Merge branch '2.0.x' into 2.1.x
Closes gh-17078
This commit is contained in:
@@ -44,10 +44,8 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
* @author Madhura Bhave
|
||||
*/
|
||||
@RunWith(SpringRunner.class)
|
||||
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT,
|
||||
properties = { "management.server.port=0" },
|
||||
classes = { ManagementPortSampleSecureWebFluxTests.SecurityConfiguration.class,
|
||||
SampleSecureWebFluxApplication.class })
|
||||
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, properties = { "management.server.port=0" }, classes = {
|
||||
ManagementPortSampleSecureWebFluxTests.SecurityConfiguration.class, SampleSecureWebFluxApplication.class })
|
||||
public class ManagementPortSampleSecureWebFluxTests {
|
||||
|
||||
@LocalServerPort
|
||||
@@ -62,35 +60,29 @@ public class ManagementPortSampleSecureWebFluxTests {
|
||||
@Test
|
||||
public void testHome() {
|
||||
this.webClient.get().uri("http://localhost:" + this.port, String.class)
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange()
|
||||
.expectStatus().isOk().expectBody(String.class).isEqualTo("Hello user");
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange().expectStatus().isOk()
|
||||
.expectBody(String.class).isEqualTo("Hello user");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void actuatorPathOnMainPortShouldNotMatch() {
|
||||
this.webClient.get()
|
||||
.uri("http://localhost:" + this.port + "/actuator", String.class)
|
||||
.exchange().expectStatus().isUnauthorized();
|
||||
this.webClient.get()
|
||||
.uri("http://localhost:" + this.port + "/actuator/health", String.class)
|
||||
.exchange().expectStatus().isUnauthorized();
|
||||
this.webClient.get().uri("http://localhost:" + this.port + "/actuator", String.class).exchange().expectStatus()
|
||||
.isUnauthorized();
|
||||
this.webClient.get().uri("http://localhost:" + this.port + "/actuator/health", String.class).exchange()
|
||||
.expectStatus().isUnauthorized();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSecureActuator() {
|
||||
this.webClient.get()
|
||||
.uri("http://localhost:" + this.managementPort + "/actuator/env",
|
||||
String.class)
|
||||
.exchange().expectStatus().isUnauthorized();
|
||||
this.webClient.get().uri("http://localhost:" + this.managementPort + "/actuator/env", String.class).exchange()
|
||||
.expectStatus().isUnauthorized();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testInsecureActuator() {
|
||||
String responseBody = this.webClient.get()
|
||||
.uri("http://localhost:" + this.managementPort + "/actuator/health",
|
||||
String.class)
|
||||
.exchange().expectStatus().isOk().expectBody(String.class).returnResult()
|
||||
.getResponseBody();
|
||||
.uri("http://localhost:" + this.managementPort + "/actuator/health", String.class).exchange()
|
||||
.expectStatus().isOk().expectBody(String.class).returnResult().getResponseBody();
|
||||
assertThat(responseBody).contains("\"status\":\"UP\"");
|
||||
}
|
||||
|
||||
@@ -103,14 +95,10 @@ public class ManagementPortSampleSecureWebFluxTests {
|
||||
|
||||
@Bean
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
return http.authorizeExchange().matchers(EndpointRequest.to("health", "info"))
|
||||
.permitAll()
|
||||
.matchers(EndpointRequest.toAnyEndpoint()
|
||||
.excluding(MappingsEndpoint.class))
|
||||
.hasRole("ACTUATOR")
|
||||
.matchers(PathRequest.toStaticResources().atCommonLocations())
|
||||
.permitAll().pathMatchers("/login").permitAll().anyExchange()
|
||||
.authenticated().and().httpBasic().and().build();
|
||||
return http.authorizeExchange().matchers(EndpointRequest.to("health", "info")).permitAll()
|
||||
.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
|
||||
.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll().pathMatchers("/login")
|
||||
.permitAll().anyExchange().authenticated().and().httpBasic().and().build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -43,40 +43,39 @@ public class SampleSecureWebFluxApplicationTests {
|
||||
|
||||
@Test
|
||||
public void userDefinedMappingsSecureByDefault() {
|
||||
this.webClient.get().uri("/").accept(MediaType.APPLICATION_JSON).exchange()
|
||||
.expectStatus().isEqualTo(HttpStatus.UNAUTHORIZED);
|
||||
this.webClient.get().uri("/").accept(MediaType.APPLICATION_JSON).exchange().expectStatus()
|
||||
.isEqualTo(HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void healthInsecureByDefault() {
|
||||
this.webClient.get().uri("/actuator/health").accept(MediaType.APPLICATION_JSON)
|
||||
.exchange().expectStatus().isOk();
|
||||
this.webClient.get().uri("/actuator/health").accept(MediaType.APPLICATION_JSON).exchange().expectStatus()
|
||||
.isOk();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void infoInsecureByDefault() {
|
||||
this.webClient.get().uri("/actuator/info").accept(MediaType.APPLICATION_JSON)
|
||||
.exchange().expectStatus().isOk();
|
||||
this.webClient.get().uri("/actuator/info").accept(MediaType.APPLICATION_JSON).exchange().expectStatus().isOk();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void otherActuatorsSecureByDefault() {
|
||||
this.webClient.get().uri("/actuator/env").accept(MediaType.APPLICATION_JSON)
|
||||
.exchange().expectStatus().isUnauthorized();
|
||||
this.webClient.get().uri("/actuator/env").accept(MediaType.APPLICATION_JSON).exchange().expectStatus()
|
||||
.isUnauthorized();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void userDefinedMappingsAccessibleOnLogin() {
|
||||
this.webClient.get().uri("/").accept(MediaType.APPLICATION_JSON)
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange()
|
||||
.expectBody(String.class).isEqualTo("Hello user");
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange().expectBody(String.class)
|
||||
.isEqualTo("Hello user");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void actuatorsAccessibleOnLogin() {
|
||||
this.webClient.get().uri("/actuator/health").accept(MediaType.APPLICATION_JSON)
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange()
|
||||
.expectBody(String.class).isEqualTo("{\"status\":\"UP\"}");
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange().expectBody(String.class)
|
||||
.isEqualTo("{\"status\":\"UP\"}");
|
||||
}
|
||||
|
||||
private String getBasicAuth() {
|
||||
|
||||
@@ -43,9 +43,8 @@ import org.springframework.test.web.reactive.server.WebTestClient;
|
||||
* @author Madhura Bhave
|
||||
*/
|
||||
@RunWith(SpringRunner.class)
|
||||
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,
|
||||
classes = { SampleSecureWebFluxCustomSecurityTests.SecurityConfiguration.class,
|
||||
SampleSecureWebFluxApplication.class })
|
||||
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {
|
||||
SampleSecureWebFluxCustomSecurityTests.SecurityConfiguration.class, SampleSecureWebFluxApplication.class })
|
||||
public class SampleSecureWebFluxCustomSecurityTests {
|
||||
|
||||
@Autowired
|
||||
@@ -53,52 +52,47 @@ public class SampleSecureWebFluxCustomSecurityTests {
|
||||
|
||||
@Test
|
||||
public void userDefinedMappingsSecure() {
|
||||
this.webClient.get().uri("/").accept(MediaType.APPLICATION_JSON).exchange()
|
||||
.expectStatus().isEqualTo(HttpStatus.UNAUTHORIZED);
|
||||
this.webClient.get().uri("/").accept(MediaType.APPLICATION_JSON).exchange().expectStatus()
|
||||
.isEqualTo(HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void healthAndInfoDoNotRequireAuthentication() {
|
||||
this.webClient.get().uri("/actuator/health").accept(MediaType.APPLICATION_JSON)
|
||||
.exchange().expectStatus().isOk();
|
||||
this.webClient.get().uri("/actuator/info").accept(MediaType.APPLICATION_JSON)
|
||||
.exchange().expectStatus().isOk();
|
||||
this.webClient.get().uri("/actuator/health").accept(MediaType.APPLICATION_JSON).exchange().expectStatus()
|
||||
.isOk();
|
||||
this.webClient.get().uri("/actuator/info").accept(MediaType.APPLICATION_JSON).exchange().expectStatus().isOk();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void actuatorsSecuredByRole() {
|
||||
this.webClient.get().uri("/actuator/env").accept(MediaType.APPLICATION_JSON)
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange()
|
||||
.expectStatus().isForbidden();
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange().expectStatus().isForbidden();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void actuatorsAccessibleOnCorrectLogin() {
|
||||
this.webClient.get().uri("/actuator/env").accept(MediaType.APPLICATION_JSON)
|
||||
.header("Authorization", "basic " + getBasicAuthForAdmin()).exchange()
|
||||
.expectStatus().isOk();
|
||||
.header("Authorization", "basic " + getBasicAuthForAdmin()).exchange().expectStatus().isOk();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void actuatorExcludedFromEndpointRequestMatcher() {
|
||||
this.webClient.get().uri("/actuator/mappings").accept(MediaType.APPLICATION_JSON)
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange()
|
||||
.expectStatus().isOk();
|
||||
.header("Authorization", "basic " + getBasicAuth()).exchange().expectStatus().isOk();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void staticResourceShouldBeAccessible() {
|
||||
this.webClient.get().uri("/css/bootstrap.min.css")
|
||||
.accept(MediaType.APPLICATION_JSON).exchange().expectStatus().isOk();
|
||||
this.webClient.get().uri("/css/bootstrap.min.css").accept(MediaType.APPLICATION_JSON).exchange().expectStatus()
|
||||
.isOk();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void actuatorLinksIsSecure() {
|
||||
this.webClient.get().uri("/actuator").accept(MediaType.APPLICATION_JSON).exchange().expectStatus()
|
||||
.isUnauthorized();
|
||||
this.webClient.get().uri("/actuator").accept(MediaType.APPLICATION_JSON)
|
||||
.exchange().expectStatus().isUnauthorized();
|
||||
this.webClient.get().uri("/actuator").accept(MediaType.APPLICATION_JSON)
|
||||
.header("Authorization", "basic " + getBasicAuthForAdmin()).exchange()
|
||||
.expectStatus().isOk();
|
||||
.header("Authorization", "basic " + getBasicAuthForAdmin()).exchange().expectStatus().isOk();
|
||||
}
|
||||
|
||||
private String getBasicAuth() {
|
||||
@@ -116,22 +110,18 @@ public class SampleSecureWebFluxCustomSecurityTests {
|
||||
@Bean
|
||||
public MapReactiveUserDetailsService userDetailsService() {
|
||||
return new MapReactiveUserDetailsService(
|
||||
User.withDefaultPasswordEncoder().username("user")
|
||||
.password("password").authorities("ROLE_USER").build(),
|
||||
User.withDefaultPasswordEncoder().username("user").password("password").authorities("ROLE_USER")
|
||||
.build(),
|
||||
User.withDefaultPasswordEncoder().username("admin").password("admin")
|
||||
.authorities("ROLE_ACTUATOR", "ROLE_USER").build());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
return http.authorizeExchange().matchers(EndpointRequest.to("health", "info"))
|
||||
.permitAll()
|
||||
.matchers(EndpointRequest.toAnyEndpoint()
|
||||
.excluding(MappingsEndpoint.class))
|
||||
.hasRole("ACTUATOR")
|
||||
.matchers(PathRequest.toStaticResources().atCommonLocations())
|
||||
.permitAll().pathMatchers("/login").permitAll().anyExchange()
|
||||
.authenticated().and().httpBasic().and().build();
|
||||
return http.authorizeExchange().matchers(EndpointRequest.to("health", "info")).permitAll()
|
||||
.matchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
|
||||
.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll().pathMatchers("/login")
|
||||
.permitAll().anyExchange().authenticated().and().httpBasic().and().build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user