BAEL-8505: Fix AuthenticationFilter flow. (#18349)

harry9656 · web-flow · commit 983e4e523713 · 2025-03-04T09:47:32.000+05:30
* BAEL-8505: Fix AuthenticationFilter flow.

* rename test
diff --git a/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/apikeyauthentication/configuration/AuthenticationFilter.java b/spring-security-modules/spring-security-web-boot-1/src/main/java/com/baeldung/apikeyauthentication/configuration/AuthenticationFilter.java
@@ -17,10 +17,11 @@ public class AuthenticationFilter extends GenericFilterBean {
 
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
-      throws IOException, ServletException {
+            throws IOException, ServletException {
         try {
             Authentication authentication = AuthenticationService.getAuthentication((HttpServletRequest) request);
             SecurityContextHolder.getContext().setAuthentication(authentication);
+            filterChain.doFilter(request, response);
         } catch (Exception exp) {
             HttpServletResponse httpResponse = (HttpServletResponse) response;
             httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
@@ -30,7 +31,5 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             writer.flush();
             writer.close();
         }
-
-        filterChain.doFilter(request, response);
     }
 }
diff --git a/spring-security-modules/spring-security-web-boot-1/src/test/java/com/baeldung/apikeyauthentication/configuration/AuthenticationFilterUnitTest.java b/spring-security-modules/spring-security-web-boot-1/src/test/java/com/baeldung/apikeyauthentication/configuration/AuthenticationFilterUnitTest.java
@@ -0,0 +1,79 @@
+package com.baeldung.apikeyauthentication.configuration;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+import org.mockito.MockitoAnnotations;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.http.MediaType;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+import static org.mockito.Mockito.*;
+
+
+@RunWith(MockitoJUnitRunner.class)
+public class AuthenticationFilterUnitTest {
+
+    @Mock
+    private HttpServletRequest request;
+
+    @Mock
+    private HttpServletResponse response;
+
+    @Mock
+    private FilterChain filterChain;
+
+    @Mock
+    private Authentication authentication;
+
+    @InjectMocks
+    private AuthenticationFilter authenticationFilter;
+
+    @Before
+    public void setUp() {
+        MockitoAnnotations.openMocks(this);
+    }
+
+    @Test
+    public void givenValidAuthentication_whenDoFilter_thenProceedsWithFilterChain() throws IOException, ServletException {
+        try (MockedStatic<AuthenticationService> mockedAuthService = Mockito.mockStatic(AuthenticationService.class)) {
+            mockedAuthService.when(() -> AuthenticationService.getAuthentication(request)).thenReturn(authentication);
+            
+            authenticationFilter.doFilter(request, response, filterChain);
+            
+            mockedAuthService.verify(() -> AuthenticationService.getAuthentication(request));
+            verify(filterChain).doFilter(request, response);
+            verify(response, never()).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        }
+    }
+
+    @Test
+    public void givenAuthenticationFailure_whenDoFilter_thenReturnsUnauthorizedResponse() throws IOException, ServletException {
+        try (MockedStatic<AuthenticationService> mockedAuthService = Mockito.mockStatic(AuthenticationService.class)) {
+            mockedAuthService.when(() -> AuthenticationService.getAuthentication(request))
+                .thenThrow(new RuntimeException("Authentication failed"));
+            
+            PrintWriter writer = mock(PrintWriter.class);
+            when(response.getWriter()).thenReturn(writer);
+            
+            authenticationFilter.doFilter(request, response, filterChain);
+            
+            verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            verify(response).setContentType(MediaType.APPLICATION_JSON_VALUE);
+            verify(writer).print("Authentication failed");
+            verify(writer).flush();
+            verify(writer).close();
+            verify(filterChain, never()).doFilter(request, response);
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -17,10 +17,11 @@ public class AuthenticationFilter extends GenericFilterBean {`
`17`	`17`
`18`	`18`	`@Override`
`19`	`19`	`public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)`
`20`		`- throws IOException, ServletException {`
	`20`	`+ throws IOException, ServletException {`
`21`	`21`	`try {`
`22`	`22`	`Authentication authentication = AuthenticationService.getAuthentication((HttpServletRequest) request);`
`23`	`23`	`SecurityContextHolder.getContext().setAuthentication(authentication);`
	`24`	`+ filterChain.doFilter(request, response);`
`24`	`25`	`} catch (Exception exp) {`
`25`	`26`	`HttpServletResponse httpResponse = (HttpServletResponse) response;`
`26`	`27`	`httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);`
`@@ -30,7 +31,5 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha`
`30`	`31`	`writer.flush();`
`31`	`32`	`writer.close();`
`32`	`33`	`}`
`33`		`-`
`34`		`- filterChain.doFilter(request, response);`
`35`	`34`	`}`
`36`	`35`	`}`