package org.geoserver.web;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Collections;
import java.util.List;
import javax.servlet.Filter;
import org.apache.wicket.protocol.http.WebSession;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.web.data.layer.LayerPage;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.web.savedrequest.SavedRequest;

/* loaded from: input_file:org/geoserver/web/GeoServerSecuredPageTest.class */
public class GeoServerSecuredPageTest extends GeoServerWicketTestSupport {
    protected List<Filter> getFilters() {
        return Collections.singletonList((Filter) GeoServerExtensions.bean("filterChainProxy"));
    }

    @Test
    public void testSecuredPageGivesRedirectWhenLoggedOut() throws UnsupportedEncodingException {
        logout();
        tester.startPage(LayerPage.class);
        tester.assertRenderedPage(GeoServerLoginPage.class);
        SavedRequest savedRequest = (SavedRequest) tester.getHttpSession().getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY");
        Assert.assertNotNull(savedRequest);
        new URLDecoder();
        Assert.assertTrue(URLDecoder.decode(savedRequest.getRedirectUrl(), "UTF8").contains("wicket/bookmarkable/org.geoserver.web.data.layer.LayerPage"));
    }

    @Test
    public void testSecuredPageAllowsAccessWhenLoggedIn() {
        login();
        tester.startPage(LayerPage.class);
        tester.assertRenderedPage(LayerPage.class);
    }

    @Test
    public void testSessionFixationAvoidance() throws Exception {
        tester.startPage(GeoServerHomePage.class);
        WebSession webSession = WebSession.get();
        webSession.bind();
        webSession.setAttribute("test", "whatever");
        tester.startPage(GeoServerHomePage.class);
        MockHttpServletRequest createRequest = createRequest("login");
        createRequest.setMethod("POST");
        createRequest.setParameter("username", "admin");
        createRequest.setParameter("password", "geoserver");
        String id = createRequest.getSession().getId();
        dispatch(createRequest);
        Assert.assertNotEquals(id, createRequest.getSession().getId());
        Assert.assertNull(webSession.getAttribute("test"));
    }
}
