use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-cloud-gateway by spring-cloud.
the class XForwardedHeadersFilter method filter.
@Override
public HttpHeaders filter(HttpHeaders input, ServerWebExchange exchange) {
ServerHttpRequest request = exchange.getRequest();
HttpHeaders original = input;
HttpHeaders updated = new HttpHeaders();
original.entrySet().stream().forEach(entry -> updated.addAll(entry.getKey(), entry.getValue()));
if (isForEnabled()) {
String remoteAddr = request.getRemoteAddress().getAddress().getHostAddress();
List<String> xforwarded = original.get(X_FORWARDED_FOR_HEADER);
// prevent duplicates
if (remoteAddr != null && (xforwarded == null || !xforwarded.contains(remoteAddr))) {
write(updated, X_FORWARDED_FOR_HEADER, remoteAddr, isForAppend());
}
}
String proto = request.getURI().getScheme();
if (isProtoEnabled()) {
write(updated, X_FORWARDED_PROTO_HEADER, proto, isProtoAppend());
}
if (isPortEnabled()) {
String port = String.valueOf(request.getURI().getPort());
if (request.getURI().getPort() < 0) {
port = String.valueOf(getDefaultPort(proto));
}
write(updated, X_FORWARDED_PORT_HEADER, port, isPortAppend());
}
if (isHostEnabled()) {
String host = toHostHeader(request);
write(updated, X_FORWARDED_HOST_HEADER, host, isHostAppend());
}
return updated;
}
use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.
the class ServletOAuth2AuthorizedClientExchangeFilterFunctionTests method getBody.
private static String getBody(ClientRequest request) {
final List<HttpMessageWriter<?>> messageWriters = new ArrayList<>();
messageWriters.add(new EncoderHttpMessageWriter<>(new ByteBufferEncoder()));
messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.textPlainOnly()));
messageWriters.add(new ResourceHttpMessageWriter());
Jackson2JsonEncoder jsonEncoder = new Jackson2JsonEncoder();
messageWriters.add(new EncoderHttpMessageWriter<>(jsonEncoder));
messageWriters.add(new ServerSentEventHttpMessageWriter(jsonEncoder));
messageWriters.add(new FormHttpMessageWriter());
messageWriters.add(new EncoderHttpMessageWriter<>(CharSequenceEncoder.allMimeTypes()));
messageWriters.add(new MultipartHttpMessageWriter(messageWriters));
BodyInserter.Context context = new BodyInserter.Context() {
@Override
public List<HttpMessageWriter<?>> messageWriters() {
return messageWriters;
}
@Override
public Optional<ServerHttpRequest> serverRequest() {
return Optional.empty();
}
@Override
public Map<String, Object> hints() {
return new HashMap<>();
}
};
MockClientHttpRequest body = new MockClientHttpRequest(HttpMethod.GET, "/");
request.body().insert(body, context).block();
return body.getBodyAsString().block();
}
use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.
the class WebSessionOAuth2ServerAuthorizationRequestRepositoryDoNotAllowMultipleAuthorizationRequestsTests method loadAuthorizationRequestWhenMultipleSavedThenReturnLastAuthorizationRequest.
// gh-5145
@Test
public void loadAuthorizationRequestWhenMultipleSavedThenReturnLastAuthorizationRequest() {
// @formatter:off
String state1 = "state-1122";
OAuth2AuthorizationRequest authorizationRequest1 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state1).build();
StepVerifier.create(this.repository.saveAuthorizationRequest(authorizationRequest1, this.exchange)).verifyComplete();
String state2 = "state-3344";
OAuth2AuthorizationRequest authorizationRequest2 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state2).build();
StepVerifier.create(this.repository.saveAuthorizationRequest(authorizationRequest2, this.exchange)).verifyComplete();
String state3 = "state-5566";
OAuth2AuthorizationRequest authorizationRequest3 = OAuth2AuthorizationRequest.authorizationCode().authorizationUri("https://example.com/oauth2/authorize").clientId("client-id").redirectUri("http://localhost/client-1").state(state3).build();
StepVerifier.create(this.repository.saveAuthorizationRequest(authorizationRequest3, this.exchange)).verifyComplete();
ServerHttpRequest newRequest1 = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state1).build();
ServerWebExchange newExchange1 = this.exchange.mutate().request(newRequest1).build();
StepVerifier.create(this.repository.loadAuthorizationRequest(newExchange1)).verifyComplete();
ServerHttpRequest newRequest2 = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state2).build();
ServerWebExchange newExchange2 = this.exchange.mutate().request(newRequest2).build();
StepVerifier.create(this.repository.loadAuthorizationRequest(newExchange2)).verifyComplete();
ServerHttpRequest newRequest3 = MockServerHttpRequest.get("/").queryParam(OAuth2ParameterNames.STATE, state3).build();
ServerWebExchange newExchange3 = this.exchange.mutate().request(newRequest3).build();
StepVerifier.create(this.repository.loadAuthorizationRequest(newExchange3)).expectNext(authorizationRequest3).verifyComplete();
// @formatter:on
}
use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.
the class ServerRequestCacheWebFilterTests method filterWhenRequestMatchesThenRequestUpdated.
@Test
public void filterWhenRequestMatchesThenRequestUpdated() {
ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/"));
ServerHttpRequest savedRequest = MockServerHttpRequest.get("/").header(HttpHeaders.ACCEPT, MediaType.TEXT_HTML.getType()).build();
given(this.requestCache.removeMatchingRequest(any())).willReturn(Mono.just(savedRequest));
this.requestCacheFilter.filter(exchange, this.chain).block();
verify(this.chain).filter(this.exchangeCaptor.capture());
ServerWebExchange updatedExchange = this.exchangeCaptor.getValue();
assertThat(updatedExchange.getRequest()).isEqualTo(savedRequest);
}
use of org.springframework.http.server.reactive.ServerHttpRequest in project spring-security by spring-projects.
the class ServerHttpBasicAuthenticationConverter method apply.
@Override
@Deprecated
public Mono<Authentication> apply(ServerWebExchange exchange) {
ServerHttpRequest request = exchange.getRequest();
String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
if (!StringUtils.startsWithIgnoreCase(authorization, "basic ")) {
return Mono.empty();
}
String credentials = (authorization.length() <= BASIC.length()) ? "" : authorization.substring(BASIC.length(), authorization.length());
String decoded = new String(base64Decode(credentials));
String[] parts = decoded.split(":", 2);
if (parts.length != 2) {
return Mono.empty();
}
return Mono.just(new UsernamePasswordAuthenticationToken(parts[0], parts[1]));
}
Aggregations