GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Configure CurrentSecurityContextArgumentResolver BeanResolver 

Closes gh-9331
5.3.x
happier233 5 years ago committed by Josh Cummings
parent
e7acd1219d
commit
3cb98ebed0
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
3 changed files with 58 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
  2. 28
      web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
  3. 29
      web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java

2
web/src/main/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolver.java
Unescape View File

@ -108,7 +108,7 @@ public final class CurrentSecurityContextArgumentResolver @@ -108,7 +108,7 @@ public final class CurrentSecurityContextArgumentResolver
StandardEvaluationContext context = new StandardEvaluationContext();
context.setRootObject(securityContext);
context.setVariable("this", securityContext);
context.setBeanResolver(this.beanResolver);
Expression expression = this.parser.parseExpression(expressionToParse);
securityContextResult = expression.getValue(context);
}

28
web/src/test/java/org/springframework/security/web/method/annotation/AuthenticationPrincipalArgumentResolverTests.java
Unescape View File

@ -22,11 +22,14 @@ import java.lang.annotation.Retention; @@ -22,11 +22,14 @@ import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.lang.reflect.Method;
import java.util.function.Function;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.core.MethodParameter;
import org.springframework.expression.AccessException;
import org.springframework.expression.BeanResolver;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.authority.AuthorityUtils;
@ -40,12 +43,21 @@ import org.springframework.util.ReflectionUtils; @@ -40,12 +43,21 @@ import org.springframework.util.ReflectionUtils;
*
*/
public class AuthenticationPrincipalArgumentResolverTests {
private final BeanResolver beanResolver = ((context, beanName) -> {
if (!"test".equals(beanName)) {
throw new AccessException("Could not resolve bean reference against BeanFactory");
}
return (Function<CustomUserPrincipal, String>) (principal) -> principal.property;
});
private Object expectedPrincipal;
private AuthenticationPrincipalArgumentResolver resolver;
@Before
public void setup() {
resolver = new AuthenticationPrincipalArgumentResolver();
resolver.setBeanResolver(this.beanResolver);
}
@After
@ -128,6 +140,14 @@ public class AuthenticationPrincipalArgumentResolverTests { @@ -128,6 +140,14 @@ public class AuthenticationPrincipalArgumentResolverTests {
.isEqualTo(this.expectedPrincipal);
}
@Test
public void resolveArgumentSpelBean() throws Exception {
CustomUserPrincipal principal = new CustomUserPrincipal();
setAuthenticationPrincipal(principal);
this.expectedPrincipal = principal.property;
assertThat(this.resolver.resolveArgument(showUserSpelBean(), null, null, null)).isEqualTo(this.expectedPrincipal);
}
@Test
public void resolveArgumentSpelCopy() throws Exception {
CopyUserPrincipal principal = new CopyUserPrincipal("property");
@ -198,6 +218,10 @@ public class AuthenticationPrincipalArgumentResolverTests { @@ -198,6 +218,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
return getMethodParameter("showUserSpel", String.class);
}
private MethodParameter showUserSpelBean() {
return getMethodParameter("showUserSpelBean", String.class);
}
private MethodParameter showUserSpelCopy() {
return getMethodParameter("showUserSpelCopy", CopyUserPrincipal.class);
}
@ -255,6 +279,10 @@ public class AuthenticationPrincipalArgumentResolverTests { @@ -255,6 +279,10 @@ public class AuthenticationPrincipalArgumentResolverTests {
@AuthenticationPrincipal(expression = "property") String user) {
}
public void showUserSpelBean(@AuthenticationPrincipal(
expression = "@test.apply(#this)") String user) {
}
public void showUserSpelCopy(
@AuthenticationPrincipal(expression = "new org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolverTests$CopyUserPrincipal(#this)") CopyUserPrincipal user) {
}

29
web/src/test/java/org/springframework/security/web/method/annotation/CurrentSecurityContextArgumentResolverTests.java
Unescape View File

@ -20,12 +20,15 @@ import java.lang.annotation.Retention; @@ -20,12 +20,15 @@ import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.lang.reflect.Method;
import java.util.function.Function;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.core.MethodParameter;
import org.springframework.expression.AccessException;
import org.springframework.expression.BeanResolver;
import org.springframework.expression.spel.SpelEvaluationException;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
@ -45,11 +48,20 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType; @@ -45,11 +48,20 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
*
*/
public class CurrentSecurityContextArgumentResolverTests {
private final BeanResolver beanResolver = ((context, beanName) -> {
if (!"test".equals(beanName)) {
throw new AccessException("Could not resolve bean reference against BeanFactory");
}
return (Function<SecurityContext, Authentication>) SecurityContext::getAuthentication;
});
private CurrentSecurityContextArgumentResolver resolver;
@Before
public void setup() {
this.resolver = new CurrentSecurityContextArgumentResolver();
this.resolver.setBeanResolver(this.beanResolver);
}
@After
@ -104,6 +116,15 @@ public class CurrentSecurityContextArgumentResolverTests { @@ -104,6 +116,15 @@ public class CurrentSecurityContextArgumentResolverTests {
assertThat(auth1.getPrincipal()).isEqualTo(principal);
}
@Test
public void resolveArgumentWithAuthenticationWithBean() {
String principal = "john";
setAuthenticationPrincipal(principal);
Authentication auth1 = (Authentication) this.resolver
.resolveArgument(showSecurityContextAuthenticationWithBean(), null, null, null);
assertThat(auth1.getPrincipal()).isEqualTo(principal);
}
@Test
public void resolveArgumentWithNullAuthentication() {
SecurityContext context = SecurityContextHolder.getContext();
@ -217,6 +238,10 @@ public class CurrentSecurityContextArgumentResolverTests { @@ -217,6 +238,10 @@ public class CurrentSecurityContextArgumentResolverTests {
return getMethodParameter("showSecurityContextAuthenticationAnnotation", Authentication.class);
}
public MethodParameter showSecurityContextAuthenticationWithBean() {
return getMethodParameter("showSecurityContextAuthenticationWithBean", Authentication.class);
}
private MethodParameter showSecurityContextAuthenticationWithOptionalPrincipal() {
return getMethodParameter("showSecurityContextAuthenticationWithOptionalPrincipal", Object.class);
}
@ -279,6 +304,10 @@ public class CurrentSecurityContextArgumentResolverTests { @@ -279,6 +304,10 @@ public class CurrentSecurityContextArgumentResolverTests {
public void showSecurityContextAuthenticationAnnotation(@CurrentSecurityContext(expression = "authentication") Authentication authentication) {
}
public void showSecurityContextAuthenticationWithBean(
@CurrentSecurityContext(expression = "@test.apply(#this)") Authentication authentication) {
}
public void showSecurityContextAuthenticationWithOptionalPrincipal(@CurrentSecurityContext(expression = "authentication?.principal") Object principal) {
}

Write Preview
Loading…
Cancel
Save