Add test support for SecurityContextHolderFilter

Issue gh-9635
4 years ago · 6e6d472da4
2 changed files with 34 additions and 0 deletions
--- a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
+++ b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
@ -85,6 +85,10 @@ public abstract class WebTestUtils {
 		if (filter != null) {
 			ReflectionTestUtils.setField(filter, "repo", securityContextRepository);
 		}
 		SecurityContextHolderFilter holderFilter = findFilter(request, SecurityContextHolderFilter.class);
 		if (holderFilter != null) {
 			ReflectionTestUtils.setField(holderFilter, "securityContextRepository", securityContextRepository);
 		}
 	}
 	/**
--- a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
@ -24,6 +24,7 @@ import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.config.BeanIds;
@ -33,6 +34,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.context.SecurityContextHolderFilter;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.security.web.csrf.CsrfFilter;
@ -43,6 +45,7 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.mock;
@ExtendWith(MockitoExtension.class)
 public class WebTestUtilsTests {
@ -126,6 +129,19 @@ public class WebTestUtilsTests {
 		assertThat(WebTestUtils.getSecurityContextRepository(this.request)).isSameAs(this.contextRepo);
 	}
 	@Test
 	public void setSecurityContextRepositoryWhenSecurityContextHolderFilter() {
 		SecurityContextRepository expectedRepository = mock(SecurityContextRepository.class);
 		loadConfig(SecurityContextHolderFilterConfig.class);
 		// verify our configuration sets up to have SecurityContextHolderFilter and not
 		// SecurityContextPersistenceFilter
 		assertThat(WebTestUtils.findFilter(this.request, SecurityContextPersistenceFilter.class)).isNull();
 		assertThat(WebTestUtils.findFilter(this.request, SecurityContextHolderFilter.class)).isNotNull();
 		WebTestUtils.setSecurityContextRepository(this.request, expectedRepository);
 		assertThat(WebTestUtils.getSecurityContextRepository(this.request)).isSameAs(expectedRepository);
 	}
 	// gh-3343
 	@Test
 	public void findFilterNoMatchingFilters() {
@ -220,4 +236,18 @@ public class WebTestUtilsTests {
 	}
 	@EnableWebSecurity
 	static class SecurityContextHolderFilterConfig {
 		@Bean
 		DefaultSecurityFilterChain springSecurityFilter(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
 				.securityContext((securityContext) -> securityContext.requireExplicitSave(true));
 			// @formatter:on
 			return http.build();
 		}
 	}
 }