Example 1 with ServerSecurityContextRepository
use of org.springframework.security.web.server.context.ServerSecurityContextRepository in project spring-security by spring-projects.
the class ServerHttpSecurity method securityContextRepositoryWebFilter.
private WebFilter securityContextRepositoryWebFilter() {
ServerSecurityContextRepository repository = (this.securityContextRepository != null) ? this.securityContextRepository : new WebSessionServerSecurityContextRepository();
WebFilter result = new ReactorContextWebFilter(repository);
return new OrderedWebFilter(result, SecurityWebFiltersOrder.REACTOR_CONTEXT.getOrder());
}
Also used :
HttpsRedirectWebFilter(org.springframework.security.web.server.transport.HttpsRedirectWebFilter)
ExchangeMatcherRedirectWebFilter(org.springframework.security.web.server.ExchangeMatcherRedirectWebFilter)
LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter)
WebFilter(org.springframework.web.server.WebFilter)
ServerRequestCacheWebFilter(org.springframework.security.web.server.savedrequest.ServerRequestCacheWebFilter)
CorsWebFilter(org.springframework.web.cors.reactive.CorsWebFilter)
ReactorContextWebFilter(org.springframework.security.web.server.context.ReactorContextWebFilter)
LogoutPageGeneratingWebFilter(org.springframework.security.web.server.ui.LogoutPageGeneratingWebFilter)
OAuth2AuthorizationCodeGrantWebFilter(org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter)
OAuth2AuthorizationRequestRedirectWebFilter(org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter)
AnonymousAuthenticationWebFilter(org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter)
AuthorizationWebFilter(org.springframework.security.web.server.authorization.AuthorizationWebFilter)
HttpHeaderWriterWebFilter(org.springframework.security.web.server.header.HttpHeaderWriterWebFilter)
SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)
OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)
LoginPageGeneratingWebFilter(org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter)
CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter)
AuthenticationWebFilter(org.springframework.security.web.server.authentication.AuthenticationWebFilter)
ExceptionTranslationWebFilter(org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter)
WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository)
WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository)
NoOpServerSecurityContextRepository(org.springframework.security.web.server.context.NoOpServerSecurityContextRepository)
ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository)
ReactorContextWebFilter(org.springframework.security.web.server.context.ReactorContextWebFilter)
Example 2 with ServerSecurityContextRepository
use of org.springframework.security.web.server.context.ServerSecurityContextRepository in project spring-security by spring-projects.
the class OAuth2LoginTests method logoutWhenUsingOidcLogoutHandlerThenRedirects.
@Test
public void logoutWhenUsingOidcLogoutHandlerThenRedirects() {
this.spring.register(OAuth2LoginConfigWithOidcLogoutSuccessHandler.class).autowire();
OAuth2AuthenticationToken token = new OAuth2AuthenticationToken(TestOidcUsers.create(), AuthorityUtils.NO_AUTHORITIES, getBean(ClientRegistration.class).getRegistrationId());
ServerSecurityContextRepository repository = getBean(ServerSecurityContextRepository.class);
given(repository.load(any())).willReturn(authentication(token));
// @formatter:off
this.client.post().uri("/logout").exchange().expectHeader().valueEquals("Location", "https://logout?id_token_hint=id-token");
// @formatter:on
}
Also used :
OAuth2AuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken)
ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository)
Test(org.junit.jupiter.api.Test)
Example 3 with ServerSecurityContextRepository
use of org.springframework.security.web.server.context.ServerSecurityContextRepository in project spring-security by spring-projects.
the class OAuth2LoginTests method oauth2LoginWhenCustomBeansThenUsed.
@Test
public void oauth2LoginWhenCustomBeansThenUsed() {
this.spring.register(OAuth2LoginWithMultipleClientRegistrations.class, OAuth2LoginWithCustomBeansConfig.class).autowire();
// @formatter:off
WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
// @formatter:on
OAuth2LoginWithCustomBeansConfig config = this.spring.getContext().getBean(OAuth2LoginWithCustomBeansConfig.class);
OAuth2AuthorizationRequest request = TestOAuth2AuthorizationRequests.request().scope("openid").build();
OAuth2AuthorizationResponse response = TestOAuth2AuthorizationResponses.success().build();
OAuth2AuthorizationExchange exchange = new OAuth2AuthorizationExchange(request, response);
OAuth2AccessToken accessToken = TestOAuth2AccessTokens.scopes("openid");
OAuth2AuthorizationCodeAuthenticationToken token = new OAuth2AuthorizationCodeAuthenticationToken(google, exchange, accessToken);
ServerAuthenticationConverter converter = config.authenticationConverter;
given(converter.convert(any())).willReturn(Mono.just(token));
ServerSecurityContextRepository securityContextRepository = config.securityContextRepository;
given(securityContextRepository.save(any(), any())).willReturn(Mono.empty());
given(securityContextRepository.load(any())).willReturn(authentication(token));
Map<String, Object> additionalParameters = new HashMap<>();
additionalParameters.put(OidcParameterNames.ID_TOKEN, "id-token");
// @formatter:off
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()).tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes()).additionalParameters(additionalParameters).build();
// @formatter:on
ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> tokenResponseClient = config.tokenResponseClient;
given(tokenResponseClient.getTokenResponse(any())).willReturn(Mono.just(accessTokenResponse));
OidcUser user = TestOidcUsers.create();
ReactiveOAuth2UserService<OidcUserRequest, OidcUser> userService = config.userService;
given(userService.loadUser(any())).willReturn(Mono.just(user));
// @formatter:off
webTestClient.get().uri("/login/oauth2/code/google").exchange().expectStatus().is3xxRedirection();
// @formatter:on
verify(config.jwtDecoderFactory).createDecoder(any());
verify(tokenResponseClient).getTokenResponse(any());
verify(securityContextRepository).save(any(), any());
}
Also used :
OAuth2AccessTokenResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)
OidcUserRequest(org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
HashMap(java.util.HashMap)
OAuth2AuthorizationCodeGrantRequest(org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)
OAuth2AuthorizationCodeAuthenticationToken(org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken)
OAuth2AuthorizationResponse(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)
ServerAuthenticationConverter(org.springframework.security.web.server.authentication.ServerAuthenticationConverter)
OidcUser(org.springframework.security.oauth2.core.oidc.user.OidcUser)
OAuth2AccessToken(org.springframework.security.oauth2.core.OAuth2AccessToken)
OAuth2AuthorizationExchange(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)
ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
Test(org.junit.jupiter.api.Test)
Example 4 with ServerSecurityContextRepository
use of org.springframework.security.web.server.context.ServerSecurityContextRepository in project spring-security by spring-projects.
the class FormLoginTests method formLoginSecurityContextRepository.
@Test
public void formLoginSecurityContextRepository() {
ServerSecurityContextRepository defaultSecContextRepository = mock(ServerSecurityContextRepository.class);
ServerSecurityContextRepository formLoginSecContextRepository = mock(ServerSecurityContextRepository.class);
TestingAuthenticationToken token = new TestingAuthenticationToken("rob", "rob", "ROLE_USER");
given(defaultSecContextRepository.save(any(), any())).willReturn(Mono.empty());
given(defaultSecContextRepository.load(any())).willReturn(authentication(token));
given(formLoginSecContextRepository.save(any(), any())).willReturn(Mono.empty());
given(formLoginSecContextRepository.load(any())).willReturn(authentication(token));
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange().anyExchange().authenticated().and().securityContextRepository(defaultSecContextRepository).formLogin().securityContextRepository(formLoginSecContextRepository).and().build();
WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
// @formatter:on
DefaultLoginPage loginPage = DefaultLoginPage.to(driver).assertAt();
// @formatter:off
HomePage homePage = loginPage.loginForm().username("user").password("password").submit(HomePage.class);
// @formatter:on
homePage.assertAt();
verify(defaultSecContextRepository, atLeastOnce()).load(any());
verify(formLoginSecContextRepository).save(any(), any());
}
Also used :
WebDriver(org.openqa.selenium.WebDriver)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 5 with ServerSecurityContextRepository
use of org.springframework.security.web.server.context.ServerSecurityContextRepository in project spring-security by spring-projects.
the class SwitchUserWebFilterTests method setSecurityContextRepositoryWhenDefinedThenChangeDefaultValue.
@Test
public void setSecurityContextRepositoryWhenDefinedThenChangeDefaultValue() {
final Object oldSecurityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter, "securityContextRepository");
assertThat(oldSecurityContextRepository).isSameAs(this.serverSecurityContextRepository);
final ServerSecurityContextRepository newSecurityContextRepository = mock(ServerSecurityContextRepository.class);
this.switchUserWebFilter.setSecurityContextRepository(newSecurityContextRepository);
final Object currentSecurityContextRepository = ReflectionTestUtils.getField(this.switchUserWebFilter, "securityContextRepository");
assertThat(currentSecurityContextRepository).isSameAs(newSecurityContextRepository);
}
Also used :
WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository)
ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository)
Test(org.junit.jupiter.api.Test)
Aggregations
ServerSecurityContextRepository (org.springframework.security.web.server.context.ServerSecurityContextRepository)5
Test (org.junit.jupiter.api.Test)4
WebSessionServerSecurityContextRepository (org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository)2
WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)2
HashMap (java.util.HashMap)1
WebDriver (org.openqa.selenium.WebDriver)1
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)1
OAuth2AuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken)1
OAuth2AuthorizationCodeAuthenticationToken (org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken)1
OAuth2AuthorizationCodeGrantRequest (org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest)1
OidcUserRequest (org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest)1
OAuth2AuthorizationCodeGrantWebFilter (org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter)1
OAuth2AuthorizationRequestRedirectWebFilter (org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter)1
OAuth2LoginAuthenticationWebFilter (org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)1
OAuth2AccessToken (org.springframework.security.oauth2.core.OAuth2AccessToken)1
OAuth2AccessTokenResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse)1
OAuth2AuthorizationExchange (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange)1
OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)1
OAuth2AuthorizationResponse (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse)1
OidcUser (org.springframework.security.oauth2.core.oidc.user.OidcUser)1
