use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.
the class HttpSessionSecurityContextRepositoryTests method noSessionIsCreatedIfAnonymousTokenIsUsed.
// SEC-1315
@Test
public void noSessionIsCreatedIfAnonymousTokenIsUsed() {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
SecurityContextHolder.setContext(repo.loadContext(holder));
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("key", "anon", AuthorityUtils.createAuthorityList("ANON")));
repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
assertThat(request.getSession(false)).isNull();
}
use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.
the class HttpSessionSecurityContextRepositoryTests method contextIsRemovedFromSessionIfCurrentContextIsAnonymous.
// SEC-1587
@Test
public void contextIsRemovedFromSessionIfCurrentContextIsAnonymous() {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
MockHttpServletRequest request = new MockHttpServletRequest();
SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
ctxInSession.setAuthentication(this.testToken);
request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
repo.loadContext(holder);
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("x", "x", this.testToken.getAuthorities()));
repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNull();
}
Aggregations