Class TestSecurityContextHolder

java.lang.Object

org.springframework.security.test.context.TestSecurityContextHolder

public final class TestSecurityContextHolder
extends Object

The TestSecurityContextHolder is very similar to SecurityContextHolder, but is necessary for testing. For example, we cannot populate the desired SecurityContext in SecurityContextHolder for web based testing. In a web request, the SecurityContextPersistenceFilter will override the SecurityContextHolder with the value returned by the SecurityContextRepository. At the end of the FilterChain the SecurityContextPersistenceFilter will clear out the SecurityContextHolder. This means if we make multiple web requests, we will not know which SecurityContext to use on subsequent requests. Typical usage is as follows:

• Before a test is executed, the TestSecurityContextHolder is populated. Typically this is done using the WithSecurityContextTestExecutionListener
• The test is ran. When used with MockMvc it is typically used with SecurityMockMvcRequestPostProcessors.testSecurityContext(). Which ensures the SecurityContext from TestSecurityContextHolder is properly populated.
• After the test is executed, the TestSecurityContextHolder and the SecurityContextHolder are cleared out

Since:

4.0

Author:

Rob Winch

Method Summary

Modifier and Type	Method	Description
static void	clearContext()	Clears the SecurityContext from TestSecurityContextHolder and SecurityContextHolder.
static org.springframework.security.core.context.SecurityContext	getContext()	Gets the SecurityContext from TestSecurityContextHolder.
static void	setContext(org.springframework.security.core.context.SecurityContext context)	Sets the SecurityContext on TestSecurityContextHolder and SecurityContextHolder.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

clearContext

public static void clearContext()

Clears the SecurityContext from TestSecurityContextHolder and SecurityContextHolder.

getContext

public static org.springframework.security.core.context.SecurityContext getContext()

Gets the SecurityContext from TestSecurityContextHolder.

Returns:

the SecurityContext from TestSecurityContextHolder.

setContext

public static void setContext(org.springframework.security.core.context.SecurityContext context)

Sets the SecurityContext on TestSecurityContextHolder and SecurityContextHolder.

Parameters:

context - the SecurityContext to use