Use SecurityContextHolderStrategy for Switch User
Issue gh-11060
This commit is contained in:
@@ -36,7 +36,10 @@ import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
@@ -49,8 +52,10 @@ import org.springframework.security.web.util.matcher.AnyRequestMatcher;
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.mockito.Mockito.atLeastOnce;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.spy;
|
||||
import static org.mockito.Mockito.verify;
|
||||
|
||||
/**
|
||||
@@ -416,6 +421,21 @@ public class SwitchUserFilterTests {
|
||||
assertThat(AuthorityUtils.authorityListToSet(result.getAuthorities())).contains("ROLE_NEW");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenCustomSecurityContextRepositoryThenUses() {
|
||||
SecurityContextHolderStrategy securityContextHolderStrategy = spy(new MockSecurityContextHolderStrategy(
|
||||
UsernamePasswordAuthenticationToken.unauthenticated("dano", "hawaii50")));
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addParameter(SwitchUserFilter.SPRING_SECURITY_SWITCH_USERNAME_KEY, "jacklord");
|
||||
SwitchUserFilter filter = new SwitchUserFilter();
|
||||
filter.setSecurityContextHolderStrategy(securityContextHolderStrategy);
|
||||
filter.setUserDetailsService(new MockUserDetailsService());
|
||||
Authentication result = filter.attemptSwitchUser(request);
|
||||
assertThat(result).isNotNull();
|
||||
assertThat(result.getName()).isEqualTo("jacklord");
|
||||
verify(securityContextHolderStrategy, atLeastOnce()).getContext();
|
||||
}
|
||||
|
||||
// SEC-1763
|
||||
@Test
|
||||
public void nestedSwitchesAreNotAllowed() {
|
||||
@@ -512,4 +532,34 @@ public class SwitchUserFilterTests {
|
||||
|
||||
}
|
||||
|
||||
static final class MockSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
|
||||
|
||||
private SecurityContext mock;
|
||||
|
||||
private MockSecurityContextHolderStrategy(Authentication authentication) {
|
||||
this.mock = new SecurityContextImpl(authentication);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void clearContext() {
|
||||
this.mock = null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public SecurityContext getContext() {
|
||||
return this.mock;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setContext(SecurityContext context) {
|
||||
this.mock = context;
|
||||
}
|
||||
|
||||
@Override
|
||||
public SecurityContext createEmptyContext() {
|
||||
return new SecurityContextImpl();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user