Example 21 with SecurityWebFilterChain
use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.
the class ExceptionHandlingSpecTests method customAuthenticationEntryPoint.
@Test
public void customAuthenticationEntryPoint() {
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange().authenticated().and().exceptionHandling().authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")).and().build();
WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*");
// @formatter:on
}
Also used :
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 22 with SecurityWebFilterChain
use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.
the class ExceptionHandlingSpecTests method requestWhenCustomAuthenticationEntryPointInLambdaThenCustomAuthenticationEntryPointUsed.
@Test
public void requestWhenCustomAuthenticationEntryPointInLambdaThenCustomAuthenticationEntryPointUsed() {
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()).exceptionHandling((exceptionHandling) -> exceptionHandling.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth"))).build();
WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*");
// @formatter:on
}
Also used :
Test(org.junit.jupiter.api.Test)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
HttpStatus(org.springframework.http.HttpStatus)
ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
RedirectServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint)
HttpStatusServerAccessDeniedHandler(org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler)
ServerAccessDeniedHandler(org.springframework.security.web.server.authorization.ServerAccessDeniedHandler)
ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint)
Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults)
WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 23 with SecurityWebFilterChain
use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.
the class LogoutSpecTests method customLogout.
@Test
public void customLogout() {
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and().formLogin().and().logout().requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout")).and().build();
WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
// @formatter:on
FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
// @formatter:off
loginPage = loginPage.loginForm().username("user").password("invalid").submit(FormLoginTests.DefaultLoginPage.class).assertError();
FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password").submit(FormLoginTests.HomePage.class);
homePage.assertAt();
// @formatter:on
driver.get("http://localhost/custom-logout");
FormLoginTests.DefaultLoginPage.create(driver).assertAt().assertLogout();
}
Also used :
WebDriver(org.openqa.selenium.WebDriver)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 24 with SecurityWebFilterChain
use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.
the class RequestCacheTests method defaultFormLoginRequestCache.
@Test
public void defaultFormLoginRequestCache() {
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and().formLogin().and().build();
WebTestClient webTestClient = WebTestClient.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()).webFilter(new WebFilterChainProxy(securityWebFilter)).build();
WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
// @formatter:on
DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
// @formatter:off
SecuredPage securedPage = loginPage.loginForm().username("user").password("password").submit(SecuredPage.class);
// @formatter:on
securedPage.assertAt();
}
Also used :
WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder)
WebDriver(org.openqa.selenium.WebDriver)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy)
DefaultLoginPage(org.springframework.security.config.web.server.FormLoginTests.DefaultLoginPage)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 25 with SecurityWebFilterChain
use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.
the class ServerHttpSecurityTests method addFilterBeforeIsApplied.
@Test
@SuppressWarnings("unchecked")
public void addFilterBeforeIsApplied() {
SecurityWebFilterChain securityWebFilterChain = this.http.addFilterBefore(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE).build();
// @formatter:off
List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block();
// @formatter:on
assertThat(filters).isNotNull().isNotEmpty().containsSequence(TestWebFilter.class, SecurityContextServerWebExchangeWebFilter.class);
}
Also used :
LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter)
WebFilter(org.springframework.web.server.WebFilter)
SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)
OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)
CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter)
List(java.util.List)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Aggregations
SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)43
Test (org.junit.jupiter.api.Test)42
WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)35
WebDriver (org.openqa.selenium.WebDriver)17
WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)17
Customizer.withDefaults (org.springframework.security.config.Customizer.withDefaults)14
ServerHttpSecurityConfigurationBuilder (org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)14
LogoutWebFilter (org.springframework.security.web.server.authentication.logout.LogoutWebFilter)13
OAuth2LoginAuthenticationWebFilter (org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)12
WebFilterChainProxy (org.springframework.security.web.server.WebFilterChainProxy)12
SecurityContextServerWebExchangeWebFilter (org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)12
CsrfWebFilter (org.springframework.security.web.server.csrf.CsrfWebFilter)12
WebFilter (org.springframework.web.server.WebFilter)12
HttpStatus (org.springframework.http.HttpStatus)11
ServerAuthenticationEntryPoint (org.springframework.security.web.server.ServerAuthenticationEntryPoint)11
ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)10
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)9
GetMapping (org.springframework.web.bind.annotation.GetMapping)9
List (java.util.List)8
