How to test Internet Explorer when using RequestHeaderAuthenticationFilter?
We're using Spring Security with RequestHeaderAuthenticationFilter, and thus relying on a HTTP header to be set for the user name. On our local 开发者_C百科machines we don't have the software for authenticating, and thus not the header.
When testing with WebDriver or FireFox we can set the header and test correctly, but when manually testing with Internet Explorer we're not able to set the header value.
Is there a good way to set header values in IE, or a decent way to enable some kind of 'mocking' for the filter in development and test?
I ended up using a Spring Java config with a command line parameter for switching between header authentication, and authenticating with a login form.
It required switching between (mock left, real right):
- UsernamePasswordAuthenticationFilter and RequestHeaderAuthenticationFilter
- LoginUrlAuthenticationEntryPoint and Http403ForbiddenEntryPoint
- DaoAuthenticationProvider and PreAuthenticatedAuthenticationProvider
Not too impressed with the internals of Spring Security, and it took me a good while to figure this out. But if you need to do it, at least those are some pointers.
Set the exceptionIfMissingHeader property on your Spring context.
From the javadoc: http://static.springsource.org/spring-security/site/docs/3.0.x/apidocs/org/springframework/security/web/authentication/preauth/RequestHeaderAuthenticationFilter.html
"If the header is missing from the request, getPreAuthenticatedPrincipal will throw an exception. You can override this behaviour by setting the exceptionIfMissingHeader property. "
精彩评论