#378 - AuthenticationManagement now allows to update the authentication.

Introduced AuthenticationManagement.updateAuthentication(…) so that changes to the role arrangement of a user can be made effective immediately. The implementation updates SpringSecurity's Authentication to the UserAccount given.
st-tu-dresden · Dec 6, 2021 · b97514c · b97514c
1 parent f2cebf3
commit b97514c
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 1 deletion.
diff --git a/src/main/java/org/salespointframework/useraccount/AuthenticationManagement.java b/src/main/java/org/salespointframework/useraccount/AuthenticationManagement.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2020 the original author or authors.
+ * Copyright 2017-2021 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -45,4 +45,12 @@ public interface AuthenticationManagement {
 	 * @return
 	 */
 	boolean matches(UnencryptedPassword candidate, EncryptedPassword existing);
+
+	/**
+	 * Updates the current authentication to the given {@link UserAccount}.
+	 *
+	 * @param account must not be {@literal null}.
+	 * @since 7.5
+	 */
+	void updateAuthentication(UserAccount account);
 }
diff --git a/...main/java/org/salespointframework/useraccount/SpringSecurityAuthenticationManagement.java b/...main/java/org/salespointframework/useraccount/SpringSecurityAuthenticationManagement.java
@@ -27,6 +27,7 @@
 import org.salespointframework.useraccount.Password.EncryptedPassword;
 import org.salespointframework.useraccount.Password.UnencryptedPassword;
 import org.salespointframework.useraccount.UserAccount.UserAccountIdentifier;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -79,6 +80,19 @@ public boolean matches(UnencryptedPassword candidate, EncryptedPassword existing
 				orElse(false);
 	}
 
+	/*
+	 * (non-Javadoc)
+	 * @see org.salespointframework.useraccount.AuthenticationManagement#updateAuthentication(org.salespointframework.useraccount.UserAccount)
+	 */
+	@Override
+	public void updateAuthentication(UserAccount account) {
+
+		var details = new UserAccountDetails(account);
+		var token = new UsernamePasswordAuthenticationToken(details, details.getPassword(), details.getAuthorities());
+
+		SecurityContextHolder.getContext().setAuthentication(token);
+	}
+
 	/*
 	 * (non-Javadoc)
 	 * @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)

diff --git a/...ava/org/salespointframework/useraccount/SpringSecurityAuthenticationManagerUnitTests.java b/...ava/org/salespointframework/useraccount/SpringSecurityAuthenticationManagerUnitTests.java
@@ -131,6 +131,21 @@ void exposesRolesAsRoleUnderscorePrefixedAuthorities() {
 				.allMatch(it -> it.getAuthority().startsWith("ROLE_"));
 	}
 
+	@Test // #379
+	void updatesAuthentication() {
+
+		assertThat(authenticationManager.getCurrentUser()).isEmpty();
+
+		var identifier = UserAccountIdentifier.of("4711");
+		var account = new UserAccount(identifier, EncryptedPassword.of("encrypted"), Role.of("ADMIN"));
+
+		doReturn(Optional.of(account)).when(repository).findById(identifier);
+
+		authenticationManager.updateAuthentication(account);
+
+		assertThat(authenticationManager.getCurrentUser()).hasValue(account);
+	}
+
 	private static void authenticate(UserAccount account) {
 
 		UserAccountDetails accountDetails = new UserAccountDetails(account);