BAEL 3970 - Manual logout with Spring Security (#9075)

* Manual logout with Spring Security - Basic manual logout - logout with Clear Data Site Header * Add missing annotation for controller. Change mapping URL value. * Add intergration tests for manual logouts. * BAEL-3970 - Add asserts on test. Fix tests names. Remove unused imports.
2020-04-15 07:26:52 +02:00
parent f661797acb
commit 7fdcf68ccb
5 changed files with 181 additions and 0 deletions
@@ -0,0 +1,70 @@
+package com.baeldung.manuallogout;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpSession;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpSession;
+
+import static org.junit.Assert.assertNull;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+
+@RunWith(SpringRunner.class)
+@WebMvcTest()
+public class ManualLogoutIntegrationTest {
+
+    private static final String CLEAR_SITE_DATA_HEADER = "Clear-Site-Data";
+    public static final int EXPIRY = 60 * 10;
+    public static final String COOKIE_NAME = "customerName";
+    public static final String COOKIE_VALUE = "myName";
+    public static final String ATTRIBUTE_NAME = "att";
+    public static final String ATTRIBUTE_VALUE = "attvalue";
+
+    @Autowired
+    private MockMvc mockMvc;
+
+    @WithMockUser(value = "spring")
+    @Test
+    public void givenLoggedUserWhenUserLogoutThenSessionCleared() throws Exception {
+
+        MockHttpSession session = new MockHttpSession();
+        session.setAttribute(ATTRIBUTE_NAME, ATTRIBUTE_VALUE);
+
+        Cookie randomCookie = new Cookie(COOKIE_NAME, COOKIE_VALUE);
+        randomCookie.setMaxAge(EXPIRY); // 10 minutes
+
+        MockHttpServletRequest requestStateAfterLogout = this.mockMvc.perform(post("/basiclogout").secure(true).with(csrf()).session(session).cookie(randomCookie))
+                .andExpect(status().is3xxRedirection())
+                .andExpect(unauthenticated())
+                .andExpect(cookie().maxAge(COOKIE_NAME, 0))
+                .andReturn()
+                .getRequest();
+
+        HttpSession sessionStateAfterLogout = requestStateAfterLogout.getSession();
+        assertNull(sessionStateAfterLogout.getAttribute(ATTRIBUTE_NAME));
+
+
+    }
+
+    @WithMockUser(value = "spring")
+    @Test
+    public void givenLoggedUserWhenUserLogoutThenClearDataSiteHeaderPresent() throws Exception {
+
+        this.mockMvc.perform(post("/csdlogout").secure(true).with(csrf()))
+                .andDo(print())
+                .andExpect(status().is3xxRedirection())
+                .andExpect(header().exists(CLEAR_SITE_DATA_HEADER))
+                .andReturn();
+    }
+}