Automatically Index SecurityContext

Fixes spring-projectsgh-266

samples/findbyusername/src/main/java/sample/config/SecurityConfig.java

@@ -20,26 +20,18 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
-
-import sample.session.CompositeAuthenticationSuccessHandler;
-import sample.session.SpringSessionPrincipalNameSuccessHandler;
 
 /**
  * @author Rob Winch
  */
-
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	// tag::config[]
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		CompositeAuthenticationSuccessHandler successHandler = createHandler();
-
 		http
 			.formLogin()
-				.successHandler(successHandler)
 				.loginPage("/login")
 				.permitAll()
 				.and()
@@ -52,19 +44,6 @@ protected void configure(HttpSecurity http) throws Exception {
 	}
 	// end::config[]
 
-	// tag::handler[]
-	private CompositeAuthenticationSuccessHandler createHandler() {
-		SpringSessionPrincipalNameSuccessHandler setUsernameHandler =
-				new SpringSessionPrincipalNameSuccessHandler();
-		SavedRequestAwareAuthenticationSuccessHandler defaultHandler =
-				new SavedRequestAwareAuthenticationSuccessHandler();
-
-		CompositeAuthenticationSuccessHandler successHandler =
-				new CompositeAuthenticationSuccessHandler(setUsernameHandler, defaultHandler);
-		return successHandler;
-	}
-	// end::handler[]
-
 	@Autowired
 	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
 		auth

spring-session/src/integration-test/java/org/springframework/session/data/gemfire/GemFireOperationsSessionRepositoryIntegrationTests.java

@@ -24,12 +24,17 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.UUID;
 
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.context.annotation.Bean;
 import org.springframework.data.gemfire.CacheFactoryBean;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.session.ExpiringSession;
 import org.springframework.session.FindByIndexNameSessionRepository;
 import org.springframework.session.data.gemfire.config.annotation.web.http.EnableGemFireHttpSession;
@@ -67,14 +72,25 @@
 @ContextConfiguration
 @WebAppConfiguration
 public class GemFireOperationsSessionRepositoryIntegrationTests extends AbstractGemFireIntegrationTests {
+	private static final String SPRING_SECURITY_CONTEXT = "SPRING_SECURITY_CONTEXT";
 
 	private static final int MAX_INACTIVE_INTERVAL_IN_SECONDS = 300;
 
 	private static final String GEMFIRE_LOG_LEVEL = "warning";
 	private static final String SPRING_SESSION_GEMFIRE_REGION_NAME = "TestPartitionedSessions";
 
+	SecurityContext context;
+
+	SecurityContext changedContext;
+
 	@Before
 	public void setup() {
+		context = SecurityContextHolder.createEmptyContext();
+		context.setAuthentication(new UsernamePasswordAuthenticationToken("username-"+UUID.randomUUID(), "na", AuthorityUtils.createAuthorityList("ROLE_USER")));
+
+		changedContext = SecurityContextHolder.createEmptyContext();
+		changedContext.setAuthentication(new UsernamePasswordAuthenticationToken("changedContext-"+UUID.randomUUID(), "na", AuthorityUtils.createAuthorityList("ROLE_USER")));
+
 		assertThat(gemfireCache).isNotNull();
 		assertThat(gemfireSessionRepository).isNotNull();
 		assertThat(gemfireSessionRepository.getMaxInactiveIntervalInSeconds()).isEqualTo(
@@ -159,6 +175,34 @@ public void findSessionsByPrincipalName() {
 		assertThat(robWinchSessions.get(sessionFive.getId())).isEqualTo(sessionFive);
 	}
 
+	@Test
+	public void findSessionsBySecurityPrincipalName() {
+		ExpiringSession toSave = this.gemfireSessionRepository.createSession();
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, context);
+
+		save(toSave);
+
+		Map<String, ExpiringSession> findByPrincipalName = doFindByPrincipalName(getSecurityName());
+		assertThat(findByPrincipalName).hasSize(1);
+		assertThat(findByPrincipalName.keySet()).containsOnly(toSave.getId());
+	}
+
+	@Test
+	public void findSessionsByChangedSecurityPrincipalName() {
+		ExpiringSession toSave = this.gemfireSessionRepository.createSession();
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, context);
+		save(toSave);
+
+		toSave.setAttribute(SPRING_SECURITY_CONTEXT, changedContext);
+		save(toSave);
+
+		Map<String, ExpiringSession> findByPrincipalName = doFindByPrincipalName(getSecurityName());
+		assertThat(findByPrincipalName).isEmpty();
+
+		findByPrincipalName = doFindByPrincipalName(getChangedSecurityName());
+		assertThat(findByPrincipalName).hasSize(1);
+	}
+
 	@Test
 	public void findsNoSessionsByNonExistingPrincipal() {
 		Map<String, ExpiringSession> nonExistingPrincipalSessions = doFindByPrincipalName("nonExistingPrincipalName");
@@ -217,6 +261,14 @@ public void saveAndReadSessionWithAttributes() {
 		assertThat(savedSession.getAttribute(expectedAttributeNames.get(3))).isEqualTo(jonDoe);
 	}
 
+	private String getSecurityName() {
+		return context.getAuthentication().getName();
+	}
+
+	private String getChangedSecurityName() {
+		return changedContext.getAuthentication().getName();
+	}
+
 	@EnableGemFireHttpSession(regionName = SPRING_SESSION_GEMFIRE_REGION_NAME,
 		maxInactiveIntervalInSeconds = MAX_INACTIVE_INTERVAL_IN_SECONDS)
 	static class SpringSessionGemFireConfiguration {