SEC-2942: Add test EnableWebSecurity supports AuthenticationPrincipal

This commit is contained in:
Rob Winch 2015-04-23 16:32:45 -05:00
parent 81055feb82
commit f1352ba492
1 changed files with 60 additions and 2 deletions

View File

@ -13,8 +13,22 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.annotation.web.configuration;
package org.springframework.security.config.annotation.web.configuration
import org.springframework.mock.web.MockServletContext
import org.springframework.security.authentication.TestingAuthenticationToken
import org.springframework.security.core.annotation.AuthenticationPrincipal
import org.springframework.security.core.context.SecurityContext
import org.springframework.security.core.context.SecurityContextImpl
import org.springframework.security.core.userdetails.User
import org.springframework.security.web.context.HttpSessionSecurityContextRepository
import org.springframework.test.context.web.WebAppConfiguration
import org.springframework.web.bind.annotation.RequestMapping
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.mock.web.MockHttpServletRequest
@ -25,7 +39,11 @@ import org.springframework.security.config.annotation.BaseSpringSpec
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter
import org.springframework.security.web.debug.DebugFilter;
import org.springframework.security.web.debug.DebugFilter
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
class EnableWebSecurityTests extends BaseSpringSpec {
@ -82,4 +100,44 @@ class EnableWebSecurityTests extends BaseSpringSpec {
static class DebugSecurityConfig extends WebSecurityConfigurerAdapter {
}
def "SEC-2942: EnableWebSecurity adds AuthenticationPrincipalArgumentResolver"() {
setup:
def username = "test"
context = new AnnotationConfigWebApplicationContext()
context.servletContext = new MockServletContext()
context.register(AuthenticationPrincipalConfig)
context.refresh()
SecurityContext securityContext = new SecurityContextImpl(authentication: new TestingAuthenticationToken(username, "pass", "ROLE_USER"))
MockMvc mockMvc = MockMvcBuilders
.webAppContextSetup(context)
.addFilters(springSecurityFilterChain)
.build()
when:
String body = mockMvc
.perform(get("/").sessionAttr(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, securityContext))
.andReturn().response.contentAsString
then:
body == username
}
@EnableWebSecurity
@EnableWebMvc
@Configuration
static class AuthenticationPrincipalConfig {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
auth.inMemoryAuthentication()
}
@RestController
static class AuthController {
@RequestMapping("/")
String principal(@AuthenticationPrincipal String principal) {
principal
}
}
}
}