Examples with SecurityWebFilterChain org.springframework.security.web.server.SecurityWebFilterChain used on opensource projects

Search in sources :

Example 11 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class ServerHttpSecurityTests method addsX509FilterWhenX509AuthenticationIsConfigured.

@Test
@SuppressWarnings("unchecked")
public void addsX509FilterWhenX509AuthenticationIsConfigured() {
    X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class);
    ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class);
    this.http.x509().principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager).and();
    SecurityWebFilterChain securityWebFilterChain = this.http.build();
    WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
    assertThat(x509WebFilter).isNotNull();
}
Also used : ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 12 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class RequestCacheTests method requestCacheNoOp.

@Test
public void requestCacheNoOp() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and().formLogin().and().requestCache().requestCache(NoOpServerRequestCache.getInstance()).and().build();
    WebTestClient webTestClient = WebTestClient.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()).webFilter(new WebFilterChainProxy(securityWebFilter)).build();
    WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
    // @formatter:on
    DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
    // @formatter:off
    HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
    // @formatter:on
    securedPage.assertAt();
}
Also used : WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) WebDriver(org.openqa.selenium.WebDriver) HomePage(org.springframework.security.config.web.server.FormLoginTests.HomePage) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) DefaultLoginPage(org.springframework.security.config.web.server.FormLoginTests.DefaultLoginPage) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 13 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class RequestCacheTests method requestWhenCustomRequestCacheInLambdaThenCustomCacheUsed.

@Test
public void requestWhenCustomRequestCacheInLambdaThenCustomCacheUsed() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange((exchange) -> exchange.anyExchange().authenticated()).formLogin(withDefaults()).requestCache((requestCache) -> requestCache.requestCache(NoOpServerRequestCache.getInstance())).build();
    WebTestClient webTestClient = WebTestClient.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()).webFilter(new WebFilterChainProxy(securityWebFilter)).build();
    WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
    // @formatter:on
    DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
    // @formatter:off
    HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
    // @formatter:on
    securedPage.assertAt();
}
Also used : ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) WebDriver(org.openqa.selenium.WebDriver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) HomePage(org.springframework.security.config.web.server.FormLoginTests.HomePage) Controller(org.springframework.stereotype.Controller) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Test(org.junit.jupiter.api.Test) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebTestClientHtmlUnitDriverBuilder(org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverBuilder) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) GetMapping(org.springframework.web.bind.annotation.GetMapping) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) NoOpServerRequestCache(org.springframework.security.web.server.savedrequest.NoOpServerRequestCache) PageFactory(org.openqa.selenium.support.PageFactory) DefaultLoginPage(org.springframework.security.config.web.server.FormLoginTests.DefaultLoginPage) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) WebDriver(org.openqa.selenium.WebDriver) HomePage(org.springframework.security.config.web.server.FormLoginTests.HomePage) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) DefaultLoginPage(org.springframework.security.config.web.server.FormLoginTests.DefaultLoginPage) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 14 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class FormLoginTests method defaultLoginPage.

@Test
public void defaultLoginPage() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and().formLogin().and().build();
    WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
    WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
    // @formatter:on
    DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
    // @formatter:off
    loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class).assertError();
    HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
    // @formatter:on
    homePage.assertAt();
    loginPage = DefaultLogoutPage.to(driver).assertAt().logout();
    loginPage.assertAt().assertLogout();
}
Also used : WebDriver(org.openqa.selenium.WebDriver) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 15 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class FormLoginTests method formLoginWhenCustomLoginPageInLambdaThenUsed.

@Test
public void formLoginWhenCustomLoginPageInLambdaThenUsed() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange((exchanges) -> exchanges.pathMatchers("/login").permitAll().anyExchange().authenticated()).formLogin((formLogin) -> formLogin.loginPage("/login")).build();
    WebTestClient webTestClient = WebTestClient.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController()).webFilter(new WebFilterChainProxy(securityWebFilter)).build();
    WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
    // @formatter:on
    CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt();
    // @formatter:off
    HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
    // @formatter:on
    homePage.assertAt();
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) WebDriver(org.openqa.selenium.WebDriver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) WebElement(org.openqa.selenium.WebElement) Controller(org.springframework.stereotype.Controller) RedirectServerAuthenticationFailureHandler(org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebTestClientHtmlUnitDriverBuilder(org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverBuilder) BDDMockito.given(org.mockito.BDDMockito.given) PathPatternParserServerWebExchangeMatcher(org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) GetMapping(org.springframework.web.bind.annotation.GetMapping) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) PageFactory(org.openqa.selenium.support.PageFactory) FindBy(org.openqa.selenium.support.FindBy) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) By(org.openqa.selenium.By) Mockito.atLeastOnce(org.mockito.Mockito.atLeastOnce) Mono(reactor.core.publisher.Mono) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) NoSuchElementException(org.openqa.selenium.NoSuchElementException) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) CsrfToken(org.springframework.security.web.server.csrf.CsrfToken) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) Authentication(org.springframework.security.core.Authentication) RedirectServerAuthenticationSuccessHandler(org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler) Mockito.mock(org.mockito.Mockito.mock) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) WebDriver(org.openqa.selenium.WebDriver) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Aggregations

SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)43 Test (org.junit.jupiter.api.Test)42 WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)35 WebDriver (org.openqa.selenium.WebDriver)17 WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)17 Customizer.withDefaults (org.springframework.security.config.Customizer.withDefaults)14 ServerHttpSecurityConfigurationBuilder (org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)14 LogoutWebFilter (org.springframework.security.web.server.authentication.logout.LogoutWebFilter)13 OAuth2LoginAuthenticationWebFilter (org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)12 WebFilterChainProxy (org.springframework.security.web.server.WebFilterChainProxy)12 SecurityContextServerWebExchangeWebFilter (org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)12 CsrfWebFilter (org.springframework.security.web.server.csrf.CsrfWebFilter)12 WebFilter (org.springframework.web.server.WebFilter)12 HttpStatus (org.springframework.http.HttpStatus)11 ServerAuthenticationEntryPoint (org.springframework.security.web.server.ServerAuthenticationEntryPoint)11 ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)10 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)9 GetMapping (org.springframework.web.bind.annotation.GetMapping)9 List (java.util.List)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial