Use SessionAuthenticationStrategy for Remember-Me authentication
Closes gh-2253
This commit is contained in:
@@ -35,6 +35,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.authentication.NullRememberMeServices;
|
||||
import org.springframework.security.web.authentication.RememberMeServices;
|
||||
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.context.SecurityContextRepository;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
@@ -170,6 +171,23 @@ public class RememberMeAuthenticationFilterTests {
|
||||
verify(securityContextRepository).saveContext(any(), eq(request), eq(response));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sessionAuthenticationStrategyInvokedIfSet() throws Exception {
|
||||
SessionAuthenticationStrategy sessionAuthenticationStrategy = mock(SessionAuthenticationStrategy.class);
|
||||
AuthenticationManager am = mock(AuthenticationManager.class);
|
||||
given(am.authenticate(this.remembered)).willReturn(this.remembered);
|
||||
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
|
||||
new MockRememberMeServices(this.remembered));
|
||||
filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/target"));
|
||||
filter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain fc = mock(FilterChain.class);
|
||||
request.setRequestURI("x");
|
||||
filter.doFilter(request, response, fc);
|
||||
verify(sessionAuthenticationStrategy).onAuthentication(any(), eq(request), eq(response));
|
||||
}
|
||||
|
||||
private class MockRememberMeServices implements RememberMeServices {
|
||||
|
||||
private Authentication authToReturn;
|
||||
|
||||
Reference in New Issue
Block a user