Search in sources :

Example 66 with ServerHttpRequest

use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-cloud-gateway by spring-cloud.

the class XForwardedHeadersFilter method filter.

@Override
public HttpHeaders filter(HttpHeaders input, ServerWebExchange exchange) {
    ServerHttpRequest request = exchange.getRequest();
    HttpHeaders original = input;
    HttpHeaders updated = new HttpHeaders();
    original.entrySet().stream().forEach(entry -> updated.addAll(entry.getKey(), entry.getValue()));
    if (isForEnabled()) {
        String remoteAddr = request.getRemoteAddress().getAddress().getHostAddress();
        List<String> xforwarded = original.get(X_FORWARDED_FOR_HEADER);
        // prevent duplicates
        if (remoteAddr != null && (xforwarded == null || !xforwarded.contains(remoteAddr))) {
            write(updated, X_FORWARDED_FOR_HEADER, remoteAddr, isForAppend());
        }
    }
    String proto = request.getURI().getScheme();
    if (isProtoEnabled()) {
        write(updated, X_FORWARDED_PROTO_HEADER, proto, isProtoAppend());
    }
    if (isPortEnabled()) {
        String port = String.valueOf(request.getURI().getPort());
        if (request.getURI().getPort() < 0) {
            port = String.valueOf(getDefaultPort(proto));
        }
        write(updated, X_FORWARDED_PORT_HEADER, port, isPortAppend());
    }
    if (isHostEnabled()) {
        String host = toHostHeader(request);
        write(updated, X_FORWARDED_HOST_HEADER, host, isHostAppend());
    }
    return updated;
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest)

Example 67 with ServerHttpRequest

use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.

the class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests method getBody.

private static String getBody(ClientRequest request) {
    final List<HttpMessageWriter<?>> messageWriters = new ArrayList<>();
    messageWriters.add(new EncoderHttpMessageWriter<>(new ByteBufferEncoder()));
    messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.textPlainOnly()));
    messageWriters.add(new ResourceHttpMessageWriter());
    Jackson2JsonEncoder jsonEncoder = new Jackson2JsonEncoder();
    messageWriters.add(new EncoderHttpMessageWriter<>(jsonEncoder));
    messageWriters.add(new ServerSentEventHttpMessageWriter(jsonEncoder));
    messageWriters.add(new FormHttpMessageWriter());
    messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.allMimeTypes()));
    messageWriters.add(new MultipartHttpMessageWriter(messageWriters));
    BodyInserter.Context context = new BodyInserter.Context() {

        @Override
        public List<HttpMessageWriter<?>> messageWriters() {
            return messageWriters;
        }

        @Override
        public Optional<ServerHttpRequest> serverRequest() {
            return Optional.empty();
        }

        @Override
        public Map<String, Object> hints() {
            return new HashMap<>();
        }
    };
    MockClientHttpRequest body = new MockClientHttpRequest(HttpMethod.GET, "/");
    request.body().insert(body, context).block();
    return body.getBodyAsString().block();
}
Also used : ByteBufferEncoder(org.springframework.core.codec.ByteBufferEncoder) Context(reactor.util.context.Context) OAuth2AuthorizationContext(org.springframework.security.oauth2.client.OAuth2AuthorizationContext) FormHttpMessageWriter(org.springframework.http.codec.FormHttpMessageWriter) HttpMessageWriter(org.springframework.http.codec.HttpMessageWriter) ServerSentEventHttpMessageWriter(org.springframework.http.codec.ServerSentEventHttpMessageWriter) MultipartHttpMessageWriter(org.springframework.http.codec.multipart.MultipartHttpMessageWriter) ResourceHttpMessageWriter(org.springframework.http.codec.ResourceHttpMessageWriter) EncoderHttpMessageWriter(org.springframework.http.codec.EncoderHttpMessageWriter) HashMap(java.util.HashMap) ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest) ArrayList(java.util.ArrayList) ServerSentEventHttpMessageWriter(org.springframework.http.codec.ServerSentEventHttpMessageWriter) MockClientHttpRequest(org.springframework.mock.http.client.reactive.MockClientHttpRequest) BodyInserter(org.springframework.web.reactive.function.BodyInserter) Jackson2JsonEncoder(org.springframework.http.codec.json.Jackson2JsonEncoder) ResourceHttpMessageWriter(org.springframework.http.codec.ResourceHttpMessageWriter) FormHttpMessageWriter(org.springframework.http.codec.FormHttpMessageWriter) MultipartHttpMessageWriter(org.springframework.http.codec.multipart.MultipartHttpMessageWriter)

Example 68 with ServerHttpRequest

use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.

the class WebSessionOAuth2ServerAuthorizationRequestRepositoryDoNotAllowMultipleAuthorizationRequestsTests method loadAuthorizationRequestWhenMultipleSavedThenReturnLastAuthorizationRequest.

// gh-5145
@Test
public void loadAuthorizationRequestWhenMultipleSavedThenReturnLastAuthorizationRequest() {
    // @formatter:off
    String state1 = "state-1122";
    OAuth2AuthorizationRequest authorizationRequest1 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state1).build();
    StepVerifier.create(this.repository.saveAuthorizationRequest(authorizationRequest1, this.exchange)).verifyComplete();
    String state2 = "state-3344";
    OAuth2AuthorizationRequest authorizationRequest2 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state2).build();
    StepVerifier.create(this.repository.saveAuthorizationRequest(authorizationRequest2, this.exchange)).verifyComplete();
    String state3 = "state-5566";
    OAuth2AuthorizationRequest authorizationRequest3 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state3).build();
    StepVerifier.create(this.repository.saveAuthorizationRequest(authorizationRequest3, this.exchange)).verifyComplete();
    ServerHttpRequest newRequest1 = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state1).build();
    ServerWebExchange newExchange1 = this.exchange.mutate().request(newRequest1).build();
    StepVerifier.create(this.repository.loadAuthorizationRequest(newExchange1)).verifyComplete();
    ServerHttpRequest newRequest2 = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state2).build();
    ServerWebExchange newExchange2 = this.exchange.mutate().request(newRequest2).build();
    StepVerifier.create(this.repository.loadAuthorizationRequest(newExchange2)).verifyComplete();
    ServerHttpRequest newRequest3 = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state3).build();
    ServerWebExchange newExchange3 = this.exchange.mutate().request(newRequest3).build();
    StepVerifier.create(this.repository.loadAuthorizationRequest(newExchange3)).expectNext(authorizationRequest3).verifyComplete();
// @formatter:on
}
Also used : DefaultServerWebExchange(org.springframework.web.server.adapter.DefaultServerWebExchange) ServerWebExchange(org.springframework.web.server.ServerWebExchange) MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest) ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) Test(org.junit.jupiter.api.Test)

Example 69 with ServerHttpRequest

use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.

the class ServerRequestCacheWebFilterTests method filterWhenRequestMatchesThenRequestUpdated.

@Test
public void filterWhenRequestMatchesThenRequestUpdated() {
    ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
    ServerHttpRequest savedRequest = MockServerHttpRequest.get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML.getType()).build();
    given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.just(savedRequest));
    this.requestCacheFilter.filter(exchange, this.chain).block();
    verify(this.chain).filter(this.exchangeCaptor.capture());
    ServerWebExchange updatedExchange = this.exchangeCaptor.getValue();
    assertThat(updatedExchange.getRequest()).isEqualTo(savedRequest);
}
Also used : ServerWebExchange(org.springframework.web.server.ServerWebExchange) MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest) ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest) Test(org.junit.jupiter.api.Test)

Example 70 with ServerHttpRequest

use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.

the class ServerHttpBasicAuthenticationConverter method apply.

@Override
@Deprecated
public Mono<Authentication> apply(ServerWebExchange exchange) {
    ServerHttpRequest request = exchange.getRequest();
    String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
    if (!StringUtils.startsWithIgnoreCase(authorization, "basic ")) {
        return Mono.empty();
    }
    String credentials = (authorization.length() <= BASIC.length()) ? "" : authorization.substring(BASIC.length(), authorization.length());
    String decoded = new String(base64Decode(credentials));
    String[] parts = decoded.split(":", 2);
    if (parts.length != 2) {
        return Mono.empty();
    }
    return Mono.just(new UsernamePasswordAuthenticationToken(parts[0], parts[1]));
}
Also used : ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Aggregations

ServerHttpRequest (org.springframework.http.server.reactive.ServerHttpRequest)71 HttpHeaders (org.springframework.http.HttpHeaders)26 Test (org.junit.jupiter.api.Test)25 MockServerHttpRequest (org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest)20 ServerWebExchange (org.springframework.web.server.ServerWebExchange)19 URI (java.net.URI)17 ServerHttpResponse (org.springframework.http.server.reactive.ServerHttpResponse)17 Mono (reactor.core.publisher.Mono)13 MockServerHttpRequest (org.springframework.mock.http.server.reactive.MockServerHttpRequest)10 HandshakeInfo (org.springframework.web.reactive.socket.HandshakeInfo)9 HttpMethod (org.springframework.http.HttpMethod)8 ArrayList (java.util.ArrayList)7 List (java.util.List)6 Map (java.util.Map)6 HttpStatus (org.springframework.http.HttpStatus)6 MediaType (org.springframework.http.MediaType)6 Flux (reactor.core.publisher.Flux)6 Principal (java.security.Principal)5 Collections (java.util.Collections)5 HashMap (java.util.HashMap)5