Examples with WebSessionServerSecurityContextRepository org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository used on opensource projects

Example 1 with WebSessionServerSecurityContextRepository

use of org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository in project spring-security by spring-projects.

the class ServerHttpSecurity method securityContextRepositoryWebFilter.

private WebFilter securityContextRepositoryWebFilter() {
    ServerSecurityContextRepository repository = (this.securityContextRepository != null) ? this.securityContextRepository : new WebSessionServerSecurityContextRepository();
    WebFilter result = new ReactorContextWebFilter(repository);
    return new OrderedWebFilter(result, SecurityWebFiltersOrder.REACTOR_CONTEXT.getOrder());
}

Example 2 with WebSessionServerSecurityContextRepository

use of org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository in project spring-security by spring-projects.

the class ServerHttpSecurity method build.

/**
 * Builds the {@link SecurityWebFilterChain}
 * @return the {@link SecurityWebFilterChain}
 */
public SecurityWebFilterChain build() {
    if (this.built != null) {
        throw new IllegalStateException("This has already been built with the following stacktrace. " + buildToString());
    }
    this.built = new RuntimeException("First Build Invocation").fillInStackTrace();
    if (this.headers != null) {
        this.headers.configure(this);
    }
    WebFilter securityContextRepositoryWebFilter = securityContextRepositoryWebFilter();
    this.webFilters.add(securityContextRepositoryWebFilter);
    if (this.httpsRedirectSpec != null) {
        this.httpsRedirectSpec.configure(this);
    }
    if (this.x509 != null) {
        this.x509.configure(this);
    }
    if (this.csrf != null) {
        this.csrf.configure(this);
    }
    if (this.cors != null) {
        this.cors.configure(this);
    }
    if (this.httpBasic != null) {
        if (this.httpBasic.authenticationManager == null) {
            this.httpBasic.authenticationManager(this.authenticationManager);
        }
        if (this.httpBasic.securityContextRepository != null) {
            this.httpBasic.securityContextRepository(this.httpBasic.securityContextRepository);
        } else if (this.securityContextRepository != null) {
            this.httpBasic.securityContextRepository(this.securityContextRepository);
        } else {
            this.httpBasic.securityContextRepository(NoOpServerSecurityContextRepository.getInstance());
        }
        this.httpBasic.configure(this);
    }
    if (this.passwordManagement != null) {
        this.passwordManagement.configure(this);
    }
    if (this.formLogin != null) {
        if (this.formLogin.authenticationManager == null) {
            this.formLogin.authenticationManager(this.authenticationManager);
        }
        if (this.formLogin.securityContextRepository != null) {
            this.formLogin.securityContextRepository(this.formLogin.securityContextRepository);
        } else if (this.securityContextRepository != null) {
            this.formLogin.securityContextRepository(this.securityContextRepository);
        } else {
            this.formLogin.securityContextRepository(new WebSessionServerSecurityContextRepository());
        }
        this.formLogin.configure(this);
    }
    if (this.oauth2Login != null) {
        if (this.oauth2Login.securityContextRepository != null) {
            this.oauth2Login.securityContextRepository(this.oauth2Login.securityContextRepository);
        } else if (this.securityContextRepository != null) {
            this.oauth2Login.securityContextRepository(this.securityContextRepository);
        } else {
            this.oauth2Login.securityContextRepository(new WebSessionServerSecurityContextRepository());
        }
        this.oauth2Login.configure(this);
    }
    if (this.resourceServer != null) {
        this.resourceServer.configure(this);
    }
    if (this.client != null) {
        this.client.configure(this);
    }
    if (this.anonymous != null) {
        this.anonymous.configure(this);
    }
    this.loginPage.configure(this);
    if (this.logout != null) {
        this.logout.configure(this);
    }
    this.requestCache.configure(this);
    this.addFilterAt(new SecurityContextServerWebExchangeWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE);
    if (this.authorizeExchange != null) {
        ServerAuthenticationEntryPoint authenticationEntryPoint = getAuthenticationEntryPoint();
        ExceptionTranslationWebFilter exceptionTranslationWebFilter = new ExceptionTranslationWebFilter();
        if (authenticationEntryPoint != null) {
            exceptionTranslationWebFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
        }
        ServerAccessDeniedHandler accessDeniedHandler = getAccessDeniedHandler();
        if (accessDeniedHandler != null) {
            exceptionTranslationWebFilter.setAccessDeniedHandler(accessDeniedHandler);
        }
        this.addFilterAt(exceptionTranslationWebFilter, SecurityWebFiltersOrder.EXCEPTION_TRANSLATION);
        this.authorizeExchange.configure(this);
    }
    AnnotationAwareOrderComparator.sort(this.webFilters);
    List<WebFilter> sortedWebFilters = new ArrayList<>();
    this.webFilters.forEach((f) -> {
        if (f instanceof OrderedWebFilter) {
            f = ((OrderedWebFilter) f).webFilter;
        }
        sortedWebFilters.add(f);
    });
    sortedWebFilters.add(0, new ServerWebExchangeReactorContextWebFilter());
    return new MatcherSecurityWebFilterChain(getSecurityMatcher(), sortedWebFilters);
}

Example 3 with WebSessionServerSecurityContextRepository

use of org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository in project spring-security by spring-projects.

the class LogoutSpecTests method logoutWhenCustomSecurityContextRepositoryThenLogsOut.

@Test
public void logoutWhenCustomSecurityContextRepositoryThenLogsOut() {
    WebSessionServerSecurityContextRepository repository = new WebSessionServerSecurityContextRepository();
    repository.setSpringSecurityContextAttrName("CUSTOM_CONTEXT_ATTR");
    // @formatter:off
    SecurityWebFilterChain securityWebFilter = this.http.securityContextRepository(repository).authorizeExchange().anyExchange().authenticated().and().formLogin().and().logout().and().build();
    WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
    WebDriver driver = WebTestClientHtmlUnitDriverBuilder.webTestClientSetup(webTestClient).build();
    // @formatter:on
    FormLoginTests.DefaultLoginPage loginPage = FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
    // @formatter:off
    FormLoginTests.HomePage homePage = loginPage.loginForm().username("user").password("password").submit(FormLoginTests.HomePage.class);
    // @formatter:on
    homePage.assertAt();
    FormLoginTests.DefaultLogoutPage.to(driver).assertAt().logout();
    FormLoginTests.HomePage.to(driver, FormLoginTests.DefaultLoginPage.class).assertAt();
}

Example 4 with WebSessionServerSecurityContextRepository

use of org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository in project spring-security by spring-projects.

the class ServerHttpSecurityTests method requestWhenBasicWithRealmNameInLambdaThenRealmNameUsed.

@Test
public void requestWhenBasicWithRealmNameInLambdaThenRealmNameUsed() {
    this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
    HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
    authenticationEntryPoint.setRealm("myrealm");
    this.http.httpBasic((httpBasic) -> httpBasic.authenticationEntryPoint(authenticationEntryPoint));
    this.http.authenticationManager(this.authenticationManager);
    ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
    authorize.anyExchange().authenticated();
    WebTestClient client = buildClient();
    // @formatter:off
    EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm")).expectBody(String.class).returnResult();
    // @formatter:on
    assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
}

Example 5 with WebSessionServerSecurityContextRepository

use of org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository in project spring-security by spring-projects.

the class ServerHttpSecurityTests method basicWithCustomRealmName.

@Test
public void basicWithCustomRealmName() {
    this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
    HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
    authenticationEntryPoint.setRealm("myrealm");
    this.http.httpBasic().authenticationEntryPoint(authenticationEntryPoint);
    this.http.authenticationManager(this.authenticationManager);
    ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
    authorize.anyExchange().authenticated();
    WebTestClient client = buildClient();
    // @formatter:off
    EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm")).expectBody(String.class).returnResult();
    // @formatter:on
    assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
}