use of org.springframework.security.web.server.WebFilterChainProxy in project spring-security by spring-projects.
the class ServerHttpSecurityTests method postWhenCsrfDisabledThenPermitted.
@Test
public void postWhenCsrfDisabledThenPermitted() {
SecurityWebFilterChain securityFilterChain = this.http.csrf((csrf) -> csrf.disable()).build();
WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
client.post().uri("/").exchange().expectStatus().isOk();
}
use of org.springframework.security.web.server.WebFilterChainProxy in project spring-boot by spring-projects.
the class ReactiveManagementWebSecurityAutoConfigurationTests method performFilter.
private ServerWebExchange performFilter(AssertableReactiveWebApplicationContext context, String path) {
ServerWebExchange exchange = webHandler(context).createExchange(MockServerHttpRequest.get(path).build(), new MockServerHttpResponse());
WebFilterChainProxy proxy = context.getBean(WebFilterChainProxy.class);
proxy.filter(exchange, (serverWebExchange) -> Mono.empty()).block(Duration.ofSeconds(30));
return exchange;
}
use of org.springframework.security.web.server.WebFilterChainProxy in project spring-boot by spring-projects.
the class ReactiveCloudFoundryActuatorAutoConfigurationTests method cloudFoundryPathsIgnoredBySpringSecurity.
@Test
@SuppressWarnings("unchecked")
void cloudFoundryPathsIgnoredBySpringSecurity() {
this.contextRunner.withPropertyValues("VCAP_APPLICATION:---", "vcap.application.application_id:my-app-id", "vcap.application.cf_api:https://my-cloud-controller.com").run((context) -> {
WebFilterChainProxy chainProxy = context.getBean(WebFilterChainProxy.class);
List<SecurityWebFilterChain> filters = (List<SecurityWebFilterChain>) ReflectionTestUtils.getField(chainProxy, "filters");
Boolean cfRequestMatches = filters.get(0).matches(MockServerWebExchange.from(MockServerHttpRequest.get("/cloudfoundryapplication/my-path").build())).block(Duration.ofSeconds(30));
Boolean otherRequestMatches = filters.get(0).matches(MockServerWebExchange.from(MockServerHttpRequest.get("/some-other-path").build())).block(Duration.ofSeconds(30));
assertThat(cfRequestMatches).isTrue();
assertThat(otherRequestMatches).isFalse();
otherRequestMatches = filters.get(1).matches(MockServerWebExchange.from(MockServerHttpRequest.get("/some-other-path").build())).block(Duration.ofSeconds(30));
assertThat(otherRequestMatches).isTrue();
});
}
use of org.springframework.security.web.server.WebFilterChainProxy in project spring-security by spring-projects.
the class RequestCacheTests method defaultFormLoginRequestCache.
@Test
public void defaultFormLoginRequestCache() {
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and().formLogin().and().build();
WebTestClient webTestClient = WebTestClient.bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()).webFilter(new WebFilterChainProxy(securityWebFilter)).build();
WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
// @formatter:on
DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class).assertAt();
// @formatter:off
SecuredPage securedPage = loginPage.loginForm().username("user").password("password").submit(SecuredPage.class);
// @formatter:on
securedPage.assertAt();
}
use of org.springframework.security.web.server.WebFilterChainProxy in project spring-security by spring-projects.
the class ServerHttpSecurityTests method postWhenCustomCsrfTokenRepositoryThenUsed.
@Test
public void postWhenCustomCsrfTokenRepositoryThenUsed() {
ServerCsrfTokenRepository customServerCsrfTokenRepository = mock(ServerCsrfTokenRepository.class);
given(customServerCsrfTokenRepository.loadToken(any(ServerWebExchange.class))).willReturn(Mono.empty());
SecurityWebFilterChain securityFilterChain = this.http.csrf((csrf) -> csrf.csrfTokenRepository(customServerCsrfTokenRepository)).build();
WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
client.post().uri("/").exchange().expectStatus().isForbidden();
verify(customServerCsrfTokenRepository).loadToken(any());
}
Aggregations