Examples of org.springframework.security.core.context.SecurityContext

• org.springframework.security.core.context.SecurityContext
  Interface defining the minimum security information associated with the current thread of execution.

  The security context is stored in a {@link SecurityContextHolder}.

  @author Ben Alex

    /**
     * Logs the user out, clearing the {@link org.springframework.security.core.context.SecurityContext} without
     * invalidating the session.
     */
    public void logout() {
        final SecurityContext securityContext = SecurityContextHolder.getContext();
        securityContext.setAuthentication(null);
    }

     * Gets the authentication token of the current user.
     *
     * @return the {@link org.springframework.security.core.Authentication} token stored in the current {@link org.springframework.security.core.context.SecurityContext}, or {@code null}.
     */
    public Authentication getAuthentication() {
        final SecurityContext securityContext = SecurityContextHolder.getContext();
        final Authentication authentication = securityContext.getAuthentication();
        return authentication;
    }

    private static abstract class SecurityContextRequestPostProcessorSupport {

        private SecurityContextRepository repository = new HttpSessionSecurityContextRepository();

        final void save(Authentication authentication, HttpServletRequest request) {
            SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
            securityContext.setAuthentication(authentication);
            save(securityContext, request);
        }

        securityContextUtil = new SecurityContextUtil();
    }

    @Test
    public void getPrincipal() {
        SecurityContext securityContextMock = mock(SecurityContext.class);
        Authentication authenticationMock = mock(Authentication.class);

        PowerMockito.mockStatic(SecurityContextHolder.class);
        when(SecurityContextHolder.getContext()).thenReturn(securityContextMock);
        when(securityContextMock.getAuthentication()).thenReturn(authenticationMock);

        UserDetails expectedPrincipal = new User("user", "password", new ArrayList<GrantedAuthority>());
        when(authenticationMock.getPrincipal()).thenReturn(expectedPrincipal);

        UserDetails actualPrincipal = securityContextUtil.getPrincipal();

        assertEquals(expectedPrincipal, actualPrincipal);
    }

    @Test
    public void getPrincipalWhenAuthenticationIsNull() {
        SecurityContext securityContextMock = mock(SecurityContext.class);

        PowerMockito.mockStatic(SecurityContextHolder.class);
        when(SecurityContextHolder.getContext()).thenReturn(securityContextMock);

        when(securityContextMock.getAuthentication()).thenReturn(null);

        UserDetails principal = securityContextUtil.getPrincipal();

        PowerMockito.verifyStatic(times(1));
        SecurityContextHolder.getContext();

        assertNull(principal);
    }

    @Test
    public void getPrincipalWhenAuthenticationDoesNotImplementUserDetails() {
        SecurityContext securityContextMock = mock(SecurityContext.class);
        Authentication authenticationMock = mock(Authentication.class);

        PowerMockito.mockStatic(SecurityContextHolder.class);
        when(SecurityContextHolder.getContext()).thenReturn(securityContextMock);
        when(securityContextMock.getAuthentication()).thenReturn(authenticationMock);
        when(authenticationMock.getPrincipal()).thenReturn(new String(""));

        UserDetails principal = securityContextUtil.getPrincipal();

        PowerMockito.verifyStatic(times(1));

    private static abstract class SecurityContextRequestPostProcessorSupport {

        private SecurityContextRepository repository = new HttpSessionSecurityContextRepository();

        final void save(Authentication authentication, HttpServletRequest request) {
            SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
            securityContext.setAuthentication(authentication);
            save(securityContext, request);
        }

    public void setAuthenticatedUser(long userId) {
        final User user = userRepository.get(userId);
        if (user == null) {
            throw new UsernameNotFoundException("User with id '" + userId + "' was not found!");
        }
        SecurityContext securityContext = createContext(user);
        SecurityContextHolder.setContext(securityContext);
    }

    public void clearAuthenticatedUser() {
        SecurityContextHolder.clearContext();
    }

    private SecurityContext createContext(final User user) {
        SecurityContext securityContext = new SecurityContextImpl();
        securityContext.setAuthentication(new AbstractAuthenticationToken(user.getAuthorities()) {
            private static final long serialVersionUID = 1L;

            @Override
            public Object getCredentials() {
                return "N/A";

        final User authUser = new User(VALID_USER_ID, VALID_USER_NAME);
        AbstractAuthenticationToken auth = EasyMock.createNiceMock(AbstractAuthenticationToken.class);
        EasyMock.expect(auth.getPrincipal()).andReturn(authUser).anyTimes();
        EasyMock.replay(auth);

        SecurityContext context = new SecurityContextImpl();
        context.setAuthentication(auth);
        SecurityContextHolder.setContext(context);
    }