Example 6 with SecurityWebFilterChain
use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.
the class ServerHttpSecurityTests method shouldConfigureRequestCacheForOAuth2LoginAuthenticationEntryPointAndSuccessHandler.
@Test
public void shouldConfigureRequestCacheForOAuth2LoginAuthenticationEntryPointAndSuccessHandler() {
ServerRequestCache requestCache = spy(new WebSessionServerRequestCache());
ReactiveClientRegistrationRepository clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class);
SecurityWebFilterChain securityFilterChain = this.http.oauth2Login().clientRegistrationRepository(clientRegistrationRepository).and().authorizeExchange().anyExchange().authenticated().and().requestCache((c) -> c.requestCache(requestCache)).build();
WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build();
client.get().uri("/test").exchange();
ArgumentCaptor<ServerWebExchange> captor = ArgumentCaptor.forClass(ServerWebExchange.class);
verify(requestCache).saveRequest(captor.capture());
assertThat(captor.getValue().getRequest().getURI().toString()).isEqualTo("/test");
OAuth2LoginAuthenticationWebFilter authenticationWebFilter = getWebFilter(securityFilterChain, OAuth2LoginAuthenticationWebFilter.class).get();
Object handler = ReflectionTestUtils.getField(authenticationWebFilter, "authenticationSuccessHandler");
assertThat(ReflectionTestUtils.getField(handler, "requestCache")).isSameAs(requestCache);
}
Also used :
ServerAuthorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Arrays(java.util.Arrays)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
ServerLogoutHandler(org.springframework.security.web.server.authentication.logout.ServerLogoutHandler)
ExtendWith(org.junit.jupiter.api.extension.ExtendWith)
LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter)
WebFilter(org.springframework.web.server.WebFilter)
BDDMockito.given(org.mockito.BDDMockito.given)
HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint)
ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager)
SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)
WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository)
HttpHeaders(org.apache.http.HttpHeaders)
OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)
WebFilterChain(org.springframework.web.server.WebFilterChain)
MockitoExtension(org.mockito.junit.jupiter.MockitoExtension)
ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)
ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint)
Collectors(java.util.stream.Collectors)
RestController(org.springframework.web.bind.annotation.RestController)
EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult)
Objects(java.util.Objects)
Test(org.junit.jupiter.api.Test)
List(java.util.List)
SecurityContext(org.springframework.security.core.context.SecurityContext)
Optional(java.util.Optional)
CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter)
Authentication(org.springframework.security.core.Authentication)
Mockito.mock(org.mockito.Mockito.mock)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
TestPublisher(reactor.test.publisher.TestPublisher)
Mock(org.mockito.Mock)
TestOAuth2AuthorizationRequests(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests)
Mockito.spy(org.mockito.Mockito.spy)
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
SecurityContextServerLogoutHandler(org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler)
ArgumentCaptor(org.mockito.ArgumentCaptor)
WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
AnonymousAuthenticationWebFilterTests(org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests)
WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder)
ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository)
ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository)
ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor)
ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils)
Mono(reactor.core.publisher.Mono)
WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy)
CsrfServerLogoutHandler(org.springframework.security.web.server.csrf.CsrfServerLogoutHandler)
Mockito.verify(org.mockito.Mockito.verify)
HttpStatus(org.springframework.http.HttpStatus)
FluxExchangeResult(org.springframework.test.web.reactive.server.FluxExchangeResult)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
HttpStatusServerEntryPoint(org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint)
ServerCsrfTokenRepository(org.springframework.security.web.server.csrf.ServerCsrfTokenRepository)
ServerX509AuthenticationConverter(org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter)
DelegatingServerLogoutHandler(org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler)
Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults)
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository)
OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache)
WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache)
ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 7 with SecurityWebFilterChain
use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.
the class ServerHttpSecurityTests method getWhenAnonymousConfiguredThenAuthenticationIsAnonymous.
@Test
public void getWhenAnonymousConfiguredThenAuthenticationIsAnonymous() {
SecurityWebFilterChain securityFilterChain = this.http.anonymous(withDefaults()).build();
// @formatter:off
WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build();
client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser");
// @formatter:on
}
Also used :
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 8 with SecurityWebFilterChain
use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.
the class ServerHttpSecurityTests method addFilterAfterIsApplied.
@Test
@SuppressWarnings("unchecked")
public void addFilterAfterIsApplied() {
SecurityWebFilterChain securityWebFilterChain = this.http.addFilterAfter(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE).build();
// @formatter:off
List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block();
// @formatter:on
assertThat(filters).isNotNull().isNotEmpty().containsSequence(SecurityContextServerWebExchangeWebFilter.class, TestWebFilter.class);
}
Also used :
LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter)
WebFilter(org.springframework.web.server.WebFilter)
SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)
OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)
CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter)
List(java.util.List)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 9 with SecurityWebFilterChain
use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.
the class ServerHttpSecurityTests method anonymous.
@Test
public void anonymous() {
// @formatter:off
SecurityWebFilterChain securityFilterChain = this.http.anonymous().and().build();
WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(AnonymousAuthenticationWebFilterTests.HttpMeController.class, securityFilterChain).build();
client.get().uri("/me").exchange().expectStatus().isOk().expectBody(String.class).isEqualTo("anonymousUser");
// @formatter:on
}
Also used :
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 10 with SecurityWebFilterChain
use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.
the class ServerHttpSecurityTests method addsX509FilterWhenX509AuthenticationIsConfiguredWithDefaults.
@Test
public void addsX509FilterWhenX509AuthenticationIsConfiguredWithDefaults() {
this.http.x509();
SecurityWebFilterChain securityWebFilterChain = this.http.build();
WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
assertThat(x509WebFilter).isNotNull();
}
Also used :
LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter)
WebFilter(org.springframework.web.server.WebFilter)
SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)
OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)
CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Aggregations
SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)43
Test (org.junit.jupiter.api.Test)42
WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)35
WebDriver (org.openqa.selenium.WebDriver)17
WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)17
Customizer.withDefaults (org.springframework.security.config.Customizer.withDefaults)14
ServerHttpSecurityConfigurationBuilder (org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)14
LogoutWebFilter (org.springframework.security.web.server.authentication.logout.LogoutWebFilter)13
OAuth2LoginAuthenticationWebFilter (org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)12
WebFilterChainProxy (org.springframework.security.web.server.WebFilterChainProxy)12
SecurityContextServerWebExchangeWebFilter (org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)12
CsrfWebFilter (org.springframework.security.web.server.csrf.CsrfWebFilter)12
WebFilter (org.springframework.web.server.WebFilter)12
HttpStatus (org.springframework.http.HttpStatus)11
ServerAuthenticationEntryPoint (org.springframework.security.web.server.ServerAuthenticationEntryPoint)11
ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)10
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)9
GetMapping (org.springframework.web.bind.annotation.GetMapping)9
List (java.util.List)8
