Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add FormLoginAuthenticationConverter

Fixes gh-4526
Rob Winch 8 years ago
parent
8e80398715
commit
475f18174d
2 changed files with 176 additions and 0 deletions
Split View Show Diff Stats
  1. 73 0
      webflux/src/main/java/org/springframework/security/web/server/FormLoginAuthenticationConverter.java
  2. 103 0
      webflux/src/test/java/org/springframework/security/web/server/FormLoginAuthenticationConverterTests.java

+ 73 - 0
webflux/src/main/java/org/springframework/security/web/server/FormLoginAuthenticationConverter.java
View File 

@@ -0,0 +1,73 @@
 
+/*
 
+ *
 
+ *  * Copyright 2002-2017 the original author or authors.
 
+ *  *
 
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
 
+ *  * you may not use this file except in compliance with the License.
 
+ *  * You may obtain a copy of the License at
 
+ *  *
 
+ *  *      http://www.apache.org/licenses/LICENSE-2.0
 
+ *  *
 
+ *  * Unless required by applicable law or agreed to in writing, software
 
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
 
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ *  * See the License for the specific language governing permissions and
 
+ *  * limitations under the License.
 
+ *
 
+ */
 
+package org.springframework.security.web.server;
 
+
 
+import java.util.function.Function;
 
+
 
+import org.springframework.util.Assert;
 
+import reactor.core.publisher.Mono;
 
+
 
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
+import org.springframework.security.core.Authentication;
 
+import org.springframework.util.MultiValueMap;
 
+import org.springframework.web.server.ServerWebExchange;
 
+
 
+/**
 
+ * Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form
 
+ * data HTTP parameters.
 
+ *
 
+ * @author Rob Winch
 
+ * @since 5.0
 
+ */
 
+public class FormLoginAuthenticationConverter implements Function<ServerWebExchange,Mono<Authentication>> {
 
+
 
+	private String usernameParameter = "username";
 
+
 
+	private String passwordParameter = "password";
 
+
 
+	@Override
 
+	public Mono<Authentication> apply(ServerWebExchange serverWebExchange) {
 
+		return serverWebExchange.getFormData()
 
+			.map( data -> createAuthentication(data));
 
+	}
 
+
 
+	private UsernamePasswordAuthenticationToken createAuthentication(
 
+		MultiValueMap<String, String> data) {
 
+		String username = data.getFirst(this.usernameParameter);
 
+		String password = data.getFirst(this.passwordParameter);
 
+		return new UsernamePasswordAuthenticationToken(username, password);
 
+	}
 
+
 
+	/**
 
+	 * The parameter name of the form data to extract the username
 
+	 * @param usernameParameter the username HTTP parameter
 
+	 */
 
+	public void setUsernameParameter(String usernameParameter) {
 
+		Assert.notNull(usernameParameter, "usernameParameter cannot be null");
 
+		this.usernameParameter = usernameParameter;
 
+	}
 
+
 
+	/**
 
+	 * The parameter name of the form data to extract the password
 
+	 * @param passwordParameter the password HTTP parameter
 
+	 */
 
+	public void setPasswordParameter(String passwordParameter) {
 
+		Assert.notNull(passwordParameter, "passwordParameter cannot be null");
 
+		this.passwordParameter = passwordParameter;
 
+	}
 
+}

+ 103 - 0
webflux/src/test/java/org/springframework/security/web/server/FormLoginAuthenticationConverterTests.java
View File 

@@ -0,0 +1,103 @@
 
+/*
 
+ *
 
+ *  * Copyright 2002-2017 the original author or authors.
 
+ *  *
 
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
 
+ *  * you may not use this file except in compliance with the License.
 
+ *  * You may obtain a copy of the License at
 
+ *  *
 
+ *  *      http://www.apache.org/licenses/LICENSE-2.0
 
+ *  *
 
+ *  * Unless required by applicable law or agreed to in writing, software
 
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
 
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ *  * See the License for the specific language governing permissions and
 
+ *  * limitations under the License.
 
+ *
 
+ */
 
+
 
+package org.springframework.security.web.server;
 
+
 
+import org.junit.Before;
 
+import org.junit.Test;
 
+import org.junit.runner.RunWith;
 
+import org.mockito.Mock;
 
+import org.mockito.runners.MockitoJUnitRunner;
 
+import org.springframework.security.core.Authentication;
 
+import org.springframework.util.LinkedMultiValueMap;
 
+import org.springframework.util.MultiValueMap;
 
+import org.springframework.web.server.ServerWebExchange;
 
+import reactor.core.publisher.Mono;
 
+
 
+import static org.assertj.core.api.Assertions.assertThat;
 
+import static org.mockito.Mockito.when;
 
+
 
+/**
 
+ * @author Rob Winch
 
+ * @since 5.0
 
+ */
 
+@RunWith(MockitoJUnitRunner.class)
 
+public class FormLoginAuthenticationConverterTests {
 
+	@Mock
 
+	private ServerWebExchange exchange;
 
+
 
+	private MultiValueMap<String,String> data = new LinkedMultiValueMap<>();
 
+
 
+	private FormLoginAuthenticationConverter converter = new FormLoginAuthenticationConverter();
 
+
 
+	@Before
 
+	public void setup() {
 
+		when(this.exchange.getFormData()).thenReturn(Mono.just(this.data));
 
+	}
 
+
 
+	@Test
 
+	public void applyWhenUsernameAndPasswordThenCreatesTokenSuccess() {
 
+		String username = "username";
 
+		String password = "password";
 
+		this.data.add("username", username);
 
+		this.data.add("password", password);
 
+
 
+		Authentication authentication = this.converter.apply(this.exchange).block();
 
+
 
+		assertThat(authentication.getName()).isEqualTo(username);
 
+		assertThat(authentication.getCredentials()).isEqualTo(password);
 
+		assertThat(authentication.getAuthorities()).isEmpty();
 
+	}
 
+
 
+	@Test
 
+	public void applyWhenCustomParametersAndUsernameAndPasswordThenCreatesTokenSuccess() {
 
+		String usernameParameter = "j_username";
 
+		String passwordParameter = "j_password";
 
+		String username = "username";
 
+		String password = "password";
 
+		this.converter.setUsernameParameter(usernameParameter);
 
+		this.converter.setPasswordParameter(passwordParameter);
 
+		this.data.add(usernameParameter, username);
 
+		this.data.add(passwordParameter, password);
 
+
 
+		Authentication authentication = this.converter.apply(this.exchange).block();
 
+
 
+		assertThat(authentication.getName()).isEqualTo(username);
 
+		assertThat(authentication.getCredentials()).isEqualTo(password);
 
+		assertThat(authentication.getAuthorities()).isEmpty();
 
+	}
 
+
 
+	@Test
 
+	public void applyWhenNoDataThenCreatesTokenSuccess() {
 
+		Authentication authentication = this.converter.apply(this.exchange).block();
 
+
 
+		assertThat(authentication.getName()).isNullOrEmpty();
 
+		assertThat(authentication.getCredentials()).isNull();
 
+		assertThat(authentication.getAuthorities()).isEmpty();
 
+	}
 
+
 
+	@Test(expected = IllegalArgumentException.class)
 
+	public void setUsernameParameterWhenNullThenIllegalArgumentException() {
 
+		this.converter.setUsernameParameter(null);
 
+	}
 
+
 
+	@Test(expected = IllegalArgumentException.class)
 
+	public void setPasswordParameterWhenNullThenIllegalArgumentException() {
 
+		this.converter.setPasswordParameter(null);
 
+	}
 
+}