Improve @CurrentSecurityContext meta-annotations
Closes gh-15551
This commit is contained in:
@@ -33,6 +33,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.core.annotation.CurrentSecurityContext;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.web.csrf.CsrfToken;
|
||||
@@ -115,6 +116,15 @@ public class WebMvcSecurityConfigurationTests {
|
||||
this.mockMvc.perform(get("/hi")).andExpect(content().string("Hi, Harold!"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resolveMetaAnnotationWhenTemplateDefaultsBeanThenResolvesExpression() throws Exception {
|
||||
this.mockMvc.perform(get("/hello")).andExpect(content().string("user"));
|
||||
Authentication harold = new TestingAuthenticationToken("harold", "password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
SecurityContextHolder.getContext().setAuthentication(harold);
|
||||
this.mockMvc.perform(get("/hello")).andExpect(content().string("harold"));
|
||||
}
|
||||
|
||||
private ResultMatcher assertResult(Object expected) {
|
||||
return model().attribute("result", expected);
|
||||
}
|
||||
@@ -128,6 +138,15 @@ public class WebMvcSecurityConfigurationTests {
|
||||
|
||||
}
|
||||
|
||||
@Target({ ElementType.PARAMETER })
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@CurrentSecurityContext(expression = "authentication.{property}")
|
||||
@interface CurrentAuthenticationProperty {
|
||||
|
||||
String property();
|
||||
|
||||
}
|
||||
|
||||
@Controller
|
||||
static class TestController {
|
||||
|
||||
@@ -158,6 +177,13 @@ public class WebMvcSecurityConfigurationTests {
|
||||
}
|
||||
}
|
||||
|
||||
@GetMapping("/hello")
|
||||
@ResponseBody
|
||||
String getCurrentAuthenticationProperty(
|
||||
@CurrentAuthenticationProperty(property = "principal") String principal) {
|
||||
return principal;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
|
||||
@@ -42,6 +42,7 @@ import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.core.annotation.CurrentSecurityContext;
|
||||
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
|
||||
import org.springframework.security.core.userdetails.PasswordEncodedUser;
|
||||
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
|
||||
@@ -183,6 +184,27 @@ public class ServerHttpSecurityConfigurationTests {
|
||||
.isEqualTo("Hi, Harold!");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void resoleMetaAnnotationWhenTemplateDefaultsBeanThenResolvesExpression() throws Exception {
|
||||
this.spring.register(MetaAnnotationPlaceholderConfig.class).autowire();
|
||||
Authentication user = new TestingAuthenticationToken("user", "password", "ROLE_USER");
|
||||
this.webClient.mutateWith(mockAuthentication(user))
|
||||
.get()
|
||||
.uri("/hello")
|
||||
.exchange()
|
||||
.expectStatus()
|
||||
.isOk()
|
||||
.expectBody(String.class)
|
||||
.isEqualTo("user");
|
||||
Authentication harold = new TestingAuthenticationToken("harold", "password", "ROLE_USER");
|
||||
this.webClient.mutateWith(mockAuthentication(harold))
|
||||
.get()
|
||||
.uri("/hello")
|
||||
.exchange()
|
||||
.expectBody(String.class)
|
||||
.isEqualTo("harold");
|
||||
}
|
||||
|
||||
@Configuration
|
||||
static class SubclassConfig extends ServerHttpSecurityConfiguration {
|
||||
|
||||
@@ -283,6 +305,15 @@ public class ServerHttpSecurityConfigurationTests {
|
||||
|
||||
}
|
||||
|
||||
@Target({ ElementType.PARAMETER })
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@CurrentSecurityContext(expression = "authentication.{property}")
|
||||
@interface CurrentAuthenticationProperty {
|
||||
|
||||
String property();
|
||||
|
||||
}
|
||||
|
||||
@RestController
|
||||
static class TestController {
|
||||
|
||||
@@ -296,6 +327,12 @@ public class ServerHttpSecurityConfigurationTests {
|
||||
}
|
||||
}
|
||||
|
||||
@GetMapping("/hello")
|
||||
String getCurrentAuthenticationProperty(
|
||||
@CurrentAuthenticationProperty(property = "principal") String principal) {
|
||||
return principal;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Configuration
|
||||
|
||||
Reference in New Issue
Block a user