事实证明,作为
SecurityContextPersistenceFilterSpring Security过滤器链的一部分的,始终会重置
my SecurityContext,而我会设置调用
SecurityContextHolder.getContext().setAuthentication(principal)(或使用
.principal(principal)方法)。该过滤器设置
SecurityContext在
SecurityContextHolder同一个
SecurityContext从
SecurityContextRepository覆盖一个我先前设置。HttpSessionSecurityContextRepository默认情况下,该存储库为。被
HttpSessionSecurityContextRepository检查的给定HttpRequest并尝试访问相应的HttpSession。如果它存在,它会尝试读取
SecurityContext距离
HttpSession。如果失败,则存储库将生成一个
empty SecurityContext。
因此,我的解决方案是将
HttpSession连同请求一起传递,其中包含
SecurityContext:
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;import org.junit.Test;import org.springframework.mock.web.MockHttpSession;import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;import org.springframework.security.core.context.SecurityContextHolder;import org.springframework.security.web.context.HttpSessionSecurityContextRepository;import eu.ubicon.webapp.test.WebappTestEnvironment;public class Test extends WebappTestEnvironment { public static class MockSecurityContext implements SecurityContext { private static final long serialVersionUID = -1386535243513362694L; private Authentication authentication; public MockSecurityContext(Authentication authentication) { this.authentication = authentication; } @Override public Authentication getAuthentication() { return this.authentication; } @Override public void setAuthentication(Authentication authentication) { this.authentication = authentication; } } @Test public void signedIn() throws Exception {
