Package com.vaadin.browserless

Class SpringSecurityContextHandler

java.lang.Object
com.vaadin.browserless.SpringSecurityContextHandler
All Implemented Interfaces:
SecurityContextHandler<org.springframework.security.core.Authentication>
public class SpringSecurityContextHandler extends Object implements SecurityContextHandler<org.springframework.security.core.Authentication>
Spring Security implementation of SecurityContextHandler.

Manages the thread-local SecurityContext via SecurityContextHolder for multi-user test isolation.

The SecurityContextHandler.setupAuthentication(Object) method expects an Authentication instance as the credentials parameter, or null for an anonymous user — in which case an AnonymousAuthenticationToken is installed (mirroring the behaviour of @WithAnonymousUser).

See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    SpringSecurityContextHandler()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    clearContext()
    Clears the security context from the current thread.
    org.springframework.security.core.Authentication
    createCredentials(String username, String... roles)
    Builds an Authentication for the given username and roles, in the same shape produced by Spring Security's @WithMockUser: a UsernamePasswordAuthenticationToken carrying a User principal whose authorities are the given roles, prefixed with ROLE_ when not already prefixed.
    void
    restoreContext(Object snapshot)
    Restores a previously saved security context snapshot onto the current thread.
    org.springframework.security.core.context.SecurityContext
    saveContext()
    Captures the current thread's security context as an opaque snapshot.
    void
    setupAuthentication(org.springframework.security.core.Authentication credentials)
    Sets up authentication for a new user from the given credentials.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SpringSecurityContextHandler

      public SpringSecurityContextHandler()

  • Method Details

    • setupAuthentication

      public void setupAuthentication(org.springframework.security.core.Authentication credentials)
      Description copied from interface: SecurityContextHandler
      Sets up authentication for a new user from the given credentials.

      The type parameter C is determined by the framework implementation. For example, Spring uses org.springframework.security.core.Authentication and Quarkus uses io.quarkus.security.identity.SecurityIdentity.

      Implementations must accept null credentials and produce an anonymous-equivalent state — e.g. Spring sets an AnonymousAuthenticationToken, mirroring @WithAnonymousUser. SecurityContextHandler.clearContext() is invoked immediately before this method so that earlier state cannot leak through.

      Specified by:
      setupAuthentication in interface SecurityContextHandler<org.springframework.security.core.Authentication>
      Parameters:
      credentials - framework-specific credentials object, or null for an anonymous user

    • saveContext

      public org.springframework.security.core.context.SecurityContext saveContext()
      Description copied from interface: SecurityContextHandler
      Captures the current thread's security context as an opaque snapshot.

      Called automatically when switching away from a user context to preserve its security state.

      Specified by:
      saveContext in interface SecurityContextHandler<org.springframework.security.core.Authentication>
      Returns:
      an opaque snapshot of the current security context, or null if no security context is active

    • restoreContext

      public void restoreContext(Object snapshot)
      Description copied from interface: SecurityContextHandler
      Restores a previously saved security context snapshot onto the current thread.
      Specified by:
      restoreContext in interface SecurityContextHandler<org.springframework.security.core.Authentication>
      Parameters:
      snapshot - a snapshot previously returned by SecurityContextHandler.saveContext(), or null to clear the context

    • clearContext

      public void clearContext()
      Description copied from interface: SecurityContextHandler
      Clears the security context from the current thread.
      Specified by:
      clearContext in interface SecurityContextHandler<org.springframework.security.core.Authentication>

    • createCredentials

      public org.springframework.security.core.Authentication createCredentials(String username, String... roles)
      Builds an Authentication for the given username and roles, in the same shape produced by Spring Security's @WithMockUser: a UsernamePasswordAuthenticationToken carrying a User principal whose authorities are the given roles, prefixed with ROLE_ when not already prefixed.
      Specified by:
      createCredentials in interface SecurityContextHandler<org.springframework.security.core.Authentication>
      Parameters:
      username - the username
      roles - the roles for the user; never null, may be empty
      Returns:
      the credentials, never null