Example 76 with MockServerWebExchange
use of org.springframework.mock.web.server.MockServerWebExchange in project spring-security by spring-projects.
the class SwitchUserWebFilterTests method switchUserWhenExceptionThenCallFailureHandler.
@Test
public void switchUserWhenExceptionThenCallFailureHandler() {
final String targetUsername = "TEST_USERNAME";
final MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/login/impersonate?username={targetUser}", targetUsername));
final WebFilterChain chain = mock(WebFilterChain.class);
final SecurityContextImpl securityContext = new SecurityContextImpl(mock(Authentication.class));
final UserDetails switchUserDetails = switchUserDetails(targetUsername, false);
given(this.userDetailsService.findByUsername(any(String.class))).willReturn(Mono.just(switchUserDetails));
given(this.failureHandler.onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class))).willReturn(Mono.empty());
this.switchUserWebFilter.filter(exchange, chain).subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))).block();
verify(this.failureHandler).onAuthenticationFailure(any(WebFilterExchange.class), any(DisabledException.class));
verifyNoInteractions(chain);
}
Also used :
SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl)
UserDetails(org.springframework.security.core.userdetails.UserDetails)
WebFilterChain(org.springframework.web.server.WebFilterChain)
Authentication(org.springframework.security.core.Authentication)
DisabledException(org.springframework.security.authentication.DisabledException)
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
WebFilterExchange(org.springframework.security.web.server.WebFilterExchange)
Test(org.junit.jupiter.api.Test)
Example 77 with MockServerWebExchange
use of org.springframework.mock.web.server.MockServerWebExchange in project spring-security by spring-projects.
the class SwitchUserWebFilterTests method exitSwitchThenReturnToOriginalAuthentication.
@Test
public void exitSwitchThenReturnToOriginalAuthentication() {
final MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/logout/impersonate"));
final Authentication originalAuthentication = new UsernamePasswordAuthenticationToken("origPrincipal", "origCredentials");
final GrantedAuthority switchAuthority = new SwitchUserGrantedAuthority(SwitchUserWebFilter.ROLE_PREVIOUS_ADMINISTRATOR, originalAuthentication);
final Authentication switchUserAuthentication = new UsernamePasswordAuthenticationToken("switchPrincipal", "switchCredentials", Collections.singleton(switchAuthority));
final WebFilterChain chain = mock(WebFilterChain.class);
final SecurityContextImpl securityContext = new SecurityContextImpl(switchUserAuthentication);
given(this.serverSecurityContextRepository.save(eq(exchange), any(SecurityContext.class))).willReturn(Mono.empty());
given(this.successHandler.onAuthenticationSuccess(any(WebFilterExchange.class), any(Authentication.class))).willReturn(Mono.empty());
this.switchUserWebFilter.filter(exchange, chain).subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext))).block();
final ArgumentCaptor<SecurityContext> securityContextCaptor = ArgumentCaptor.forClass(SecurityContext.class);
verify(this.serverSecurityContextRepository).save(eq(exchange), securityContextCaptor.capture());
final SecurityContext savedSecurityContext = securityContextCaptor.getValue();
final ArgumentCaptor<Authentication> authenticationCaptor = ArgumentCaptor.forClass(Authentication.class);
verify(this.successHandler).onAuthenticationSuccess(any(WebFilterExchange.class), authenticationCaptor.capture());
final Authentication originalAuthenticationValue = authenticationCaptor.getValue();
assertThat(savedSecurityContext.getAuthentication()).isSameAs(originalAuthentication);
assertThat(originalAuthenticationValue).isSameAs(originalAuthentication);
verifyNoInteractions(chain);
}
Also used :
SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl)
WebFilterChain(org.springframework.web.server.WebFilterChain)
Authentication(org.springframework.security.core.Authentication)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
SwitchUserGrantedAuthority(org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority)
SecurityContext(org.springframework.security.core.context.SecurityContext)
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
SwitchUserGrantedAuthority(org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority)
WebFilterExchange(org.springframework.security.web.server.WebFilterExchange)
Test(org.junit.jupiter.api.Test)
Example 78 with MockServerWebExchange
use of org.springframework.mock.web.server.MockServerWebExchange in project spring-security by spring-projects.
the class CookieServerCsrfTokenRepositoryTests method saveTokenWhenSecureFlagFalseThenNotSecure.
@Test
public void saveTokenWhenSecureFlagFalseThenNotSecure() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
this.csrfTokenRepository.setSecure(false);
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
assertThat(cookie).isNotNull();
assertThat(cookie.isSecure()).isFalse();
}
Also used :
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
ResponseCookie(org.springframework.http.ResponseCookie)
Test(org.junit.jupiter.api.Test)
Example 79 with MockServerWebExchange
use of org.springframework.mock.web.server.MockServerWebExchange in project spring-security by spring-projects.
the class CookieServerCsrfTokenRepositoryTests method saveAndAssertExpectedValues.
private void saveAndAssertExpectedValues(CsrfToken token) {
if (token == null) {
this.expectedMaxAge = Duration.ofSeconds(0);
this.expectedCookieValue = "";
}
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
this.csrfTokenRepository.saveToken(exchange, token).block();
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
assertThat(cookie).isNotNull();
assertThat(cookie.getMaxAge()).isEqualTo(this.expectedMaxAge);
assertThat(cookie.getDomain()).isEqualTo(this.expectedDomain);
assertThat(cookie.getPath()).isEqualTo(this.expectedPath);
assertThat(cookie.isSecure()).isEqualTo(this.expectedSecure);
assertThat(cookie.isHttpOnly()).isEqualTo(this.expectedHttpOnly);
assertThat(cookie.getName()).isEqualTo(this.expectedCookieName);
assertThat(cookie.getValue()).isEqualTo(this.expectedCookieValue);
}
Also used :
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
ResponseCookie(org.springframework.http.ResponseCookie)
Example 80 with MockServerWebExchange
use of org.springframework.mock.web.server.MockServerWebExchange in project spring-security by spring-projects.
the class CookieServerCsrfTokenRepositoryTests method saveTokenWhenSslInfoNullThenNotSecure.
@Test
public void saveTokenWhenSslInfoNullThenNotSecure() {
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
assertThat(cookie).isNotNull();
assertThat(cookie.isSecure()).isFalse();
}
Also used :
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
ResponseCookie(org.springframework.http.ResponseCookie)
Test(org.junit.jupiter.api.Test)
Aggregations
MockServerWebExchange (org.springframework.mock.web.server.MockServerWebExchange)94
Test (org.junit.jupiter.api.Test)81
MockServerHttpRequest (org.springframework.mock.http.server.reactive.MockServerHttpRequest)44
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)27
Mono (reactor.core.publisher.Mono)26
BeforeEach (org.junit.jupiter.api.BeforeEach)22
StepVerifier (reactor.test.StepVerifier)21
ServerWebExchange (org.springframework.web.server.ServerWebExchange)15
Duration (java.time.Duration)14
ErrorAttributes (org.springframework.boot.web.reactive.error.ErrorAttributes)13
HandlerMethod (org.springframework.web.method.HandlerMethod)13
Timed (io.micrometer.core.annotation.Timed)12
MockClock (io.micrometer.core.instrument.MockClock)12
Tag (io.micrometer.core.instrument.Tag)12
SimpleConfig (io.micrometer.core.instrument.simple.SimpleConfig)12
SimpleMeterRegistry (io.micrometer.core.instrument.simple.SimpleMeterRegistry)12
EOFException (java.io.EOFException)12
AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)12
AutoTimer (org.springframework.boot.actuate.metrics.AutoTimer)12
ResponseCookie (org.springframework.http.ResponseCookie)12
