From f782870941de7a62dbae7bb8f44652d265cc1395 Mon Sep 17 00:00:00 2001 From: Marcus Da Coregio Date: Mon, 5 Jun 2023 12:31:22 -0300 Subject: [PATCH] Polish Issue gh-13243 --- .../cas/web/CasAuthenticationFilter.java | 4 +-- .../cas/web/CasAuthenticationFilterTests.java | 25 ++++++++++++++++++- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java index 6f2920b3d0..e34d9b44fe 100644 --- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java +++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java @@ -193,7 +193,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil private AuthenticationFailureHandler proxyFailureHandler = new SimpleUrlAuthenticationFailureHandler(); - private SecurityContextRepository securityContextRepository= new HttpSessionSecurityContextRepository(); + private SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository(); public CasAuthenticationFilter() { super("/login/cas"); @@ -214,7 +214,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication(authResult); SecurityContextHolder.setContext(context); - this.securityContextRepository.saveContext(context,request,response); + this.securityContextRepository.saveContext(context, request, response); if (this.eventPublisher != null) { this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass())); } diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java index 495f1604c4..bab67143c1 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,6 +21,7 @@ import org.apereo.cas.client.proxy.ProxyGrantingTicketStorage; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Test; +import org.springframework.mock.web.MockFilterChain; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.authentication.AnonymousAuthenticationToken; @@ -31,12 +32,16 @@ import org.springframework.security.cas.ServiceProperties; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; +import org.springframework.security.web.context.SecurityContextRepository; +import org.springframework.test.util.ReflectionTestUtils; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.eq; import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; @@ -195,4 +200,22 @@ public class CasAuthenticationFilterTests { verifyNoInteractions(chain); } + @Test + public void successfulAuthenticationWhenProxyRequestThenSavesSecurityContext() throws Exception { + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setParameter(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER, "ticket"); + + MockHttpServletResponse response = new MockHttpServletResponse(); + CasAuthenticationFilter filter = new CasAuthenticationFilter(); + ServiceProperties serviceProperties = new ServiceProperties(); + serviceProperties.setAuthenticateAllArtifacts(true); + filter.setServiceProperties(serviceProperties); + + SecurityContextRepository securityContextRepository = mock(SecurityContextRepository.class); + ReflectionTestUtils.setField(filter, "securityContextRepository", securityContextRepository); + + filter.successfulAuthentication(request, response, new MockFilterChain(), mock(Authentication.class)); + verify(securityContextRepository).saveContext(any(SecurityContext.class), eq(request), eq(response)); + } + }