You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by cz...@apache.org on 2021/04/20 07:59:56 UTC
[sling-org-apache-sling-auth-core] branch master updated:
SLING-10319 : Use the equals method if value comparison was intended. Add
another test case for cookies
This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-core.git
The following commit(s) were added to refs/heads/master by this push:
new 95936fe SLING-10319 : Use the equals method if value comparison was intended. Add another test case for cookies
95936fe is described below
commit 95936fefa97f3928ed42e368a458a9fab3a4057c
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Tue Apr 20 09:59:45 2021 +0200
SLING-10319 : Use the equals method if value comparison was intended. Add another test case for cookies
---
.../core/impl/AuthenticatorWebConsolePlugin.java | 4 ++--
.../apache/sling/auth/core/impl/LoginServlet.java | 2 +-
.../apache/sling/auth/core/impl/LogoutServlet.java | 2 +-
.../auth/core/impl/SlingAuthenticatorTest.java | 24 ++++++++++++++++++++++
4 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java b/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
index b01a85f..a47f443 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
@@ -54,10 +54,10 @@ public class AuthenticatorWebConsolePlugin extends HttpServlet {
public static final String TITLE = "Authenticator";
@Reference(service = AuthenticationRequirementsManager.class)
- private PathBasedHolderCache<AuthenticationRequirementHolder> authenticationRequirementsManager;
+ private PathBasedHolderCache<AuthenticationRequirementHolder> authenticationRequirementsManager; // NOSONAR
@Reference
- private AuthenticationHandlersManager authenticationHoldersManager;
+ private AuthenticationHandlersManager authenticationHoldersManager; // NOSONAR
private final SlingAuthenticator.Config config;
diff --git a/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java b/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java
index bbf7409..2e17d5c 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java
@@ -58,7 +58,7 @@ public class LoginServlet extends SlingAllMethodsServlet {
private final Logger log = LoggerFactory.getLogger(getClass());
@Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
- private volatile Authenticator authenticator;
+ private volatile Authenticator authenticator; // NOSONAR
/**
* The servlet is registered on this path, and the authenticator allows any
diff --git a/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java b/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java
index a2de3fe..de5a740 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java
@@ -66,7 +66,7 @@ public class LogoutServlet extends SlingAllMethodsServlet {
private final Logger log = LoggerFactory.getLogger(getClass());
@Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
- private volatile Authenticator authenticator;
+ private volatile Authenticator authenticator; // NOSONAR
/**
* The servlet is registered on this path.
diff --git a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
index 52ae29c..55423e0 100644
--- a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
+++ b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
@@ -434,6 +434,30 @@ public class SlingAuthenticatorTest {
assertEquals("\"\"", argument.getValue().getValue());
}
+ @Test public void testSudoCookieFlags() {
+ final SlingAuthenticator slingAuthenticator = this.createSlingAuthenticator();
+ final AuthenticationInfo info = new AuthenticationInfo("basic");
+ info.put(ResourceResolverFactory.USER_IMPERSONATION, "newsudo");
+
+ final SlingHttpServletRequest req = Mockito.mock(SlingHttpServletRequest.class);
+ Mockito.when(req.isSecure()).thenReturn(true);
+ SlingHttpServletResponse res = Mockito.mock(SlingHttpServletResponse.class);
+
+ assertTrue(slingAuthenticator.setSudoCookie(req, res, info));
+ ArgumentCaptor<Cookie> argument1 = ArgumentCaptor.forClass(Cookie.class);
+ Mockito.verify(res).addCookie(argument1.capture());
+ assertTrue(argument1.getValue().isHttpOnly());
+ assertTrue(argument1.getValue().getSecure());
+
+ res = Mockito.mock(SlingHttpServletResponse.class);
+ Mockito.when(req.isSecure()).thenReturn(false);
+ assertTrue(slingAuthenticator.setSudoCookie(req, res, info));
+ ArgumentCaptor<Cookie> argument2 = ArgumentCaptor.forClass(Cookie.class);
+ Mockito.verify(res).addCookie(argument2.capture());
+ assertTrue(argument2.getValue().isHttpOnly());
+ assertFalse(argument2.getValue().getSecure());
+ }
+
//---------------------------- PRIVATE METHODS -----------------------------
/**