Examples of org.springframework.security.core.context.SecurityContext

• org.springframework.security.core.context.SecurityContext
  Interface defining the minimum security information associated with the current thread of execution.

  The security context is stored in a {@link SecurityContextHolder}.

  @author Ben Alex

    @Test
    public void userDetails() {
        authentication(authentication).postProcessRequest(request);

        verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
        SecurityContext context = contextCaptor.getValue();
        assertThat(context.getAuthentication()).isSameAs(authentication);
    }

        String username = "userabc";

        user(username).postProcessRequest(request);

        verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
        SecurityContext context = contextCaptor.getValue();
        assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
        assertThat(context.getAuthentication().getName()).isEqualTo(username);
        assertThat(context.getAuthentication().getCredentials()).isEqualTo("password");
        assertThat(context.getAuthentication().getAuthorities()).onProperty("authority").containsOnly("ROLE_USER");
    }

            .roles("CUSTOM","ADMIN")
            .password("newpass")
            .postProcessRequest(request);

        verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
        SecurityContext context = contextCaptor.getValue();
        assertThat(context.getAuthentication()).isInstanceOf(UsernamePasswordAuthenticationToken.class);
        assertThat(context.getAuthentication().getName()).isEqualTo(username);
        assertThat(context.getAuthentication().getCredentials()).isEqualTo("newpass");
        assertThat(context.getAuthentication().getAuthorities()).onProperty("authority").containsOnly("ROLE_CUSTOM","ROLE_ADMIN");
    }

        user(username)
            .authorities(authority1,authority2)
            .postProcessRequest(request);

        verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
        SecurityContext context = contextCaptor.getValue();
        assertThat(context.getAuthentication().getAuthorities()).containsOnly(authority1,authority2);
    }

        user(username)
            .authorities(Arrays.asList(authority1,authority2))
            .postProcessRequest(request);

        verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class));
        SecurityContext context = contextCaptor.getValue();
        assertThat(context.getAuthentication().getAuthorities()).containsOnly(authority1,authority2);
    }

                session.invalidate();
            }
        }

        if(clearAuthentication) {
            SecurityContext context = SecurityContextHolder.getContext();
            context.setAuthentication(null);
        }

        SecurityContextHolder.clearContext();
    }

         * @param authentication the {@link Authentication} to save
         * @param request the {@link HttpServletRequest} to use
         */
        final void save(Authentication authentication,
                HttpServletRequest request) {
            SecurityContext securityContext = SecurityContextHolder
                    .createEmptyContext();
            securityContext.setAuthentication(authentication);
            save(securityContext, request);
        }

            private TestSecurityContextRepository(SecurityContextRepository delegate) {
                this.delegate = delegate;
            }

            public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
                SecurityContext result = getContext(requestResponseHolder.getRequest());
                // always load from the delegate to ensure the request/response in the holder are updated
                // remember the SecurityContextRepository is used in many different locations
                SecurityContext delegateResult = delegate.loadContext(requestResponseHolder);
                return result == null ? delegateResult : result;
            }

            this.authentication = authentication;
        }

        public MockHttpServletRequest postProcessRequest(
                MockHttpServletRequest request) {
            SecurityContext context = SecurityContextHolder.getContext();
            context.setAuthentication(authentication);
            save(authentication, request);
            return request;
        }

    public void sessionIsntCreatedIfContextDoesntChange() throws Exception {
        HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
        MockHttpServletRequest request = new MockHttpServletRequest();
        MockHttpServletResponse response = new MockHttpServletResponse();
        HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
        SecurityContext context = repo.loadContext(holder);
        assertNull(request.getSession(false));
        repo.saveContext(context, holder.getRequest(), holder.getResponse());
        assertNull(request.getSession(false));
    }