diff --git a/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinAwareSecurityContextHolderStrategy.java b/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinAwareSecurityContextHolderStrategy.java index 7763a5fd9..df3e13934 100644 --- a/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinAwareSecurityContextHolderStrategy.java +++ b/vaadin-spring/src/main/java/com/vaadin/flow/spring/security/VaadinAwareSecurityContextHolderStrategy.java @@ -54,7 +54,7 @@ public SecurityContext getContext() { * the current request. */ SecurityContext context = getFromVaadinSession() - .orElseGet(() -> contextHolder.get()); + .orElseGet(contextHolder::get); if (context == null) { context = createEmptyContext(); contextHolder.set(context); @@ -65,7 +65,7 @@ public SecurityContext getContext() { @NonNull private Optional getFromVaadinSession() { VaadinSession session = VaadinSession.getCurrent(); - if (session == null) { + if (session == null || session.getSession() == null) { return Optional.empty(); } Object securityContext = session.getSession().getAttribute( diff --git a/vaadin-spring/src/test/java/com/vaadin/flow/spring/security/VaadinAwareSecurityContextHolderStrategyTest.java b/vaadin-spring/src/test/java/com/vaadin/flow/spring/security/VaadinAwareSecurityContextHolderStrategyTest.java new file mode 100644 index 000000000..a007f2fce --- /dev/null +++ b/vaadin-spring/src/test/java/com/vaadin/flow/spring/security/VaadinAwareSecurityContextHolderStrategyTest.java @@ -0,0 +1,64 @@ +package com.vaadin.flow.spring.security; + +import javax.servlet.http.HttpSession; + +import com.vaadin.flow.internal.CurrentInstance; +import com.vaadin.flow.server.VaadinSession; +import com.vaadin.flow.server.WrappedHttpSession; +import com.vaadin.flow.server.WrappedSession; + +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.web.context.HttpSessionSecurityContextRepository; + +public class VaadinAwareSecurityContextHolderStrategyTest { + + private VaadinAwareSecurityContextHolderStrategy vaadinAwareSecurityContextHolderStrategy; + + @Before + public void setup() { + vaadinAwareSecurityContextHolderStrategy = new VaadinAwareSecurityContextHolderStrategy(); + CurrentInstance.clearAll(); + } + + @After + public void teardown() { + CurrentInstance.clearAll(); + } + + @Test + public void currentSessionOverrides() { + VaadinSession vaadinSession = Mockito.mock(VaadinSession.class); + HttpSession httpSession = Mockito.mock(HttpSession.class); + Mockito.when(vaadinSession.getSession()).thenReturn(new WrappedHttpSession(httpSession)); + SecurityContext securityContext = Mockito.mock(SecurityContext.class); + Mockito.when(httpSession.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)) + .thenReturn(securityContext); + VaadinSession.setCurrent(vaadinSession); + + vaadinAwareSecurityContextHolderStrategy.setContext(Mockito.mock(SecurityContext.class)); + Assert.assertEquals(securityContext, vaadinAwareSecurityContextHolderStrategy.getContext()); + } + + @Test + public void detachedSessionWorks() { + VaadinSession vaadinSession = Mockito.mock(VaadinSession.class); + Mockito.when(vaadinSession.getSession()).thenReturn(null); + VaadinSession.setCurrent(vaadinSession); + + SecurityContext explicit = Mockito.mock(SecurityContext.class); + vaadinAwareSecurityContextHolderStrategy.setContext(explicit); + Assert.assertEquals(explicit, vaadinAwareSecurityContextHolderStrategy.getContext()); + } + + @Test + public void explicitUsedWhenNoSessionAvailable() { + SecurityContext explicit = Mockito.mock(SecurityContext.class); + vaadinAwareSecurityContextHolderStrategy.setContext(explicit); + Assert.assertEquals(explicit, vaadinAwareSecurityContextHolderStrategy.getContext()); + } +}