Example 1 with HttpStatusServerAccessDeniedHandler
use of org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler in project spring-security by spring-projects.
the class ExceptionHandlingSpecTests method requestWhenCustomAccessDeniedHandlerInLambdaThenCustomAccessDeniedHandlerUsed.
@Test
public void requestWhenCustomAccessDeniedHandlerInLambdaThenCustomAccessDeniedHandlerUsed() {
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.httpBasic(withDefaults()).authorizeExchange((exchanges) -> exchanges.anyExchange().hasRole("ADMIN")).exceptionHandling((exceptionHandling) -> exceptionHandling.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))).build();
WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus().isBadRequest();
// @formatter:on
}
Also used :
Test(org.junit.jupiter.api.Test)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
HttpStatus(org.springframework.http.HttpStatus)
ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
RedirectServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint)
HttpStatusServerAccessDeniedHandler(org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler)
ServerAccessDeniedHandler(org.springframework.security.web.server.authorization.ServerAccessDeniedHandler)
ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint)
Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults)
WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 2 with HttpStatusServerAccessDeniedHandler
use of org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler in project spring-security by spring-projects.
the class ExceptionHandlingSpecTests method customAccessDeniedHandler.
@Test
public void customAccessDeniedHandler() {
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().httpBasic().and().authorizeExchange().anyExchange().hasRole("ADMIN").and().exceptionHandling().accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)).and().build();
WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
client.get().uri("/admin").headers((headers) -> headers.setBasicAuth("user", "password")).exchange().expectStatus().isBadRequest();
// @formatter:on
}
Also used :
Test(org.junit.jupiter.api.Test)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
HttpStatus(org.springframework.http.HttpStatus)
ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
RedirectServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint)
HttpStatusServerAccessDeniedHandler(org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler)
ServerAccessDeniedHandler(org.springframework.security.web.server.authorization.ServerAccessDeniedHandler)
ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint)
Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults)
WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)2
HttpStatus (org.springframework.http.HttpStatus)2
Customizer.withDefaults (org.springframework.security.config.Customizer.withDefaults)2
ServerHttpSecurityConfigurationBuilder (org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)2
WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)2
SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)2
ServerAuthenticationEntryPoint (org.springframework.security.web.server.ServerAuthenticationEntryPoint)2
RedirectServerAuthenticationEntryPoint (org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint)2
HttpStatusServerAccessDeniedHandler (org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler)2
ServerAccessDeniedHandler (org.springframework.security.web.server.authorization.ServerAccessDeniedHandler)2
WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)2
