review phase1
This commit is contained in:
@@ -15,9 +15,12 @@
|
||||
*/
|
||||
package org.springframework.security.web.bind.support;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.core.MethodParameter;
|
||||
import org.springframework.expression.spel.SpelEvaluationException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
@@ -29,15 +32,12 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.util.ReflectionUtils;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
/**
|
||||
* @author Dan Zheng
|
||||
* @since 5.2.x
|
||||
* @since 5.2
|
||||
*
|
||||
*/
|
||||
public class CurrentSecurityContextArgumentResolverTests {
|
||||
@@ -64,6 +64,22 @@ public class CurrentSecurityContextArgumentResolverTests {
|
||||
assertThat(resolver.supportsParameter(showSecurityContextAnnotation())).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWithCustomSecurityContext() throws Exception {
|
||||
String principal = "custom_security_context";
|
||||
setAuthenticationPrincipalWithCustomSecurityContext(principal);
|
||||
CustomSecurityContext customSecurityContext = (CustomSecurityContext) resolver.resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null);
|
||||
assertThat(customSecurityContext.getAuthentication().getPrincipal()).isEqualTo(principal);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWithCustomSecurityContextTypeMatch() throws Exception {
|
||||
String principal = "custom_security_context_type_match";
|
||||
setAuthenticationPrincipalWithCustomSecurityContext(principal);
|
||||
CustomSecurityContext customSecurityContext = (CustomSecurityContext) resolver.resolveArgument(showAnnotationWithCustomSecurityContext(), null, null, null);
|
||||
assertThat(customSecurityContext.getAuthentication().getPrincipal()).isEqualTo(principal);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentNullAuthentication() throws Exception {
|
||||
SecurityContext context = SecurityContextHolder.getContext();
|
||||
@@ -142,10 +158,8 @@ public class CurrentSecurityContextArgumentResolverTests {
|
||||
public void resolveArgumentSecurityContextErrorOnInvalidTypeTrue() throws Exception {
|
||||
String principal = "invalid_type_true";
|
||||
setAuthenticationPrincipal(principal);
|
||||
try {
|
||||
resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeTrue(), null, null, null);
|
||||
fail("should not reach here");
|
||||
} catch(ClassCastException ex) {}
|
||||
assertThatExceptionOfType(ClassCastException.class).isThrownBy(() -> resolver.resolveArgument(showSecurityContextErrorOnInvalidTypeTrue(), null,
|
||||
null, null));
|
||||
}
|
||||
|
||||
private MethodParameter showSecurityContextNoAnnotation() {
|
||||
@@ -156,6 +170,14 @@ public class CurrentSecurityContextArgumentResolverTests {
|
||||
return getMethodParameter("showSecurityContextAnnotation", SecurityContext.class);
|
||||
}
|
||||
|
||||
private MethodParameter showAnnotationWithCustomSecurityContext() {
|
||||
return getMethodParameter("showAnnotationWithCustomSecurityContext", CustomSecurityContext.class);
|
||||
}
|
||||
|
||||
private MethodParameter showAnnotationWithCustomSecurityContextTypeMatch() {
|
||||
return getMethodParameter("showAnnotationWithCustomSecurityContextTypeMatch", SecurityContext.class);
|
||||
}
|
||||
|
||||
private MethodParameter showSecurityContextAuthenticationAnnotation() {
|
||||
return getMethodParameter("showSecurityContextAuthenticationAnnotation", Authentication.class);
|
||||
}
|
||||
@@ -197,6 +219,12 @@ public class CurrentSecurityContextArgumentResolverTests {
|
||||
public void showSecurityContextAnnotation(@CurrentSecurityContext SecurityContext context) {
|
||||
}
|
||||
|
||||
public void showAnnotationWithCustomSecurityContext(@CurrentSecurityContext CustomSecurityContext context) {
|
||||
}
|
||||
|
||||
public void showAnnotationWithCustomSecurityContextTypeMatch(@CurrentSecurityContext(errorOnInvalidType = true) SecurityContext context) {
|
||||
}
|
||||
|
||||
public void showSecurityContextAuthenticationAnnotation(@CurrentSecurityContext(expression = "authentication") Authentication authentication) {
|
||||
}
|
||||
|
||||
@@ -229,6 +257,26 @@ public class CurrentSecurityContextArgumentResolverTests {
|
||||
"ROLE_USER"));
|
||||
}
|
||||
|
||||
private void setAuthenticationPrincipalWithCustomSecurityContext(Object principal) {
|
||||
CustomSecurityContext csc = new CustomSecurityContext();
|
||||
csc.setAuthentication(new TestingAuthenticationToken(principal, "password",
|
||||
"ROLE_USER"));
|
||||
SecurityContextHolder.setContext(csc);
|
||||
}
|
||||
|
||||
static class CustomSecurityContext implements SecurityContext {
|
||||
private Authentication authentication;
|
||||
@Override
|
||||
public Authentication getAuthentication() {
|
||||
return authentication;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setAuthentication(Authentication authentication) {
|
||||
this.authentication = authentication;
|
||||
}
|
||||
}
|
||||
|
||||
private void setAuthenticationDetail(Object detail) {
|
||||
TestingAuthenticationToken tat = new TestingAuthenticationToken("user", "password",
|
||||
"ROLE_USER");
|
||||
|
||||
@@ -21,6 +21,9 @@ import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import reactor.core.publisher.Mono;
|
||||
import reactor.util.context.Context;
|
||||
|
||||
import org.springframework.core.MethodParameter;
|
||||
import org.springframework.core.ReactiveAdapterRegistry;
|
||||
import org.springframework.expression.BeanResolver;
|
||||
@@ -33,15 +36,14 @@ import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.web.method.ResolvableMethod;
|
||||
import org.springframework.web.reactive.BindingContext;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
import reactor.core.publisher.Mono;
|
||||
import reactor.util.context.Context;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.junit.Assert.fail;
|
||||
|
||||
|
||||
/**
|
||||
* @author Dan Zheng
|
||||
* @since 5.2.x
|
||||
* @since 5.2
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class CurrentSecurityContextArgumentResolverTests {
|
||||
@@ -98,6 +100,17 @@ public class CurrentSecurityContextArgumentResolverTests {
|
||||
ReactiveSecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWithCustomSecurityContext() throws Exception {
|
||||
MethodParameter parameter = ResolvableMethod.on(getClass()).named("customSecurityContext").build().arg(Mono.class, SecurityContext.class);
|
||||
Authentication auth = buildAuthenticationWithPrincipal("hello");
|
||||
Context context = ReactiveSecurityContextHolder.withSecurityContext(Mono.just(new CustomSecurityContext(auth)));
|
||||
Mono<Object> argument = resolver.resolveArgument(parameter, bindingContext, exchange);
|
||||
CustomSecurityContext securityContext = (CustomSecurityContext) argument.subscriberContext(context).cast(Mono.class).block().block();
|
||||
assertThat(securityContext.getAuthentication()).isSameAs(auth);
|
||||
ReactiveSecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveArgumentWithNullAuthentication1() throws Exception {
|
||||
MethodParameter parameter = ResolvableMethod.on(getClass()).named("securityContext").build().arg(Mono.class, SecurityContext.class);
|
||||
@@ -216,6 +229,8 @@ public class CurrentSecurityContextArgumentResolverTests {
|
||||
|
||||
void securityContext(@CurrentSecurityContext Mono<SecurityContext> monoSecurityContext) {}
|
||||
|
||||
void customSecurityContext(@CurrentSecurityContext Mono<SecurityContext> monoSecurityContext) {}
|
||||
|
||||
void securityContextWithAuthentication(@CurrentSecurityContext(expression = "authentication") Mono<Authentication> authentication) {}
|
||||
|
||||
void securityContextWithDepthPropOptional(@CurrentSecurityContext(expression = "authentication?.principal") Mono<Object> principal) {}
|
||||
@@ -230,7 +245,21 @@ public class CurrentSecurityContextArgumentResolverTests {
|
||||
|
||||
void errorOnInvalidTypeWhenExplicitTrue(@CurrentSecurityContext(errorOnInvalidType = true) Mono<String> implicit) {}
|
||||
|
||||
static class CustomSecurityContext implements SecurityContext {
|
||||
private Authentication authentication;
|
||||
public CustomSecurityContext(Authentication authentication) {
|
||||
this.authentication = authentication;
|
||||
}
|
||||
@Override
|
||||
public Authentication getAuthentication() {
|
||||
return authentication;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setAuthentication(Authentication authentication) {
|
||||
this.authentication = authentication;
|
||||
}
|
||||
}
|
||||
private Authentication buildAuthenticationWithPrincipal(Object principal) {
|
||||
return new TestingAuthenticationToken(principal, "password",
|
||||
"ROLE_USER");
|
||||
|
||||
Reference in New Issue
Block a user