Examples with WebFilter org.springframework.web.server.WebFilter used on opensource projects

Example 1 with WebFilter

use of org.springframework.web.server.WebFilter in project spring-security by spring-projects.

the class ServerHttpSecurity method securityContextRepositoryWebFilter.

private WebFilter securityContextRepositoryWebFilter() {
    ServerSecurityContextRepository repository = (this.securityContextRepository != null) ? this.securityContextRepository : new WebSessionServerSecurityContextRepository();
    WebFilter result = new ReactorContextWebFilter(repository);
    return new OrderedWebFilter(result, SecurityWebFiltersOrder.REACTOR_CONTEXT.getOrder());
}

Example 2 with WebFilter

use of org.springframework.web.server.WebFilter in project spring-security by spring-projects.

the class ServerHttpSecurity method build.

/**
 * Builds the {@link SecurityWebFilterChain}
 * @return the {@link SecurityWebFilterChain}
 */
public SecurityWebFilterChain build() {
    if (this.built != null) {
        throw new IllegalStateException("This has already been built with the following stacktrace. " + buildToString());
    }
    this.built = new RuntimeException("First Build Invocation").fillInStackTrace();
    if (this.headers != null) {
        this.headers.configure(this);
    }
    WebFilter securityContextRepositoryWebFilter = securityContextRepositoryWebFilter();
    this.webFilters.add(securityContextRepositoryWebFilter);
    if (this.httpsRedirectSpec != null) {
        this.httpsRedirectSpec.configure(this);
    }
    if (this.x509 != null) {
        this.x509.configure(this);
    }
    if (this.csrf != null) {
        this.csrf.configure(this);
    }
    if (this.cors != null) {
        this.cors.configure(this);
    }
    if (this.httpBasic != null) {
        if (this.httpBasic.authenticationManager == null) {
            this.httpBasic.authenticationManager(this.authenticationManager);
        }
        if (this.httpBasic.securityContextRepository != null) {
            this.httpBasic.securityContextRepository(this.httpBasic.securityContextRepository);
        } else if (this.securityContextRepository != null) {
            this.httpBasic.securityContextRepository(this.securityContextRepository);
        } else {
            this.httpBasic.securityContextRepository(NoOpServerSecurityContextRepository.getInstance());
        }
        this.httpBasic.configure(this);
    }
    if (this.passwordManagement != null) {
        this.passwordManagement.configure(this);
    }
    if (this.formLogin != null) {
        if (this.formLogin.authenticationManager == null) {
            this.formLogin.authenticationManager(this.authenticationManager);
        }
        if (this.formLogin.securityContextRepository != null) {
            this.formLogin.securityContextRepository(this.formLogin.securityContextRepository);
        } else if (this.securityContextRepository != null) {
            this.formLogin.securityContextRepository(this.securityContextRepository);
        } else {
            this.formLogin.securityContextRepository(new WebSessionServerSecurityContextRepository());
        }
        this.formLogin.configure(this);
    }
    if (this.oauth2Login != null) {
        if (this.oauth2Login.securityContextRepository != null) {
            this.oauth2Login.securityContextRepository(this.oauth2Login.securityContextRepository);
        } else if (this.securityContextRepository != null) {
            this.oauth2Login.securityContextRepository(this.securityContextRepository);
        } else {
            this.oauth2Login.securityContextRepository(new WebSessionServerSecurityContextRepository());
        }
        this.oauth2Login.configure(this);
    }
    if (this.resourceServer != null) {
        this.resourceServer.configure(this);
    }
    if (this.client != null) {
        this.client.configure(this);
    }
    if (this.anonymous != null) {
        this.anonymous.configure(this);
    }
    this.loginPage.configure(this);
    if (this.logout != null) {
        this.logout.configure(this);
    }
    this.requestCache.configure(this);
    this.addFilterAt(new SecurityContextServerWebExchangeWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE);
    if (this.authorizeExchange != null) {
        ServerAuthenticationEntryPoint authenticationEntryPoint = getAuthenticationEntryPoint();
        ExceptionTranslationWebFilter exceptionTranslationWebFilter = new ExceptionTranslationWebFilter();
        if (authenticationEntryPoint != null) {
            exceptionTranslationWebFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
        }
        ServerAccessDeniedHandler accessDeniedHandler = getAccessDeniedHandler();
        if (accessDeniedHandler != null) {
            exceptionTranslationWebFilter.setAccessDeniedHandler(accessDeniedHandler);
        }
        this.addFilterAt(exceptionTranslationWebFilter, SecurityWebFiltersOrder.EXCEPTION_TRANSLATION);
        this.authorizeExchange.configure(this);
    }
    AnnotationAwareOrderComparator.sort(this.webFilters);
    List<WebFilter> sortedWebFilters = new ArrayList<>();
    this.webFilters.forEach((f) -> {
        if (f instanceof OrderedWebFilter) {
            f = ((OrderedWebFilter) f).webFilter;
        }
        sortedWebFilters.add(f);
    });
    sortedWebFilters.add(0, new ServerWebExchangeReactorContextWebFilter());
    return new MatcherSecurityWebFilterChain(getSecurityMatcher(), sortedWebFilters);
}

Example 3 with WebFilter

use of org.springframework.web.server.WebFilter in project spring-security by spring-projects.

the class ServerHttpSecurityTests method addFilterAfterIsApplied.

@Test
@SuppressWarnings("unchecked")
public void addFilterAfterIsApplied() {
    SecurityWebFilterChain securityWebFilterChain = this.http.addFilterAfter(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE).build();
    // @formatter:off
    List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block();
    // @formatter:on
    assertThat(filters).isNotNull().isNotEmpty().containsSequence(SecurityContextServerWebExchangeWebFilter.class, TestWebFilter.class);
}

Example 4 with WebFilter

use of org.springframework.web.server.WebFilter in project spring-security by spring-projects.

the class ServerHttpSecurityTests method addsX509FilterWhenX509AuthenticationIsConfiguredWithDefaults.

@Test
public void addsX509FilterWhenX509AuthenticationIsConfiguredWithDefaults() {
    this.http.x509();
    SecurityWebFilterChain securityWebFilterChain = this.http.build();
    WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
    assertThat(x509WebFilter).isNotNull();
}

Example 5 with WebFilter

use of org.springframework.web.server.WebFilter in project spring-security by spring-projects.

the class ServerHttpSecurityTests method addsX509FilterWhenX509AuthenticationIsConfigured.

@Test
@SuppressWarnings("unchecked")
public void addsX509FilterWhenX509AuthenticationIsConfigured() {
    X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class);
    ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class);
    this.http.x509().principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager).and();
    SecurityWebFilterChain securityWebFilterChain = this.http.build();
    WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
    assertThat(x509WebFilter).isNotNull();
}