Examples with SecurityContextServerWebExchangeWebFilter org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter used on opensource projects

Example 1 with SecurityContextServerWebExchangeWebFilter

use of org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter in project spring-security by spring-projects.

the class ServerHttpSecurity method build.

/**
 * Builds the {@link SecurityWebFilterChain}
 * @return the {@link SecurityWebFilterChain}
 */
public SecurityWebFilterChain build() {
    if (this.built != null) {
        throw new IllegalStateException("This has already been built with the following stacktrace. " + buildToString());
    }
    this.built = new RuntimeException("First Build Invocation").fillInStackTrace();
    if (this.headers != null) {
        this.headers.configure(this);
    }
    WebFilter securityContextRepositoryWebFilter = securityContextRepositoryWebFilter();
    this.webFilters.add(securityContextRepositoryWebFilter);
    if (this.httpsRedirectSpec != null) {
        this.httpsRedirectSpec.configure(this);
    }
    if (this.x509 != null) {
        this.x509.configure(this);
    }
    if (this.csrf != null) {
        this.csrf.configure(this);
    }
    if (this.cors != null) {
        this.cors.configure(this);
    }
    if (this.httpBasic != null) {
        if (this.httpBasic.authenticationManager == null) {
            this.httpBasic.authenticationManager(this.authenticationManager);
        }
        if (this.httpBasic.securityContextRepository != null) {
            this.httpBasic.securityContextRepository(this.httpBasic.securityContextRepository);
        } else if (this.securityContextRepository != null) {
            this.httpBasic.securityContextRepository(this.securityContextRepository);
        } else {
            this.httpBasic.securityContextRepository(NoOpServerSecurityContextRepository.getInstance());
        }
        this.httpBasic.configure(this);
    }
    if (this.passwordManagement != null) {
        this.passwordManagement.configure(this);
    }
    if (this.formLogin != null) {
        if (this.formLogin.authenticationManager == null) {
            this.formLogin.authenticationManager(this.authenticationManager);
        }
        if (this.formLogin.securityContextRepository != null) {
            this.formLogin.securityContextRepository(this.formLogin.securityContextRepository);
        } else if (this.securityContextRepository != null) {
            this.formLogin.securityContextRepository(this.securityContextRepository);
        } else {
            this.formLogin.securityContextRepository(new WebSessionServerSecurityContextRepository());
        }
        this.formLogin.configure(this);
    }
    if (this.oauth2Login != null) {
        if (this.oauth2Login.securityContextRepository != null) {
            this.oauth2Login.securityContextRepository(this.oauth2Login.securityContextRepository);
        } else if (this.securityContextRepository != null) {
            this.oauth2Login.securityContextRepository(this.securityContextRepository);
        } else {
            this.oauth2Login.securityContextRepository(new WebSessionServerSecurityContextRepository());
        }
        this.oauth2Login.configure(this);
    }
    if (this.resourceServer != null) {
        this.resourceServer.configure(this);
    }
    if (this.client != null) {
        this.client.configure(this);
    }
    if (this.anonymous != null) {
        this.anonymous.configure(this);
    }
    this.loginPage.configure(this);
    if (this.logout != null) {
        this.logout.configure(this);
    }
    this.requestCache.configure(this);
    this.addFilterAt(new SecurityContextServerWebExchangeWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE);
    if (this.authorizeExchange != null) {
        ServerAuthenticationEntryPoint authenticationEntryPoint = getAuthenticationEntryPoint();
        ExceptionTranslationWebFilter exceptionTranslationWebFilter = new ExceptionTranslationWebFilter();
        if (authenticationEntryPoint != null) {
            exceptionTranslationWebFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
        }
        ServerAccessDeniedHandler accessDeniedHandler = getAccessDeniedHandler();
        if (accessDeniedHandler != null) {
            exceptionTranslationWebFilter.setAccessDeniedHandler(accessDeniedHandler);
        }
        this.addFilterAt(exceptionTranslationWebFilter, SecurityWebFiltersOrder.EXCEPTION_TRANSLATION);
        this.authorizeExchange.configure(this);
    }
    AnnotationAwareOrderComparator.sort(this.webFilters);
    List<WebFilter> sortedWebFilters = new ArrayList<>();
    this.webFilters.forEach((f) -> {
        if (f instanceof OrderedWebFilter) {
            f = ((OrderedWebFilter) f).webFilter;
        }
        sortedWebFilters.add(f);
    });
    sortedWebFilters.add(0, new ServerWebExchangeReactorContextWebFilter());
    return new MatcherSecurityWebFilterChain(getSecurityMatcher(), sortedWebFilters);
}

Example 2 with SecurityContextServerWebExchangeWebFilter

use of org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter in project spring-security by spring-projects.

the class SecurityMockServerConfigurersAnnotatedTests method withMockUserWhenGlobalMockPrincipalThenOverridesAnnotation.

@Test
@WithMockUser
public void withMockUserWhenGlobalMockPrincipalThenOverridesAnnotation() {
    TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret", "ROLE_USER");
    this.client = WebTestClient.bindToController(this.controller).webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.mockAuthentication(authentication)).configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
    this.client.get().exchange().expectStatus().isOk();
    this.controller.assertPrincipalIsEqualTo(authentication);
}

Example 3 with SecurityContextServerWebExchangeWebFilter

use of org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter in project spring-security by spring-projects.

the class SecurityMockServerConfigurersTests method mockUserWhenGlobalThenSuccess.

@Test
public void mockUserWhenGlobalThenSuccess() {
    this.client = WebTestClient.bindToController(this.controller).webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.mockUser()).configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
    this.client.get().exchange().expectStatus().isOk();
    Principal actual = this.controller.removePrincipal();
    assertPrincipalCreatedFromUserDetails(actual, this.userBuilder.build());
}

Example 4 with SecurityContextServerWebExchangeWebFilter

use of org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter in project spring-security by spring-projects.

the class SecurityMockServerConfigurersTests method mockAuthenticationWhenGlobalThenSuccess.

@Test
public void mockAuthenticationWhenGlobalThenSuccess() {
    TestingAuthenticationToken authentication = new TestingAuthenticationToken("authentication", "secret", "ROLE_USER");
    this.client = WebTestClient.bindToController(this.controller).webFilter(new SecurityContextServerWebExchangeWebFilter()).apply(SecurityMockServerConfigurers.springSecurity()).apply(SecurityMockServerConfigurers.mockAuthentication(authentication)).configureClient().defaultHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE).build();
    this.client.get().exchange().expectStatus().isOk();
    this.controller.assertPrincipalIsEqualTo(authentication);
}