org.jasig.springframework.security.portlet.context.PortletSecurityContextPersistenceFilterTests.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.jasig.springframework.security.portlet.context.PortletSecurityContextPersistenceFilterTests.java

Introduction

Here is the source code for org.jasig.springframework.security.portlet.context.PortletSecurityContextPersistenceFilterTests.java

Source

/**
 * Licensed to Jasig under one or more contributor license
 * agreements. See the NOTICE file distributed with this work
 * for additional information regarding copyright ownership.
 * Jasig licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a
 * copy of the License at:
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.jasig.springframework.security.portlet.context;

import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertNotNull;
import static junit.framework.Assert.assertNull;
import static junit.framework.Assert.fail;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;

import java.io.IOException;

import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.portlet.filter.FilterChain;

import org.junit.After;
import org.junit.Test;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
import org.springframework.mock.web.portlet.MockRenderRequest;
import org.springframework.mock.web.portlet.MockRenderResponse;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;

public class PortletSecurityContextPersistenceFilterTests {
    TestingAuthenticationToken testToken = new TestingAuthenticationToken("someone", "passwd", "ROLE_A");

    @After
    public void clearContext() {
        SecurityContextHolder.clearContext();
    }

    @Test
    public void contextIsClearedAfterChainProceeds() throws Exception {
        final FilterChain chain = mock(FilterChain.class);
        final MockRenderRequest request = new MockRenderRequest();
        final MockRenderResponse response = new MockRenderResponse();
        PortletSecurityContextPersistenceFilter filter = new PortletSecurityContextPersistenceFilter();
        SecurityContextHolder.getContext().setAuthentication(testToken);

        filter.doFilter(request, response, chain);
        verify(chain).doFilter(any(RenderRequest.class), any(RenderResponse.class));
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    @Test
    public void contextIsStillClearedIfExceptionIsThrowByFilterChain() throws Exception {
        final FilterChain chain = mock(FilterChain.class);
        final MockRenderRequest request = new MockRenderRequest();
        final MockRenderResponse response = new MockRenderResponse();
        PortletSecurityContextPersistenceFilter filter = new PortletSecurityContextPersistenceFilter();
        SecurityContextHolder.getContext().setAuthentication(testToken);
        doThrow(new IOException()).when(chain).doFilter(any(RenderRequest.class), any(RenderResponse.class));
        try {
            filter.doFilter(request, response, chain);
            fail();
        } catch (IOException expected) {
        }

        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    @Test
    public void loadedContextContextIsCopiedToSecurityContextHolderAndUpdatedContextIsStored() throws Exception {
        final MockRenderRequest request = new MockRenderRequest();
        final MockRenderResponse response = new MockRenderResponse();
        final PortletSecurityContextRepository repo = mock(PortletSecurityContextRepository.class);
        PortletSecurityContextPersistenceFilter filter = new PortletSecurityContextPersistenceFilter(repo);
        final TestingAuthenticationToken beforeAuth = new TestingAuthenticationToken("someoneelse", "passwd",
                "ROLE_B");
        final SecurityContext scBefore = new SecurityContextImpl();
        final SecurityContext scExpectedAfter = new SecurityContextImpl();
        scExpectedAfter.setAuthentication(testToken);
        scBefore.setAuthentication(beforeAuth);
        when(repo.loadContext(any(PortletRequestResponseHolder.class))).thenReturn(scBefore);

        final FilterChain chain = mock(FilterChain.class);
        doAnswer(new Answer<Object>() {
            @Override
            public Object answer(InvocationOnMock invocation) throws Throwable {
                assertEquals(beforeAuth, SecurityContextHolder.getContext().getAuthentication());
                // Change the context here
                SecurityContextHolder.setContext(scExpectedAfter);
                return null;
            }
        }).when(chain).doFilter(any(RenderRequest.class), any(RenderResponse.class));

        filter.doFilter(request, response, chain);

        verify(repo).saveContext(eq(scExpectedAfter), any(PortletRequestResponseHolder.class));
    }

    @Test
    public void filterIsNotAppliedAgainIfFilterAppliedAttributeIsSet() throws Exception {
        final FilterChain chain = mock(FilterChain.class);
        final MockRenderRequest request = new MockRenderRequest();
        final MockRenderResponse response = new MockRenderResponse();
        final PortletSecurityContextRepository repo = mock(PortletSecurityContextRepository.class);
        PortletSecurityContextPersistenceFilter filter = new PortletSecurityContextPersistenceFilter(repo);

        request.setAttribute(PortletSecurityContextPersistenceFilter.FILTER_APPLIED, Boolean.TRUE);
        filter.doFilter(request, response, chain);
        verify(chain).doFilter(request, response);
    }

    @Test
    public void sessionIsEagerlyCreatedWhenConfigured() throws Exception {
        final FilterChain chain = mock(FilterChain.class);
        final MockRenderRequest request = new MockRenderRequest();
        final MockRenderResponse response = new MockRenderResponse();
        PortletSecurityContextPersistenceFilter filter = new PortletSecurityContextPersistenceFilter();
        filter.setForceEagerSessionCreation(true);
        filter.doFilter(request, response, chain);
        assertNotNull(request.getPortletSession(false));
    }

    @Test
    public void nullSecurityContextRepoDoesntSaveContextOrCreateSession() throws Exception {
        final FilterChain chain = mock(FilterChain.class);
        final MockRenderRequest request = new MockRenderRequest();
        final MockRenderResponse response = new MockRenderResponse();
        PortletSecurityContextRepository repo = new NullPortletSecurityContextRepository();
        PortletSecurityContextPersistenceFilter filter = new PortletSecurityContextPersistenceFilter(repo);
        filter.doFilter(request, response, chain);
        assertFalse(repo.containsContext(request));
        assertNull(request.getPortletSession(false));
    }
}