Add SecurityContextRepository.loadContext(HttpServletRequest)
This allows loading the SecurityContext lazily, without the need for the response, and does not attempt to automatically save the request when the response is comitted. Closes gh-11028
This commit is contained in:
@@ -64,6 +64,7 @@ import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.reset;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
@@ -142,6 +143,33 @@ public class HttpSessionSecurityContextRepositoryTests {
|
||||
assertThat(repo.loadContext(holder)).isEqualTo(SecurityContextHolder.createEmptyContext());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadContextHttpServletRequestWhenNotSavedThenEmptyContextReturned() {
|
||||
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
assertThat(repo.loadContext(request).get()).isEqualTo(SecurityContextHolder.createEmptyContext());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadContextHttpServletRequestWhenSavedThenSavedContextReturned() {
|
||||
SecurityContextImpl expectedContext = new SecurityContextImpl(this.testToken);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
|
||||
repo.saveContext(expectedContext, request, response);
|
||||
assertThat(repo.loadContext(request).get()).isEqualTo(expectedContext);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadContextHttpServletRequestWhenNotAccessedThenHttpSessionNotAccessed() {
|
||||
HttpSession session = mock(HttpSession.class);
|
||||
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setSession(session);
|
||||
repo.loadContext(request);
|
||||
verifyNoInteractions(session);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void existingContextIsSuccessFullyLoadedFromSessionAndSavedBack() {
|
||||
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
|
||||
|
||||
@@ -50,11 +50,8 @@ class SecurityContextHolderFilterTests {
|
||||
@Mock
|
||||
private HttpServletResponse response;
|
||||
|
||||
@Mock
|
||||
private FilterChain chain;
|
||||
|
||||
@Captor
|
||||
private ArgumentCaptor<HttpRequestResponseHolder> requestResponse;
|
||||
private ArgumentCaptor<HttpServletRequest> requestArg;
|
||||
|
||||
private SecurityContextHolderFilter filter;
|
||||
|
||||
@@ -72,7 +69,7 @@ class SecurityContextHolderFilterTests {
|
||||
void doFilterThenSetsAndClearsSecurityContextHolder() throws Exception {
|
||||
Authentication authentication = TestAuthentication.authenticatedUser();
|
||||
SecurityContext expectedContext = new SecurityContextImpl(authentication);
|
||||
given(this.repository.loadContext(this.requestResponse.capture())).willReturn(expectedContext);
|
||||
given(this.repository.loadContext(this.requestArg.capture())).willReturn(() -> expectedContext);
|
||||
FilterChain filterChain = (request, response) -> assertThat(SecurityContextHolder.getContext())
|
||||
.isEqualTo(expectedContext);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user