Examples with SecurityWebFilterChain org.springframework.security.web.server.SecurityWebFilterChain used on opensource projects

Search in sources :

Example 36 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class FormLoginTests method formLoginWhenDefaultsInLambdaThenCreatesDefaultLoginPage.

@Test
public void formLoginWhenDefaultsInLambdaThenCreatesDefaultLoginPage() {
    SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()).formLogin(withDefaults()).build();
    WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
    WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
    DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
    // @formatter:off
    loginPage = loginPage.loginForm().username("user").password("invalid").submit(DefaultLoginPage.class).assertError();
    HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
    // @formatter:on
    homePage.assertAt();
    loginPage = DefaultLogoutPage.to(driver).assertAt().logout();
    loginPage.assertAt().assertLogout();
}
Also used : WebDriver(org.openqa.selenium.WebDriver) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 37 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class FormLoginTests method customLoginPage.

@Test
public void customLoginPage() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login").permitAll().anyExchange().authenticated().and().formLogin().loginPage("/login").and().build();
    WebTestClient webTestClient = WebTestClient.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController()).webFilter(new WebFilterChainProxy(securityWebFilter)).build();
    WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
    // @formatter:on
    CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt();
    // @formatter:off
    HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
    // @formatter:on
    homePage.assertAt();
}
Also used : WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) WebDriver(org.openqa.selenium.WebDriver) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 38 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class ExceptionHandlingSpecTests method requestWhenExceptionHandlingWithDefaultsInLambdaThenDefaultAuthenticationEntryPointUsed.

@Test
public void requestWhenExceptionHandlingWithDefaultsInLambdaThenDefaultAuthenticationEntryPointUsed() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()).exceptionHandling(withDefaults()).build();
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
    client.get().uri("/test").exchange().expectStatus().isUnauthorized().expectHeader().valueMatches("WWW-Authenticate", "Basic.*");
// @formatter:on
}
Also used : WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 39 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class ExceptionHandlingSpecTests method defaultAccessDeniedHandler.

@Test
public void defaultAccessDeniedHandler() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange().anyExchange().hasRole("ADMIN").and().exceptionHandling().and().build();
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
    client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus().isForbidden();
// @formatter:on
}
Also used : Test(org.junit.jupiter.api.Test) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) HttpStatus(org.springframework.http.HttpStatus) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) RedirectServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint) HttpStatusServerAccessDeniedHandler(org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler) ServerAccessDeniedHandler(org.springframework.security.web.server.authorization.ServerAccessDeniedHandler) ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 40 with SecurityWebFilterChain

use of org.springframework.security.web.server.SecurityWebFilterChain in project spring-security by spring-projects.

the class ExceptionHandlingSpecTests method requestWhenCustomAccessDeniedHandlerInLambdaThenCustomAccessDeniedHandlerUsed.

@Test
public void requestWhenCustomAccessDeniedHandlerInLambdaThenCustomAccessDeniedHandlerUsed() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults()).authorizeExchange((exchanges) -> exchanges.anyExchange().hasRole("ADMIN")).exceptionHandling((exceptionHandling) -> exceptionHandling.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))).build();
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
    client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus().isBadRequest();
// @formatter:on
}
Also used : Test(org.junit.jupiter.api.Test) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) HttpStatus(org.springframework.http.HttpStatus) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) RedirectServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint) HttpStatusServerAccessDeniedHandler(org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler) ServerAccessDeniedHandler(org.springframework.security.web.server.authorization.ServerAccessDeniedHandler) ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Aggregations

SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)45 Test (org.junit.jupiter.api.Test)43 WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)35 WebDriver (org.openqa.selenium.WebDriver)17 WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)17 Customizer.withDefaults (org.springframework.security.config.Customizer.withDefaults)14 ServerHttpSecurityConfigurationBuilder (org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)14 OAuth2LoginAuthenticationWebFilter (org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)13 WebFilterChainProxy (org.springframework.security.web.server.WebFilterChainProxy)13 LogoutWebFilter (org.springframework.security.web.server.authentication.logout.LogoutWebFilter)13 WebFilter (org.springframework.web.server.WebFilter)13 SecurityContextServerWebExchangeWebFilter (org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)12 CsrfWebFilter (org.springframework.security.web.server.csrf.CsrfWebFilter)12 HttpStatus (org.springframework.http.HttpStatus)11 ServerAuthenticationEntryPoint (org.springframework.security.web.server.ServerAuthenticationEntryPoint)11 List (java.util.List)10 ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)10 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)9 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)9 GetMapping (org.springframework.web.bind.annotation.GetMapping)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial