Examples with ServerWebExchangeMatcher org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher used on opensource projects

Example 31 with ServerWebExchangeMatcher

use of org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher in project spring-security by spring-projects.

the class OAuth2LoginTests method oauth2LoginFailsWhenCustomObjectsThenUsed.

@Test
public void oauth2LoginFailsWhenCustomObjectsThenUsed() {
    this.spring.register(OAuth2LoginWithSingleClientRegistrations.class, OAuth2LoginMockAuthenticationManagerConfig.class).autowire();
    String redirectLocation = "/custom-redirect-location";
    String failureRedirectLocation = "/failure-redirect-location";
    // @formatter:off
    WebTestClient webTestClient = WebTestClientBuilder.bindToWebFilters(this.springSecurity).build();
    // @formatter:on
    OAuth2LoginMockAuthenticationManagerConfig config = this.spring.getContext().getBean(OAuth2LoginMockAuthenticationManagerConfig.class);
    ServerAuthenticationConverter converter = config.authenticationConverter;
    ReactiveAuthenticationManager manager = config.manager;
    ServerWebExchangeMatcher matcher = config.matcher;
    ServerOAuth2AuthorizationRequestResolver resolver = config.resolver;
    ServerAuthenticationSuccessHandler successHandler = config.successHandler;
    ServerAuthenticationFailureHandler failureHandler = config.failureHandler;
    given(converter.convert(any())).willReturn(Mono.just(new TestingAuthenticationToken("a", "b", "c")));
    given(manager.authenticate(any())).willReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("error"), "message")));
    given(matcher.matches(any())).willReturn(ServerWebExchangeMatcher.MatchResult.match());
    given(resolver.resolve(any())).willReturn(Mono.empty());
    given(successHandler.onAuthenticationSuccess(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
        WebFilterExchange webFilterExchange = invocation.getArgument(0);
        Authentication authentication = invocation.getArgument(1);
        return new RedirectServerAuthenticationSuccessHandler(redirectLocation).onAuthenticationSuccess(webFilterExchange, authentication);
    });
    given(failureHandler.onAuthenticationFailure(any(), any())).willAnswer((Answer<Mono<Void>>) (invocation) -> {
        WebFilterExchange webFilterExchange = invocation.getArgument(0);
        AuthenticationException authenticationException = invocation.getArgument(1);
        return new RedirectServerAuthenticationFailureHandler(failureRedirectLocation).onAuthenticationFailure(webFilterExchange, authenticationException);
    });
    // @formatter:off
    webTestClient.get().uri("/login/oauth2/code/github").exchange().expectStatus().is3xxRedirection().expectHeader().valueEquals("Location", failureRedirectLocation);
    // @formatter:on
    verify(converter).convert(any());
    verify(manager).authenticate(any());
    verify(matcher).matches(any());
    verify(resolver).resolve(any());
    verify(failureHandler).onAuthenticationFailure(any(), any());
}

Example 32 with ServerWebExchangeMatcher

use of org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher in project spring-security by spring-projects.

the class SwitchUserWebFilterTests method setSwitchUserMatcherWhenDefinedThenChangeDefaultValue.

@Test
public void setSwitchUserMatcherWhenDefinedThenChangeDefaultValue() {
    final MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/login/impersonate"));
    final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils.getField(this.switchUserWebFilter, "switchUserMatcher");
    assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue();
    final ServerWebExchangeMatcher newSwitchUserMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/switch-url");
    this.switchUserWebFilter.setSwitchUserMatcher(newSwitchUserMatcher);
    final ServerWebExchangeMatcher currentExitUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils.getField(this.switchUserWebFilter, "switchUserMatcher");
    assertThat(currentExitUserMatcher).isSameAs(newSwitchUserMatcher);
}

Example 33 with ServerWebExchangeMatcher

use of org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher in project spring-security by spring-projects.

the class SwitchUserWebFilterTests method setSwitchUserUrlWhenDefinedThenChangeDefaultValue.

@Test
public void setSwitchUserUrlWhenDefinedThenChangeDefaultValue() {
    final MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/login/impersonate"));
    final ServerWebExchangeMatcher oldSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils.getField(this.switchUserWebFilter, "switchUserMatcher");
    assertThat(oldSwitchUserMatcher.matches(exchange).block().isMatch()).isTrue();
    this.switchUserWebFilter.setSwitchUserUrl("/switch-url");
    final MockServerWebExchange newExchange = MockServerWebExchange.from(MockServerHttpRequest.post("/switch-url"));
    final ServerWebExchangeMatcher newSwitchUserMatcher = (ServerWebExchangeMatcher) ReflectionTestUtils.getField(this.switchUserWebFilter, "switchUserMatcher");
    assertThat(newSwitchUserMatcher.matches(newExchange).block().isMatch()).isTrue();
}

Example 34 with ServerWebExchangeMatcher

use of org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher in project spring-security by spring-projects.

the class HttpsRedirectWebFilterTests method filterWhenExchangeMismatchesThenNoRedirect.

@Test
public void filterWhenExchangeMismatchesThenNoRedirect() {
    given(this.chain.filter(any(ServerWebExchange.class))).willReturn(Mono.empty());
    ServerWebExchangeMatcher matcher = mock(ServerWebExchangeMatcher.class);
    given(matcher.matches(any(ServerWebExchange.class))).willReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
    this.filter.setRequiresHttpsRedirectMatcher(matcher);
    ServerWebExchange exchange = get("http://localhost:8080");
    this.filter.filter(exchange, this.chain).block();
    assertThat(exchange.getResponse().getStatusCode()).isNull();
}

Example 35 with ServerWebExchangeMatcher

use of org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher in project spring-security by spring-projects.

the class ServerWebExchangeDelegatingServerAccessDeniedHandlerTests method handleWhenSecondMatchesThenOnlySecondInvoked.

@Test
public void handleWhenSecondMatchesThenOnlySecondInvoked() {
    ServerAccessDeniedHandler firstHandler = mock(ServerAccessDeniedHandler.class);
    ServerWebExchangeMatcher firstMatcher = mock(ServerWebExchangeMatcher.class);
    ServerAccessDeniedHandler secondHandler = mock(ServerAccessDeniedHandler.class);
    ServerWebExchangeMatcher secondMatcher = mock(ServerWebExchangeMatcher.class);
    given(firstMatcher.matches(this.exchange)).willReturn(MatchResult.notMatch());
    given(secondMatcher.matches(this.exchange)).willReturn(MatchResult.match());
    given(firstHandler.handle(this.exchange, null)).willReturn(Mono.empty());
    given(secondHandler.handle(this.exchange, null)).willReturn(Mono.empty());
    this.entries.add(new DelegateEntry(firstMatcher, firstHandler));
    this.entries.add(new DelegateEntry(secondMatcher, secondHandler));
    this.delegator = new ServerWebExchangeDelegatingServerAccessDeniedHandler(this.entries);
    this.delegator.handle(this.exchange, null).block();
    verify(secondHandler).handle(this.exchange, null);
    verify(firstHandler, never()).handle(this.exchange, null);
    verify(this.accessDeniedHandler, never()).handle(this.exchange, null);
}