Examples with WebTestClient org.springframework.test.web.reactive.server.WebTestClient used on opensource projects

Search in sources :

Example 11 with WebTestClient

use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.

the class PasswordManagementSpecTests method whenChangePasswordPageNotSetThenDefaultChangePasswordPageUsed.

@Test
public void whenChangePasswordPageNotSetThenDefaultChangePasswordPageUsed() {
    this.http.passwordManagement();
    WebTestClient client = buildClient();
    client.get().uri("/.well-known/change-password").exchange().expectStatus().isFound().expectHeader().valueEquals(HttpHeaders.LOCATION, "/change-password");
}
Also used : WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) Test(org.junit.jupiter.api.Test)

Example 12 with WebTestClient

use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.

the class ServerHttpSecurityTests method basicWhenXHRRequestThenUnauthorized.

@Test
public void basicWhenXHRRequestThenUnauthorized() {
    ServerAuthenticationEntryPoint authenticationEntryPoint = spy(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED));
    this.http.httpBasic().authenticationEntryPoint(authenticationEntryPoint);
    this.http.authorizeExchange().anyExchange().authenticated();
    WebTestClient client = buildClient();
    // @formatter:off
    client.get().uri("/").header("X-Requested-With", "XMLHttpRequest").exchange().expectStatus().isUnauthorized().expectHeader().doesNotExist("WWW-Authenticate").expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+").expectBody().isEmpty();
    // @formatter:on
    verify(authenticationEntryPoint).commence(any(), any());
}
Also used : WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint) ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint) HttpStatusServerEntryPoint(org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint) Test(org.junit.jupiter.api.Test)

Example 13 with WebTestClient

use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.

the class ServerHttpSecurityTests method requestWhenBasicWithRealmNameInLambdaThenRealmNameUsed.

@Test
public void requestWhenBasicWithRealmNameInLambdaThenRealmNameUsed() {
    this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
    HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
    authenticationEntryPoint.setRealm("myrealm");
    this.http.httpBasic((httpBasic) -> httpBasic.authenticationEntryPoint(authenticationEntryPoint));
    this.http.authenticationManager(this.authenticationManager);
    ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
    authorize.anyExchange().authenticated();
    WebTestClient client = buildClient();
    // @formatter:off
    EntityExchangeResult<String> result = client.get().uri("/").exchange().expectStatus().isUnauthorized().expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, (value) -> assertThat(value).contains("myrealm")).expectBody(String.class).returnResult();
    // @formatter:on
    assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
}
Also used : HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) Test(org.junit.jupiter.api.Test)

Example 14 with WebTestClient

use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.

the class ServerHttpSecurityTests method basicWithCustomAuthenticationManager.

@Test
public void basicWithCustomAuthenticationManager() {
    ReactiveAuthenticationManager customAuthenticationManager = mock(ReactiveAuthenticationManager.class);
    given(customAuthenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
    // @formatter:off
    SecurityWebFilterChain securityFilterChain = this.http.httpBasic().authenticationManager(customAuthenticationManager).and().build();
    // @formatter:on
    WebFilterChainProxy springSecurityFilterChain = new WebFilterChainProxy(securityFilterChain);
    // @formatter:off
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
    client.get().uri("/").headers((headers) -> headers.setBasicAuth("rob", "rob")).exchange().expectStatus().isOk().expectBody(String.class).consumeWith((b) -> assertThat(b.getResponseBody()).isEqualTo("ok"));
    // @formatter:on
    verifyZeroInteractions(this.authenticationManager);
}
Also used : ServerAuthorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerLogoutHandler(org.springframework.security.web.server.authentication.logout.ServerLogoutHandler) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) BDDMockito.given(org.mockito.BDDMockito.given) HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) HttpHeaders(org.apache.http.HttpHeaders) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) WebFilterChain(org.springframework.web.server.WebFilterChain) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Objects(java.util.Objects) Test(org.junit.jupiter.api.Test) List(java.util.List) SecurityContext(org.springframework.security.core.context.SecurityContext) Optional(java.util.Optional) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) Authentication(org.springframework.security.core.Authentication) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestPublisher(reactor.test.publisher.TestPublisher) Mock(org.mockito.Mock) TestOAuth2AuthorizationRequests(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests) Mockito.spy(org.mockito.Mockito.spy) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityContextServerLogoutHandler(org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler) ArgumentCaptor(org.mockito.ArgumentCaptor) WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache) GetMapping(org.springframework.web.bind.annotation.GetMapping) AnonymousAuthenticationWebFilterTests(org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) Mono(reactor.core.publisher.Mono) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) CsrfServerLogoutHandler(org.springframework.security.web.server.csrf.CsrfServerLogoutHandler) Mockito.verify(org.mockito.Mockito.verify) HttpStatus(org.springframework.http.HttpStatus) FluxExchangeResult(org.springframework.test.web.reactive.server.FluxExchangeResult) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) HttpStatusServerEntryPoint(org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint) ServerCsrfTokenRepository(org.springframework.security.web.server.csrf.ServerCsrfTokenRepository) ServerX509AuthenticationConverter(org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter) DelegatingServerLogoutHandler(org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 15 with WebTestClient

use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.

the class ServerHttpSecurityTests method shouldConfigureRequestCacheForOAuth2LoginAuthenticationEntryPointAndSuccessHandler.

@Test
public void shouldConfigureRequestCacheForOAuth2LoginAuthenticationEntryPointAndSuccessHandler() {
    ServerRequestCache requestCache = spy(new WebSessionServerRequestCache());
    ReactiveClientRegistrationRepository clientRegistrationRepository = mock(ReactiveClientRegistrationRepository.class);
    SecurityWebFilterChain securityFilterChain = this.http.oauth2Login().clientRegistrationRepository(clientRegistrationRepository).and().authorizeExchange().anyExchange().authenticated().and().requestCache((c) -> c.requestCache(requestCache)).build();
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityFilterChain).build();
    client.get().uri("/test").exchange();
    ArgumentCaptor<ServerWebExchange> captor = ArgumentCaptor.forClass(ServerWebExchange.class);
    verify(requestCache).saveRequest(captor.capture());
    assertThat(captor.getValue().getRequest().getURI().toString()).isEqualTo("/test");
    OAuth2LoginAuthenticationWebFilter authenticationWebFilter = getWebFilter(securityFilterChain, OAuth2LoginAuthenticationWebFilter.class).get();
    Object handler = ReflectionTestUtils.getField(authenticationWebFilter, "authenticationSuccessHandler");
    assertThat(ReflectionTestUtils.getField(handler, "requestCache")).isSameAs(requestCache);
}
Also used : ServerAuthorizationRequestRepository(org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) ServerLogoutHandler(org.springframework.security.web.server.authentication.logout.ServerLogoutHandler) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) BDDMockito.given(org.mockito.BDDMockito.given) HttpBasicServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint) ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) HttpHeaders(org.apache.http.HttpHeaders) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) WebFilterChain(org.springframework.web.server.WebFilterChain) MockitoExtension(org.mockito.junit.jupiter.MockitoExtension) ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder) ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) EntityExchangeResult(org.springframework.test.web.reactive.server.EntityExchangeResult) Objects(java.util.Objects) Test(org.junit.jupiter.api.Test) List(java.util.List) SecurityContext(org.springframework.security.core.context.SecurityContext) Optional(java.util.Optional) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) Authentication(org.springframework.security.core.Authentication) Mockito.mock(org.mockito.Mockito.mock) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestPublisher(reactor.test.publisher.TestPublisher) Mock(org.mockito.Mock) TestOAuth2AuthorizationRequests(org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests) Mockito.spy(org.mockito.Mockito.spy) ServerWebExchange(org.springframework.web.server.ServerWebExchange) Mockito.verifyZeroInteractions(org.mockito.Mockito.verifyZeroInteractions) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) SecurityContextServerLogoutHandler(org.springframework.security.web.server.authentication.logout.SecurityContextServerLogoutHandler) ArgumentCaptor(org.mockito.ArgumentCaptor) WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache) GetMapping(org.springframework.web.bind.annotation.GetMapping) AnonymousAuthenticationWebFilterTests(org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) ServerSecurityContextRepository(org.springframework.security.web.server.context.ServerSecurityContextRepository) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest) X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) Mono(reactor.core.publisher.Mono) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) CsrfServerLogoutHandler(org.springframework.security.web.server.csrf.CsrfServerLogoutHandler) Mockito.verify(org.mockito.Mockito.verify) HttpStatus(org.springframework.http.HttpStatus) FluxExchangeResult(org.springframework.test.web.reactive.server.FluxExchangeResult) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) HttpStatusServerEntryPoint(org.springframework.security.web.server.authentication.HttpStatusServerEntryPoint) ServerCsrfTokenRepository(org.springframework.security.web.server.csrf.ServerCsrfTokenRepository) ServerX509AuthenticationConverter(org.springframework.security.web.server.authentication.ServerX509AuthenticationConverter) DelegatingServerLogoutHandler(org.springframework.security.web.server.authentication.logout.DelegatingServerLogoutHandler) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) ServerWebExchange(org.springframework.web.server.ServerWebExchange) ReactiveClientRegistrationRepository(org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache) WebSessionServerRequestCache(org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache) ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Aggregations

WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)165 Test (org.junit.jupiter.api.Test)159 SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)44 WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)34 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)31 Authentication (org.springframework.security.core.Authentication)28 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)27 WebDriver (org.openqa.selenium.WebDriver)26 Mono (reactor.core.publisher.Mono)25 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)23 ServerSecurityContextRepository (org.springframework.security.web.server.context.ServerSecurityContextRepository)22 ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)21 WebFilterChainProxy (org.springframework.security.web.server.WebFilterChainProxy)21 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)20 BDDMockito.given (org.mockito.BDDMockito.given)20 Mockito.verify (org.mockito.Mockito.verify)20 GetMapping (org.springframework.web.bind.annotation.GetMapping)19 WebFilter (org.springframework.web.server.WebFilter)18 SecurityContext (org.springframework.security.core.context.SecurityContext)17 RestController (org.springframework.web.bind.annotation.RestController)17
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial