Use SessionAuthenticationStrategy for Remember-Me authentication

Closes gh-2253
This commit is contained in:
xhaggi
2024-09-06 08:30:45 +02:00
committed by Josh Cummings
parent d37d41c130
commit 7f537241e7
4 changed files with 96 additions and 0 deletions

View File

@@ -35,6 +35,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.NullRememberMeServices;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.context.SecurityContextRepository;
import static org.assertj.core.api.Assertions.assertThat;
@@ -170,6 +171,23 @@ public class RememberMeAuthenticationFilterTests {
verify(securityContextRepository).saveContext(any(), eq(request), eq(response));
}
@Test
public void sessionAuthenticationStrategyInvokedIfSet() throws Exception {
SessionAuthenticationStrategy sessionAuthenticationStrategy = mock(SessionAuthenticationStrategy.class);
AuthenticationManager am = mock(AuthenticationManager.class);
given(am.authenticate(this.remembered)).willReturn(this.remembered);
RememberMeAuthenticationFilter filter = new RememberMeAuthenticationFilter(am,
new MockRememberMeServices(this.remembered));
filter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler("/target"));
filter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
FilterChain fc = mock(FilterChain.class);
request.setRequestURI("x");
filter.doFilter(request, response, fc);
verify(sessionAuthenticationStrategy).onAuthentication(any(), eq(request), eq(response));
}
private class MockRememberMeServices implements RememberMeServices {
private Authentication authToReturn;