Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use SecurityContextHolderStrategy for Data

Browse Source 
Issue gh-11060
This commit is contained in:
Josh Cummings 2022-06-21 16:37:26 -06:00
parent 0fee05d023
commit 5de975f4a2
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
data/src/main/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtension.java
View File

@ -27,6 +27,7 @@ import org.springframework.security.authentication.AuthenticationTrustResolverIm
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.util.Assert; import org.springframework.util.Assert;
/** /**
@ -89,6 +90,9 @@ import org.springframework.util.Assert;
*/ */
public class SecurityEvaluationContextExtension implements EvaluationContextExtension { public class SecurityEvaluationContextExtension implements EvaluationContextExtension {
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
.getContextHolderStrategy();
private Authentication authentication; private Authentication authentication;
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
@ -131,11 +135,22 @@ public class SecurityEvaluationContextExtension implements EvaluationContextExte
return root; return root;
} }
/**
* Sets the {@link SecurityContextHolderStrategy} to use. The default action is to use
* the {@link SecurityContextHolderStrategy} stored in {@link SecurityContextHolder}.
*
* @since 5.8
*/
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");
this.securityContextHolderStrategy = securityContextHolderStrategy;
}
private Authentication getAuthentication() { private Authentication getAuthentication() {
if (this.authentication != null) { if (this.authentication != null) {
return this.authentication; return this.authentication;
} }
SecurityContext context = SecurityContextHolder.getContext(); SecurityContext context = this.securityContextHolderStrategy.getContext();
return context.getAuthentication(); return context.getAuthentication();
} }

15
data/src/test/java/org/springframework/security/data/repository/query/SecurityEvaluationContextExtensionTests.java
View File

@ -29,9 +29,14 @@ import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl; import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.core.context.SecurityContextImpl;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
public class SecurityEvaluationContextExtensionTests { public class SecurityEvaluationContextExtensionTests {
@ -59,6 +64,16 @@ public class SecurityEvaluationContextExtensionTests {
assertThat(getRoot().getAuthentication()).isSameAs(authentication); assertThat(getRoot().getAuthentication()).isSameAs(authentication);
} }
@Test
public void getRootObjectUseSecurityContextHolderStrategy() {
TestingAuthenticationToken authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
given(strategy.getContext()).willReturn(new SecurityContextImpl(authentication));
this.securityExtension.setSecurityContextHolderStrategy(strategy);
assertThat(getRoot().getAuthentication()).isSameAs(authentication);
verify(strategy).getContext();
}
@Test @Test
public void getRootObjectExplicitAuthenticationOverridesSecurityContextHolder() { public void getRootObjectExplicitAuthenticationOverridesSecurityContextHolder() {
TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT"); TestingAuthenticationToken explicit = new TestingAuthenticationToken("explicit", "password", "ROLE_EXPLICIT");