Interface SecurityContextHandler

  • All Implemented Interfaces:

    
    public interface SecurityContextHandler<C>
    
                        

    Abstracts per-user security context management for multi-user testing.

    Framework modules (Spring, Quarkus) provide implementations that bridge their security infrastructure (e.g. Spring's SecurityContextHolder, Quarkus's CurrentIdentityAssociation) with the browserless multi-user context hierarchy.

    Implementations must be thread-safe with respect to the thread-local security state they manage.

    Since:

    1.1

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
    • Field Summary

      Fields 
      Modifier and Type Field Description
    • Constructor Summary

      Constructors 
      Constructor Description
    • Enum Constant Summary

      Enum Constants 
      Enum Constant Description
    • Method Summary

      Modifier and Type Method Description
      abstract void setupAuthentication(C credentials) Sets up authentication for a new user from the given credentials.
      abstract Object saveContext() Captures the current thread's security context as an opaque snapshot.
      abstract void restoreContext(Object snapshot) Restores a previously saved security context snapshot onto the current thread.
      abstract void clearContext() Clears the security context from the current thread.
      C createCredentials(String username, Array<String> roles) Builds framework-specific credentials for the given username and roles.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

    • Method Detail

      • setupAuthentication

         abstract void setupAuthentication(C credentials)

        Sets up authentication for a new user from the given credentials.

        The type parameter C is determined by the framework implementation. For example, Spring uses org.springframework.security.core.Authentication and Quarkus uses io.quarkus.security.identity.SecurityIdentity.

        Implementations must accept null credentials and produce an anonymous-equivalent state — e.g. Spring sets an AnonymousAuthenticationToken, mirroring @WithAnonymousUser. clearContext is invoked immediately before this method so that earlier state cannot leak through.

        Parameters:
        credentials - framework-specific credentials object, or null for an anonymous user
      • saveContext

         abstract Object saveContext()

        Captures the current thread's security context as an opaque snapshot.

        Called automatically when switching away from a user context to preserve its security state.

        Returns:

        an opaque snapshot of the current security context, or null if no security context is active

      • restoreContext

         abstract void restoreContext(Object snapshot)

        Restores a previously saved security context snapshot onto the current thread.

        Parameters:
        snapshot - a snapshot previously returned by saveContext, or null to clear the context
      • clearContext

         abstract void clearContext()

        Clears the security context from the current thread.

      • createCredentials

         C createCredentials(String username, Array<String> roles)

        Builds framework-specific credentials for the given username and roles.

        Used by newUser so tests can authenticate a user without writing the framework-specific boilerplate. Spring's implementation produces a UsernamePasswordAuthenticationToken carrying a User principal (mirroring @WithMockUser); Quarkus's implementation produces a QuarkusSecurityIdentity.

        The default implementation throws UnsupportedOperationException — handlers that don't have a natural mapping from username + roles to C can simply leave it unimplemented; callers must then use newUser(C credentials) directly.

        Parameters:
        username - the username
        roles - the roles for the user; never null, may be empty
        Returns:

        the credentials, never null