Fix unauthenitcated() and AnonymousAuthenticationToken
Previously if unauthenticated() experienced an AnonymousAuthenticationToken it would not match. This commit ensures that if the user is anonymous (not just null) unauthenticated() works. Fixes gh-3409
This commit is contained in:
Rob Winch
parent
8a28a27225
commit
b2b53f7a81
|
|
@ -18,6 +18,8 @@ package org.springframework.security.test.web.servlet.response;
|
|||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
|
|
@ -229,13 +231,18 @@ public final class SecurityMockMvcResultMatchers {
|
|||
* @author Rob Winch
|
||||
* @since 4.0
|
||||
*/
|
||||
private static final class UnAuthenticatedMatcher extends
|
||||
AuthenticationMatcher<UnAuthenticatedMatcher> {
|
||||
private static final class UnAuthenticatedMatcher
|
||||
extends AuthenticationMatcher<UnAuthenticatedMatcher> {
|
||||
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
|
||||
|
||||
@Override
|
||||
public void match(MvcResult result) throws Exception {
|
||||
SecurityContext context = load(result);
|
||||
|
||||
assertEquals("", null, context.getAuthentication());
|
||||
Authentication authentication = context.getAuthentication();
|
||||
assertTrue("Expected anonymous Authentication got " + context,
|
||||
authentication == null
|
||||
|| this.trustResolver.isAnonymous(authentication));
|
||||
}
|
||||
|
||||
private UnAuthenticatedMatcher() {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,110 @@
|
|||
/*
|
||||
* Copyright 2012-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.test.web.servlet.response;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
||||
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.securityContext;
|
||||
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
|
||||
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
* @since 4.1
|
||||
*/
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@ContextConfiguration
|
||||
@WebAppConfiguration
|
||||
public class Gh3409Tests {
|
||||
|
||||
@Autowired
|
||||
private WebApplicationContext context;
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
// @formatter:off
|
||||
this.mockMvc = MockMvcBuilders
|
||||
.webAppContextSetup(this.context)
|
||||
.apply(springSecurity())
|
||||
.build();
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
// gh-3409
|
||||
@Test
|
||||
public void unauthenticatedAnonymousUser() throws Exception {
|
||||
// @formatter:off
|
||||
this.mockMvc
|
||||
.perform(get("/public/")
|
||||
.with(securityContext(new SecurityContextImpl())));
|
||||
|
||||
this.mockMvc
|
||||
.perform(get("/public/"))
|
||||
.andExpect(unauthenticated());
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Test
|
||||
public void unauthenticatedNullAuthenitcation() throws Exception {
|
||||
// @formatter:off
|
||||
this.mockMvc
|
||||
.perform(get("/")
|
||||
.with(securityContext(new SecurityContextImpl())));
|
||||
|
||||
this.mockMvc
|
||||
.perform(get("/"))
|
||||
.andExpect(unauthenticated());
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
@EnableWebMvc
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
// @formatter:off
|
||||
http
|
||||
.authorizeRequests()
|
||||
.antMatchers("/public/**").permitAll()
|
||||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.formLogin().and()
|
||||
.httpBasic();
|
||||
// @formatter:on
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue