use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.
the class PasswordManagementSpecTests method whenChangePasswordPageNotSetThenDefaultChangePasswordPageUsed.
@Test
public void whenChangePasswordPageNotSetThenDefaultChangePasswordPageUsed() {
this.http.passwordManagement();
WebTestClient client = buildClient();
client.get().uri("/.well-known/change-password").exchange().expectStatus().isFound().expectHeader().valueEquals(HttpHeaders.LOCATION, "/change-password");
}
use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.
the class ServerHttpSecurityTests method basicWhenXHRRequestThenUnauthorized.
@Test
public void basicWhenXHRRequestThenUnauthorized() {
ServerAuthenticationEntryPoint authenticationEntryPoint = spy(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED));
this.http.httpBasic().authenticationEntryPoint(authenticationEntryPoint);
this.http.authorizeExchange().anyExchange().authenticated();
WebTestClient client = buildClient();
// @formatter:off
client.get().uri("/").header("X-Requested-With", "XMLHttpRequest").exchange().expectStatus().isUnauthorized().expectHeader().doesNotExist("WWW-Authenticate").expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody().isEmpty();
// @formatter:on
verify(authenticationEntryPoint).commence(any(), any());
}
use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.
the class ServerHttpSecurityTests method requestWhenBasicWithRealmNameInLambdaThenRealmNameUsed.
@Test
public void requestWhenBasicWithRealmNameInLambdaThenRealmNameUsed() {
this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
authenticationEntryPoint.setRealm("myrealm");
this.http.httpBasic((httpBasic) -> httpBasic.authenticationEntryPoint(authenticationEntryPoint));
this.http.authenticationManager(this.authenticationManager);
ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
authorize.anyExchange().authenticated();
WebTestClient client = buildClient();
// @formatter:off
EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm")).expectBody(String.class).returnResult();
// @formatter:on
assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
}
use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.
the class ServerHttpSecurityTests method basicWithCustomAuthenticationManager.
@Test
public void basicWithCustomAuthenticationManager() {
ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class);
given(customAuthenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
// @formatter:off
SecurityWebFilterChain securityFilterChain = this.http.httpBasic().authenticationManager(customAuthenticationManager).and().build();
// @formatter:on
WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
// @formatter:off
WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"));
// @formatter:on
verifyZeroInteractions(this.authenticationManager);
}
use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.
the class ServerHttpSecurityTests method shouldConfigureRequestCacheForOAuth2LoginAuthenticationEntryPointAndSuccessHandler.
@Test
public void shouldConfigureRequestCacheForOAuth2LoginAuthenticationEntryPointAndSuccessHandler() {
ServerRequestCache requestCache = spy(new WebSessionServerRequestCache());
ReactiveClientRegistrationRepository clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class);
SecurityWebFilterChain securityFilterChain = this.http.oauth2Login().clientRegistrationRepository(clientRegistrationRepository).and().authorizeExchange().anyExchange().authenticated().and().requestCache((c) -> c.requestCache(requestCache)).build();
WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build();
client.get().uri("/test").exchange();
ArgumentCaptor<ServerWebExchange> captor = ArgumentCaptor.forClass(ServerWebExchange.class);
verify(requestCache).saveRequest(captor.capture());
assertThat(captor.getValue().getRequest().getURI().toString()).isEqualTo("/test");
OAuth2LoginAuthenticationWebFilter authenticationWebFilter = getWebFilter(securityFilterChain, OAuth2LoginAuthenticationWebFilter.class).get();
Object handler = ReflectionTestUtils.getField(authenticationWebFilter, "authenticationSuccessHandler");
assertThat(ReflectionTestUtils.getField(handler, "requestCache")).isSameAs(requestCache);
}
Aggregations