Examples with SecurityWebFilterChain org.springframework.security.web.server.SecurityWebFilterChain used on opensource projects

Search in sources :

Example 26 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class ServerHttpSecurityTests method postWhenCustomCsrfTokenRepositoryThenUsed.

@Test
public void postWhenCustomCsrfTokenRepositoryThenUsed() {
    ServerCsrfTokenRepository customServerCsrfTokenRepository = mock(ServerCsrfTokenRepository.class);
    given(customServerCsrfTokenRepository.loadToken(any(ServerWebExchange.class))).willReturn(Mono.empty());
    SecurityWebFilterChain securityFilterChain = this.http.csrf((csrf) -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)).build();
    WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
    client.post().uri("/").exchange().expectStatus().isForbidden();
    verify(customServerCsrfTokenRepository).loadToken(any());
}
Also used : ServerAuthorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerLogoutHandler(org.springframework.security.web.server.authentication.logout.ServerLogoutHandler) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) BDDMockito.given(org.mockito.BDDMockito.given) HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) HttpHeaders(org.apache.http.HttpHeaders) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) WebFilterChain(org.springframework.web.server.WebFilterChain) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Objects(java.util.Objects) Test(org.junit.jupiter.api.Test) List(java.util.List) SecurityContext(org.springframework.security.core.context.SecurityContext) Optional(java.util.Optional) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) Authentication(org.springframework.security.core.Authentication) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestPublisher(reactor.test.publisher.TestPublisher) Mock(org.mockito.Mock) TestOAuth2AuthorizationRequests(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests) Mockito.spy(org.mockito.Mockito.spy) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityContextServerLogoutHandler(org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler) ArgumentCaptor(org.mockito.ArgumentCaptor) WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache) GetMapping(org.springframework.web.bind.annotation.GetMapping) AnonymousAuthenticationWebFilterTests(org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) Mono(reactor.core.publisher.Mono) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) CsrfServerLogoutHandler(org.springframework.security.web.server.csrf.CsrfServerLogoutHandler) Mockito.verify(org.mockito.Mockito.verify) HttpStatus(org.springframework.http.HttpStatus) FluxExchangeResult(org.springframework.test.web.reactive.server.FluxExchangeResult) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) HttpStatusServerEntryPoint(org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint) ServerCsrfTokenRepository(org.springframework.security.web.server.csrf.ServerCsrfTokenRepository) ServerX509AuthenticationConverter(org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter) DelegatingServerLogoutHandler(org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) ServerWebExchange(org.springframework.web.server.ServerWebExchange) ServerCsrfTokenRepository(org.springframework.security.web.server.csrf.ServerCsrfTokenRepository) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 27 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class ServerHttpSecurityTests method shouldConfigureAuthorizationRequestRepositoryForOAuth2Login.

@Test
public void shouldConfigureAuthorizationRequestRepositoryForOAuth2Login() {
    ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = mock(ServerAuthorizationRequestRepository.class);
    ReactiveClientRegistrationRepository clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class);
    OAuth2AuthorizationRequest authorizationRequest = TestOAuth2AuthorizationRequests.request().build();
    given(authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.just(authorizationRequest));
    SecurityWebFilterChain securityFilterChain = this.http.oauth2Login().clientRegistrationRepository(clientRegistrationRepository).authorizationRequestRepository(authorizationRequestRepository).and().build();
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build();
    client.get().uri("/login/oauth2/code/registration-id").exchange();
    verify(authorizationRequestRepository).removeAuthorizationRequest(any());
}
Also used : ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 28 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class ServerHttpSecurityTests method buildWhenServerWebExchangeFromContextThenFound.

@Test
public void buildWhenServerWebExchangeFromContextThenFound() {
    SecurityWebFilterChain filter = this.http.build();
    // @formatter:off
    WebTestClient client = WebTestClient.bindToController(new SubscriberContextController()).webFilter(new WebFilterChainProxy(filter)).build();
    client.get().uri("/foo/bar").exchange().expectBody(String.class).isEqualTo("/foo/bar");
// @formatter:on
}
Also used : WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 29 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class ServerHttpSecurityTests method x509WhenCustomizedThenAddsX509Filter.

@Test
public void x509WhenCustomizedThenAddsX509Filter() {
    X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class);
    ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class);
    this.http.x509((x509) -> x509.principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager));
    SecurityWebFilterChain securityWebFilterChain = this.http.build();
    WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
    assertThat(x509WebFilter).isNotNull();
}
Also used : ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 30 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class ServerHttpSecurityTests method csrfServerLogoutHandlerAppliedIfCsrfIsEnabled.

@Test
public void csrfServerLogoutHandlerAppliedIfCsrfIsEnabled() {
    SecurityWebFilterChain securityWebFilterChain = this.http.csrf().csrfTokenRepository(this.csrfTokenRepository).and().build();
    assertThat(getWebFilter(securityWebFilterChain, CsrfWebFilter.class)).get().extracting((csrfWebFilter) -> ReflectionTestUtils.getField(csrfWebFilter, "csrfTokenRepository")).isEqualTo(this.csrfTokenRepository);
    Optional<ServerLogoutHandler> logoutHandler = getWebFilter(securityWebFilterChain, LogoutWebFilter.class).map((logoutWebFilter) -> (ServerLogoutHandler) ReflectionTestUtils.getField(logoutWebFilter, LogoutWebFilter.class, "logoutHandler"));
    assertThat(logoutHandler).get().isExactlyInstanceOf(DelegatingServerLogoutHandler.class).extracting((delegatingLogoutHandler) -> ((List<ServerLogoutHandler>) ReflectionTestUtils.getField(delegatingLogoutHandler, DelegatingServerLogoutHandler.class, "delegates")).stream().map(ServerLogoutHandler::getClass).collect(Collectors.toList())).isEqualTo(Arrays.asList(SecurityContextServerLogoutHandler.class, CsrfServerLogoutHandler.class));
}
Also used : ServerAuthorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerLogoutHandler(org.springframework.security.web.server.authentication.logout.ServerLogoutHandler) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) BDDMockito.given(org.mockito.BDDMockito.given) HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) HttpHeaders(org.apache.http.HttpHeaders) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) WebFilterChain(org.springframework.web.server.WebFilterChain) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Objects(java.util.Objects) Test(org.junit.jupiter.api.Test) List(java.util.List) SecurityContext(org.springframework.security.core.context.SecurityContext) Optional(java.util.Optional) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) Authentication(org.springframework.security.core.Authentication) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestPublisher(reactor.test.publisher.TestPublisher) Mock(org.mockito.Mock) TestOAuth2AuthorizationRequests(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests) Mockito.spy(org.mockito.Mockito.spy) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityContextServerLogoutHandler(org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler) ArgumentCaptor(org.mockito.ArgumentCaptor) WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache) GetMapping(org.springframework.web.bind.annotation.GetMapping) AnonymousAuthenticationWebFilterTests(org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) Mono(reactor.core.publisher.Mono) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) CsrfServerLogoutHandler(org.springframework.security.web.server.csrf.CsrfServerLogoutHandler) Mockito.verify(org.mockito.Mockito.verify) HttpStatus(org.springframework.http.HttpStatus) FluxExchangeResult(org.springframework.test.web.reactive.server.FluxExchangeResult) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) HttpStatusServerEntryPoint(org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint) ServerCsrfTokenRepository(org.springframework.security.web.server.csrf.ServerCsrfTokenRepository) ServerX509AuthenticationConverter(org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter) DelegatingServerLogoutHandler(org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) ServerLogoutHandler(org.springframework.security.web.server.authentication.logout.ServerLogoutHandler) SecurityContextServerLogoutHandler(org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler) CsrfServerLogoutHandler(org.springframework.security.web.server.csrf.CsrfServerLogoutHandler) DelegatingServerLogoutHandler(org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) DelegatingServerLogoutHandler(org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler) SecurityContextServerLogoutHandler(org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler) List(java.util.List) CsrfServerLogoutHandler(org.springframework.security.web.server.csrf.CsrfServerLogoutHandler) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Aggregations

SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)43 Test (org.junit.jupiter.api.Test)42 WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)35 WebDriver (org.openqa.selenium.WebDriver)17 WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)17 Customizer.withDefaults (org.springframework.security.config.Customizer.withDefaults)14 ServerHttpSecurityConfigurationBuilder (org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)14 LogoutWebFilter (org.springframework.security.web.server.authentication.logout.LogoutWebFilter)13 OAuth2LoginAuthenticationWebFilter (org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)12 WebFilterChainProxy (org.springframework.security.web.server.WebFilterChainProxy)12 SecurityContextServerWebExchangeWebFilter (org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)12 CsrfWebFilter (org.springframework.security.web.server.csrf.CsrfWebFilter)12 WebFilter (org.springframework.web.server.WebFilter)12 HttpStatus (org.springframework.http.HttpStatus)11 ServerAuthenticationEntryPoint (org.springframework.security.web.server.ServerAuthenticationEntryPoint)11 ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)10 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)9 GetMapping (org.springframework.web.bind.annotation.GetMapping)9 List (java.util.List)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial