Examples with SecurityContext org.springframework.security.core.context.SecurityContext used on opensource projects

Example 26 with SecurityContext

use of org.springframework.security.core.context.SecurityContext in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method contextIsRemovedFromSessionIfCurrentContextIsEmpty.

@Test
public void contextIsRemovedFromSessionIfCurrentContextIsEmpty() throws Exception {
    HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
    repo.setSpringSecurityContextKey("imTheContext");
    MockHttpServletRequest request = new MockHttpServletRequest();
    SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
    ctxInSession.setAuthentication(testToken);
    request.getSession().setAttribute("imTheContext", ctxInSession);
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
    repo.loadContext(holder);
    // Save an empty context
    repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
    assertThat(request.getSession().getAttribute("imTheContext")).isNull();
}

Example 27 with SecurityContext

use of org.springframework.security.core.context.SecurityContext in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method failsWithStandardResponse.

@Test(expected = IllegalStateException.class)
public void failsWithStandardResponse() {
    HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    SecurityContext context = SecurityContextHolder.createEmptyContext();
    context.setAuthentication(testToken);
    repo.saveContext(context, request, response);
}

Example 28 with SecurityContext

use of org.springframework.security.core.context.SecurityContext in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method saveContextCustomTrustResolver.

@Test
public void saveContextCustomTrustResolver() {
    SecurityContext contextToSave = SecurityContextHolder.createEmptyContext();
    contextToSave.setAuthentication(testToken);
    HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
    MockHttpServletRequest request = new MockHttpServletRequest();
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
    repo.loadContext(holder);
    AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);
    repo.setTrustResolver(trustResolver);
    repo.saveContext(contextToSave, holder.getRequest(), holder.getResponse());
    verify(trustResolver).isAnonymous(contextToSave.getAuthentication());
}

Example 29 with SecurityContext

use of org.springframework.security.core.context.SecurityContext in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method sessionIsCreatedAndContextStoredWhenContextChanges.

@Test
public void sessionIsCreatedAndContextStoredWhenContextChanges() throws Exception {
    HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
    SecurityContext context = repo.loadContext(holder);
    assertThat(request.getSession(false)).isNull();
    // Simulate authentication during the request
    context.setAuthentication(testToken);
    repo.saveContext(context, holder.getRequest(), holder.getResponse());
    assertThat(request.getSession(false)).isNotNull();
    assertThat(request.getSession().getAttribute(SPRING_SECURITY_CONTEXT_KEY)).isEqualTo(context);
}

Example 30 with SecurityContext

use of org.springframework.security.core.context.SecurityContext in project spring-security by spring-projects.

the class GrantedAuthorityDefaultsJcTests method doFilterDenied.

@Test
public void doFilterDenied() throws Exception {
    setup("DENIED");
    SecurityContext context = SecurityContextHolder.getContext();
    request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, context);
    springSecurityFilterChain.doFilter(request, response, chain);
    assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
}