Add test support for SecurityContextHolderFilter

Issue gh-9635
4 years ago · 6e6d472da4
2 changed files with 34 additions and 0 deletions
--- a/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
+++ b/test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
@ -85,6 +85,10 @@ public abstract class WebTestUtils {
				@@ -85,6 +85,10 @@ public abstract class WebTestUtils {
 		if (filter != null) {
 			ReflectionTestUtils.setField(filter, "repo", securityContextRepository);
 		}
+		SecurityContextHolderFilter holderFilter = findFilter(request, SecurityContextHolderFilter.class);
+		if (holderFilter != null) {
+			ReflectionTestUtils.setField(holderFilter, "securityContextRepository", securityContextRepository);
+		}
 	}

 	/**
--- a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
@ -24,6 +24,7 @@ import org.mockito.Mock;
				@@ -24,6 +24,7 @@ import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;

 import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.security.config.BeanIds;
@ -33,6 +34,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
				@@ -33,6 +34,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.FilterChainProxy;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.security.web.context.SecurityContextHolderFilter;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.security.web.csrf.CsrfFilter;
@ -43,6 +45,7 @@ import org.springframework.web.context.WebApplicationContext;
				@@ -43,6 +45,7 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;

 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.mock;

@ExtendWith(MockitoExtension.class)
 public class WebTestUtilsTests {
@ -126,6 +129,19 @@ public class WebTestUtilsTests {
				@@ -126,6 +129,19 @@ public class WebTestUtilsTests {
 		assertThat(WebTestUtils.getSecurityContextRepository(this.request)).isSameAs(this.contextRepo);
 	}

+	@Test
+	public void setSecurityContextRepositoryWhenSecurityContextHolderFilter() {
+		SecurityContextRepository expectedRepository = mock(SecurityContextRepository.class);
+		loadConfig(SecurityContextHolderFilterConfig.class);
+		// verify our configuration sets up to have SecurityContextHolderFilter and not
+		// SecurityContextPersistenceFilter
+		assertThat(WebTestUtils.findFilter(this.request, SecurityContextPersistenceFilter.class)).isNull();
+		assertThat(WebTestUtils.findFilter(this.request, SecurityContextHolderFilter.class)).isNotNull();
+
+		WebTestUtils.setSecurityContextRepository(this.request, expectedRepository);
+		assertThat(WebTestUtils.getSecurityContextRepository(this.request)).isSameAs(expectedRepository);
+	}
+
 	// gh-3343
 	@Test
 	public void findFilterNoMatchingFilters() {
@ -220,4 +236,18 @@ public class WebTestUtilsTests {
				@@ -220,4 +236,18 @@ public class WebTestUtilsTests {

 	}

+	@EnableWebSecurity
+	static class SecurityContextHolderFilterConfig {
+
+		@Bean
+		DefaultSecurityFilterChain springSecurityFilter(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.securityContext((securityContext) -> securityContext.requireExplicitSave(true));
+			// @formatter:on
+			return http.build();
+		}
+
+	}
+
 }