Example 6 with DefaultWebFilterChain
use of org.springframework.web.server.handler.DefaultWebFilterChain in project spring-security by spring-projects.
the class SecurityContextServerWebExchangeWebFilterTests method filterWhenExistingContextAndPrincipalNotNullThenContextPopulated.
@Test
public void filterWhenExistingContextAndPrincipalNotNullThenContextPopulated() {
Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain((e) -> e.getPrincipal().doOnSuccess((contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(this.principal)).flatMap((contextPrincipal) -> Mono.subscriberContext()).doOnSuccess((context) -> assertThat(context.<String>get("foo")).isEqualTo("bar")).then(), Collections.emptyList())).subscriberContext((context) -> context.put("foo", "bar")).subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
StepVerifier.create(result).verifyComplete();
}
Also used :
Test(org.junit.jupiter.api.Test)
StepVerifier(reactor.test.StepVerifier)
ReactiveSecurityContextHolder(org.springframework.security.core.context.ReactiveSecurityContextHolder)
MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain)
Mono(reactor.core.publisher.Mono)
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
Authentication(org.springframework.security.core.Authentication)
Collections(java.util.Collections)
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain)
Test(org.junit.jupiter.api.Test)
Example 7 with DefaultWebFilterChain
use of org.springframework.web.server.handler.DefaultWebFilterChain in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeGrantWebFilterTests method filterWhenAuthorizationRequestRedirectUriParametersNotMatchThenNotProcessed.
// gh-7966
@Test
public void filterWhenAuthorizationRequestRedirectUriParametersNotMatchThenNotProcessed() {
String requestUri = "/authorization/callback";
Map<String, String> parameters = new LinkedHashMap<>();
parameters.put("param1", "value1");
parameters.put("param2", "value2");
MockServerHttpRequest authorizationRequest = createAuthorizationRequest(requestUri, parameters);
ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
// 1) Parameter value
Map<String, String> parametersNotMatch = new LinkedHashMap<>(parameters);
parametersNotMatch.put("param2", "value8");
MockServerHttpRequest authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList());
this.filter.filter(exchange, chain).block();
verifyNoInteractions(this.authenticationManager);
// 2) Parameter order
parametersNotMatch = new LinkedHashMap<>();
parametersNotMatch.put("param2", "value2");
parametersNotMatch.put("param1", "value1");
authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
exchange = MockServerWebExchange.from(authorizationResponse);
this.filter.filter(exchange, chain).block();
verifyNoInteractions(this.authenticationManager);
// 3) Parameter missing
parametersNotMatch = new LinkedHashMap<>(parameters);
parametersNotMatch.remove("param2");
authorizationResponse = createAuthorizationResponse(createAuthorizationRequest(requestUri, parametersNotMatch));
exchange = MockServerWebExchange.from(authorizationResponse);
this.filter.filter(exchange, chain).block();
verifyNoInteractions(this.authenticationManager);
}
Also used :
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest)
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
LinkedHashMap(java.util.LinkedHashMap)
Test(org.junit.jupiter.api.Test)
Example 8 with DefaultWebFilterChain
use of org.springframework.web.server.handler.DefaultWebFilterChain in project spring-security by spring-projects.
the class OAuth2AuthorizationCodeGrantWebFilterTests method filterWhenAuthorizationSucceedsAndRequestCacheConfiguredThenRequestCacheUsed.
@Test
public void filterWhenAuthorizationSucceedsAndRequestCacheConfiguredThenRequestCacheUsed() {
ClientRegistration clientRegistration = TestClientRegistrations.clientRegistration().build();
given(this.clientRegistrationRepository.findByRegistrationId(any())).willReturn(Mono.just(clientRegistration));
given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated()));
MockServerHttpRequest authorizationRequest = createAuthorizationRequest("/authorization/callback");
OAuth2AuthorizationRequest oauth2AuthorizationRequest = createOAuth2AuthorizationRequest(authorizationRequest, clientRegistration);
given(this.authorizationRequestRepository.loadAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
given(this.authorizationRequestRepository.removeAuthorizationRequest(any())).willReturn(Mono.just(oauth2AuthorizationRequest));
MockServerHttpRequest authorizationResponse = createAuthorizationResponse(authorizationRequest);
MockServerWebExchange exchange = MockServerWebExchange.from(authorizationResponse);
DefaultWebFilterChain chain = new DefaultWebFilterChain((e) -> e.getResponse().setComplete(), Collections.emptyList());
ServerRequestCache requestCache = mock(ServerRequestCache.class);
given(requestCache.getRedirectUri(any(ServerWebExchange.class))).willReturn(Mono.just(URI.create("/saved-request")));
this.filter.setRequestCache(requestCache);
this.filter.filter(exchange, chain).block();
verify(requestCache).getRedirectUri(exchange);
assertThat(exchange.getResponse().getHeaders().getLocation().toString()).isEqualTo("/saved-request");
}
Also used :
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
ClientRegistration(org.springframework.security.oauth2.client.registration.ClientRegistration)
MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest)
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain)
OAuth2AuthorizationRequest(org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)
ServerRequestCache(org.springframework.security.web.server.savedrequest.ServerRequestCache)
Test(org.junit.jupiter.api.Test)
Example 9 with DefaultWebFilterChain
use of org.springframework.web.server.handler.DefaultWebFilterChain in project spring-security by spring-projects.
the class OAuth2LoginAuthenticationWebFilterTests method setup.
@BeforeEach
public void setup() {
this.filter = new OAuth2LoginAuthenticationWebFilter(this.authenticationManager, this.authorizedClientRepository);
this.webFilterExchange = new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/")), new DefaultWebFilterChain((exchange) -> exchange.getResponse().setComplete(), Collections.emptyList()));
given(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())).willReturn(Mono.empty());
}
Also used :
DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain)
WebFilterExchange(org.springframework.security.web.server.WebFilterExchange)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 10 with DefaultWebFilterChain
use of org.springframework.web.server.handler.DefaultWebFilterChain in project spring-security by spring-projects.
the class SecurityContextServerWebExchangeWebFilterTests method filterWhenPrincipalNullThenContextEmpty.
@Test
public void filterWhenPrincipalNullThenContextEmpty() {
Authentication defaultAuthentication = new TestingAuthenticationToken("anonymouse", "anonymous", "TEST");
Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain((e) -> e.getPrincipal().defaultIfEmpty(defaultAuthentication).doOnSuccess((contextPrincipal) -> assertThat(contextPrincipal).isEqualTo(defaultAuthentication)).then(), Collections.emptyList()));
StepVerifier.create(result).verifyComplete();
}
Also used :
Test(org.junit.jupiter.api.Test)
StepVerifier(reactor.test.StepVerifier)
ReactiveSecurityContextHolder(org.springframework.security.core.context.ReactiveSecurityContextHolder)
MockServerHttpRequest(org.springframework.mock.http.server.reactive.MockServerHttpRequest)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain)
Mono(reactor.core.publisher.Mono)
MockServerWebExchange(org.springframework.mock.web.server.MockServerWebExchange)
Authentication(org.springframework.security.core.Authentication)
Collections(java.util.Collections)
ServerWebExchange(org.springframework.web.server.ServerWebExchange)
Authentication(org.springframework.security.core.Authentication)
DefaultWebFilterChain(org.springframework.web.server.handler.DefaultWebFilterChain)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
Test(org.junit.jupiter.api.Test)
Aggregations
DefaultWebFilterChain (org.springframework.web.server.handler.DefaultWebFilterChain)11
Test (org.junit.jupiter.api.Test)10
MockServerWebExchange (org.springframework.mock.web.server.MockServerWebExchange)10
MockServerHttpRequest (org.springframework.mock.http.server.reactive.MockServerHttpRequest)9
ClientRegistration (org.springframework.security.oauth2.client.registration.ClientRegistration)6
OAuth2AuthorizationRequest (org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest)6
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)3
Authentication (org.springframework.security.core.Authentication)3
ReactiveSecurityContextHolder (org.springframework.security.core.context.ReactiveSecurityContextHolder)3
ServerWebExchange (org.springframework.web.server.ServerWebExchange)3
Mono (reactor.core.publisher.Mono)3
StepVerifier (reactor.test.StepVerifier)3
Collections (java.util.Collections)2
LinkedHashMap (java.util.LinkedHashMap)2
BeforeEach (org.junit.jupiter.api.BeforeEach)2
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)2
List (java.util.List)1
Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)1
ExtendWith (org.junit.jupiter.api.extension.ExtendWith)1
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)1
