Example 31 with WebTestClient
use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.
the class AuthorizeExchangeSpecTests method antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod.
@Test
public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {
this.http.csrf().disable().authorizeExchange().pathMatchers(HttpMethod.POST, "/a", "/b").denyAll().anyExchange().permitAll();
WebTestClient client = buildClient();
// @formatter:off
client.get().uri("/a").exchange().expectStatus().isOk();
client.get().uri("/b").exchange().expectStatus().isOk();
client.post().uri("/a").exchange().expectStatus().isUnauthorized();
client.post().uri("/b").exchange().expectStatus().isUnauthorized();
// @formatter:on
}
Also used :
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
Test(org.junit.jupiter.api.Test)
Example 32 with WebTestClient
use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.
the class AuthorizeExchangeSpecTests method antMatchersWhenPatternsThenAnyMethod.
@Test
public void antMatchersWhenPatternsThenAnyMethod() {
this.http.csrf().disable().authorizeExchange().pathMatchers("/a", "/b").denyAll().anyExchange().permitAll();
WebTestClient client = buildClient();
// @formatter:off
client.get().uri("/a").exchange().expectStatus().isUnauthorized();
client.get().uri("/b").exchange().expectStatus().isUnauthorized();
client.post().uri("/a").exchange().expectStatus().isUnauthorized();
client.post().uri("/b").exchange().expectStatus().isUnauthorized();
// @formatter:on
}
Also used :
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
Test(org.junit.jupiter.api.Test)
Example 33 with WebTestClient
use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.
the class AuthorizeExchangeSpecTests method antMatchersWhenPatternsInLambdaThenAnyMethod.
@Test
public void antMatchersWhenPatternsInLambdaThenAnyMethod() {
this.http.csrf(ServerHttpSecurity.CsrfSpec::disable).authorizeExchange((exchanges) -> exchanges.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll());
WebTestClient client = buildClient();
// @formatter:off
client.get().uri("/a").exchange().expectStatus().isUnauthorized();
client.get().uri("/b").exchange().expectStatus().isUnauthorized();
client.post().uri("/a").exchange().expectStatus().isUnauthorized();
client.post().uri("/b").exchange().expectStatus().isUnauthorized();
// @formatter:on
}
Also used :
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
Test(org.junit.jupiter.api.Test)
Example 34 with WebTestClient
use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.
the class ExceptionHandlingSpecTests method customAuthenticationEntryPoint.
@Test
public void customAuthenticationEntryPoint() {
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.csrf().disable().authorizeExchange().anyExchange().authenticated().and().exceptionHandling().authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")).and().build();
WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*");
// @formatter:on
}
Also used :
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 35 with WebTestClient
use of org.springframework.test.web.reactive.server.WebTestClient in project spring-security by spring-projects.
the class ExceptionHandlingSpecTests method requestWhenCustomAuthenticationEntryPointInLambdaThenCustomAuthenticationEntryPointUsed.
@Test
public void requestWhenCustomAuthenticationEntryPointInLambdaThenCustomAuthenticationEntryPointUsed() {
// @formatter:off
SecurityWebFilterChain securityWebFilter = this.http.authorizeExchange((exchanges) -> exchanges.anyExchange().authenticated()).exceptionHandling((exceptionHandling) -> exceptionHandling.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth"))).build();
WebTestClient client = WebTestClientBuilder.bindToWebFilters(securityWebFilter).build();
client.get().uri("/test").exchange().expectStatus().isFound().expectHeader().valueMatches("Location", ".*");
// @formatter:on
}
Also used :
Test(org.junit.jupiter.api.Test)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
HttpStatus(org.springframework.http.HttpStatus)
ServerHttpSecurityConfigurationBuilder(org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
RedirectServerAuthenticationEntryPoint(org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint)
HttpStatusServerAccessDeniedHandler(org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler)
ServerAccessDeniedHandler(org.springframework.security.web.server.authorization.ServerAccessDeniedHandler)
ServerAuthenticationEntryPoint(org.springframework.security.web.server.ServerAuthenticationEntryPoint)
Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults)
WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder)
WebTestClient(org.springframework.test.web.reactive.server.WebTestClient)
SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain)
Test(org.junit.jupiter.api.Test)
Aggregations
WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)165
Test (org.junit.jupiter.api.Test)159
SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)44
WebTestClientBuilder (org.springframework.security.test.web.reactive.server.WebTestClientBuilder)34
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)31
Authentication (org.springframework.security.core.Authentication)28
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)27
WebDriver (org.openqa.selenium.WebDriver)26
Mono (reactor.core.publisher.Mono)25
ExtendWith (org.junit.jupiter.api.extension.ExtendWith)23
ServerSecurityContextRepository (org.springframework.security.web.server.context.ServerSecurityContextRepository)22
ReactiveAuthenticationManager (org.springframework.security.authentication.ReactiveAuthenticationManager)21
WebFilterChainProxy (org.springframework.security.web.server.WebFilterChainProxy)21
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)20
BDDMockito.given (org.mockito.BDDMockito.given)20
Mockito.verify (org.mockito.Mockito.verify)20
GetMapping (org.springframework.web.bind.annotation.GetMapping)19
WebFilter (org.springframework.web.server.WebFilter)18
SecurityContext (org.springframework.security.core.context.SecurityContext)17
RestController (org.springframework.web.bind.annotation.RestController)17
