Add SecurityContextHolderStrategy XML Configuration for Defaults

Issue gh-11061
This commit is contained in:
Josh Cummings
2022-05-26 14:20:14 -06:00
parent 2c09a300b6
commit 2a70707c35
10 changed files with 162 additions and 11 deletions

View File

@@ -34,6 +34,7 @@ import org.springframework.security.config.test.SpringTestContext;
import org.springframework.security.config.test.SpringTestContextExtension;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@@ -45,6 +46,8 @@ import org.springframework.web.bind.annotation.RestController;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.Mockito.atLeastOnce;
import static org.mockito.Mockito.verify;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -147,6 +150,14 @@ public class FormLoginConfigTests {
.andExpect(redirectedUrl("/"));
}
@Test
public void authenticateWhenCustomSecurityContextHolderStrategyThenUses() throws Exception {
this.spring.configLocations(this.xml("WithCustomSecurityContextHolderStrategy")).autowire();
SecurityContextHolderStrategy strategy = this.spring.getContext().getBean(SecurityContextHolderStrategy.class);
this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error"));
verify(strategy, atLeastOnce()).getContext();
}
/**
* SEC-2919 - DefaultLoginGeneratingFilter incorrectly used if login-url="/login"
*/

View File

@@ -32,8 +32,11 @@ import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.atLeastOnce;
import static org.mockito.Mockito.verify;
/**
* @author Rob Winch
@@ -94,6 +97,30 @@ public class NamespaceHttpBasicTests {
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
}
@Test
public void httpBasicCustomSecurityContextHolderStrategy() throws Exception {
// @formatter:off
loadContext("<http auto-config=\"true\" use-expressions=\"false\" security-context-holder-strategy-ref=\"ref\"/>\n"
+ "<authentication-manager id=\"authenticationManager\">\n"
+ " <authentication-provider>\n"
+ " <user-service>\n"
+ " <user name=\"user\" password=\"{noop}test\" authorities=\"ROLE_USER\"/>\n"
+ " </user-service>\n"
+ " </authentication-provider>\n"
+ "</authentication-manager>\n"
+ "<b:bean id=\"ref\" class=\"org.mockito.Mockito\" factory-method=\"spy\">\n" +
" <b:constructor-arg>\n" +
" <b:bean class=\"org.springframework.security.config.MockSecurityContextHolderStrategy\"/>\n" +
" </b:constructor-arg>\n" +
"</b:bean>");
// @formatter:on
this.request.addHeader("Authorization",
"Basic " + Base64.getEncoder().encodeToString("user:test".getBytes("UTF-8")));
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
verify(this.context.getBean(SecurityContextHolderStrategy.class), atLeastOnce()).getContext();
}
// gh-4220
@Test
public void httpBasicUnauthorizedOnDefault() throws Exception {