Merge branch '2.0.x' into 2.1.x

Closes gh-17078
This commit is contained in:
Andy Wilkinson
2019-06-07 10:50:34 +01:00
2691 changed files with 27746 additions and 46049 deletions

View File

@@ -62,8 +62,7 @@ public class SampleMethodSecurityApplication implements WebMvcConfigurer {
return new InMemoryUserDetailsManager(
User.withDefaultPasswordEncoder().username("admin").password("admin")
.roles("ADMIN", "USER", "ACTUATOR").build(),
User.withDefaultPasswordEncoder().username("user").password("user")
.roles("USER").build());
User.withDefaultPasswordEncoder().username("user").password("user").roles("USER").build());
}
}

View File

@@ -60,8 +60,8 @@ public class SampleMethodSecurityApplicationTests {
public void testHome() {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.TEXT_HTML));
ResponseEntity<String> entity = this.restTemplate.exchange("/", HttpMethod.GET,
new HttpEntity<Void>(headers), String.class);
ResponseEntity<String> entity = this.restTemplate.exchange("/", HttpMethod.GET, new HttpEntity<Void>(headers),
String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(entity.getBody()).contains("<title>Login");
}
@@ -74,11 +74,10 @@ public class SampleMethodSecurityApplicationTests {
form.set("username", "admin");
form.set("password", "admin");
getCsrf(form, headers);
ResponseEntity<String> entity = this.restTemplate.exchange("/login",
HttpMethod.POST, new HttpEntity<>(form, headers), String.class);
ResponseEntity<String> entity = this.restTemplate.exchange("/login", HttpMethod.POST,
new HttpEntity<>(form, headers), String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.FOUND);
assertThat(entity.getHeaders().getLocation().toString())
.isEqualTo("http://localhost:" + this.port + "/");
assertThat(entity.getHeaders().getLocation().toString()).isEqualTo("http://localhost:" + this.port + "/");
}
@Test
@@ -89,13 +88,12 @@ public class SampleMethodSecurityApplicationTests {
form.set("username", "user");
form.set("password", "user");
getCsrf(form, headers);
ResponseEntity<String> entity = this.restTemplate.exchange("/login",
HttpMethod.POST, new HttpEntity<>(form, headers), String.class);
ResponseEntity<String> entity = this.restTemplate.exchange("/login", HttpMethod.POST,
new HttpEntity<>(form, headers), String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.FOUND);
String cookie = entity.getHeaders().getFirst("Set-Cookie");
headers.set("Cookie", cookie);
ResponseEntity<String> page = this.restTemplate.exchange(
entity.getHeaders().getLocation(), HttpMethod.GET,
ResponseEntity<String> page = this.restTemplate.exchange(entity.getHeaders().getLocation(), HttpMethod.GET,
new HttpEntity<Void>(headers), String.class);
assertThat(page.getStatusCode()).isEqualTo(HttpStatus.FORBIDDEN);
assertThat(page.getBody()).contains("Access denied");
@@ -105,35 +103,30 @@ public class SampleMethodSecurityApplicationTests {
public void testManagementProtected() {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
ResponseEntity<String> entity = this.restTemplate.exchange("/actuator/beans",
HttpMethod.GET, new HttpEntity<Void>(headers), String.class);
ResponseEntity<String> entity = this.restTemplate.exchange("/actuator/beans", HttpMethod.GET,
new HttpEntity<Void>(headers), String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
}
@Test
public void testManagementAuthorizedAccess() {
BasicAuthenticationInterceptor basicAuthInterceptor = new BasicAuthenticationInterceptor(
"admin", "admin");
BasicAuthenticationInterceptor basicAuthInterceptor = new BasicAuthenticationInterceptor("admin", "admin");
this.restTemplate.getRestTemplate().getInterceptors().add(basicAuthInterceptor);
try {
ResponseEntity<String> entity = this.restTemplate
.getForEntity("/actuator/beans", String.class);
ResponseEntity<String> entity = this.restTemplate.getForEntity("/actuator/beans", String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK);
}
finally {
this.restTemplate.getRestTemplate().getInterceptors()
.remove(basicAuthInterceptor);
this.restTemplate.getRestTemplate().getInterceptors().remove(basicAuthInterceptor);
}
}
private void getCsrf(MultiValueMap<String, String> form, HttpHeaders headers) {
ResponseEntity<String> page = this.restTemplate.getForEntity("/login",
String.class);
ResponseEntity<String> page = this.restTemplate.getForEntity("/login", String.class);
String cookie = page.getHeaders().getFirst("Set-Cookie");
headers.set("Cookie", cookie);
String body = page.getBody();
Matcher matcher = Pattern.compile("(?s).*name=\"_csrf\".*?value=\"([^\"]+).*")
.matcher(body);
Matcher matcher = Pattern.compile("(?s).*name=\"_csrf\".*?value=\"([^\"]+).*").matcher(body);
matcher.find();
form.set("_csrf", matcher.group(1));
}