use of org.springframework.security.authentication.AnonymousAuthenticationToken in project spring-security by spring-projects.
the class HttpSessionSecurityContextRepositoryTests method contextIsRemovedFromSessionIfCurrentContextIsAnonymous.
// SEC-1587
@Test
public void contextIsRemovedFromSessionIfCurrentContextIsAnonymous() {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
MockHttpServletRequest request = new MockHttpServletRequest();
SecurityContext ctxInSession = SecurityContextHolder.createEmptyContext();
ctxInSession.setAuthentication(this.testToken);
request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, ctxInSession);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, new MockHttpServletResponse());
repo.loadContext(holder);
SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("x", "x", this.testToken.getAuthorities()));
repo.saveContext(SecurityContextHolder.getContext(), holder.getRequest(), holder.getResponse());
assertThat(request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)).isNull();
}
use of org.springframework.security.authentication.AnonymousAuthenticationToken in project vorto by eclipse.
the class MyAnonymousAuthFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
if (!authenticatedAccess && SecurityContextHolder.getContext().getAuthentication() != null && SecurityContextHolder.getContext().getAuthentication() instanceof AnonymousAuthenticationToken) {
AnonymousAuthenticationToken anonymousToken = (AnonymousAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
AnonymousAuthenticationToken newAnonymousToken = new AnonymousAuthenticationToken(Integer.toString(anonymousToken.getKeyHash()), anonymousToken.getPrincipal(), AuthorityUtils.createAuthorityList("model_viewer"));
SecurityContextHolder.getContext().setAuthentication(newAnonymousToken);
}
chain.doFilter(request, response);
}
Aggregations