1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.shiro.web.filter.authz;
20
21 import org.apache.shiro.SecurityUtils;
22 import org.apache.shiro.authc.UsernamePasswordToken;
23 import org.apache.shiro.test.SecurityManagerTestSupport;
24 import org.junit.Test;
25
26 import javax.servlet.ServletRequest;
27 import javax.servlet.ServletResponse;
28 import javax.servlet.http.HttpServletRequest;
29 import javax.servlet.http.HttpServletResponse;
30 import java.io.IOException;
31
32 import static org.easymock.EasyMock.*;
33
34
35
36
37 public class AuthorizationFilterTest extends SecurityManagerTestSupport {
38
39 @Test
40 public void testUserOnAccessDeniedWithResponseError() throws IOException {
41
42
43
44
45 SecurityUtils.getSubject().login(new UsernamePasswordToken("test", "test"));
46
47 AuthorizationFilter filter = new AuthorizationFilter() {
48 @Override
49 protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
50 throws Exception {
51 return false;
52 }
53 };
54
55 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
56 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
57
58 response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
59 replay(response);
60 filter.onAccessDenied(request, response);
61 verify(response);
62 }
63
64 @Test
65 public void testUserOnAccessDeniedWithRedirect() throws IOException {
66
67
68
69
70 SecurityUtils.getSubject().login(new UsernamePasswordToken("test", "test"));
71
72 String unauthorizedUrl = "unauthorized.jsp";
73
74 AuthorizationFilter filter = new AuthorizationFilter() {
75 @Override
76 protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
77 throws Exception {
78 return false;
79 }
80 };
81 filter.setUnauthorizedUrl(unauthorizedUrl);
82
83 HttpServletRequest request = createNiceMock(HttpServletRequest.class);
84 HttpServletResponse response = createNiceMock(HttpServletResponse.class);
85
86 expect(request.getContextPath()).andReturn("/").anyTimes();
87
88 String encoded = "/" + unauthorizedUrl;
89 expect(response.encodeRedirectURL(unauthorizedUrl)).andReturn(encoded);
90 response.sendRedirect(encoded);
91 replay(request);
92 replay(response);
93
94 filter.onAccessDenied(request, response);
95
96 verify(request);
97 verify(response);
98 }
99 }