TestSecurityContextHolder (spring-security-docs 6.4.12 API)

java.lang.Object

org.springframework.security.test.context.TestSecurityContextHolder

public final class TestSecurityContextHolder extends Object

The TestSecurityContextHolder is very similar to SecurityContextHolder, but is necessary for testing. For example, we cannot populate the desired SecurityContext in SecurityContextHolder for web based testing. In a web request, the SecurityContextPersistenceFilter will override the SecurityContextHolder with the value returned by the SecurityContextRepository. At the end of the FilterChain the SecurityContextPersistenceFilter will clear out the SecurityContextHolder. This means if we make multiple web requests, we will not know which SecurityContext to use on subsequent requests. Typical usage is as follows:

Before a test is executed, the TestSecurityContextHolder is populated. Typically this is done using the WithSecurityContextTestExecutionListener
The test is ran. When used with MockMvc it is typically used with SecurityMockMvcRequestPostProcessors.testSecurityContext(). Which ensures the SecurityContext from TestSecurityContextHolder is properly populated.
After the test is executed, the TestSecurityContextHolder and the SecurityContextHolder are cleared out

Since:: 4.0

Method Summary

Modifier and Type

Method

Description

static void

clearContext()

Clears the SecurityContext from TestSecurityContextHolder and SecurityContextHolder.

static SecurityContext

getContext()

Gets the SecurityContext from TestSecurityContextHolder.

static void

setAuthentication(Authentication authentication)

Creates a new SecurityContext with the given Authentication.

static void

setContext(SecurityContext context)

Sets the SecurityContext on TestSecurityContextHolder and SecurityContextHolder.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- clearContext
  
  public static void clearContext()
  
  Clears the SecurityContext from TestSecurityContextHolder and SecurityContextHolder.
- getContext
  
  public static SecurityContext getContext()
  
  Gets the SecurityContext from TestSecurityContextHolder.
  
  Returns:
  
  the SecurityContext from TestSecurityContextHolder.
- setContext
  
  public static void setContext(SecurityContext context)
  
  Sets the SecurityContext on TestSecurityContextHolder and SecurityContextHolder.
  
  Parameters:
  
  context - the SecurityContext to use
- setAuthentication
  
  public static void setAuthentication(Authentication authentication)
  
  Creates a new SecurityContext with the given Authentication. The SecurityContext is set on TestSecurityContextHolder and SecurityContextHolder.
  
  Parameters:
  
  authentication - the Authentication to use
  
  Since:
  
  5.1.1