Examples with WebTestClient - org.springframework.test.web.reactive.server.WebTestClient

Example 46 with WebTestClient

use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.

the class AuthenticationWebFilterTests method filterWhenConvertEmptyThenOk.

@Test
public void filterWhenConvertEmptyThenOk() {
    given(this.authenticationConverter.convert(any())).willReturn(Mono.empty());
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
    client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
    verify(this.securityContextRepository, never()).save(any(), any());
    verifyZeroInteractions(this.authenticationManager, this.successHandler, this.failureHandler);
}

Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) ServerWebExchangeMatcher(org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher) Mock(org.mockito.Mock) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) BDDMockito.given(org.mockito.BDDMockito.given) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) ReactiveAuthenticationManagerResolver(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) Mono(reactor.core.publisher.Mono) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) Mockito.never(org.mockito.Mockito.never) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) Authentication(org.springframework.security.core.Authentication) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) Test(org.junit.jupiter.api.Test)

Example 47 with WebTestClient

use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.

the class AuthenticationWebFilterTests method filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues.

@Test
public void filterWhenAuthenticationManagerResolverDefaultsAndNoAuthenticationThenContinues() {
    this.filter = new AuthenticationWebFilter(this.authenticationManagerResolver);
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.filter).build();
    EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok")).returnResult();
    verifyZeroInteractions(this.authenticationManagerResolver);
    assertThat(result.getResponseCookies()).isEmpty();
}

Example 48 with WebTestClient

use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.

the class CsrfWebFilterTests method filterWhenMultipartFormDataAndEnabledThenGranted.

@Test
public void filterWhenMultipartFormDataAndEnabledThenGranted() {
    this.csrfFilter.setCsrfTokenRepository(this.repository);
    this.csrfFilter.setTokenFromMultipartDataEnabled(true);
    given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
    given(this.repository.generateToken(any())).willReturn(Mono.just(this.token));
    WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
    client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA).body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange().expectStatus().is2xxSuccessful();
}

Also used : WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) Test(org.junit.jupiter.api.Test)

Example 49 with WebTestClient

use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.

the class CsrfWebFilterTests method filterWhenMultipartMixedAndEnabledThenNotRead.

@Test
public void filterWhenMultipartMixedAndEnabledThenNotRead() {
    this.csrfFilter.setCsrfTokenRepository(this.repository);
    this.csrfFilter.setTokenFromMultipartDataEnabled(true);
    given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
    WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
    client.post().uri("/").contentType(MediaType.MULTIPART_MIXED).bodyValue(this.token.getParameterName() + "=" + this.token.getToken()).exchange().expectStatus().isForbidden();
}

Also used : WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) Test(org.junit.jupiter.api.Test)

Example 50 with WebTestClient

use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.

the class CsrfWebFilterTests method filterWhenMultipartFormDataAndNotEnabledThenDenied.

@Test
public void filterWhenMultipartFormDataAndNotEnabledThenDenied() {
    this.csrfFilter.setCsrfTokenRepository(this.repository);
    given(this.repository.loadToken(any())).willReturn(Mono.just(this.token));
    WebTestClient client = WebTestClient.bindToController(new OkController()).webFilter(this.csrfFilter).build();
    client.post().uri("/").contentType(MediaType.MULTIPART_FORM_DATA).body(BodyInserters.fromMultipartData(this.token.getParameterName(), this.token.getToken())).exchange().expectStatus().isForbidden();
}

Also used : WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) Test(org.junit.jupiter.api.Test)

Aggregations

WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)165 Test (org.junit.jupiter.api.Test)159 SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)44 WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)34 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)31 Authentication (org.springframework.security.core.Authentication)28 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)27 WebDriver (org.openqa.selenium.WebDriver)26 Mono (reactor.core.publisher.Mono)25 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)23 ServerSecurityContextRepository (org.springframework.security.web.server.context.ServerSecurityContextRepository)22 ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)21 WebFilterChainProxy (org.springframework.security.web.server.WebFilterChainProxy)21 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)20 BDDMockito.given (org.mockito.BDDMockito.given)20 Mockito.verify (org.mockito.Mockito.verify)20 GetMapping (org.springframework.web.bind.annotation.GetMapping)19 WebFilter (org.springframework.web.server.WebFilter)18 SecurityContext (org.springframework.security.core.context.SecurityContext)17 RestController (org.springframework.web.bind.annotation.RestController)17