Example 1 with HttpBasicServerAuthenticationEntryPoint
use of org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint in project spring-security by spring-projects.
the class ServerHttpSecurityTests method requestWhenBasicWithRealmNameInLambdaThenRealmNameUsed.
@Test
public void requestWhenBasicWithRealmNameInLambdaThenRealmNameUsed() {
this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
authenticationEntryPoint.setRealm("myrealm");
this.http.httpBasic((httpBasic) -> httpBasic.authenticationEntryPoint(authenticationEntryPoint));
this.http.authenticationManager(this.authenticationManager);
ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
authorize.anyExchange().authenticated();
WebTestClient client = buildClient();
// @formatter:off
EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm")).expectBody(String.class).returnResult();
// @formatter:on
assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
}
Also used :
HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository)
Test(org.junit.jupiter.api.Test)
Example 2 with HttpBasicServerAuthenticationEntryPoint
use of org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint in project spring-security by spring-projects.
the class ServerHttpSecurityTests method basicWithCustomRealmName.
@Test
public void basicWithCustomRealmName() {
this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
authenticationEntryPoint.setRealm("myrealm");
this.http.httpBasic().authenticationEntryPoint(authenticationEntryPoint);
this.http.authenticationManager(this.authenticationManager);
ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
authorize.anyExchange().authenticated();
WebTestClient client = buildClient();
// @formatter:off
EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm")).expectBody(String.class).returnResult();
// @formatter:on
assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
}
Also used :
HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)2
HttpBasicServerAuthenticationEntryPoint (org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint)2
WebSessionServerSecurityContextRepository (org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository)2
WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)2
