Examples of org.springframework.security.core.context.SecurityContext

• org.springframework.security.core.context.SecurityContext
  Interface defining the minimum security information associated with the current thread of execution.

  The security context is stored in a {@link SecurityContextHolder}.

  @author Ben Alex

        final User authUser = new User(USER_ID);
        AbstractAuthenticationToken auth = createNiceMock(AbstractAuthenticationToken.class);
        expect(auth.getPrincipal()).andReturn(authUser).anyTimes();
        replay(auth);

        SecurityContext context = new SecurityContextImpl();
        context.setAuthentication(auth);
        SecurityContextHolder.setContext(context);

        User result = service.getAuthenticatedUser();

        assertThat(result, is(sameInstance(authUser)));

    }

    @Test(expected = SecurityException.class)
    public void getAuthenticatedUser_nullAuth() {

        SecurityContext context = new SecurityContextImpl();
        SecurityContextHolder.setContext(context);
        service.getAuthenticatedUser();
    }

    public void getAuthenticatedUser_wrongPrincipalType() {
        AbstractAuthenticationToken auth = createNiceMock(AbstractAuthenticationToken.class);
        expect(auth.getPrincipal()).andReturn(USER_ID).anyTimes();
        replay(auth);

        SecurityContext context = new SecurityContextImpl();
        SecurityContextHolder.setContext(context);

        service.getAuthenticatedUser();
        verify(auth);
    }

     }


    @Test
    public void clearAuthentication() {
        SecurityContext context = new SecurityContextImpl();
        SecurityContextHolder.setContext(context);
        service.clearAuthenticatedUser();
        assertThat(SecurityContextHolder.getContext(), not(sameInstance(context)));
    }

    return viewInstanceEntity.getResourceProvider(type);
  }

  @Override
  public String getUsername() {
    SecurityContext ctx = SecurityContextHolder.getContext();
    Authentication authentication = ctx == null ? null : ctx.getAuthentication();
    Object principal = authentication == null ? null : authentication.getPrincipal();

    String username;
    if (principal instanceof UserDetails) {
      username = ((UserDetails)principal).getUsername();

    }

    public static Set<String> getOwnedEntitlementNames() {
        final Set<String> result = new HashSet<String>();

        final SecurityContext ctx = SecurityContextHolder.getContext();

        if (ctx != null && ctx.getAuthentication() != null && ctx.getAuthentication().getAuthorities() != null) {
            for (GrantedAuthority authority : ctx.getAuthentication().getAuthorities()) {
                result.add(authority.getAuthority());
            }
        }

        return result;

    }

    @Override
    public FeatureUser getCurrentUser() {

        SecurityContext context = SecurityContextHolder.getContext();
        Authentication authentication = context.getAuthentication();

        // null if no authentication data is available for the current thread
        if (authentication != null) {

            String name = null;

        final User authUser = new UserImpl(VALID_USER_ID, VALID_USER_NAME);
        AbstractAuthenticationToken auth = EasyMock.createNiceMock(AbstractAuthenticationToken.class);
        EasyMock.expect(auth.getPrincipal()).andReturn(authUser).anyTimes();
        EasyMock.replay(auth);

        SecurityContext context = new SecurityContextImpl();
        context.setAuthentication(auth);
        SecurityContextHolder.setContext(context);
    }

    @Test
    public void userDetails() {
        securityContext(expectedContext).postProcessRequest(request);

        verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
        SecurityContext context = contextCaptor.getValue();
        assertThat(context).isSameAs(this.expectedContext);
    }

    @Test
    public void userDetails() {
        user(userDetails).postProcessRequest(request);

        verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
        SecurityContext context = contextCaptor.getValue();
        assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
        assertThat(context.getAuthentication().getPrincipal()).isSameAs(userDetails);
    }