Examples with WebFilter org.springframework.web.server.WebFilter used on opensource projects

Search in sources :

Example 11 with WebFilter

use of org.springframework.web.server.WebFilter in project spring-boot by spring-projects.

the class ReactiveOAuth2ResourceServerAutoConfigurationTests method assertFilterConfiguredWithJwtAuthenticationManager.

private void assertFilterConfiguredWithJwtAuthenticationManager(AssertableReactiveWebApplicationContext context) {
    MatcherSecurityWebFilterChain filterChain = (MatcherSecurityWebFilterChain) context.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
    Stream<WebFilter> filters = filterChain.getWebFilters().toStream();
    AuthenticationWebFilter webFilter = (AuthenticationWebFilter) filters.filter((f) -> f instanceof AuthenticationWebFilter).findFirst().orElse(null);
    ReactiveAuthenticationManagerResolver<?> authenticationManagerResolver = (ReactiveAuthenticationManagerResolver<?>) ReflectionTestUtils.getField(webFilter, "authenticationManagerResolver");
    Object authenticationManager = authenticationManagerResolver.resolve(null).block();
    assertThat(authenticationManager).isInstanceOf(JwtReactiveAuthenticationManager.class);
}
Also used : AuthenticationWebFilter(org.springframework.security.web.server.authentication.AuthenticationWebFilter) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) HashMap(java.util.HashMap) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) ServerHttpSecurity(org.springframework.security.config.web.server.ServerHttpSecurity) ReactiveWebApplicationContextRunner(org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner) JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator) OpaqueTokenReactiveAuthenticationManager(org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager) EnableWebFluxSecurity(org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity) WebFilter(org.springframework.web.server.WebFilter) Map(java.util.Map) MatcherSecurityWebFilterChain(org.springframework.security.web.server.MatcherSecurityWebFilterChain) MockWebServer(okhttp3.mockwebserver.MockWebServer) NimbusReactiveJwtDecoder(org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder) ReactiveAuthenticationManagerResolver(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver) Jwt(org.springframework.security.oauth2.jwt.Jwt) ReactiveJwtDecoder(org.springframework.security.oauth2.jwt.ReactiveJwtDecoder) AssertableReactiveWebApplicationContext(org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext) ReactiveOpaqueTokenIntrospector(org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) AutoConfigurations(org.springframework.boot.autoconfigure.AutoConfigurations) JwtReactiveAuthenticationManager(org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager) HttpHeaders(org.springframework.http.HttpHeaders) BeanIds(org.springframework.security.config.BeanIds) Collection(java.util.Collection) MediaType(org.springframework.http.MediaType) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Set(java.util.Set) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) IOException(java.io.IOException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) Mono(reactor.core.publisher.Mono) Test(org.junit.jupiter.api.Test) FilteredClassLoader(org.springframework.boot.test.context.FilteredClassLoader) Configuration(org.springframework.context.annotation.Configuration) HttpStatus(org.springframework.http.HttpStatus) AfterEach(org.junit.jupiter.api.AfterEach) Stream(java.util.stream.Stream) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) MapReactiveUserDetailsService(org.springframework.security.core.userdetails.MapReactiveUserDetailsService) SupplierReactiveJwtDecoder(org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder) Bean(org.springframework.context.annotation.Bean) BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken) MockResponse(okhttp3.mockwebserver.MockResponse) Collections(java.util.Collections) Mockito.mock(org.mockito.Mockito.mock) AuthenticationWebFilter(org.springframework.security.web.server.authentication.AuthenticationWebFilter) WebFilter(org.springframework.web.server.WebFilter) MatcherSecurityWebFilterChain(org.springframework.security.web.server.MatcherSecurityWebFilterChain) AuthenticationWebFilter(org.springframework.security.web.server.authentication.AuthenticationWebFilter) ReactiveAuthenticationManagerResolver(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver)

Example 12 with WebFilter

use of org.springframework.web.server.WebFilter in project spring-boot by spring-projects.

the class ReactiveOAuth2ResourceServerAutoConfigurationTests method assertFilterConfiguredWithOpaqueTokenAuthenticationManager.

private void assertFilterConfiguredWithOpaqueTokenAuthenticationManager(AssertableReactiveWebApplicationContext context) {
    MatcherSecurityWebFilterChain filterChain = (MatcherSecurityWebFilterChain) context.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
    Stream<WebFilter> filters = filterChain.getWebFilters().toStream();
    AuthenticationWebFilter webFilter = (AuthenticationWebFilter) filters.filter((f) -> f instanceof AuthenticationWebFilter).findFirst().orElse(null);
    ReactiveAuthenticationManagerResolver<?> authenticationManagerResolver = (ReactiveAuthenticationManagerResolver<?>) ReflectionTestUtils.getField(webFilter, "authenticationManagerResolver");
    Object authenticationManager = authenticationManagerResolver.resolve(null).block();
    assertThat(authenticationManager).isInstanceOf(OpaqueTokenReactiveAuthenticationManager.class);
}
Also used : AuthenticationWebFilter(org.springframework.security.web.server.authentication.AuthenticationWebFilter) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) HashMap(java.util.HashMap) OAuth2TokenValidator(org.springframework.security.oauth2.core.OAuth2TokenValidator) ServerHttpSecurity(org.springframework.security.config.web.server.ServerHttpSecurity) ReactiveWebApplicationContextRunner(org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner) JwtIssuerValidator(org.springframework.security.oauth2.jwt.JwtIssuerValidator) OpaqueTokenReactiveAuthenticationManager(org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenReactiveAuthenticationManager) EnableWebFluxSecurity(org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity) WebFilter(org.springframework.web.server.WebFilter) Map(java.util.Map) MatcherSecurityWebFilterChain(org.springframework.security.web.server.MatcherSecurityWebFilterChain) MockWebServer(okhttp3.mockwebserver.MockWebServer) NimbusReactiveJwtDecoder(org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder) ReactiveAuthenticationManagerResolver(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver) Jwt(org.springframework.security.oauth2.jwt.Jwt) ReactiveJwtDecoder(org.springframework.security.oauth2.jwt.ReactiveJwtDecoder) AssertableReactiveWebApplicationContext(org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext) ReactiveOpaqueTokenIntrospector(org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector) DelegatingOAuth2TokenValidator(org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator) AutoConfigurations(org.springframework.boot.autoconfigure.AutoConfigurations) JwtReactiveAuthenticationManager(org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager) HttpHeaders(org.springframework.http.HttpHeaders) BeanIds(org.springframework.security.config.BeanIds) Collection(java.util.Collection) MediaType(org.springframework.http.MediaType) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Set(java.util.Set) ReflectionTestUtils(org.springframework.test.util.ReflectionTestUtils) IOException(java.io.IOException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) Mono(reactor.core.publisher.Mono) Test(org.junit.jupiter.api.Test) FilteredClassLoader(org.springframework.boot.test.context.FilteredClassLoader) Configuration(org.springframework.context.annotation.Configuration) HttpStatus(org.springframework.http.HttpStatus) AfterEach(org.junit.jupiter.api.AfterEach) Stream(java.util.stream.Stream) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) MapReactiveUserDetailsService(org.springframework.security.core.userdetails.MapReactiveUserDetailsService) SupplierReactiveJwtDecoder(org.springframework.security.oauth2.jwt.SupplierReactiveJwtDecoder) Bean(org.springframework.context.annotation.Bean) BearerTokenAuthenticationToken(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken) MockResponse(okhttp3.mockwebserver.MockResponse) Collections(java.util.Collections) Mockito.mock(org.mockito.Mockito.mock) AuthenticationWebFilter(org.springframework.security.web.server.authentication.AuthenticationWebFilter) WebFilter(org.springframework.web.server.WebFilter) MatcherSecurityWebFilterChain(org.springframework.security.web.server.MatcherSecurityWebFilterChain) AuthenticationWebFilter(org.springframework.security.web.server.authentication.AuthenticationWebFilter) ReactiveAuthenticationManagerResolver(org.springframework.security.authentication.ReactiveAuthenticationManagerResolver)

Example 13 with WebFilter

use of org.springframework.web.server.WebFilter in project spring-security by spring-projects.

the class ServerHttpSecurityTests method addFilterBeforeIsApplied.

@Test
@SuppressWarnings("unchecked")
public void addFilterBeforeIsApplied() {
    SecurityWebFilterChain securityWebFilterChain = this.http.addFilterBefore(new TestWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE).build();
    // @formatter:off
    List filters = securityWebFilterChain.getWebFilters().map(WebFilter::getClass).collectList().block();
    // @formatter:on
    assertThat(filters).isNotNull().isNotEmpty().containsSequence(TestWebFilter.class, SecurityContextServerWebExchangeWebFilter.class);
}
Also used : LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) List(java.util.List) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 14 with WebFilter

use of org.springframework.web.server.WebFilter in project spring-security by spring-projects.

the class ServerHttpSecurityTests method x509WhenCustomizedThenAddsX509Filter.

@Test
public void x509WhenCustomizedThenAddsX509Filter() {
    X509PrincipalExtractor mockExtractor = mock(X509PrincipalExtractor.class);
    ReactiveAuthenticationManager mockAuthenticationManager = mock(ReactiveAuthenticationManager.class);
    this.http.x509((x509) -> x509.principalExtractor(mockExtractor).authenticationManager(mockAuthenticationManager));
    SecurityWebFilterChain securityWebFilterChain = this.http.build();
    WebFilter x509WebFilter = securityWebFilterChain.getWebFilters().filter(this::isX509Filter).blockFirst();
    assertThat(x509WebFilter).isNotNull();
}
Also used : ReactiveAuthenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager) LogoutWebFilter(org.springframework.security.web.server.authentication.logout.LogoutWebFilter) WebFilter(org.springframework.web.server.WebFilter) SecurityContextServerWebExchangeWebFilter(org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter) OAuth2LoginAuthenticationWebFilter(org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter) CsrfWebFilter(org.springframework.security.web.server.csrf.CsrfWebFilter) X509PrincipalExtractor(org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) Test(org.junit.jupiter.api.Test)

Example 15 with WebFilter

use of org.springframework.web.server.WebFilter in project spring-security by spring-projects.

the class EnableWebFluxSecurityTests method defaultPopulatesReactorContext.

@Test
public void defaultPopulatesReactorContext() {
    this.spring.register(Config.class).autowire();
    Authentication currentPrincipal = new TestingAuthenticationToken("user", "password", "ROLE_USER");
    WebSessionServerSecurityContextRepository contextRepository = new WebSessionServerSecurityContextRepository();
    SecurityContext context = new SecurityContextImpl(currentPrincipal);
    // @formatter:off
    WebFilter contextRepositoryWebFilter = (exchange, chain) -> contextRepository.save(exchange, context).switchIfEmpty(chain.filter(exchange)).flatMap((e) -> chain.filter(exchange));
    WebTestClient client = WebTestClientBuilder.bindToWebFilters(contextRepositoryWebFilter, this.springSecurityFilterChain, writePrincipalWebFilter()).build();
    client.get().uri("/").exchange().expectStatus().isOk().expectBody(String.class).consumeWith((result) -> assertThat(result.getResponseBody()).isEqualTo(currentPrincipal.getName()));
// @formatter:on
}
Also used : BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) DefaultDataBufferFactory(org.springframework.core.io.buffer.DefaultDataBufferFactory) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) AuthenticationPrincipalArgumentResolver(org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Autowired(org.springframework.beans.factory.annotation.Autowired) User(org.springframework.security.core.userdetails.User) ServerHttpSecurity(org.springframework.security.config.web.server.ServerHttpSecurity) ReactiveSecurityContextHolder(org.springframework.security.core.context.ReactiveSecurityContextHolder) ReactiveUserDetailsService(org.springframework.security.core.userdetails.ReactiveUserDetailsService) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) WebFilter(org.springframework.web.server.WebFilter) ConfigurableApplicationContext(org.springframework.context.ConfigurableApplicationContext) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) ReactiveAuthenticationTestConfiguration(org.springframework.security.config.users.ReactiveAuthenticationTestConfiguration) MediaType(org.springframework.http.MediaType) RestController(org.springframework.web.bind.annotation.RestController) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Configuration(org.springframework.context.annotation.Configuration) SecurityContext(org.springframework.security.core.context.SecurityContext) WithMockUser(org.springframework.security.test.context.support.WithMockUser) BodyInserters(org.springframework.web.reactive.function.BodyInserters) Authentication(org.springframework.security.core.Authentication) CsrfRequestDataValueProcessor(org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor) Ordered(org.springframework.core.Ordered) SecurityMockServerConfigurers.csrf(org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) EnableWebFlux(org.springframework.web.reactive.config.EnableWebFlux) PathPatternParserServerWebExchangeMatcher(org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher) UserDetails(org.springframework.security.core.userdetails.UserDetails) GetMapping(org.springframework.web.bind.annotation.GetMapping) AnnotationConfigWebApplicationContext(org.springframework.web.context.support.AnnotationConfigWebApplicationContext) WebTestClientBuilder(org.springframework.security.test.web.reactive.server.WebTestClientBuilder) MockServletContext(org.springframework.mock.web.MockServletContext) Order(org.springframework.core.annotation.Order) SpringExtension(org.springframework.test.context.junit.jupiter.SpringExtension) SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) SecurityTestExecutionListeners(org.springframework.security.test.context.annotation.SecurityTestExecutionListeners) Import(org.springframework.context.annotation.Import) MultiValueMap(org.springframework.util.MultiValueMap) Mono(reactor.core.publisher.Mono) DataBuffer(org.springframework.core.io.buffer.DataBuffer) WebFilterChainProxy(org.springframework.security.web.server.WebFilterChainProxy) DelegatingWebFluxConfiguration(org.springframework.web.reactive.config.DelegatingWebFluxConfiguration) FluxExchangeResult(org.springframework.test.web.reactive.server.FluxExchangeResult) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) SecurityWebFilterChain(org.springframework.security.web.server.SecurityWebFilterChain) MapReactiveUserDetailsService(org.springframework.security.core.userdetails.MapReactiveUserDetailsService) SpringTestContext(org.springframework.security.config.test.SpringTestContext) AuthenticationPrincipal(org.springframework.security.core.annotation.AuthenticationPrincipal) SpringTestContextExtension(org.springframework.security.config.test.SpringTestContextExtension) AbstractView(org.springframework.web.reactive.result.view.AbstractView) Bean(org.springframework.context.annotation.Bean) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) SecurityContextImpl(org.springframework.security.core.context.SecurityContextImpl) WebFilter(org.springframework.web.server.WebFilter) WebTestClient(org.springframework.test.web.reactive.server.WebTestClient) Authentication(org.springframework.security.core.Authentication) WebSessionServerSecurityContextRepository(org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository) SecurityContext(org.springframework.security.core.context.SecurityContext) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Aggregations

WebFilter (org.springframework.web.server.WebFilter)18 Test (org.junit.jupiter.api.Test)15 SecurityWebFilterChain (org.springframework.security.web.server.SecurityWebFilterChain)10 List (java.util.List)7 OAuth2LoginAuthenticationWebFilter (org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter)7 LogoutWebFilter (org.springframework.security.web.server.authentication.logout.LogoutWebFilter)6 SecurityContextServerWebExchangeWebFilter (org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter)6 CsrfWebFilter (org.springframework.security.web.server.csrf.CsrfWebFilter)6 Mono (reactor.core.publisher.Mono)6 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)5 HttpStatus (org.springframework.http.HttpStatus)4 WebTestClient (org.springframework.test.web.reactive.server.WebTestClient)4 StandardCharsets (java.nio.charset.StandardCharsets)3 Collections (java.util.Collections)3 Mockito.mock (org.mockito.Mockito.mock)3 FilteredClassLoader (org.springframework.boot.test.context.FilteredClassLoader)3 Bean (org.springframework.context.annotation.Bean)3 Configuration (org.springframework.context.annotation.Configuration)3 DataBuffer (org.springframework.core.io.buffer.DataBuffer)3 HttpHeaders (org.springframework.http.HttpHeaders)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial