List<String>) token.get("id_token")).get(0), developer.getId(), clientId); //hybrid flow defined in - response_types=code token //http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code token").param(OAuth2Utils.SCOPE, "openid") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, clientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(token.get("code")); assertNotNull(((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(((List<String>) token.get("access_token")).get(0)); //hybrid flow defined in - response_types=code id_token //http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").session(session).param(OAuth2Utils.RESPONSE_TYPE, "code id_token") .param(OAuth2Utils.SCOPE, "openid").param(OAuth2Utils.STATE, state) .param(OAuth2Utils.CLIENT_ID, authCodeClientId).param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(token.get("code")); assertNotNull(((List<String>) token.get(OAuth2Utils.STATE)).get(0)); assertNotNull(((List<String>) token.get("id_token")).get(0)); assertNull(((List<String>) token.get("token"))); validateOpenIdConnectToken(((List<String>) token.get("id_token")).get(0), developer.getId(), authCodeClientId); //authorization code flow with parameter scope=openid //http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code").param(OAuth2Utils.SCOPE, "openid") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, clientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); assertFalse("Redirect URL should not be a fragment.", result.getResponse().getHeader("Location").contains("#")); url = new URL(result.getResponse().getHeader("Location")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); code = ((List<String>) token.get("code")).get(0); assertNotNull(code); oauthTokenPost = post("/oauth/token").accept(APPLICATION_JSON) .header("Authorization", basicDigestHeaderValue).param(OAuth2Utils.GRANT_TYPE, "authorization_code") .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI).param("code", code); result = getMockMvc().perform(oauthTokenPost).andExpect(status().isOk()).andReturn(); token = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); assertNotNull("ID Token should be present when scope=openid", token.get("id_token")); assertNotNull(token.get("id_token")); validateOpenIdConnectToken((String) token.get("id_token"), developer.getId(), clientId); //authorization code flow without parameter scope=openid //http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest //this behavior should NOT return an id_token session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code").param(OAuth2Utils.STATE, state) .param(OAuth2Utils.CLIENT_ID, clientId).param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); assertFalse("Redirect URL should not be a fragment.", result.getResponse().getHeader("Location").contains("#")); url = new URL(result.getResponse().getHeader("Location")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); code = ((List<String>) token.get("code")).get(0); assertNotNull(code); oauthTokenPost = post("/oauth/token").accept(APPLICATION_JSON) .header("Authorization", basicDigestHeaderValue).param(OAuth2Utils.GRANT_TYPE, "authorization_code") .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI).param("code", code); result = getMockMvc().perform(oauthTokenPost).andExpect(status().isOk()).andReturn(); token = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); assertNull("ID Token should not be present when scope=openid is not present", token.get("id_token")); //test if we can retrieve an ID token using //response type token+id_token after a regular auth_code flow session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").header("Authorization", basicDigestHeaderValue).session(session) .param(OAuth2Utils.RESPONSE_TYPE, "code").param(OAuth2Utils.STATE, state) .param(OAuth2Utils.CLIENT_ID, clientId).param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); code = ((List<String>) token.get("code")).get(0); assertNotNull(code); oauthTokenPost = post("/oauth/token").accept(APPLICATION_JSON) .header("Authorization", basicDigestHeaderValue).param(OAuth2Utils.GRANT_TYPE, "authorization_code") .param(OAuth2Utils.RESPONSE_TYPE, "token id_token") .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI).param("code", code); result = getMockMvc().perform(oauthTokenPost).andExpect(status().isOk()).andReturn(); token = JsonUtils.readValue(result.getResponse().getContentAsString(), Map.class); assertNotNull("ID Token should be present when response_type includes id_token", token.get("id_token")); assertNotNull(token.get("id_token")); assertNotNull(token.get("access_token")); validateOpenIdConnectToken((String) token.get("id_token"), developer.getId(), clientId); session = new MockHttpSession(); setAuthentication(session, developer); state = generator.generate(); oauthTokenPost = get("/oauth/authorize").session(session).param(OAuth2Utils.RESPONSE_TYPE, "id_token") .param(OAuth2Utils.STATE, state).param(OAuth2Utils.CLIENT_ID, implicitClientId) .param(OAuth2Utils.REDIRECT_URI, TEST_REDIRECT_URI); result = getMockMvc().perform(oauthTokenPost).andExpect(status().is3xxRedirection()).andReturn(); url = new URL(result.getResponse().getHeader("Location").replace("redirect#", "redirect?")); token = splitQuery(url); assertNotNull(token.get(OAuth2Utils.STATE)); assertNotNull(token.get("id_token")); assertEquals(state, ((List<String>) token.get(OAuth2Utils.STATE)).get(0)); }
From source file:org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.java
public static MockHttpSession getSavedRequestSession() { MockHttpSession session = new MockHttpSession(); SavedRequest savedRequest = new MockSavedRequest(); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); return session; }
From source file:org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.java
public static String getUserOAuthAccessTokenAuthCode(MockMvc mockMvc, String clientId, String clientSecret, String userId, String username, String password, String scope) throws Exception { String basicDigestHeaderValue = "Basic " + new String( org.apache.commons.codec.binary.Base64.encodeBase64((clientId + ":" + clientSecret).getBytes())); UaaPrincipal p = new UaaPrincipal(userId, username, "test@test.org", OriginKeys.UAA, "", IdentityZoneHolder.get().getId()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(p, "", UaaAuthority.USER_AUTHORITIES); Assert.assertTrue(auth.isAuthenticated()); SecurityContextHolder.getContext().setAuthentication(auth); MockHttpSession session = new MockHttpSession(); session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, new MockSecurityContext(auth)); String state = new RandomValueStringGenerator().generate(); MockHttpServletRequestBuilder authRequest = get("/oauth/authorize") .header("Authorization", basicDigestHeaderValue).header("Accept", MediaType.APPLICATION_JSON_VALUE) .session(session).param(OAuth2Utils.GRANT_TYPE, "authorization_code") .param(OAuth2Utils.RESPONSE_TYPE, "code") .param(TokenConstants.REQUEST_TOKEN_FORMAT, TokenConstants.OPAQUE).param(OAuth2Utils.STATE, state) .param(OAuth2Utils.CLIENT_ID, clientId).param(OAuth2Utils.REDIRECT_URI, "http://localhost/test"); if (StringUtils.hasText(scope)) { authRequest.param(OAuth2Utils.SCOPE, scope); }//from w w w.j a va 2 s . co m MvcResult result = mockMvc.perform(authRequest).andExpect(status().is3xxRedirection()).andReturn(); String location = result.getResponse().getHeader("Location"); UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(location); String code = builder.build().getQueryParams().get("code").get(0); authRequest = post("/oauth/token").header("Authorization", basicDigestHeaderValue) .header("Accept", MediaType.APPLICATION_JSON_VALUE) .param(OAuth2Utils.GRANT_TYPE, "authorization_code").param(OAuth2Utils.RESPONSE_TYPE, "token") .param("code", code).param(OAuth2Utils.CLIENT_ID, clientId) .param(OAuth2Utils.REDIRECT_URI, "http://localhost/test"); if (StringUtils.hasText(scope)) { authRequest.param(OAuth2Utils.SCOPE, scope); } result = mockMvc.perform(authRequest).andExpect(status().is2xxSuccessful()).andReturn(); InjectedMockContextTest.OAuthToken oauthToken = JsonUtils .readValue(result.getResponse().getContentAsString(), InjectedMockContextTest.OAuthToken.class); return oauthToken.accessToken; }
From source file:org.fao.geonet.kernel.SpringLocalServiceInvoker.java
/** * prepareMockRequestFromUri will search for spring services that match * the request and execute them. Typically used for the local:// xlink * speed up. Accepts urls prefixed with local://<nodename> eg. * local://srv/api/records/.. //w w w. j a v a2 s.c o m * but also urls prefixed with the nodename only eg. '/srv/api/records/..' */ private MockHttpServletRequest prepareMockRequestFromUri(String uri) { String requestURI = uri.replace("local:/", "").replace("/" + nodeId, "").split("\\?")[0]; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestURI); request.setSession(new MockHttpSession()); String[] splits = uri.split("\\?"); if (splits.length > 1) { String params = splits[1]; for (String param : params.split("&")) { String[] parts = param.split("="); String name = parts[0]; request.addParameter(name, parts.length == 2 ? parts[1] : ""); } } return request; }
From source file:org.finra.dm.ui.RequestLoggingFilterTest.java
private MockHttpServletRequest createServletRequest() { MockHttpServletRequest request = new MockHttpServletRequest(null, "/test"); request.setQueryString("param=value"); request.setMethod("POST"); MockHttpSession session = new MockHttpSession(); request.setContent(PAYLOAD_CONTENT.getBytes()); request.setSession(session);//from w w w . j a va 2s .co m request.setRemoteUser("Test Remote User"); return request; }
From source file:org.openmrs.module.kenyaui.KenyaUiUtilsTest.java
/** * @see KenyaUiUtils#notifySuccess(javax.servlet.http.HttpSession, String) */// w w w. j a v a2s. c o m @Test public void notifySuccess_shouldSetMessageSessionAttribute() { MockHttpSession session = new MockHttpSession(); kenyaUi.notifySuccess(session, "test"); Assert.assertThat((String) session.getAttribute(WebConstants.OPENMRS_MSG_ATTR), is("test")); }
From source file:org.openmrs.module.kenyaui.KenyaUiUtilsTest.java
/** * @see KenyaUiUtils#notifyError(javax.servlet.http.HttpSession, String) ) *///from w ww .j ava 2 s . co m @Test public void notifyError_shouldSetErrorSessionAttribute() { MockHttpSession session = new MockHttpSession(); kenyaUi.notifyError(session, "test"); Assert.assertThat((String) session.getAttribute(WebConstants.OPENMRS_ERROR_ATTR), is("test")); }
From source file:org.openmrs.module.radiology.legacyui.report.template.web.RadiologyDashboardReportTemplatesTabControllerTest.java
@Test public void shouldReturnModelAndViewOfTheRadiologyReportTemplatesTabPageAndSetTabSessionAttributeToRadiologyReportsTabPage() throws Exception { MockHttpSession mockSession = new MockHttpSession(); request.setSession(mockSession);// w ww.ja v a 2 s. co m ModelAndView modelAndView = radiologyDashboardReportTemplatesTabController .getRadiologyReportTemplatesTab(request); verifyZeroInteractions(mrrtReportTemplateService); assertNotNull(modelAndView); assertThat(modelAndView.getViewName(), is(RadiologyDashboardReportTemplatesTabController.RADIOLOGY_REPORT_TEMPLATES_TAB_VIEW)); assertThat(mockSession.getAttribute(RadiologyWebConstants.RADIOLOGY_DASHBOARD_TAB_SESSION_ATTRIBUTE), is(RadiologyDashboardReportTemplatesTabController.RADIOLOGY_REPORT_TEMPLATES_TAB_REQUEST_MAPPING)); }
From source file:org.openmrs.module.radiology.legacyui.report.template.web.RadiologyDashboardReportTemplatesTabControllerTest.java
@Test public void deleteMrrtReportTemplate_shouldReturnAModelAndViewOfTheRadiologyDashboardReportTemplatesPageWithAStatusMessage() { MockHttpSession mockSession = new MockHttpSession(); MrrtReportTemplate mockTemplate = mock(MrrtReportTemplate.class); request.setSession(mockSession);/*from w w w . j a va2s.c om*/ ModelAndView modelAndView = radiologyDashboardReportTemplatesTabController.deleteMrrtReportTemplate(request, mockTemplate); verify(mrrtReportTemplateService).purgeMrrtReportTemplate(mockTemplate); verifyNoMoreInteractions(mrrtReportTemplateService); assertNotNull(modelAndView); assertThat(modelAndView.getViewName(), is(RadiologyDashboardReportTemplatesTabController.RADIOLOGY_REPORT_TEMPLATES_TAB_VIEW)); assertThat(mockSession.getAttribute(WebConstants.OPENMRS_MSG_ATTR), is("radiology.MrrtReportTemplate.deleted")); }