Add RedirectServerAuthenticationFailureHandler

Fixes gh-4816

web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java

@@ -0,0 +1,63 @@
+/*
+ * Copyright 2002-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.server.authentication;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.server.DefaultServerRedirectStrategy;
+import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
+import org.springframework.security.web.server.ServerRedirectStrategy;
+import org.springframework.security.web.server.WebFilterExchange;
+import org.springframework.security.web.server.savedrequest.ServerRequestCache;
+import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache;
+import org.springframework.util.Assert;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Mono;
+
+import java.net.URI;
+
+/**
+ * Performs a redirect to a specified location.
+ *
+ * @author Rob Winch
+ * @since 5.0
+ */
+public class RedirectServerAuthenticationFailureHandler
+	implements ServerAuthenticationFailureHandler {
+	private final URI location;
+
+	private ServerRedirectStrategy serverRedirectStrategy = new DefaultServerRedirectStrategy();
+
+	public RedirectServerAuthenticationFailureHandler(String location) {
+		Assert.notNull(location, "location cannot be null");
+		this.location = URI.create(location);
+	}
+
+	/**
+	 * Sets the RedirectStrategy to use.
+	 * @param serverRedirectStrategy the strategy to use. Default is DefaultRedirectStrategy.
+	 */
+	public void setServerRedirectStrategy(ServerRedirectStrategy serverRedirectStrategy) {
+		Assert.notNull(serverRedirectStrategy, "redirectStrategy cannot be null");
+		this.serverRedirectStrategy = serverRedirectStrategy;
+	}
+
+	@Override
+	public Mono<Void> onAuthenticationFailure(
+		WebFilterExchange webFilterExchange, AuthenticationException exception) {
+		return this.serverRedirectStrategy.sendRedirect(webFilterExchange.getExchange(), this.location);
+	}
+}

web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java

@@ -0,0 +1,103 @@
+/*
+ * Copyright 2002-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.server.authentication;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.http.HttpStatus;
+import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.server.ServerRedirectStrategy;
+import org.springframework.security.web.server.WebFilterExchange;
+import org.springframework.web.server.handler.DefaultWebFilterChain;
+import reactor.core.publisher.Mono;
+import reactor.test.publisher.PublisherProbe;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+/**
+ * @author Rob Winch
+ * @since 5.0
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class RedirectServerAuthenticationFailureHandlerTests {
+
+	private WebFilterExchange exchange;
+	@Mock
+	private ServerRedirectStrategy serverRedirectStrategy;
+
+	private String location = "/login";
+
+	private RedirectServerAuthenticationFailureHandler handler =
+		new RedirectServerAuthenticationFailureHandler(this.location);
+
+	private AuthenticationException exception = new AuthenticationCredentialsNotFoundException("Authentication Required");
+
+
+	@Test(expected = IllegalArgumentException.class)
+	public void constructorStringWhenNullLocationThenException() {
+		new RedirectServerAuthenticationEntryPoint((String) null);
+	}
+
+	@Test
+	public void commenceWhenNoSubscribersThenNoActions() {
+		this.exchange = createExchange();
+		this.handler.onAuthenticationFailure(this.exchange,
+			this.exception);
+
+		assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).isNull();
+		assertThat(this.exchange.getExchange().getSession().block().isStarted()).isFalse();
+	}
+
+	@Test
+	public void commenceWhenSubscribeThenStatusAndLocationSet() {
+		this.exchange = createExchange();
+
+		this.handler.onAuthenticationFailure(this.exchange, this.exception).block();
+
+		assertThat(this.exchange.getExchange().getResponse().getStatusCode()).isEqualTo(
+			HttpStatus.FOUND);
+		assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).hasPath(this.location);
+	}
+
+	@Test
+	public void commenceWhenCustomServerRedirectStrategyThenCustomServerRedirectStrategyUsed() {
+		PublisherProbe<Void> redirectResult = PublisherProbe.empty();
+		when(this.serverRedirectStrategy.sendRedirect(any(), any())).thenReturn(redirectResult.mono());
+		this.handler.setServerRedirectStrategy(this.serverRedirectStrategy);
+		this.exchange = createExchange();
+
+		this.handler.onAuthenticationFailure(this.exchange, this.exception).block();
+
+		redirectResult.assertWasSubscribed();
+	}
+
+	@Test(expected = IllegalArgumentException.class)
+	public void setRedirectStrategyWhenNullThenException() {
+		this.handler.setServerRedirectStrategy(null);
+	}
+
+	private WebFilterExchange createExchange() {
+		return new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/").build()), new DefaultWebFilterChain(e -> Mono.empty()));
+	}
+}