portletsessioncontextintegrationinterceptortests.java
来自「acegi构造安全的java系统」· Java 代码 · 共 373 行 · 第 1/2 页
JAVA
373 行
// Verify the SecurityContextHolder starts empty assertNull(SecurityContextHolder.getContext().getAuthentication()); // Run preHandleAction phase and verify SecurityContextHolder contains our Authentication interceptor.preHandleAction(request, response, null); assertEquals(baselinePrincipal, SecurityContextHolder.getContext().getAuthentication()); // Perform updates to principal sessionPrincipal = PortletTestUtils.createAuthenticatedToken( new User(PortletTestUtils.TESTUSER, PortletTestUtils.TESTCRED, true, true, true, true, new GrantedAuthority[] {new GrantedAuthorityImpl("UPDATEDROLE1")})); baselinePrincipal = PortletTestUtils.createAuthenticatedToken( new User(PortletTestUtils.TESTUSER, PortletTestUtils.TESTCRED, true, true, true, true, new GrantedAuthority[] {new GrantedAuthorityImpl("UPDATEDROLE1")})); // Store updated principal into SecurityContextHolder SecurityContextHolder.getContext().setAuthentication(sessionPrincipal); // Run afterActionCompletion phase and verify the SecurityContextHolder is empty interceptor.afterActionCompletion(request, response, null, null); assertNull(SecurityContextHolder.getContext().getAuthentication()); // Verify the new principal is stored in the session sc = (SecurityContext)request.getPortletSession().getAttribute( PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE); assertEquals(baselinePrincipal, sc.getAuthentication()); } public void testPortletSessionCreatedWhenContextHolderChanges() throws Exception { // Build mock request and response MockActionRequest request = PortletTestUtils.createActionRequest(); MockActionResponse response = PortletTestUtils.createActionResponse(); // Prepare the interceptor PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor(); interceptor.afterPropertiesSet(); // Execute the interceptor interceptor.preHandleAction(request, response, null); PortletAuthenticationToken principal = PortletTestUtils.createAuthenticatedToken(); SecurityContextHolder.getContext().setAuthentication(principal); interceptor.afterActionCompletion(request, response, null, null); // Verify Authentication is in the PortletSession SecurityContext sc = (SecurityContext)request.getPortletSession(false). getAttribute(PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE); assertEquals(principal, ((SecurityContext)sc).getAuthentication()); } public void testPortletSessionEagerlyCreatedWhenDirected() throws Exception { // Build mock request and response MockActionRequest request = PortletTestUtils.createActionRequest(); MockActionResponse response = PortletTestUtils.createActionResponse(); // Prepare the interceptor PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor(); interceptor.setForceEagerSessionCreation(true); // non-default interceptor.afterPropertiesSet(); // Execute the interceptor interceptor.preHandleAction(request, response, null); interceptor.afterActionCompletion(request, response, null, null); // Check the session is not null assertNotNull(request.getPortletSession(false)); } public void testPortletSessionNotCreatedUnlessContextHolderChanges() throws Exception { // Build mock request and response MockActionRequest request = PortletTestUtils.createActionRequest(); MockActionResponse response = PortletTestUtils.createActionResponse(); // Prepare the interceptor PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor(); interceptor.afterPropertiesSet(); // Execute the interceptor interceptor.preHandleAction(request, response, null); interceptor.afterActionCompletion(request, response, null, null); // Check the session is null assertNull(request.getPortletSession(false)); } public void testPortletSessionWithNonContextInWellKnownLocationIsOverwritten() throws Exception { // Build mock request and response MockActionRequest request = PortletTestUtils.createActionRequest(); MockActionResponse response = PortletTestUtils.createActionResponse(); request.getPortletSession().setAttribute( PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, "NOT_A_CONTEXT_OBJECT", PortletSession.APPLICATION_SCOPE); // Prepare the interceptor PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor(); interceptor.afterPropertiesSet(); // Execute the interceptor interceptor.preHandleAction(request, response, null); PortletAuthenticationToken principal = PortletTestUtils.createAuthenticatedToken(); SecurityContextHolder.getContext().setAuthentication(principal); interceptor.afterActionCompletion(request, response, null, null); // Verify Authentication is in the PortletSession SecurityContext sc = (SecurityContext)request.getPortletSession(false). getAttribute(PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, PortletSession.APPLICATION_SCOPE); assertEquals(principal, ((SecurityContext)sc).getAuthentication()); } public void testPortletSessionCreationNotAllowed() throws Exception { // Build mock request and response MockActionRequest request = PortletTestUtils.createActionRequest(); MockActionResponse response = PortletTestUtils.createActionResponse(); // Prepare the interceptor PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor(); interceptor.setAllowSessionCreation(false); // non-default interceptor.afterPropertiesSet(); // Execute the interceptor interceptor.preHandleAction(request, response, null); PortletAuthenticationToken principal = PortletTestUtils.createAuthenticatedToken(); SecurityContextHolder.getContext().setAuthentication(principal); interceptor.afterActionCompletion(request, response, null, null); // Check the session is null assertNull(request.getPortletSession(false)); } public void testUsePortletScopeSession() throws Exception { // Build an Authentication object we simulate came from PortletSession PortletAuthenticationToken sessionPrincipal = PortletTestUtils.createAuthenticatedToken(); PortletAuthenticationToken baselinePrincipal = PortletTestUtils.createAuthenticatedToken(); // Build a Context to store in PortletSession (simulating prior request) SecurityContext sc = new SecurityContextImpl(); sc.setAuthentication(sessionPrincipal); // Build mock request and response MockActionRequest request = PortletTestUtils.createActionRequest(); MockActionResponse response = PortletTestUtils.createActionResponse(); request.getPortletSession().setAttribute( PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, sc, PortletSession.PORTLET_SCOPE); // Prepare interceptor PortletSessionContextIntegrationInterceptor interceptor = new PortletSessionContextIntegrationInterceptor(); interceptor.setUseApplicationScopePortletSession(false); // non-default interceptor.afterPropertiesSet(); // Run preHandleAction phase and verify SecurityContextHolder contains our Authentication interceptor.preHandleAction(request, response, null); assertEquals(baselinePrincipal, SecurityContextHolder.getContext().getAuthentication()); // Perform updates to principal sessionPrincipal = PortletTestUtils.createAuthenticatedToken( new User(PortletTestUtils.TESTUSER, PortletTestUtils.TESTCRED, true, true, true, true, new GrantedAuthority[] {new GrantedAuthorityImpl("UPDATEDROLE1")})); baselinePrincipal = PortletTestUtils.createAuthenticatedToken( new User(PortletTestUtils.TESTUSER, PortletTestUtils.TESTCRED, true, true, true, true, new GrantedAuthority[] {new GrantedAuthorityImpl("UPDATEDROLE1")})); // Store updated principal into SecurityContextHolder SecurityContextHolder.getContext().setAuthentication(sessionPrincipal); // Run afterActionCompletion phase and verify the SecurityContextHolder is empty interceptor.afterActionCompletion(request, response, null, null); assertNull(SecurityContextHolder.getContext().getAuthentication()); // Verify the new principal is stored in the session sc = (SecurityContext)request.getPortletSession().getAttribute( PortletSessionContextIntegrationInterceptor.ACEGI_SECURITY_CONTEXT_KEY, PortletSession.PORTLET_SCOPE); assertEquals(baselinePrincipal, sc.getAuthentication()); }}
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?