Add SecurityContextHolderStrategy XML Configuration for Defaults
Issue gh-11061
This commit is contained in:
@@ -34,6 +34,7 @@ import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
||||
@@ -45,6 +46,8 @@ import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.mockito.Mockito.atLeastOnce;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||
@@ -147,6 +150,14 @@ public class FormLoginConfigTests {
|
||||
.andExpect(redirectedUrl("/"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenCustomSecurityContextHolderStrategyThenUses() throws Exception {
|
||||
this.spring.configLocations(this.xml("WithCustomSecurityContextHolderStrategy")).autowire();
|
||||
SecurityContextHolderStrategy strategy = this.spring.getContext().getBean(SecurityContextHolderStrategy.class);
|
||||
this.mvc.perform(post("/login").with(csrf())).andExpect(redirectedUrl("/login?error"));
|
||||
verify(strategy, atLeastOnce()).getContext();
|
||||
}
|
||||
|
||||
/**
|
||||
* SEC-2919 - DefaultLoginGeneratingFilter incorrectly used if login-url="/login"
|
||||
*/
|
||||
|
||||
@@ -32,8 +32,11 @@ import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.atLeastOnce;
|
||||
import static org.mockito.Mockito.verify;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
@@ -94,6 +97,30 @@ public class NamespaceHttpBasicTests {
|
||||
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void httpBasicCustomSecurityContextHolderStrategy() throws Exception {
|
||||
// @formatter:off
|
||||
loadContext("<http auto-config=\"true\" use-expressions=\"false\" security-context-holder-strategy-ref=\"ref\"/>\n"
|
||||
+ "<authentication-manager id=\"authenticationManager\">\n"
|
||||
+ " <authentication-provider>\n"
|
||||
+ " <user-service>\n"
|
||||
+ " <user name=\"user\" password=\"{noop}test\" authorities=\"ROLE_USER\"/>\n"
|
||||
+ " </user-service>\n"
|
||||
+ " </authentication-provider>\n"
|
||||
+ "</authentication-manager>\n"
|
||||
+ "<b:bean id=\"ref\" class=\"org.mockito.Mockito\" factory-method=\"spy\">\n" +
|
||||
" <b:constructor-arg>\n" +
|
||||
" <b:bean class=\"org.springframework.security.config.MockSecurityContextHolderStrategy\"/>\n" +
|
||||
" </b:constructor-arg>\n" +
|
||||
"</b:bean>");
|
||||
// @formatter:on
|
||||
this.request.addHeader("Authorization",
|
||||
"Basic " + Base64.getEncoder().encodeToString("user:test".getBytes("UTF-8")));
|
||||
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
|
||||
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
|
||||
verify(this.context.getBean(SecurityContextHolderStrategy.class), atLeastOnce()).getContext();
|
||||
}
|
||||
|
||||
// gh-4220
|
||||
@Test
|
||||
public void httpBasicUnauthorizedOnDefault() throws Exception {
|
||||
|
||||
Reference in New Issue
Block a user