|
@@ -1,5 +1,5 @@
|
|
|
/*
|
|
/*
|
|
|
- * Copyright 2002-2020 the original author or authors.
|
|
|
|
|
|
|
+ * Copyright 2002-2021 the original author or authors.
|
|
|
*
|
|
*
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
* you may not use this file except in compliance with the License.
|
|
* you may not use this file except in compliance with the License.
|
|
@@ -16,6 +16,9 @@
|
|
|
|
|
|
|
|
package org.springframework.security.config.web.server
|
|
package org.springframework.security.config.web.server
|
|
|
|
|
|
|
|
|
|
+import io.mockk.every
|
|
|
|
|
+import io.mockk.mockkObject
|
|
|
|
|
+import io.mockk.verify
|
|
|
import org.assertj.core.api.Assertions.assertThat
|
|
import org.assertj.core.api.Assertions.assertThat
|
|
|
import org.junit.Rule
|
|
import org.junit.Rule
|
|
|
import org.junit.Test
|
|
import org.junit.Test
|
|
@@ -23,6 +26,8 @@ import org.springframework.beans.factory.annotation.Autowired
|
|
|
import org.springframework.context.ApplicationContext
|
|
import org.springframework.context.ApplicationContext
|
|
|
import org.springframework.context.annotation.Bean
|
|
import org.springframework.context.annotation.Bean
|
|
|
import org.springframework.http.HttpHeaders
|
|
import org.springframework.http.HttpHeaders
|
|
|
|
|
+import org.springframework.security.authentication.ReactiveAuthenticationManager
|
|
|
|
|
+import org.springframework.security.authentication.TestingAuthenticationToken
|
|
|
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
|
|
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
|
|
|
import org.springframework.security.config.test.SpringTestRule
|
|
import org.springframework.security.config.test.SpringTestRule
|
|
|
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
|
|
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
|
|
@@ -199,4 +204,36 @@ class ServerHttpSecurityDslTests {
|
|
|
class CustomWebFilter : WebFilter {
|
|
class CustomWebFilter : WebFilter {
|
|
|
override fun filter(exchange: ServerWebExchange, chain: WebFilterChain): Mono<Void> = Mono.empty()
|
|
override fun filter(exchange: ServerWebExchange, chain: WebFilterChain): Mono<Void> = Mono.empty()
|
|
|
}
|
|
}
|
|
|
|
|
+
|
|
|
|
|
+ @Test
|
|
|
|
|
+ fun `authentication manager when configured in DSL then used`() {
|
|
|
|
|
+ this.spring.register(AuthenticationManagerConfig::class.java).autowire()
|
|
|
|
|
+ mockkObject(AuthenticationManagerConfig.AUTHENTICATION_MANAGER)
|
|
|
|
|
+ every {
|
|
|
|
|
+ AuthenticationManagerConfig.AUTHENTICATION_MANAGER.authenticate(any())
|
|
|
|
|
+ } returns Mono.just(TestingAuthenticationToken("user", "password", "ROLE_USER"))
|
|
|
|
|
+ this.client.get().uri("/").headers { headers ->
|
|
|
|
|
+ headers.setBasicAuth("user", "password")
|
|
|
|
|
+ }.exchange()
|
|
|
|
|
+ verify(exactly = 1) { AuthenticationManagerConfig.AUTHENTICATION_MANAGER.authenticate(any()) }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ @EnableWebFlux
|
|
|
|
|
+ @EnableWebFluxSecurity
|
|
|
|
|
+ open class AuthenticationManagerConfig {
|
|
|
|
|
+ companion object {
|
|
|
|
|
+ val AUTHENTICATION_MANAGER: ReactiveAuthenticationManager = ReactiveAuthenticationManager { Mono.empty() }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ @Bean
|
|
|
|
|
+ open fun springWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
|
|
|
|
|
+ return http {
|
|
|
|
|
+ authenticationManager = AUTHENTICATION_MANAGER
|
|
|
|
|
+ authorizeExchange {
|
|
|
|
|
+ authorize(anyExchange, authenticated)
|
|
|
|
|
+ }
|
|
|
|
|
+ httpBasic { }
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
}
|
|
}
|
Eleftheria Stein