SEC-1998: Async tests with SecurityContextHolderAwareReqeustFilter

2012-12-11 13:48:20 -06:00 · 2012-12-11 13:48:20 -06:00 · 9c4563285e
parent c8d45397fe
commit 9c4563285e
2 changed files with 71 additions and 0 deletions
--- a/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
+++ b/web/src/main/java/org/springframework/security/web/servletapi/HttpServlet3RequestFactory.java
@ -140,6 +140,11 @@ final class HttpServlet3RequestFactory implements HttpServletRequestFactory {
            this.response = response;
        }

+        public AsyncContext getAsyncContext() {
+            AsyncContext asyncContext = super.getAsyncContext();
+            return new SecurityContextAsyncContext(asyncContext);
+        }
+
        public AsyncContext startAsync() {
            AsyncContext startAsync = super.startAsync();
            return new SecurityContextAsyncContext(startAsync);
--- a/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilterTests.java
@ -248,6 +248,72 @@ public class SecurityContextHolderAwareRequestFilterTests {
        verifyZeroInteractions(authenticationEntryPoint, authenticationManager, logoutHandler);
    }

+    @Test
+    public void getAsyncContextStart() throws Exception {
+        ArgumentCaptor<Runnable> runnableCaptor = ArgumentCaptor.forClass(Runnable.class);
+        SecurityContext context = SecurityContextHolder.createEmptyContext();
+        TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password","ROLE_USER");
+        context.setAuthentication(expectedAuth);
+        SecurityContextHolder.setContext(context);
+        AsyncContext asyncContext = mock(AsyncContext.class);
+        when(request.getAsyncContext()).thenReturn(asyncContext);
+        Runnable runnable = new Runnable() {
+            public void run() {}
+        };
+
+        wrappedRequest().getAsyncContext().start(runnable);
+
+        verifyZeroInteractions(authenticationManager, logoutHandler);
+        verify(asyncContext).start(runnableCaptor.capture());
+        DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor.getValue();
+        assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class)).isEqualTo(context);
+        assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, Runnable.class)).isEqualTo(runnable);
+    }
+
+    @Test
+    public void startAsyncStart() throws Exception {
+        ArgumentCaptor<Runnable> runnableCaptor = ArgumentCaptor.forClass(Runnable.class);
+        SecurityContext context = SecurityContextHolder.createEmptyContext();
+        TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password","ROLE_USER");
+        context.setAuthentication(expectedAuth);
+        SecurityContextHolder.setContext(context);
+        AsyncContext asyncContext = mock(AsyncContext.class);
+        when(request.startAsync()).thenReturn(asyncContext);
+        Runnable runnable = new Runnable() {
+            public void run() {}
+        };
+
+        wrappedRequest().startAsync().start(runnable);
+
+        verifyZeroInteractions(authenticationManager, logoutHandler);
+        verify(asyncContext).start(runnableCaptor.capture());
+        DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor.getValue();
+        assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class)).isEqualTo(context);
+        assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, Runnable.class)).isEqualTo(runnable);
+    }
+
+    @Test
+    public void startAsyncWithRequestResponseStart() throws Exception {
+        ArgumentCaptor<Runnable> runnableCaptor = ArgumentCaptor.forClass(Runnable.class);
+        SecurityContext context = SecurityContextHolder.createEmptyContext();
+        TestingAuthenticationToken expectedAuth = new TestingAuthenticationToken("user", "password","ROLE_USER");
+        context.setAuthentication(expectedAuth);
+        SecurityContextHolder.setContext(context);
+        AsyncContext asyncContext = mock(AsyncContext.class);
+        when(request.startAsync(request,response)).thenReturn(asyncContext);
+        Runnable runnable = new Runnable() {
+            public void run() {}
+        };
+
+        wrappedRequest().startAsync(request, response).start(runnable);
+
+        verifyZeroInteractions(authenticationManager, logoutHandler);
+        verify(asyncContext).start(runnableCaptor.capture());
+        DelegatingSecurityContextRunnable wrappedRunnable = (DelegatingSecurityContextRunnable) runnableCaptor.getValue();
+        assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, SecurityContext.class)).isEqualTo(context);
+        assertThat(WhiteboxImpl.getInternalState(wrappedRunnable, Runnable.class)).isEqualTo(runnable);
+    }
+
    private HttpServletRequest wrappedRequest() throws Exception {
        filter.doFilter(request, response, filterChain);
        verify(filterChain).doFilter(requestCaptor.capture(), any(HttpServletResponse.class));