portletsessioncontextintegrationinterceptortests.java

来自「acegi构造安全的java系统」· Java 代码 · 共 373 行 · 第 1/2 页

JAVA
373
字号
		// Verify the SecurityContextHolder starts empty		assertNull(SecurityContextHolder.getContext().getAuthentication());		// Run preHandleAction phase and verify SecurityContextHolder contains our Authentication		interceptor.preHandleAction(request, response, null);		assertEquals(baselinePrincipal, SecurityContextHolder.getContext().getAuthentication());		// Perform updates to principal		sessionPrincipal = PortletTestUtils.createAuthenticatedToken(				new User(PortletTestUtils.TESTUSER, PortletTestUtils.TESTCRED, true, true, true, true,						new GrantedAuthority[] {new GrantedAuthorityImpl("UPDATEDROLE1")}));		baselinePrincipal = PortletTestUtils.createAuthenticatedToken(				new User(PortletTestUtils.TESTUSER, PortletTestUtils.TESTCRED, true, true, true, true,						new GrantedAuthority[] {new GrantedAuthorityImpl("UPDATEDROLE1")}));		// Store updated principal into SecurityContextHolder		SecurityContextHolder.getContext().setAuthentication(sessionPrincipal);		// Run afterActionCompletion phase and verify the SecurityContextHolder is empty		interceptor.afterActionCompletion(request, response, null, null);		assertNull(SecurityContextHolder.getContext().getAuthentication());		// Verify the new principal is stored in the session		sc = (SecurityContext)request.getPortletSession().getAttribute(				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,				PortletSession.APPLICATION_SCOPE);		assertEquals(baselinePrincipal, sc.getAuthentication());	}	public void testPortletSessionCreatedWhenContextHolderChanges() throws Exception {		// Build mock request and response		MockActionRequest request = PortletTestUtils.createActionRequest();		MockActionResponse response = PortletTestUtils.createActionResponse();		// Prepare the interceptor		PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor();		interceptor.afterPropertiesSet();		// Execute the interceptor		interceptor.preHandleAction(request, response, null);		PortletAuthenticationToken principal = PortletTestUtils.createAuthenticatedToken();		SecurityContextHolder.getContext().setAuthentication(principal);		interceptor.afterActionCompletion(request, response, null, null);		// Verify Authentication is in the PortletSession		SecurityContext sc = (SecurityContext)request.getPortletSession(false).				getAttribute(PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);		assertEquals(principal, ((SecurityContext)sc).getAuthentication());	}	public void testPortletSessionEagerlyCreatedWhenDirected() throws Exception {		// Build mock request and response		MockActionRequest request = PortletTestUtils.createActionRequest();		MockActionResponse response = PortletTestUtils.createActionResponse();		// Prepare the interceptor		PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor();		interceptor.setForceEagerSessionCreation(true); // non-default		interceptor.afterPropertiesSet();		// Execute the interceptor		interceptor.preHandleAction(request, response, null);		interceptor.afterActionCompletion(request, response, null, null);		// Check the session is not null		assertNotNull(request.getPortletSession(false));	}	public void testPortletSessionNotCreatedUnlessContextHolderChanges() throws Exception {		// Build mock request and response		MockActionRequest request = PortletTestUtils.createActionRequest();		MockActionResponse response = PortletTestUtils.createActionResponse();		// Prepare the interceptor		PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor();		interceptor.afterPropertiesSet();		// Execute the interceptor		interceptor.preHandleAction(request, response, null);		interceptor.afterActionCompletion(request, response, null, null);		// Check the session is null		assertNull(request.getPortletSession(false));	}	public void testPortletSessionWithNonContextInWellKnownLocationIsOverwritten()			throws Exception {		// Build mock request and response		MockActionRequest request = PortletTestUtils.createActionRequest();		MockActionResponse response = PortletTestUtils.createActionResponse();		request.getPortletSession().setAttribute(				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,				"NOT_A_CONTEXT_OBJECT", PortletSession.APPLICATION_SCOPE);		// Prepare the interceptor		PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor();		interceptor.afterPropertiesSet();		// Execute the interceptor		interceptor.preHandleAction(request, response, null);		PortletAuthenticationToken principal = PortletTestUtils.createAuthenticatedToken();		SecurityContextHolder.getContext().setAuthentication(principal);		interceptor.afterActionCompletion(request, response, null, null);		// Verify Authentication is in the PortletSession		SecurityContext sc = (SecurityContext)request.getPortletSession(false).				getAttribute(PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE);		assertEquals(principal, ((SecurityContext)sc).getAuthentication());	}	public void testPortletSessionCreationNotAllowed() throws Exception {		// Build mock request and response		MockActionRequest request = PortletTestUtils.createActionRequest();		MockActionResponse response = PortletTestUtils.createActionResponse();		// Prepare the interceptor		PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor();		interceptor.setAllowSessionCreation(false); // non-default		interceptor.afterPropertiesSet();		// Execute the interceptor		interceptor.preHandleAction(request, response, null);		PortletAuthenticationToken principal = PortletTestUtils.createAuthenticatedToken();		SecurityContextHolder.getContext().setAuthentication(principal);		interceptor.afterActionCompletion(request, response, null, null);		// Check the session is null		assertNull(request.getPortletSession(false));	}	public void testUsePortletScopeSession() throws Exception {		// Build an Authentication object we simulate came from PortletSession		PortletAuthenticationToken sessionPrincipal = PortletTestUtils.createAuthenticatedToken();		PortletAuthenticationToken baselinePrincipal = PortletTestUtils.createAuthenticatedToken();		// Build a Context to store in PortletSession (simulating prior request)		SecurityContext sc = new SecurityContextImpl();		sc.setAuthentication(sessionPrincipal);		// Build mock request and response		MockActionRequest request = PortletTestUtils.createActionRequest();		MockActionResponse response = PortletTestUtils.createActionResponse();		request.getPortletSession().setAttribute(				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,				sc, PortletSession.PORTLET_SCOPE);		// Prepare interceptor		PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor();		interceptor.setUseApplicationScopePortletSession(false); // non-default		interceptor.afterPropertiesSet();		// Run preHandleAction phase and verify SecurityContextHolder contains our Authentication		interceptor.preHandleAction(request, response, null);		assertEquals(baselinePrincipal, SecurityContextHolder.getContext().getAuthentication());		// Perform updates to principal		sessionPrincipal = PortletTestUtils.createAuthenticatedToken(				new User(PortletTestUtils.TESTUSER, PortletTestUtils.TESTCRED, true, true, true, true,						new GrantedAuthority[] {new GrantedAuthorityImpl("UPDATEDROLE1")}));		baselinePrincipal = PortletTestUtils.createAuthenticatedToken(				new User(PortletTestUtils.TESTUSER, PortletTestUtils.TESTCRED, true, true, true, true,						new GrantedAuthority[] {new GrantedAuthorityImpl("UPDATEDROLE1")}));		// Store updated principal into SecurityContextHolder		SecurityContextHolder.getContext().setAuthentication(sessionPrincipal);		// Run afterActionCompletion phase and verify the SecurityContextHolder is empty		interceptor.afterActionCompletion(request, response, null, null);		assertNull(SecurityContextHolder.getContext().getAuthentication());		// Verify the new principal is stored in the session		sc = (SecurityContext)request.getPortletSession().getAttribute(				PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY,				PortletSession.PORTLET_SCOPE);		assertEquals(baselinePrincipal, sc.getAuthentication());	}}

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?