Example 66 with ServerHttpRequest
use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-cloud-gateway by spring-cloud.
the class XForwardedHeadersFilter method filter.
@Override
public HttpHeaders filter(HttpHeaders input, ServerWebExchange exchange) {
ServerHttpRequest request = exchange.getRequest();
HttpHeaders original = input;
HttpHeaders updated = new HttpHeaders();
original.entrySet().stream().forEach(entry -> updated.addAll(entry.getKey(), entry.getValue()));
if (isForEnabled()) {
String remoteAddr = request.getRemoteAddress().getAddress().getHostAddress();
List<String> xforwarded = original.get(X_FORWARDED_FOR_HEADER);
// prevent duplicates
if (remoteAddr != null && (xforwarded == null || !xforwarded.contains(remoteAddr))) {
write(updated, X_FORWARDED_FOR_HEADER, remoteAddr, isForAppend());
}
}
String proto = request.getURI().getScheme();
if (isProtoEnabled()) {
write(updated, X_FORWARDED_PROTO_HEADER, proto, isProtoAppend());
}
if (isPortEnabled()) {
String port = String.valueOf(request.getURI().getPort());
if (request.getURI().getPort() < 0) {
port = String.valueOf(getDefaultPort(proto));
}
write(updated, X_FORWARDED_PORT_HEADER, port, isPortAppend());
}
if (isHostEnabled()) {
String host = toHostHeader(request);
write(updated, X_FORWARDED_HOST_HEADER, host, isHostAppend());
}
return updated;
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest)
Example 67 with ServerHttpRequest
use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.
the class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests method getBody.
private static String getBody(ClientRequest request) {
final List<HttpMessageWriter<?>> messageWriters = new ArrayList<>();
messageWriters.add(new EncoderHttpMessageWriter<>(new ByteBufferEncoder()));
messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.textPlainOnly()));
messageWriters.add(new ResourceHttpMessageWriter());
Jackson2JsonEncoder jsonEncoder = new Jackson2JsonEncoder();
messageWriters.add(new EncoderHttpMessageWriter<>(jsonEncoder));
messageWriters.add(new ServerSentEventHttpMessageWriter(jsonEncoder));
messageWriters.add(new FormHttpMessageWriter());
messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.allMimeTypes()));
messageWriters.add(new MultipartHttpMessageWriter(messageWriters));
BodyInserter.Context context = new BodyInserter.Context() {
@Override
public List<HttpMessageWriter<?>> messageWriters() {
return messageWriters;
}
@Override
public Optional<ServerHttpRequest> serverRequest() {
return Optional.empty();
}
@Override
public Map<String, Object> hints() {
return new HashMap<>();
}
};
MockClientHttpRequest body = new MockClientHttpRequest(HttpMethod.GET, "/");
request.body().insert(body, context).block();
return body.getBodyAsString().block();
}
Also used :
ByteBufferEncoder(org.springframework.core.codec.ByteBufferEncoder)
Context(reactor.util.context.Context)
OAuth2AuthorizationContext(org.springframework.security.oauth2.client.OAuth2AuthorizationContext)
FormHttpMessageWriter(org.springframework.http.codec.FormHttpMessageWriter)
HttpMessageWriter(org.springframework.http.codec.HttpMessageWriter)
ServerSentEventHttpMessageWriter(org.springframework.http.codec.ServerSentEventHttpMessageWriter)
MultipartHttpMessageWriter(org.springframework.http.codec.multipart.MultipartHttpMessageWriter)
ResourceHttpMessageWriter(org.springframework.http.codec.ResourceHttpMessageWriter)
EncoderHttpMessageWriter(org.springframework.http.codec.EncoderHttpMessageWriter)
HashMap(java.util.HashMap)
ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest)
ArrayList(java.util.ArrayList)
ServerSentEventHttpMessageWriter(org.springframework.http.codec.ServerSentEventHttpMessageWriter)
MockClientHttpRequest(org.springframework.mock.http.client.reactive.MockClientHttpRequest)
BodyInserter(org.springframework.web.reactive.function.BodyInserter)
Jackson2JsonEncoder(org.springframework.http.codec.json.Jackson2JsonEncoder)
ResourceHttpMessageWriter(org.springframework.http.codec.ResourceHttpMessageWriter)
FormHttpMessageWriter(org.springframework.http.codec.FormHttpMessageWriter)
MultipartHttpMessageWriter(org.springframework.http.codec.multipart.MultipartHttpMessageWriter)
Example 68 with ServerHttpRequest
use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.
the class WebSessionOAuth2ServerAuthorizationRequestRepositoryDoNotAllowMultipleAuthorizationRequestsTests method loadAuthorizationRequestWhenMultipleSavedThenReturnLastAuthorizationRequest.
// gh-5145
@Test
public void loadAuthorizationRequestWhenMultipleSavedThenReturnLastAuthorizationRequest() {
// @formatter:off
String state1 = "state-1122";
OAuth2AuthorizationRequest authorizationRequest1 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state1).build();
StepVerifier.create(this.repository.saveAuthorizationRequest(authorizationRequest1, this.exchange)).verifyComplete();
String state2 = "state-3344";
OAuth2AuthorizationRequest authorizationRequest2 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state2).build();
StepVerifier.create(this.repository.saveAuthorizationRequest(authorizationRequest2, this.exchange)).verifyComplete();
String state3 = "state-5566";
OAuth2AuthorizationRequest authorizationRequest3 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state3).build();
StepVerifier.create(this.repository.saveAuthorizationRequest(authorizationRequest3, this.exchange)).verifyComplete();
ServerHttpRequest newRequest1 = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state1).build();
ServerWebExchange newExchange1 = this.exchange.mutate().request(newRequest1).build();
StepVerifier.create(this.repository.loadAuthorizationRequest(newExchange1)).verifyComplete();
ServerHttpRequest newRequest2 = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state2).build();
ServerWebExchange newExchange2 = this.exchange.mutate().request(newRequest2).build();
StepVerifier.create(this.repository.loadAuthorizationRequest(newExchange2)).verifyComplete();
ServerHttpRequest newRequest3 = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state3).build();
ServerWebExchange newExchange3 = this.exchange.mutate().request(newRequest3).build();
StepVerifier.create(this.repository.loadAuthorizationRequest(newExchange3)).expectNext(authorizationRequest3).verifyComplete();
// @formatter:on
}
Also used :
DefaultServerWebExchange(org.springframework.web.server.adapter.DefaultServerWebExchange)
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest)
ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
Test(org.junit.jupiter.api.Test)
Example 69 with ServerHttpRequest
use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.
the class ServerRequestCacheWebFilterTests method filterWhenRequestMatchesThenRequestUpdated.
@Test
public void filterWhenRequestMatchesThenRequestUpdated() {
ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
ServerHttpRequest savedRequest = MockServerHttpRequest.get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML.getType()).build();
given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.just(savedRequest));
this.requestCacheFilter.filter(exchange, this.chain).block();
verify(this.chain).filter(this.exchangeCaptor.capture());
ServerWebExchange updatedExchange = this.exchangeCaptor.getValue();
assertThat(updatedExchange.getRequest()).isEqualTo(savedRequest);
}
Also used :
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest)
ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest)
Test(org.junit.jupiter.api.Test)
Example 70 with ServerHttpRequest
use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.
the class ServerHttpBasicAuthenticationConverter method apply.
@Override
@Deprecated
public Mono<Authentication> apply(ServerWebExchange exchange) {
ServerHttpRequest request = exchange.getRequest();
String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
if (!StringUtils.startsWithIgnoreCase(authorization, "basic ")) {
return Mono.empty();
}
String credentials = (authorization.length() <= BASIC.length()) ? "" : authorization.substring(BASIC.length(), authorization.length());
String decoded = new String(base64Decode(credentials));
String[] parts = decoded.split(":", 2);
if (parts.length != 2) {
return Mono.empty();
}
return Mono.just(new UsernamePasswordAuthenticationToken(parts[0], parts[1]));
}
Also used :
ServerHttpRequest(org.springframework.http.server.reactive.ServerHttpRequest)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Aggregations
ServerHttpRequest (org.springframework.http.server.reactive.ServerHttpRequest)71
HttpHeaders (org.springframework.http.HttpHeaders)26
Test (org.junit.jupiter.api.Test)25
MockServerHttpRequest (org.springframework.web.testfixture.http.server.reactive.MockServerHttpRequest)20
ServerWebExchange (org.springframework.web.server.ServerWebExchange)19
URI (java.net.URI)17
ServerHttpResponse (org.springframework.http.server.reactive.ServerHttpResponse)17
Mono (reactor.core.publisher.Mono)13
MockServerHttpRequest (org.springframework.mock.http.server.reactive.MockServerHttpRequest)10
HandshakeInfo (org.springframework.web.reactive.socket.HandshakeInfo)9
HttpMethod (org.springframework.http.HttpMethod)8
ArrayList (java.util.ArrayList)7
List (java.util.List)6
Map (java.util.Map)6
HttpStatus (org.springframework.http.HttpStatus)6
MediaType (org.springframework.http.MediaType)6
Flux (reactor.core.publisher.Flux)6
Principal (java.security.Principal)5
Collections (java.util.Collections)5
HashMap (java.util.HashMap)5
