From 9c4563285e40eccd597020df6e971ed5954afca0 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Tue, 11 Dec 2012 13:48:20 -0600 Subject: [PATCH] SEC-1998: Async tests with SecurityContextHolderAwareReqeustFilter --- .../HttpServlet3RequestFactory.java | 5 ++ ...yContextHolderAwareRequestFilterTests.java | 66 +++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java index 813b4406d9..2c453e5d0e 100644 --- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java +++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java @@ -140,6 +140,11 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory { this.response = response; } + public AsyncContext getAsyncContext() { + AsyncContext asyncContext = super.getAsyncContext(); + return new SecurityContextAsyncContext(asyncContext); + } + public AsyncContext startAsync() { AsyncContext startAsync = super.startAsync(); return new SecurityContextAsyncContext(startAsync); diff --git a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java index 6dada5d9dd..7c9e490c4b 100644 --- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java @@ -248,6 +248,72 @@ public class SecurityContextHolderAwareRequestFilterTests { verifyZeroInteractions(authenticationEntryPoint, authenticationManager, logoutHandler); } + @Test + public void getAsyncContextStart() throws Exception { + ArgumentCaptor runnableCaptor = ArgumentCaptor.forClass(Runnable.class); + SecurityContext context = SecurityContextHolder.createEmptyContext(); + TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password","ROLE_USER"); + context.setAuthentication(expectedAuth); + SecurityContextHolder.setContext(context); + AsyncContext asyncContext = mock(AsyncContext.class); + when(request.getAsyncContext()).thenReturn(asyncContext); + Runnable runnable = new Runnable() { + public void run() {} + }; + + wrappedRequest().getAsyncContext().start(runnable); + + verifyZeroInteractions(authenticationManager, logoutHandler); + verify(asyncContext).start(runnableCaptor.capture()); + DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor.getValue(); + assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class)).isEqualTo(context); + assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, Runnable.class)).isEqualTo(runnable); + } + + @Test + public void startAsyncStart() throws Exception { + ArgumentCaptor runnableCaptor = ArgumentCaptor.forClass(Runnable.class); + SecurityContext context = SecurityContextHolder.createEmptyContext(); + TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password","ROLE_USER"); + context.setAuthentication(expectedAuth); + SecurityContextHolder.setContext(context); + AsyncContext asyncContext = mock(AsyncContext.class); + when(request.startAsync()).thenReturn(asyncContext); + Runnable runnable = new Runnable() { + public void run() {} + }; + + wrappedRequest().startAsync().start(runnable); + + verifyZeroInteractions(authenticationManager, logoutHandler); + verify(asyncContext).start(runnableCaptor.capture()); + DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor.getValue(); + assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class)).isEqualTo(context); + assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, Runnable.class)).isEqualTo(runnable); + } + + @Test + public void startAsyncWithRequestResponseStart() throws Exception { + ArgumentCaptor runnableCaptor = ArgumentCaptor.forClass(Runnable.class); + SecurityContext context = SecurityContextHolder.createEmptyContext(); + TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password","ROLE_USER"); + context.setAuthentication(expectedAuth); + SecurityContextHolder.setContext(context); + AsyncContext asyncContext = mock(AsyncContext.class); + when(request.startAsync(request,response)).thenReturn(asyncContext); + Runnable runnable = new Runnable() { + public void run() {} + }; + + wrappedRequest().startAsync(request, response).start(runnable); + + verifyZeroInteractions(authenticationManager, logoutHandler); + verify(asyncContext).start(runnableCaptor.capture()); + DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor.getValue(); + assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class)).isEqualTo(context); + assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, Runnable.class)).isEqualTo(runnable); + } + private HttpServletRequest wrappedRequest() throws Exception { filter.doFilter(request, response, filterChain); verify(filterChain).doFilter(requestCaptor.capture(), any(HttpServletResponse.class));