Polish

Issue gh-13243
spring-projects · Jun 5, 2023 · f782870 · f782870
1 parent 52b87f3
commit f782870
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 3 deletions.
diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationFilter.java
@@ -193,7 +193,7 @@ public class CasAuthenticationFilter extends AbstractAuthenticationProcessingFil
 
 	private AuthenticationFailureHandler proxyFailureHandler = new SimpleUrlAuthenticationFailureHandler();
 
-	private SecurityContextRepository securityContextRepository= new HttpSessionSecurityContextRepository();
+	private SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();
 
 	public CasAuthenticationFilter() {
 		super("/login/cas");
@@ -214,7 +214,7 @@ protected final void successfulAuthentication(HttpServletRequest request, HttpSe
 		SecurityContext context = SecurityContextHolder.createEmptyContext();
 		context.setAuthentication(authResult);
 		SecurityContextHolder.setContext(context);
-		this.securityContextRepository.saveContext(context,request,response);
+		this.securityContextRepository.saveContext(context, request, response);
 		if (this.eventPublisher != null) {
 			this.eventPublisher.publishEvent(new InteractiveAuthenticationSuccessEvent(authResult, this.getClass()));
 		}

diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationFilterTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 
+import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
@@ -31,12 +32,16 @@
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.context.SecurityContextRepository;
+import org.springframework.test.util.ReflectionTestUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -195,4 +200,22 @@ public void testChainNotInvokedForProxyReceptor() throws Exception {
 		verifyNoInteractions(chain);
 	}
 
+	@Test
+	public void successfulAuthenticationWhenProxyRequestThenSavesSecurityContext() throws Exception {
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setParameter(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER, "ticket");
+
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		CasAuthenticationFilter filter = new CasAuthenticationFilter();
+		ServiceProperties serviceProperties = new ServiceProperties();
+		serviceProperties.setAuthenticateAllArtifacts(true);
+		filter.setServiceProperties(serviceProperties);
+
+		SecurityContextRepository securityContextRepository = mock(SecurityContextRepository.class);
+		ReflectionTestUtils.setField(filter, "securityContextRepository", securityContextRepository);
+
+		filter.successfulAuthentication(request, response, new MockFilterChain(), mock(Authentication.class));
+		verify(securityContextRepository).saveContext(any(SecurityContext.class), eq(request), eq(response));
+	}
+
 }