use of org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler in project spring-security by spring-projects.
the class OAuth2LoginTests method oauth2LoginFailsWhenCustomObjectsThenUsed.
@Test
public void oauth2LoginFailsWhenCustomObjectsThenUsed() {
this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerConfig.class).autowire();
String redirectLocation = "/custom-redirect-location";
String failureRedirectLocation = "/failure-redirect-location";
// @formatter:off
WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
// @formatter:on
OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext().getBean(OAuth2LoginMockAuthenticationManagerConfig.class);
ServerAuthenticationConverter converter = config.authenticationConverter;
ReactiveAuthenticationManager manager = config.manager;
ServerWebExchangeMatcher matcher = config.matcher;
ServerOAuth2AuthorizationRequestResolver resolver = config.resolver;
ServerAuthenticationSuccessHandler successHandler = config.successHandler;
ServerAuthenticationFailureHandler failureHandler = config.failureHandler;
given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
given(manager.authenticate(any())).willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message")));
given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
given(resolver.resolve(any())).willReturn(Mono.empty());
given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
WebFilterExchange webFilterExchange = invocation.getArgument(0);
Authentication authentication = invocation.getArgument(1);
return new RedirectServerAuthenticationSuccessHandler(redirectLocation).onAuthenticationSuccess(webFilterExchange, authentication);
});
given(failureHandler.onAuthenticationFailure(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
WebFilterExchange webFilterExchange = invocation.getArgument(0);
AuthenticationException authenticationException = invocation.getArgument(1);
return new RedirectServerAuthenticationFailureHandler(failureRedirectLocation).onAuthenticationFailure(webFilterExchange, authenticationException);
});
// @formatter:off
webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader().valueEquals("Location", failureRedirectLocation);
// @formatter:on
verify(converter).convert(any());
verify(manager).authenticate(any());
verify(matcher).matches(any());
verify(resolver).resolve(any());
verify(failureHandler).onAuthenticationFailure(any(), any());
}
use of org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler in project spring-security by spring-projects.
the class FormLoginTests method formLoginWhenCustomAuthenticationFailureHandlerThenUsed.
@Test
public void formLoginWhenCustomAuthenticationFailureHandlerThenUsed() {
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().pathMatchers("/login", "/failure").permitAll().anyExchange().authenticated().and().formLogin().authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure")).and().build();
WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
// @formatter:on
DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class).assertAt();
// @formatter:off
loginPage.loginForm().username("invalid").password("invalid").submit(HomePage.class);
// @formatter:on
assertThat(driver.getCurrentUrl()).endsWith("/failure");
}
Aggregations