private void setup(Message<?> message) { SecurityContext currentContext = SecurityContextHolder.getContext(); Stack<SecurityContext> contextStack = ORIGINAL_CONTEXT.get(); if (contextStack == null) { contextStack = new Stack<>(); ORIGINAL_CONTEXT.set(contextStack); } contextStack.push(currentContext); Object user = message.getHeaders().get(authenticationHeaderName); Authentication authentication; if ((user instanceof Authentication)) { authentication = (Authentication) user; } else { authentication = this.anonymous; } SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(authentication); SecurityContextHolder.setContext(context); }
@Override public V call() throws Exception { this.originalSecurityContext = SecurityContextHolder.getContext(); try { SecurityContextHolder.setContext(delegateSecurityContext); return delegate.call(); } finally { SecurityContext emptyContext = SecurityContextHolder.createEmptyContext(); if (emptyContext.equals(originalSecurityContext)) { SecurityContextHolder.clearContext(); } else { SecurityContextHolder.setContext(originalSecurityContext); } this.originalSecurityContext = null; } }
@Override public void run() { this.originalSecurityContext = SecurityContextHolder.getContext(); try { SecurityContextHolder.setContext(delegateSecurityContext); delegate.run(); } finally { SecurityContext emptyContext = SecurityContextHolder.createEmptyContext(); if (emptyContext.equals(originalSecurityContext)) { SecurityContextHolder.clearContext(); } else { SecurityContextHolder.setContext(originalSecurityContext); } this.originalSecurityContext = null; } }
@Override public V call() throws Exception { this.originalSecurityContext = SecurityContextHolder.getContext(); try { SecurityContextHolder.setContext(delegateSecurityContext); return delegate.call(); } finally { SecurityContext emptyContext = SecurityContextHolder.createEmptyContext(); if (emptyContext.equals(originalSecurityContext)) { SecurityContextHolder.clearContext(); } else { SecurityContextHolder.setContext(originalSecurityContext); } this.originalSecurityContext = null; } }
@Override public void run() { this.originalSecurityContext = SecurityContextHolder.getContext(); try { SecurityContextHolder.setContext(delegateSecurityContext); delegate.run(); } finally { SecurityContext emptyContext = SecurityContextHolder.createEmptyContext(); if (emptyContext.equals(originalSecurityContext)) { SecurityContextHolder.clearContext(); } else { SecurityContextHolder.setContext(originalSecurityContext); } this.originalSecurityContext = null; } }
@Before public void setUp() throws Exception { originalSecurityContext = SecurityContextHolder.createEmptyContext(); doAnswer(new Answer<Object>() { public Object answer(InvocationOnMock invocation) throws Throwable { assertThat(SecurityContextHolder.getContext()).isEqualTo(securityContext); return null; } }).when(delegate).run(); executor = Executors.newFixedThreadPool(1); }
@Before @SuppressWarnings("serial") public void setUp() throws Exception { originalSecurityContext = SecurityContextHolder.createEmptyContext(); when(delegate.call()).thenAnswer(new Returns(callableResult) { @Override public Object answer(InvocationOnMock invocation) throws Throwable { assertThat(SecurityContextHolder.getContext()).isEqualTo(securityContext); return super.answer(invocation); } }); executor = Executors.newFixedThreadPool(1); }
Authentication authenticationResult = this.authenticationManager.authenticate(authenticationRequest); SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(authenticationResult); SecurityContextHolder.setContext(context);
@Test public void testLogout() throws Exception { MockLoginContext loginContext = new MockLoginContext( jaasProvider.getLoginContextName()); JaasAuthenticationToken token = new JaasAuthenticationToken(null, null, loginContext); SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(token); SessionDestroyedEvent event = mock(SessionDestroyedEvent.class); when(event.getSecurityContexts()).thenReturn(Arrays.asList(context)); jaasProvider.handleLogout(event); assertThat(loginContext.loggedOut).isTrue(); }
SecurityContextHolder.setContext(SecurityContextHolder.createEmptyContext()); SecurityContextHolder.getContext().setAuthentication(runAs);
SecurityContextHolder.setContext(SecurityContextHolder.createEmptyContext()); SecurityContextHolder.getContext().setAuthentication(runAs);
@Test public void clearAuthenticationFalse() throws Exception { loadConfig(ClearAuthenticationFalseConfig.class); SecurityContext currentContext = SecurityContextHolder.createEmptyContext(); currentContext.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, currentContext); request.setMethod("POST"); request.setServletPath("/logout"); springSecurityFilterChain.doFilter(request, response, chain); assertThat(currentContext.getAuthentication()).isNotNull(); }
@Test public void testOperation() { List<ConfigAttribute> attr = SecurityConfig.createList("FOO"); MethodInvocation mi = new SimpleMethodInvocation(); SecurityContext ctx = SecurityContextHolder.createEmptyContext(); InterceptorStatusToken token = new InterceptorStatusToken(ctx, true, attr, mi); assertThat(token.isContextHolderRefreshRequired()).isTrue(); assertThat(token.getAttributes()).isEqualTo(attr); assertThat(token.getSecureObject()).isEqualTo(mi); assertThat(token.getSecurityContext()).isSameAs(ctx); } }
@Test public void resolveArgumentWhenRegistrationIdEmptyAndOAuth2AuthenticationThenResolves() throws Exception { OAuth2AuthenticationToken authentication = mock(OAuth2AuthenticationToken.class); when(authentication.getAuthorizedClientRegistrationId()).thenReturn("client1"); SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(authentication); SecurityContextHolder.setContext(securityContext); MethodParameter methodParameter = this.getMethodParameter("registrationIdEmpty", OAuth2AuthorizedClient.class); assertThat(this.argumentResolver.resolveArgument( methodParameter, null, new ServletWebRequest(this.request), null)).isSameAs(this.authorizedClient1); }
@Test public void doFilterWhenAuthorizationResponseSuccessAndAnonymousAccessNullAuthenticationThenAuthorizedClientSavedToHttpSession() throws Exception { SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); SecurityContextHolder.setContext(securityContext); // null Authentication String requestUri = "/callback/client-1"; MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri); request.setServletPath(requestUri); request.addParameter(OAuth2ParameterNames.CODE, "code"); request.addParameter(OAuth2ParameterNames.STATE, "state"); MockHttpServletResponse response = new MockHttpServletResponse(); FilterChain filterChain = mock(FilterChain.class); this.setUpAuthorizationRequest(request, response, this.registration1); this.setUpAuthenticationResult(this.registration1); this.filter.doFilter(request, response, filterChain); OAuth2AuthorizedClient authorizedClient = this.authorizedClientRepository.loadAuthorizedClient( this.registration1.getRegistrationId(), null, request); assertThat(authorizedClient).isNotNull(); assertThat(authorizedClient.getClientRegistration()).isEqualTo(this.registration1); assertThat(authorizedClient.getPrincipalName()).isEqualTo("anonymousUser"); assertThat(authorizedClient.getAccessToken()).isNotNull(); HttpSession session = request.getSession(false); assertThat(session).isNotNull(); @SuppressWarnings("unchecked") Map<String, OAuth2AuthorizedClient> authorizedClients = (Map<String, OAuth2AuthorizedClient>) session.getAttribute(HttpSessionOAuth2AuthorizedClientRepository.class.getName() + ".AUTHORIZED_CLIENTS"); assertThat(authorizedClients).isNotEmpty(); assertThat(authorizedClients).hasSize(1); assertThat(authorizedClients.values().iterator().next()).isSameAs(authorizedClient); }
AnonymousAuthenticationToken anonymousPrincipal = new AnonymousAuthenticationToken("key-1234", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(anonymousPrincipal); SecurityContextHolder.setContext(securityContext);
@Before public void setup() { this.registration1 = TestClientRegistrations.clientRegistration().build(); this.clientRegistrationRepository = new InMemoryClientRegistrationRepository(this.registration1); this.authorizedClientService = new InMemoryOAuth2AuthorizedClientService(this.clientRegistrationRepository); this.authorizedClientRepository = new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(this.authorizedClientService); this.authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository(); this.authenticationManager = mock(AuthenticationManager.class); this.filter = spy(new OAuth2AuthorizationCodeGrantFilter( this.clientRegistrationRepository, this.authorizedClientRepository, this.authenticationManager)); this.filter.setAuthorizationRequestRepository(this.authorizationRequestRepository); TestingAuthenticationToken authentication = new TestingAuthenticationToken(this.principalName1, "password"); authentication.setAuthenticated(true); SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(authentication); SecurityContextHolder.setContext(securityContext); }
@Test public void authenticationPrincipalExpressionWhenBeanExpressionSuppliedThenBeanUsed() throws Exception { User user = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")); SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities())); SecurityContextHolder.setContext(context); MockMvc mockMvc = MockMvcBuilders .webAppContextSetup(wac) .build(); mockMvc.perform(get("/users/self")) .andExpect(status().isOk()) .andExpect(content().string("extracted-user")); }
@Before public void setup() { this.authentication = new TestingAuthenticationToken(this.principalName, "password"); SecurityContext securityContext = SecurityContextHolder.createEmptyContext(); securityContext.setAuthentication(this.authentication); SecurityContextHolder.setContext(securityContext);
@Override protected void populatePropagatedContext(Authentication authentication, Message<?> message, MessageChannel channel) { if (authentication != null) { SecurityContext currentContext = SecurityContextHolder.getContext(); ORIGINAL_CONTEXT.set(currentContext); SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(authentication); SecurityContextHolder.setContext(context); } }