Search in sources :

Example 1 with PortMapper

use of org.springframework.security.web.PortMapper in project spring-security by spring-projects.

the class HttpsRedirectSpecTests method getWhenInsecureAndUsingCustomPortMapperThenRespondsWithRedirectToSecurePort.

@Test
public void getWhenInsecureAndUsingCustomPortMapperThenRespondsWithRedirectToSecurePort() {
    this.spring.register(RedirectToHttpsViaCustomPortsConfig.class).autowire();
    PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class);
    given(portMapper.lookupHttpsPort(4080)).willReturn(4443);
    // @formatter:off
    this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
// @formatter:on
}
Also used : PortMapper(org.springframework.security.web.PortMapper) Test(org.junit.jupiter.api.Test)

Example 2 with PortMapper

use of org.springframework.security.web.PortMapper in project spring-security by spring-projects.

the class AbstractAuthenticationFilterConfigurer method configure.

@Override
public void configure(B http) throws Exception {
    PortMapper portMapper = http.getSharedObject(PortMapper.class);
    if (portMapper != null) {
        this.authenticationEntryPoint.setPortMapper(portMapper);
    }
    RequestCache requestCache = http.getSharedObject(RequestCache.class);
    if (requestCache != null) {
        this.defaultSuccessHandler.setRequestCache(requestCache);
    }
    this.authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
    this.authFilter.setAuthenticationSuccessHandler(this.successHandler);
    this.authFilter.setAuthenticationFailureHandler(this.failureHandler);
    if (this.authenticationDetailsSource != null) {
        this.authFilter.setAuthenticationDetailsSource(this.authenticationDetailsSource);
    }
    SessionAuthenticationStrategy sessionAuthenticationStrategy = http.getSharedObject(SessionAuthenticationStrategy.class);
    if (sessionAuthenticationStrategy != null) {
        this.authFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
    }
    RememberMeServices rememberMeServices = http.getSharedObject(RememberMeServices.class);
    if (rememberMeServices != null) {
        this.authFilter.setRememberMeServices(rememberMeServices);
    }
    F filter = postProcess(this.authFilter);
    http.addFilter(filter);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) SessionAuthenticationStrategy(org.springframework.security.web.authentication.session.SessionAuthenticationStrategy) RequestCache(org.springframework.security.web.savedrequest.RequestCache) RememberMeServices(org.springframework.security.web.authentication.RememberMeServices) PortMapper(org.springframework.security.web.PortMapper)

Example 3 with PortMapper

use of org.springframework.security.web.PortMapper in project spring-security by spring-projects.

the class ChannelSecurityConfigurer method getChannelProcessors.

private List<ChannelProcessor> getChannelProcessors(H http) {
    if (this.channelProcessors != null) {
        return this.channelProcessors;
    }
    InsecureChannelProcessor insecureChannelProcessor = new InsecureChannelProcessor();
    SecureChannelProcessor secureChannelProcessor = new SecureChannelProcessor();
    PortMapper portMapper = http.getSharedObject(PortMapper.class);
    if (portMapper != null) {
        RetryWithHttpEntryPoint httpEntryPoint = new RetryWithHttpEntryPoint();
        httpEntryPoint.setPortMapper(portMapper);
        httpEntryPoint.setRedirectStrategy(this.redirectStrategy);
        insecureChannelProcessor.setEntryPoint(httpEntryPoint);
        RetryWithHttpsEntryPoint httpsEntryPoint = new RetryWithHttpsEntryPoint();
        httpsEntryPoint.setPortMapper(portMapper);
        httpsEntryPoint.setRedirectStrategy(this.redirectStrategy);
        secureChannelProcessor.setEntryPoint(httpsEntryPoint);
    }
    insecureChannelProcessor = postProcess(insecureChannelProcessor);
    secureChannelProcessor = postProcess(secureChannelProcessor);
    return Arrays.asList(insecureChannelProcessor, secureChannelProcessor);
}
Also used : SecureChannelProcessor(org.springframework.security.web.access.channel.SecureChannelProcessor) RetryWithHttpsEntryPoint(org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint) PortMapper(org.springframework.security.web.PortMapper) RetryWithHttpEntryPoint(org.springframework.security.web.access.channel.RetryWithHttpEntryPoint) InsecureChannelProcessor(org.springframework.security.web.access.channel.InsecureChannelProcessor)

Example 4 with PortMapper

use of org.springframework.security.web.PortMapper in project spring-security by spring-projects.

the class HttpsRedirectSpecTests method getWhenInsecureAndUsingCustomPortMapperInLambdaThenRespondsWithRedirectToSecurePort.

@Test
public void getWhenInsecureAndUsingCustomPortMapperInLambdaThenRespondsWithRedirectToSecurePort() {
    this.spring.register(RedirectToHttpsViaCustomPortsInLambdaConfig.class).autowire();
    PortMapper portMapper = this.spring.getContext().getBean(PortMapper.class);
    given(portMapper.lookupHttpsPort(4080)).willReturn(4443);
    // @formatter:off
    this.client.get().uri("http://localhost:4080").exchange().expectStatus().isFound().expectHeader().valueEquals(HttpHeaders.LOCATION, "https://localhost:4443");
// @formatter:on
}
Also used : PortMapper(org.springframework.security.web.PortMapper) Test(org.junit.jupiter.api.Test)

Example 5 with PortMapper

use of org.springframework.security.web.PortMapper in project spring-security by spring-projects.

the class HttpsRedirectWebFilterTests method filterWhenRequestIsInsecureThenPortMapperRemapsPort.

@Test
public void filterWhenRequestIsInsecureThenPortMapperRemapsPort() {
    given(this.chain.filter(any(ServerWebExchange.class))).willReturn(Mono.empty());
    PortMapper portMapper = mock(PortMapper.class);
    given(portMapper.lookupHttpsPort(314)).willReturn(159);
    this.filter.setPortMapper(portMapper);
    ServerWebExchange exchange = get("http://localhost:314");
    this.filter.filter(exchange, this.chain).block();
    assertThat(statusCode(exchange)).isEqualTo(302);
    assertThat(redirectedUrl(exchange)).isEqualTo("https://localhost:159");
    verify(portMapper).lookupHttpsPort(314);
}
Also used : ServerWebExchange(org.springframework.web.server.ServerWebExchange) MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange) PortMapper(org.springframework.security.web.PortMapper) Test(org.junit.jupiter.api.Test)

Aggregations

PortMapper (org.springframework.security.web.PortMapper)6 Test (org.junit.jupiter.api.Test)4 MockServerWebExchange (org.springframework.mock.web.server.MockServerWebExchange)1 MockPortResolver (org.springframework.security.MockPortResolver)1 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1 PortResolver (org.springframework.security.web.PortResolver)1 RedirectStrategy (org.springframework.security.web.RedirectStrategy)1 InsecureChannelProcessor (org.springframework.security.web.access.channel.InsecureChannelProcessor)1 RetryWithHttpEntryPoint (org.springframework.security.web.access.channel.RetryWithHttpEntryPoint)1 RetryWithHttpsEntryPoint (org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint)1 SecureChannelProcessor (org.springframework.security.web.access.channel.SecureChannelProcessor)1 RememberMeServices (org.springframework.security.web.authentication.RememberMeServices)1 SessionAuthenticationStrategy (org.springframework.security.web.authentication.session.SessionAuthenticationStrategy)1 RequestCache (org.springframework.security.web.savedrequest.RequestCache)1 ServerWebExchange (org.springframework.web.server.ServerWebExchange)1