Search in sources :

Example 6 with EntityExchangeResult

use of org.springframework.test.web.reactive.server.EntityExchangeResult in project spring-security by spring-projects.

the class AuthenticationWebFilterTests method filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues.

@Test
public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() {
    this.filter.setRequiresAuthenticationMatcher((e) -> ServerWebExchangeMatcher.MatchResult.notMatch());
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
    EntityExchangeResult<String> result = client.get().uri("/").headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk().expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
    assertThat(result.getResponseCookies()).isEmpty();
    verifyZeroInteractions(this.authenticationConverter, this.authenticationManager, this.successHandler);
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) ServerWebExchangeMatcher(org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher) Mock(org.mockito.Mock) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BDDMockito.given(org.mockito.BDDMockito.given) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) ReactiveAuthenticationManagerResolver(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) Mono(reactor.core.publisher.Mono) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Mockito.never(org.mockito.Mockito.never) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) Authentication(org.springframework.security.core.Authentication) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) Test(org.junit.jupiter.api.Test)

Example 7 with EntityExchangeResult

use of org.springframework.test.web.reactive.server.EntityExchangeResult in project spring-security by spring-projects.

the class AuthenticationWebFilterTests method filterWhenDefaultsAndNoAuthenticationThenContinues.

@Test
public void filterWhenDefaultsAndNoAuthenticationThenContinues() {
    this.filter = new AuthenticationWebFilter(this.authenticationManager);
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
    EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
    verifyZeroInteractions(this.authenticationManager);
    assertThat(result.getResponseCookies()).isEmpty();
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) ServerWebExchangeMatcher(org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher) Mock(org.mockito.Mock) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BDDMockito.given(org.mockito.BDDMockito.given) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) ReactiveAuthenticationManagerResolver(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) Mono(reactor.core.publisher.Mono) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Mockito.never(org.mockito.Mockito.never) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) Authentication(org.springframework.security.core.Authentication) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) Test(org.junit.jupiter.api.Test)

Example 8 with EntityExchangeResult

use of org.springframework.test.web.reactive.server.EntityExchangeResult in project spring-security by spring-projects.

the class AuthenticationWebFilterTests method filterWhenDefaultsAndAuthenticationSuccessThenContinues.

@Test
public void filterWhenDefaultsAndAuthenticationSuccessThenContinues() {
    given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("test", "this", "ROLE")));
    this.filter = new AuthenticationWebFilter(this.authenticationManager);
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
    EntityExchangeResult<String> result = client.get().uri("/").headers((headers) -> headers.setBasicAuth("test", "this")).exchange().expectStatus().isOk().expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
    assertThat(result.getResponseCookies()).isEmpty();
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) ServerWebExchangeMatcher(org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher) Mock(org.mockito.Mock) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BDDMockito.given(org.mockito.BDDMockito.given) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) ReactiveAuthenticationManagerResolver(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) Mono(reactor.core.publisher.Mono) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Mockito.never(org.mockito.Mockito.never) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) Authentication(org.springframework.security.core.Authentication) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 9 with EntityExchangeResult

use of org.springframework.test.web.reactive.server.EntityExchangeResult in project spring-security by spring-projects.

the class AuthenticationWebFilterTests method filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues.

@Test
public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() {
    this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver);
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
    EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
    verifyZeroInteractions(this.authenticationManagerResolver);
    assertThat(result.getResponseCookies()).isEmpty();
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) ServerWebExchangeMatcher(org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher) Mock(org.mockito.Mock) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BDDMockito.given(org.mockito.BDDMockito.given) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) ReactiveAuthenticationManagerResolver(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) Mono(reactor.core.publisher.Mono) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Mockito.never(org.mockito.Mockito.never) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) Authentication(org.springframework.security.core.Authentication) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) Test(org.junit.jupiter.api.Test)

Example 10 with EntityExchangeResult

use of org.springframework.test.web.reactive.server.EntityExchangeResult in project spring-security by spring-projects.

the class ServerHttpSecurityTests method basic.

@Test
public void basic() {
    given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
    this.http.httpBasic();
    this.http.authenticationManager(this.authenticationManager);
    ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
    authorize.anyExchange().authenticated();
    WebTestClient client = buildClient();
    // @formatter:off
    EntityExchangeResult<String> result = client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
    // @formatter:on
    assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
}
Also used : ServerAuthorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerLogoutHandler(org.springframework.security.web.server.authentication.logout.ServerLogoutHandler) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) BDDMockito.given(org.mockito.BDDMockito.given) HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) HttpHeaders(org.apache.http.HttpHeaders) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) WebFilterChain(org.springframework.web.server.WebFilterChain) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Objects(java.util.Objects) Test(org.junit.jupiter.api.Test) List(java.util.List) SecurityContext(org.springframework.security.core.context.SecurityContext) Optional(java.util.Optional) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) Authentication(org.springframework.security.core.Authentication) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestPublisher(reactor.test.publisher.TestPublisher) Mock(org.mockito.Mock) TestOAuth2AuthorizationRequests(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests) Mockito.spy(org.mockito.Mockito.spy) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityContextServerLogoutHandler(org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler) ArgumentCaptor(org.mockito.ArgumentCaptor) WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache) GetMapping(org.springframework.web.bind.annotation.GetMapping) AnonymousAuthenticationWebFilterTests(org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) Mono(reactor.core.publisher.Mono) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) CsrfServerLogoutHandler(org.springframework.security.web.server.csrf.CsrfServerLogoutHandler) Mockito.verify(org.mockito.Mockito.verify) HttpStatus(org.springframework.http.HttpStatus) FluxExchangeResult(org.springframework.test.web.reactive.server.FluxExchangeResult) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) HttpStatusServerEntryPoint(org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint) ServerCsrfTokenRepository(org.springframework.security.web.server.csrf.ServerCsrfTokenRepository) ServerX509AuthenticationConverter(org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter) DelegatingServerLogoutHandler(org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Aggregations

Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)10 BeforeEach (org.junit.jupiter.api.BeforeEach)10 Test (org.junit.jupiter.api.Test)10 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)10 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)10 BDDMockito.given (org.mockito.BDDMockito.given)10 Mock (org.mockito.Mock)10 Mockito.verify (org.mockito.Mockito.verify)10 Mockito.verifyZeroInteractions (org.mockito.Mockito.verifyZeroInteractions)10 MockitoExtension (org.mockito.junit.jupiter.MockitoExtension)10 ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)10 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10 Authentication (org.springframework.security.core.Authentication)10 WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)10 ServerSecurityContextRepository (org.springframework.security.web.server.context.ServerSecurityContextRepository)9 EntityExchangeResult (org.springframework.test.web.reactive.server.EntityExchangeResult)9 WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)9 ServerWebExchange (org.springframework.web.server.ServerWebExchange)9 Mono (reactor.core.publisher.Mono)9 Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)7