Examples of org.springframework.security.core.context.SecurityContext

• org.springframework.security.core.context.SecurityContext
  Interface defining the minimum security information associated with the current thread of execution.

  The security context is stored in a {@link SecurityContextHolder}.

  @author Ben Alex

/**
 * @author Rob Winch
 */
public class WithMockCustomUserSecurityContextFactory implements WithSecurityContextFactory<WithMockCustomUser> {
  public SecurityContext createSecurityContext(WithMockCustomUser customUser) {
    SecurityContext context = SecurityContextHolder.createEmptyContext();

    CustomUserDetails principal = new CustomUserDetails(customUser.name(), customUser.username());
    Authentication auth =
      new UsernamePasswordAuthenticationToken(principal, "password", principal.getAuthorities());
    context.setAuthentication(auth);
    return context;
  }

     * Gets the {@link SecurityContext} from {@link TestSecurityContextHolder}.
     *
     * @return the {@link SecurityContext} from {@link TestSecurityContextHolder}.
     */
    public static SecurityContext getContext() {
        SecurityContext ctx = contextHolder.get();

        if (ctx == null) {
            ctx = getDefaultContext();
            contextHolder.set(ctx);
        }

    @Override
    public void beforeTestMethod(TestContext testContext) throws Exception {
        Annotation[] methodAnnotations = AnnotationUtils
                .getAnnotations(testContext.getTestMethod());
        ApplicationContext context = testContext.getApplicationContext();
        SecurityContext securityContext = createSecurityContext(
                methodAnnotations, context);
        if (securityContext == null) {
            Annotation[] classAnnotations = testContext.getTestClass()
                    .getAnnotations();
            securityContext = createSecurityContext(classAnnotations, context);

    public void testLogout() throws Exception {
        MockLoginContext loginContext = new MockLoginContext(jaasProvider.getLoginContextName());

        JaasAuthenticationToken token = new JaasAuthenticationToken(null, null, loginContext);

        SecurityContext context = SecurityContextHolder.createEmptyContext();
        context.setAuthentication(token);

        SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
        when(event.getSecurityContexts()).thenReturn(Arrays.asList(context));

        jaasProvider.handleLogout(event);

    }

    @Test
    public void logout() throws Exception {
        SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
        SecurityContext securityContext = mock(SecurityContext.class);
        JaasAuthenticationToken token = mock(JaasAuthenticationToken.class);
        LoginContext context = mock(LoginContext.class);

        when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
        when(securityContext.getAuthentication()).thenReturn(token);
        when(token.getLoginContext()).thenReturn(context);

        provider.onApplicationEvent(event);

        verify(event).getSecurityContexts();

    }

    @Test
    public void logoutNullAuthentication() {
        SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
        SecurityContext securityContext = mock(SecurityContext.class);

        when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));

        provider.handleLogout(event);

    }

    @Test
    public void logoutNonJaasAuthentication() {
        SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
        SecurityContext securityContext = mock(SecurityContext.class);

        when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
        when(securityContext.getAuthentication()).thenReturn(token);

        provider.handleLogout(event);

        verify(event).getSecurityContexts();
        verify(event).getSecurityContexts();

    }

    @Test
    public void logoutNullLoginContext() throws Exception {
        SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
        SecurityContext securityContext = mock(SecurityContext.class);
        JaasAuthenticationToken token = mock(JaasAuthenticationToken.class);

        when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
        when(securityContext.getAuthentication()).thenReturn(token);

        provider.onApplicationEvent(event);
        verify(event).getSecurityContexts();
        verify(securityContext).getAuthentication();
        verify(token).getLoginContext();

    }

    @Test
    public void logoutLoginException() throws Exception {
        SessionDestroyedEvent event = mock(SessionDestroyedEvent.class);
        SecurityContext securityContext = mock(SecurityContext.class);
        JaasAuthenticationToken token = mock(JaasAuthenticationToken.class);
        LoginContext context = mock(LoginContext.class);
        LoginException loginException = new LoginException("Failed Login");

        when(event.getSecurityContexts()).thenReturn(Arrays.asList(securityContext));
        when(securityContext.getAuthentication()).thenReturn(token);
        when(token.getLoginContext()).thenReturn(context);
        doThrow(loginException).when(context).logout();

        provider.onApplicationEvent(event);

    // SEC-1967
    @Test
    @SuppressWarnings("unchecked")
    public void invokeWithAspectJCallbackRunAsReplacementCleansAfterException() throws Exception {
        SecurityContext ctx = SecurityContextHolder.getContext();
        ctx.setAuthentication(token);
        token.setAuthenticated(true);
        final RunAsManager runAs = mock(RunAsManager.class);
        final RunAsUserToken runAsToken =
            new RunAsUserToken("key", "someone", "creds", token.getAuthorities(), TestingAuthenticationToken.class);
        interceptor.setRunAsManager(runAs);