首頁 探索 說明
註冊 登入
github
/
spring-security
镜像来自 https://github.com/spring-projects/spring-security
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Allow setting authenticationEntryPoint for Http Basic

1. Added method authenticationEntryPoint in ServerHttpSecurity to allow
setting authenticationEntryPoint.
2. Added test in ServerHttpSecurityTests to check if
if specified realm name set by authenticationEntryPoint is
returned

Fixes: gh-6270
Ankur Pathak 6 年之前
父節點
a90c217446
當前提交
3bcb1d9458
共有 2 個文件被更改,包括 37 次插入0 次删除
分割檢視 顯示文件統計
  1. 13 0
      config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
  2. 24 0
      config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java

+ 13 - 0
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
查看文件 

@@ -1878,6 +1878,19 @@ public class ServerHttpSecurity {
 
 			return this;
 
 		}
 
 
+		/**
 
+		 * Allows easily setting the entry point.
 
+		 * @param authenticationEntryPoint the {@link ServerAuthenticationEntryPoint} to use
 
+		 * @return {@link HttpBasicSpec} for additional customization
 
+		 * @since 5.2.0
 
+		 * @author Ankur Pathak
 
+		 */
 
+		public HttpBasicSpec authenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint){
 
+			Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
 
+			this.entryPoint = authenticationEntryPoint;
 
+			return this;
 
+		}
 
+
 
 		/**
 
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 
 		 * @return the {@link ServerHttpSecurity} to continue configuring

+ 24 - 0
config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java
查看文件 

@@ -64,6 +64,7 @@ import org.springframework.web.server.WebFilter;
 
 import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
 
 import org.springframework.web.server.WebFilterChain;
 
 import org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests;
 
+import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;
 
 
 /**
 
  * @author Rob Winch
 
@@ -255,6 +256,29 @@ public class ServerHttpSecurityTests {
 
 		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 
 	}
 
 
+	@Test
 
+	public void basicWithCustomRealmName() {
 
+		this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
 
+		HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
 
+		authenticationEntryPoint.setRealm("myrealm");
 
+		this.http.httpBasic().authenticationEntryPoint(authenticationEntryPoint);
 
+		this.http.authenticationManager(this.authenticationManager);
 
+		ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
 
+		authorize.anyExchange().authenticated();
 
+
 
+		WebTestClient client = buildClient();
 
+
 
+		EntityExchangeResult<String> result = client.get()
 
+				.uri("/")
 
+				.exchange()
 
+				.expectStatus().isUnauthorized()
 
+				.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, value -> assertThat(value).contains("myrealm"))
 
+				.expectBody(String.class)
 
+				.returnResult();
 
+
 
+		assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
 
+	}
 
+
 
 	private <T extends WebFilter> Optional<T> getWebFilter(SecurityWebFilterChain filterChain, Class<T> filterClass) {
 
 		return (Optional<T>) filterChain.getWebFilters()
 
 				.filter(Objects::nonNull)