Search in sources :

Example 1 with WebFilterChainProxy

use of org.springframework.security.web.server.WebFilterChainProxy in project spring-security by spring-projects.

the class WebFluxSecurityConfigurationTests method loadConfigWhenBeanProxyingEnabledAndSubclassThenWebFilterChainProxyExists.

@Test
public void loadConfigWhenBeanProxyingEnabledAndSubclassThenWebFilterChainProxyExists() {
    this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class, WebFluxSecurityConfigurationTests.SubclassConfig.class).autowire();
    WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class);
    assertThat(webFilterChainProxy).isNotNull();
}
Also used : ReactiveAuthenticationTestConfiguration(org.springframework.security.config.users.ReactiveAuthenticationTestConfiguration) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) Test(org.junit.jupiter.api.Test)

Example 2 with WebFilterChainProxy

use of org.springframework.security.web.server.WebFilterChainProxy in project spring-security by spring-projects.

the class ServerHttpSecurityTests method basicWithCustomAuthenticationManager.

@Test
public void basicWithCustomAuthenticationManager() {
    ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class);
    given(customAuthenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
    // @formatter:off
    SecurityWebFilterChain securityFilterChain = this.http.httpBasic().authenticationManager(customAuthenticationManager).and().build();
    // @formatter:on
    WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
    // @formatter:off
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
    client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"));
    // @formatter:on
    verifyZeroInteractions(this.authenticationManager);
}
Also used : ServerAuthorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerLogoutHandler(org.springframework.security.web.server.authentication.logout.ServerLogoutHandler) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) BDDMockito.given(org.mockito.BDDMockito.given) HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) HttpHeaders(org.apache.http.HttpHeaders) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) WebFilterChain(org.springframework.web.server.WebFilterChain) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Objects(java.util.Objects) Test(org.junit.jupiter.api.Test) List(java.util.List) SecurityContext(org.springframework.security.core.context.SecurityContext) Optional(java.util.Optional) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) Authentication(org.springframework.security.core.Authentication) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestPublisher(reactor.test.publisher.TestPublisher) Mock(org.mockito.Mock) TestOAuth2AuthorizationRequests(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests) Mockito.spy(org.mockito.Mockito.spy) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityContextServerLogoutHandler(org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler) ArgumentCaptor(org.mockito.ArgumentCaptor) WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache) GetMapping(org.springframework.web.bind.annotation.GetMapping) AnonymousAuthenticationWebFilterTests(org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) Mono(reactor.core.publisher.Mono) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) CsrfServerLogoutHandler(org.springframework.security.web.server.csrf.CsrfServerLogoutHandler) Mockito.verify(org.mockito.Mockito.verify) HttpStatus(org.springframework.http.HttpStatus) FluxExchangeResult(org.springframework.test.web.reactive.server.FluxExchangeResult) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) HttpStatusServerEntryPoint(org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint) ServerCsrfTokenRepository(org.springframework.security.web.server.csrf.ServerCsrfTokenRepository) ServerX509AuthenticationConverter(org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter) DelegatingServerLogoutHandler(org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 3 with WebFilterChainProxy

use of org.springframework.security.web.server.WebFilterChainProxy in project spring-security by spring-projects.

the class RequestCacheTests method requestCacheNoOp.

@Test
public void requestCacheNoOp() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and().formLogin().and().requestCache().requestCache(NoOpServerRequestCache.getInstance()).and().build();
    WebTestClient webTestClient = WebTestClient.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()).webFilter(new WebFilterChainProxy(securityWebFilter)).build();
    WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
    // @formatter:on
    DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
    // @formatter:off
    HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
    // @formatter:on
    securedPage.assertAt();
}
Also used : WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) WebDriver(org.openqa.selenium.WebDriver) HomePage(org.springframework.security.config.web.server.FormLoginTests.HomePage) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) DefaultLoginPage(org.springframework.security.config.web.server.FormLoginTests.DefaultLoginPage) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 4 with WebFilterChainProxy

use of org.springframework.security.web.server.WebFilterChainProxy in project spring-security by spring-projects.

the class RequestCacheTests method requestWhenCustomRequestCacheInLambdaThenCustomCacheUsed.

@Test
public void requestWhenCustomRequestCacheInLambdaThenCustomCacheUsed() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange((exchange) -> exchange.anyExchange().authenticated()).formLogin(withDefaults()).requestCache((requestCache) -> requestCache.requestCache(NoOpServerRequestCache.getInstance())).build();
    WebTestClient webTestClient = WebTestClient.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()).webFilter(new WebFilterChainProxy(securityWebFilter)).build();
    WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
    // @formatter:on
    DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
    // @formatter:off
    HomePage securedPage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
    // @formatter:on
    securedPage.assertAt();
}
Also used : ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) WebDriver(org.openqa.selenium.WebDriver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) HomePage(org.springframework.security.config.web.server.FormLoginTests.HomePage) Controller(org.springframework.stereotype.Controller) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Test(org.junit.jupiter.api.Test) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebTestClientHtmlUnitDriverBuilder(org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverBuilder) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) GetMapping(org.springframework.web.bind.annotation.GetMapping) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) NoOpServerRequestCache(org.springframework.security.web.server.savedrequest.NoOpServerRequestCache) PageFactory(org.openqa.selenium.support.PageFactory) DefaultLoginPage(org.springframework.security.config.web.server.FormLoginTests.DefaultLoginPage) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) WebDriver(org.openqa.selenium.WebDriver) HomePage(org.springframework.security.config.web.server.FormLoginTests.HomePage) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) DefaultLoginPage(org.springframework.security.config.web.server.FormLoginTests.DefaultLoginPage) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 5 with WebFilterChainProxy

use of org.springframework.security.web.server.WebFilterChainProxy in project spring-security by spring-projects.

the class FormLoginTests method formLoginWhenCustomLoginPageInLambdaThenUsed.

@Test
public void formLoginWhenCustomLoginPageInLambdaThenUsed() {
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange((exchanges) -> exchanges.pathMatchers("/login").permitAll().anyExchange().authenticated()).formLogin((formLogin) -> formLogin.loginPage("/login")).build();
    WebTestClient webTestClient = WebTestClient.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController()).webFilter(new WebFilterChainProxy(securityWebFilter)).build();
    WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
    // @formatter:on
    CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class).assertAt();
    // @formatter:off
    HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
    // @formatter:on
    homePage.assertAt();
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) WebDriver(org.openqa.selenium.WebDriver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) WebElement(org.openqa.selenium.WebElement) Controller(org.springframework.stereotype.Controller) RedirectServerAuthenticationFailureHandler(org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebTestClientHtmlUnitDriverBuilder(org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverBuilder) BDDMockito.given(org.mockito.BDDMockito.given) PathPatternParserServerWebExchangeMatcher(org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) GetMapping(org.springframework.web.bind.annotation.GetMapping) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) PageFactory(org.openqa.selenium.support.PageFactory) FindBy(org.openqa.selenium.support.FindBy) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) By(org.openqa.selenium.By) Mockito.atLeastOnce(org.mockito.Mockito.atLeastOnce) Mono(reactor.core.publisher.Mono) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) NoSuchElementException(org.openqa.selenium.NoSuchElementException) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) SecurityContext(org.springframework.security.core.context.SecurityContext) CsrfToken(org.springframework.security.web.server.csrf.CsrfToken) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) Authentication(org.springframework.security.core.Authentication) RedirectServerAuthenticationSuccessHandler(org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler) Mockito.mock(org.mockito.Mockito.mock) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) WebDriver(org.openqa.selenium.WebDriver) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)12 WebFilterChainProxy (org.springframework.security.web.server.WebFilterChainProxy)12 SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)10 WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)10 WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)9 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)6 Customizer.withDefaults (org.springframework.security.config.Customizer.withDefaults)6 ServerHttpSecurityConfigurationBuilder (org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)6 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)5 BDDMockito.given (org.mockito.BDDMockito.given)5 Mockito.mock (org.mockito.Mockito.mock)5 Mockito.verify (org.mockito.Mockito.verify)5 Mockito.verifyZeroInteractions (org.mockito.Mockito.verifyZeroInteractions)5 WebDriver (org.openqa.selenium.WebDriver)5 ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)5 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)5 Authentication (org.springframework.security.core.Authentication)5 SecurityContext (org.springframework.security.core.context.SecurityContext)5 Arrays (java.util.Arrays)4 List (java.util.List)4