Examples with SecurityContext org.springframework.security.core.context.SecurityContext used on opensource projects

Example 96 with SecurityContext

use of org.springframework.security.core.context.SecurityContext in project spring-security by spring-projects.

the class GrantedAuthorityDefaultsJcTests method doFilterIsUserInRole.

// SEC-2926
@Test
public void doFilterIsUserInRole() throws Exception {
    SecurityContext context = SecurityContextHolder.getContext();
    request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
    chain = new MockFilterChain() {

        @Override
        public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
            HttpServletRequest httpRequest = (HttpServletRequest) request;
            assertThat(httpRequest.isUserInRole("USER")).isTrue();
            assertThat(httpRequest.isUserInRole("INVALID")).isFalse();
            super.doFilter(request, response);
        }
    };
    springSecurityFilterChain.doFilter(request, response, chain);
    assertThat(chain.getRequest()).isNotNull();
}

Example 97 with SecurityContext

use of org.springframework.security.core.context.SecurityContext in project spring-security by spring-projects.

the class AbstractJaasAuthenticationProvider method handleLogout.

/**
	 * Handles the logout by getting the security contexts for the destroyed session and
	 * invoking {@code LoginContext.logout()} for any which contain a
	 * {@code JaasAuthenticationToken}.
	 *
	 *
	 * @param event the session event which contains the current session
	 */
protected void handleLogout(SessionDestroyedEvent event) {
    List<SecurityContext> contexts = event.getSecurityContexts();
    if (contexts.isEmpty()) {
        this.log.debug("The destroyed session has no SecurityContexts");
        return;
    }
    for (SecurityContext context : contexts) {
        Authentication auth = context.getAuthentication();
        if ((auth != null) && (auth instanceof JaasAuthenticationToken)) {
            JaasAuthenticationToken token = (JaasAuthenticationToken) auth;
            try {
                LoginContext loginContext = token.getLoginContext();
                boolean debug = this.log.isDebugEnabled();
                if (loginContext != null) {
                    if (debug) {
                        this.log.debug("Logging principal: [" + token.getPrincipal() + "] out of LoginContext");
                    }
                    loginContext.logout();
                } else if (debug) {
                    this.log.debug("Cannot logout principal: [" + token.getPrincipal() + "] from LoginContext. " + "The LoginContext is unavailable");
                }
            } catch (LoginException e) {
                this.log.warn("Error error logging out of LoginContext", e);
            }
        }
    }
}

Example 98 with SecurityContext

use of org.springframework.security.core.context.SecurityContext in project spring-security by spring-projects.

the class DelegatingSecurityContextCallable method call.

public V call() throws Exception {
    this.originalSecurityContext = SecurityContextHolder.getContext();
    try {
        SecurityContextHolder.setContext(delegateSecurityContext);
        return delegate.call();
    } finally {
        SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
        if (emptyContext.equals(originalSecurityContext)) {
            SecurityContextHolder.clearContext();
        } else {
            SecurityContextHolder.setContext(originalSecurityContext);
        }
        this.originalSecurityContext = null;
    }
}

Example 99 with SecurityContext

use of org.springframework.security.core.context.SecurityContext in project spring-security by spring-projects.

the class DelegatingSecurityContextRunnable method run.

public void run() {
    this.originalSecurityContext = SecurityContextHolder.getContext();
    try {
        SecurityContextHolder.setContext(delegateSecurityContext);
        delegate.run();
    } finally {
        SecurityContext emptyContext = SecurityContextHolder.createEmptyContext();
        if (emptyContext.equals(originalSecurityContext)) {
            SecurityContextHolder.clearContext();
        } else {
            SecurityContextHolder.setContext(originalSecurityContext);
        }
        this.originalSecurityContext = null;
    }
}

Example 100 with SecurityContext

use of org.springframework.security.core.context.SecurityContext in project spring-security by spring-projects.

the class DefaultJaasAuthenticationProviderTests method logoutLoginException.

@Test
public void logoutLoginException() throws Exception {
    SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
    SecurityContext securityContext = mock(SecurityContext.class);
    JaasAuthenticationToken token = mock(JaasAuthenticationToken.class);
    LoginContext context = mock(LoginContext.class);
    LoginException loginException = new LoginException("Failed Login");
    when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
    when(securityContext.getAuthentication()).thenReturn(token);
    when(token.getLoginContext()).thenReturn(context);
    doThrow(loginException).when(context).logout();
    provider.onApplicationEvent(event);
    verify(event).getSecurityContexts();
    verify(securityContext).getAuthentication();
    verify(token).getLoginContext();
    verify(context).logout();
    verify(log).warn(anyString(), eq(loginException));
    verifyNoMoreInteractions(event, securityContext, token, context);
}