Examples with WebSessionServerSecurityContextRepository org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository used on opensource projects

Search in sources :

Example 6 with WebSessionServerSecurityContextRepository

use of org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository in project spring-security by spring-projects.

the class ServerHttpSecurityTests method basicWithGlobalWebSessionServerSecurityContextRepository.

@Test
public void basicWithGlobalWebSessionServerSecurityContextRepository() {
    given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
    this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
    this.http.httpBasic();
    this.http.authenticationManager(this.authenticationManager);
    ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
    authorize.anyExchange().authenticated();
    WebTestClient client = buildClient();
    // @formatter:off
    EntityExchangeResult<String> result = client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
    // @formatter:on
    assertThat(result.getResponseCookies().getFirst("SESSION")).isNotNull();
}
Also used : ServerAuthorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerLogoutHandler(org.springframework.security.web.server.authentication.logout.ServerLogoutHandler) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) BDDMockito.given(org.mockito.BDDMockito.given) HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) HttpHeaders(org.apache.http.HttpHeaders) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) WebFilterChain(org.springframework.web.server.WebFilterChain) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Objects(java.util.Objects) Test(org.junit.jupiter.api.Test) List(java.util.List) SecurityContext(org.springframework.security.core.context.SecurityContext) Optional(java.util.Optional) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) Authentication(org.springframework.security.core.Authentication) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestPublisher(reactor.test.publisher.TestPublisher) Mock(org.mockito.Mock) TestOAuth2AuthorizationRequests(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests) Mockito.spy(org.mockito.Mockito.spy) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityContextServerLogoutHandler(org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler) ArgumentCaptor(org.mockito.ArgumentCaptor) WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache) GetMapping(org.springframework.web.bind.annotation.GetMapping) AnonymousAuthenticationWebFilterTests(org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) Mono(reactor.core.publisher.Mono) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) CsrfServerLogoutHandler(org.springframework.security.web.server.csrf.CsrfServerLogoutHandler) Mockito.verify(org.mockito.Mockito.verify) HttpStatus(org.springframework.http.HttpStatus) FluxExchangeResult(org.springframework.test.web.reactive.server.FluxExchangeResult) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) HttpStatusServerEntryPoint(org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint) ServerCsrfTokenRepository(org.springframework.security.web.server.csrf.ServerCsrfTokenRepository) ServerX509AuthenticationConverter(org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter) DelegatingServerLogoutHandler(org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 7 with WebSessionServerSecurityContextRepository

use of org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository in project spring-security by spring-projects.

the class EnableWebFluxSecurityTests method defaultPopulatesReactorContext.

@Test
public void defaultPopulatesReactorContext() {
    this.spring.register(Config.class).autowire();
    Authentication currentPrincipal = new TestingAuthenticationToken("user", "password", "ROLE_USER");
    WebSessionServerSecurityContextRepository contextRepository = new WebSessionServerSecurityContextRepository();
    SecurityContext context = new SecurityContextImpl(currentPrincipal);
    // @formatter:off
    WebFilter contextRepositoryWebFilter = (exchange, chain) -> contextRepository.save(exchange, context).switchIfEmpty(chain.filter(exchange)).flatMap((e) -> chain.filter(exchange));
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(contextRepositoryWebFilter, this.springSecurityFilterChain, writePrincipalWebFilter()).build();
    client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class).consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName()));
// @formatter:on
}
Also used : BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) DefaultDataBufferFactory(org.springframework.core.io.buffer.DefaultDataBufferFactory) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) AuthenticationPrincipalArgumentResolver(org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Autowired(org.springframework.beans.factory.annotation.Autowired) User(org.springframework.security.core.userdetails.User) ServerHttpSecurity(org.springframework.security.config.web.server.ServerHttpSecurity) ReactiveSecurityContextHolder(org.springframework.security.core.context.ReactiveSecurityContextHolder) ReactiveUserDetailsService(org.springframework.security.core.userdetails.ReactiveUserDetailsService) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) WebFilter(org.springframework.web.server.WebFilter) ConfigurableApplicationContext(org.springframework.context.ConfigurableApplicationContext) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) ReactiveAuthenticationTestConfiguration(org.springframework.security.config.users.ReactiveAuthenticationTestConfiguration) MediaType(org.springframework.http.MediaType) RestController(org.springframework.web.bind.annotation.RestController) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Configuration(org.springframework.context.annotation.Configuration) SecurityContext(org.springframework.security.core.context.SecurityContext) WithMockUser(org.springframework.security.test.context.support.WithMockUser) BodyInserters(org.springframework.web.reactive.function.BodyInserters) Authentication(org.springframework.security.core.Authentication) CsrfRequestDataValueProcessor(org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor) Ordered(org.springframework.core.Ordered) SecurityMockServerConfigurers.csrf(org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) EnableWebFlux(org.springframework.web.reactive.config.EnableWebFlux) PathPatternParserServerWebExchangeMatcher(org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher) UserDetails(org.springframework.security.core.userdetails.UserDetails) GetMapping(org.springframework.web.bind.annotation.GetMapping) AnnotationConfigWebApplicationContext(org.springframework.web.context.support.AnnotationConfigWebApplicationContext) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) MockServletContext(org.springframework.mock.web.MockServletContext) Order(org.springframework.core.annotation.Order) SpringExtension(org.springframework.test.context.junit.jupiter.SpringExtension) SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) SecurityTestExecutionListeners(org.springframework.security.test.context.annotation.SecurityTestExecutionListeners) Import(org.springframework.context.annotation.Import) MultiValueMap(org.springframework.util.MultiValueMap) Mono(reactor.core.publisher.Mono) DataBuffer(org.springframework.core.io.buffer.DataBuffer) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) DelegatingWebFluxConfiguration(org.springframework.web.reactive.config.DelegatingWebFluxConfiguration) FluxExchangeResult(org.springframework.test.web.reactive.server.FluxExchangeResult) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) MapReactiveUserDetailsService(org.springframework.security.core.userdetails.MapReactiveUserDetailsService) SpringTestContext(org.springframework.security.config.test.SpringTestContext) AuthenticationPrincipal(org.springframework.security.core.annotation.AuthenticationPrincipal) SpringTestContextExtension(org.springframework.security.config.test.SpringTestContextExtension) AbstractView(org.springframework.web.reactive.result.view.AbstractView) Bean(org.springframework.context.annotation.Bean) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) WebFilter(org.springframework.web.server.WebFilter) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) Authentication(org.springframework.security.core.Authentication) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) SecurityContext(org.springframework.security.core.context.SecurityContext) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Aggregations

WebSessionServerSecurityContextRepository (org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository)7 Test (org.junit.jupiter.api.Test)5 HttpBasicServerAuthenticationEntryPoint (org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint)4 WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)4 OAuth2LoginAuthenticationWebFilter (org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)3 SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)3 LogoutWebFilter (org.springframework.security.web.server.authentication.logout.LogoutWebFilter)3 SecurityContextServerWebExchangeWebFilter (org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)3 CsrfWebFilter (org.springframework.security.web.server.csrf.CsrfWebFilter)3 WebFilter (org.springframework.web.server.WebFilter)3 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)2 OAuth2AuthorizationCodeGrantWebFilter (org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter)2 OAuth2AuthorizationRequestRedirectWebFilter (org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationRequestRedirectWebFilter)2 ExchangeMatcherRedirectWebFilter (org.springframework.security.web.server.ExchangeMatcherRedirectWebFilter)2 ServerAuthenticationEntryPoint (org.springframework.security.web.server.ServerAuthenticationEntryPoint)2 AnonymousAuthenticationWebFilter (org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilter)2 AuthenticationWebFilter (org.springframework.security.web.server.authentication.AuthenticationWebFilter)2 AuthorizationWebFilter (org.springframework.security.web.server.authorization.AuthorizationWebFilter)2 ExceptionTranslationWebFilter (org.springframework.security.web.server.authorization.ExceptionTranslationWebFilter)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial