use of org.springframework.security.web.context.SecurityContextRepository in project spring-security by spring-projects.
the class SecurityContextConfigurer method configure.
@Override
@SuppressWarnings("unchecked")
public void configure(H http) throws Exception {
SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
if (securityContextRepository == null) {
securityContextRepository = new HttpSessionSecurityContextRepository();
}
SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter(securityContextRepository);
SessionManagementConfigurer<?> sessionManagement = http.getConfigurer(SessionManagementConfigurer.class);
SessionCreationPolicy sessionCreationPolicy = sessionManagement == null ? null : sessionManagement.getSessionCreationPolicy();
if (SessionCreationPolicy.ALWAYS == sessionCreationPolicy) {
securityContextFilter.setForceEagerSessionCreation(true);
}
securityContextFilter = postProcess(securityContextFilter);
http.addFilter(securityContextFilter);
}
use of org.springframework.security.web.context.SecurityContextRepository in project spring-security by spring-projects.
the class SessionManagementConfigurer method init.
@Override
public void init(H http) throws Exception {
SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
boolean stateless = isStateless();
if (securityContextRepository == null) {
if (stateless) {
http.setSharedObject(SecurityContextRepository.class, new NullSecurityContextRepository());
} else {
HttpSessionSecurityContextRepository httpSecurityRepository = new HttpSessionSecurityContextRepository();
httpSecurityRepository.setDisableUrlRewriting(!this.enableSessionUrlRewriting);
httpSecurityRepository.setAllowSessionCreation(isAllowSessionCreation());
AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
if (trustResolver != null) {
httpSecurityRepository.setTrustResolver(trustResolver);
}
http.setSharedObject(SecurityContextRepository.class, httpSecurityRepository);
}
}
RequestCache requestCache = http.getSharedObject(RequestCache.class);
if (requestCache == null) {
if (stateless) {
http.setSharedObject(RequestCache.class, new NullRequestCache());
}
}
http.setSharedObject(SessionAuthenticationStrategy.class, getSessionAuthenticationStrategy(http));
http.setSharedObject(InvalidSessionStrategy.class, getInvalidSessionStrategy());
}
use of org.springframework.security.web.context.SecurityContextRepository in project spring-security by spring-projects.
the class SessionManagementFilterTests method strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest.
@Test
public void strategyIsNotInvokedIfSecurityContextAlreadyExistsForRequest() throws Exception {
SecurityContextRepository repo = mock(SecurityContextRepository.class);
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
// mock that repo contains a security context
when(repo.containsContext(any(HttpServletRequest.class))).thenReturn(true);
SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
HttpServletRequest request = new MockHttpServletRequest();
authenticateUser();
filter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
verifyZeroInteractions(strategy);
}
use of org.springframework.security.web.context.SecurityContextRepository in project spring-security by spring-projects.
the class SessionManagementFilterTests method strategyFailureInvokesFailureHandler.
@Test
public void strategyFailureInvokesFailureHandler() throws Exception {
SecurityContextRepository repo = mock(SecurityContextRepository.class);
// repo will return false to containsContext()
SessionAuthenticationStrategy strategy = mock(SessionAuthenticationStrategy.class);
AuthenticationFailureHandler failureHandler = mock(AuthenticationFailureHandler.class);
SessionManagementFilter filter = new SessionManagementFilter(repo, strategy);
filter.setAuthenticationFailureHandler(failureHandler);
HttpServletRequest request = new MockHttpServletRequest();
HttpServletResponse response = new MockHttpServletResponse();
FilterChain fc = mock(FilterChain.class);
authenticateUser();
SessionAuthenticationException exception = new SessionAuthenticationException("Failure");
doThrow(exception).when(strategy).onAuthentication(SecurityContextHolder.getContext().getAuthentication(), request, response);
filter.doFilter(request, response, fc);
verifyZeroInteractions(fc);
verify(failureHandler).onAuthenticationFailure(request, response, exception);
}
use of org.springframework.security.web.context.SecurityContextRepository in project spring-security by spring-projects.
the class SessionManagementFilterTests method setTrustResolverNull.
@Test(expected = IllegalArgumentException.class)
public void setTrustResolverNull() {
SecurityContextRepository repo = mock(SecurityContextRepository.class);
SessionManagementFilter filter = new SessionManagementFilter(repo);
filter.setTrustResolver(null);
}
Aggregations