Add SecurityContextHolderStrategy to new repository

In 6.0, RequestAttributeSecurityContextRepository will be the default
implementation of SecurityContextRepository. This commit adds the
ability to configure a custom SecurityContextHolderStrategy, similar
to other components.

Issue gh-11060
Closes gh-11895
This commit is contained in:
Steve Riesenberg
2022-09-22 15:23:13 -05:00
parent d94677f87e
commit 5d757919a2
2 changed files with 43 additions and 1 deletions

View File

@@ -25,9 +25,15 @@ import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.TestAuthentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.core.context.SecurityContextImpl;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
/**
* @author Rob Winch
@@ -42,6 +48,15 @@ class RequestAttributeSecurityContextRepositoryTests {
private SecurityContext expectedSecurityContext = new SecurityContextImpl(TestAuthentication.authenticatedUser());
@Test
void setSecurityContextHolderStrategyWhenNullThenThrowsIllegalArgumentException() {
// @formatter:off
assertThatIllegalArgumentException()
.isThrownBy(() -> this.repository.setSecurityContextHolderStrategy(null))
.withMessage("securityContextHolderStrategy cannot be null");
// @formatter:on
}
@Test
void saveContextAndLoadContextThenFound() {
this.repository.saveContext(this.expectedSecurityContext, this.request, this.response);
@@ -82,4 +97,16 @@ class RequestAttributeSecurityContextRepositoryTests {
assertThat(context).isEqualTo(SecurityContextHolder.createEmptyContext());
}
@Test
void loadContextWhenCustomSecurityContextHolderStrategySetThenUsed() {
SecurityContextHolderStrategy securityContextHolderStrategy = mock(SecurityContextHolderStrategy.class);
given(securityContextHolderStrategy.createEmptyContext()).willReturn(new SecurityContextImpl());
this.repository.setSecurityContextHolderStrategy(securityContextHolderStrategy);
Supplier<SecurityContext> deferredContext = this.repository.loadContext(this.request);
assertThat(deferredContext.get()).isNotNull();
verify(securityContextHolderStrategy).createEmptyContext();
verifyNoMoreInteractions(securityContextHolderStrategy);
}
}