Add SecurityContextHolderStrategy for Jaas
Issue gh-11060 Issue gh-11061
This commit is contained in:
Josh Cummings
parent
ec1bfa12f0
commit
b316a3217b
|
|
@ -610,7 +610,8 @@ class HttpConfigurationBuilder {
|
||||||
provideJaasApi = DEF_JAAS_API_PROVISION;
|
provideJaasApi = DEF_JAAS_API_PROVISION;
|
||||||
}
|
}
|
||||||
if ("true".equals(provideJaasApi)) {
|
if ("true".equals(provideJaasApi)) {
|
||||||
this.jaasApiFilter = new RootBeanDefinition(JaasApiIntegrationFilter.class);
|
this.jaasApiFilter = BeanDefinitionBuilder.rootBeanDefinition(JaasApiIntegrationFilter.class)
|
||||||
|
.addPropertyValue("securityContextHolderStrategy", this.holderStrategyRef).getBeanDefinition();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,8 @@ import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||||
|
import org.springframework.util.Assert;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* An implementation of {@link LoginModule} that uses a Spring Security
|
* An implementation of {@link LoginModule} that uses a Spring Security
|
||||||
|
|
@ -55,6 +57,9 @@ public class SecurityContextLoginModule implements LoginModule {
|
||||||
|
|
||||||
private static final Log log = LogFactory.getLog(SecurityContextLoginModule.class);
|
private static final Log log = LogFactory.getLog(SecurityContextLoginModule.class);
|
||||||
|
|
||||||
|
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||||
|
.getContextHolderStrategy();
|
||||||
|
|
||||||
private Authentication authen;
|
private Authentication authen;
|
||||||
|
|
||||||
private Subject subject;
|
private Subject subject;
|
||||||
|
|
@ -93,6 +98,17 @@ public class SecurityContextLoginModule implements LoginModule {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the {@link SecurityContextHolderStrategy} to use. The default action is to use
|
||||||
|
* the {@link SecurityContextHolderStrategy} stored in {@link SecurityContextHolder}.
|
||||||
|
*
|
||||||
|
* @since 5.8
|
||||||
|
*/
|
||||||
|
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
|
||||||
|
Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");
|
||||||
|
this.securityContextHolderStrategy = securityContextHolderStrategy;
|
||||||
|
}
|
||||||
|
|
||||||
Authentication getAuthentication() {
|
Authentication getAuthentication() {
|
||||||
return this.authen;
|
return this.authen;
|
||||||
}
|
}
|
||||||
|
|
@ -129,7 +145,7 @@ public class SecurityContextLoginModule implements LoginModule {
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public boolean login() throws LoginException {
|
public boolean login() throws LoginException {
|
||||||
this.authen = SecurityContextHolder.getContext().getAuthentication();
|
this.authen = this.securityContextHolderStrategy.getContext().getAuthentication();
|
||||||
if (this.authen != null) {
|
if (this.authen != null) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -29,9 +29,13 @@ import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||||
|
import org.springframework.security.core.context.SecurityContextImpl;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||||
|
import static org.mockito.BDDMockito.given;
|
||||||
|
import static org.mockito.Mockito.mock;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests SecurityContextLoginModule
|
* Tests SecurityContextLoginModule
|
||||||
|
|
@ -84,6 +88,18 @@ public class SecurityContextLoginModuleTests {
|
||||||
.withFailMessage("Principals should contain the authentication").isTrue();
|
.withFailMessage("Principals should contain the authentication").isTrue();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void loginWhenCustomSecurityContextHolderStrategyThenUses() throws Exception {
|
||||||
|
SecurityContextHolderStrategy securityContextHolderStrategy = mock(SecurityContextHolderStrategy.class);
|
||||||
|
given(securityContextHolderStrategy.getContext()).willReturn(new SecurityContextImpl(this.auth));
|
||||||
|
this.module.setSecurityContextHolderStrategy(securityContextHolderStrategy);
|
||||||
|
assertThat(this.module.login()).as("Login should succeed, there is an authentication set").isTrue();
|
||||||
|
assertThat(this.module.commit()).withFailMessage("The authentication is not null, this should return true")
|
||||||
|
.isTrue();
|
||||||
|
assertThat(this.subject.getPrincipals().contains(this.auth))
|
||||||
|
.withFailMessage("Principals should contain the authentication").isTrue();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testLogout() throws Exception {
|
public void testLogout() throws Exception {
|
||||||
SecurityContextHolder.getContext().setAuthentication(this.auth);
|
SecurityContextHolder.getContext().setAuthentication(this.auth);
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2010-2021 the original author or authors.
|
* Copyright 2010-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
|
@ -32,6 +32,8 @@ import org.springframework.core.log.LogMessage;
|
||||||
import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
|
import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||||
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.web.filter.GenericFilterBean;
|
import org.springframework.web.filter.GenericFilterBean;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -52,6 +54,9 @@ import org.springframework.web.filter.GenericFilterBean;
|
||||||
*/
|
*/
|
||||||
public class JaasApiIntegrationFilter extends GenericFilterBean {
|
public class JaasApiIntegrationFilter extends GenericFilterBean {
|
||||||
|
|
||||||
|
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||||
|
.getContextHolderStrategy();
|
||||||
|
|
||||||
private boolean createEmptySubject;
|
private boolean createEmptySubject;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -114,7 +119,7 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
|
||||||
* available.
|
* available.
|
||||||
*/
|
*/
|
||||||
protected Subject obtainSubject(ServletRequest request) {
|
protected Subject obtainSubject(ServletRequest request) {
|
||||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
Authentication authentication = this.securityContextHolderStrategy.getContext().getAuthentication();
|
||||||
this.logger.debug(LogMessage.format("Attempting to obtainSubject using authentication : %s", authentication));
|
this.logger.debug(LogMessage.format("Attempting to obtainSubject using authentication : %s", authentication));
|
||||||
if (authentication == null) {
|
if (authentication == null) {
|
||||||
return null;
|
return null;
|
||||||
|
|
@ -144,4 +149,15 @@ public class JaasApiIntegrationFilter extends GenericFilterBean {
|
||||||
this.createEmptySubject = createEmptySubject;
|
this.createEmptySubject = createEmptySubject;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the {@link SecurityContextHolderStrategy} to use. The default action is to use
|
||||||
|
* the {@link SecurityContextHolderStrategy} stored in {@link SecurityContextHolder}.
|
||||||
|
*
|
||||||
|
* @since 5.8
|
||||||
|
*/
|
||||||
|
public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy) {
|
||||||
|
Assert.notNull(securityContextHolderStrategy, "securityContextHolderStrategy cannot be null");
|
||||||
|
this.securityContextHolderStrategy = securityContextHolderStrategy;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -48,8 +48,12 @@ import org.springframework.security.authentication.jaas.TestLoginModule;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||||
|
import org.springframework.security.core.context.SecurityContextImpl;
|
||||||
|
|
||||||
import static org.assertj.core.api.Assertions.assertThat;
|
import static org.assertj.core.api.Assertions.assertThat;
|
||||||
|
import static org.mockito.BDDMockito.given;
|
||||||
|
import static org.mockito.Mockito.mock;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests the JaasApiIntegrationFilter.
|
* Tests the JaasApiIntegrationFilter.
|
||||||
|
|
@ -189,6 +193,14 @@ public class JaasApiIntegrationFilterTests {
|
||||||
assertJaasSubjectEquals(new Subject());
|
assertJaasSubjectEquals(new Subject());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void doFilterUsesCustomSecurityContextHolderStrategy() throws Exception {
|
||||||
|
SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
|
||||||
|
given(strategy.getContext()).willReturn(new SecurityContextImpl(this.token));
|
||||||
|
this.filter.setSecurityContextHolderStrategy(strategy);
|
||||||
|
assertJaasSubjectEquals(this.authenticatedSubject);
|
||||||
|
}
|
||||||
|
|
||||||
private void assertJaasSubjectEquals(final Subject expectedValue) throws Exception {
|
private void assertJaasSubjectEquals(final Subject expectedValue) throws Exception {
|
||||||
MockFilterChain chain = new MockFilterChain() {
|
MockFilterChain chain = new MockFilterChain() {
|
||||||
@Override
|
@Override
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue