Search in sources :

Example 86 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method noSessionIsCreatedIfAnonymousTokenIsUsed.

// SEC-1315
@Test
public void noSessionIsCreatedIfAnonymousTokenIsUsed() {
    HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
    SecurityContextHolder.setContext(repo.loadContext(holder));
    SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key", "anon", AuthorityUtils.createAuthorityList("ANON")));
    repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
    assertThat(request.getSession(false)).isNull();
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 87 with AnonymousAuthenticationToken

use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.

the class HttpSessionSecurityContextRepositoryTests method contextIsRemovedFromSessionIfCurrentContextIsAnonymous.

// SEC-1587
@Test
public void contextIsRemovedFromSessionIfCurrentContextIsAnonymous() {
    HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
    MockHttpServletRequest request = new MockHttpServletRequest();
    SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
    ctxInSession.setAuthentication(this.testToken);
    request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
    HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
    repo.loadContext(holder);
    SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("x", "x", this.testToken.getAuthorities()));
    repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
    assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNull();
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TransientSecurityContext(org.springframework.security.core.context.TransientSecurityContext) SecurityContext(org.springframework.security.core.context.SecurityContext) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)87 Authentication (org.springframework.security.core.Authentication)37 Test (org.junit.jupiter.api.Test)22 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)17 ArrayList (java.util.ArrayList)14 GrantedAuthority (org.springframework.security.core.GrantedAuthority)13 SecurityContext (org.springframework.security.core.context.SecurityContext)10 MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)8 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)7 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)7 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)6 Before (org.junit.Before)5 Test (org.junit.Test)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)4 PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)4 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4 FilterChain (jakarta.servlet.FilterChain)3 HashMap (java.util.HashMap)3 Map (java.util.Map)3