Remove Deprecation Markers
Since Spring Security still needs these methods and classes, we should wait on deprecating them if we can. Instead, this commit changes the original classes to have a boolean property that is currently false, but will switch to true in 6.0. At that time, BearerTokenAuthenticationFilter can change to use the handler. Closes gh-11932
This commit is contained in:
@@ -1,69 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.authentication;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
|
||||
/**
|
||||
* @author Daniel Garnier-Moiroux
|
||||
* @since 5.8
|
||||
*/
|
||||
class AuthenticationEntryPointFailureHandlerAdapterTest {
|
||||
|
||||
private final AuthenticationEntryPoint authenticationEntryPoint = mock(AuthenticationEntryPoint.class);
|
||||
|
||||
private final HttpServletRequest request = mock(HttpServletRequest.class);
|
||||
|
||||
private final HttpServletResponse response = mock(HttpServletResponse.class);
|
||||
|
||||
@Test
|
||||
void onAuthenticationFailureThenCommenceAuthentication() throws ServletException, IOException {
|
||||
AuthenticationEntryPointFailureHandlerAdapter failureHandler = new AuthenticationEntryPointFailureHandlerAdapter(
|
||||
this.authenticationEntryPoint);
|
||||
AuthenticationException failure = new AuthenticationException("failed") {
|
||||
};
|
||||
failureHandler.onAuthenticationFailure(this.request, this.response, failure);
|
||||
verify(this.authenticationEntryPoint).commence(this.request, this.response, failure);
|
||||
}
|
||||
|
||||
@Test
|
||||
void onAuthenticationFailureWithAuthenticationServiceExceptionThenRethrows() {
|
||||
AuthenticationEntryPointFailureHandlerAdapter failureHandler = new AuthenticationEntryPointFailureHandlerAdapter(
|
||||
this.authenticationEntryPoint);
|
||||
AuthenticationException failure = new AuthenticationServiceException("failed");
|
||||
assertThatExceptionOfType(AuthenticationServiceException.class)
|
||||
.isThrownBy(() -> failureHandler.onAuthenticationFailure(this.request, this.response, failure))
|
||||
.isSameAs(failure);
|
||||
verifyNoInteractions(this.authenticationEntryPoint);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,48 @@
|
||||
/*
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.authentication;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
/**
|
||||
* Tests for {@link AuthenticationEntryPointFailureHandler}
|
||||
*/
|
||||
public class AuthenticationEntryPointFailureHandlerTests {
|
||||
|
||||
@Test
|
||||
void onAuthenticationFailureWhenDefaultsThenAuthenticationServiceExceptionSwallowed() throws Exception {
|
||||
AuthenticationEntryPoint entryPoint = mock(AuthenticationEntryPoint.class);
|
||||
AuthenticationEntryPointFailureHandler handler = new AuthenticationEntryPointFailureHandler(entryPoint);
|
||||
handler.onAuthenticationFailure(null, null, new AuthenticationServiceException("fail"));
|
||||
}
|
||||
|
||||
@Test
|
||||
void handleWhenRethrowingThenAuthenticationServiceExceptionRethrown() {
|
||||
AuthenticationEntryPoint entryPoint = mock(AuthenticationEntryPoint.class);
|
||||
AuthenticationEntryPointFailureHandler handler = new AuthenticationEntryPointFailureHandler(entryPoint);
|
||||
handler.setRethrowAuthenticationServiceException(true);
|
||||
assertThatExceptionOfType(AuthenticationServiceException.class).isThrownBy(
|
||||
() -> handler.onAuthenticationFailure(null, null, new AuthenticationServiceException("fail")));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,77 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.server.authentication;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.server.WebFilterExchange;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
import org.springframework.web.server.WebFilterChain;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoInteractions;
|
||||
|
||||
/**
|
||||
* @author Daniel Garnier-Moiroux
|
||||
* @since 5.8
|
||||
*/
|
||||
class ServerAuthenticationEntryPointFailureHandlerAdapterTest {
|
||||
|
||||
private final ServerAuthenticationEntryPoint serverAuthenticationEntryPoint = mock(
|
||||
ServerAuthenticationEntryPoint.class);
|
||||
|
||||
private final ServerWebExchange serverWebExchange = mock(ServerWebExchange.class);
|
||||
|
||||
private final WebFilterExchange webFilterExchange = new WebFilterExchange(this.serverWebExchange,
|
||||
mock(WebFilterChain.class));
|
||||
|
||||
@BeforeEach
|
||||
void setUp() {
|
||||
given(this.serverAuthenticationEntryPoint.commence(any(), any())).willReturn(Mono.empty());
|
||||
}
|
||||
|
||||
@Test
|
||||
void onAuthenticationFailureThenCommenceAuthentication() {
|
||||
ServerAuthenticationEntryPointFailureHandlerAdapter failureHandler = new ServerAuthenticationEntryPointFailureHandlerAdapter(
|
||||
this.serverAuthenticationEntryPoint);
|
||||
AuthenticationException failure = new AuthenticationException("failed") {
|
||||
};
|
||||
failureHandler.onAuthenticationFailure(this.webFilterExchange, failure).block();
|
||||
verify(this.serverAuthenticationEntryPoint).commence(this.serverWebExchange, failure);
|
||||
}
|
||||
|
||||
@Test
|
||||
void onAuthenticationFailureWithAuthenticationServiceExceptionThenRethrows() {
|
||||
ServerAuthenticationEntryPointFailureHandlerAdapter failureHandler = new ServerAuthenticationEntryPointFailureHandlerAdapter(
|
||||
this.serverAuthenticationEntryPoint);
|
||||
AuthenticationException failure = new AuthenticationServiceException("failed");
|
||||
assertThatExceptionOfType(AuthenticationServiceException.class)
|
||||
.isThrownBy(() -> failureHandler.onAuthenticationFailure(this.webFilterExchange, failure).block())
|
||||
.isSameAs(failure);
|
||||
verifyNoInteractions(this.serverWebExchange);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -23,6 +23,7 @@ import org.mockito.Mock;
|
||||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.server.WebFilterExchange;
|
||||
@@ -30,6 +31,7 @@ import org.springframework.web.server.ServerWebExchange;
|
||||
import org.springframework.web.server.WebFilterChain;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
|
||||
@@ -68,4 +70,19 @@ public class ServerAuthenticationEntryPointFailureHandlerTests {
|
||||
assertThat(this.handler.onAuthenticationFailure(this.filterExchange, e)).isEqualTo(result);
|
||||
}
|
||||
|
||||
@Test
|
||||
void onAuthenticationFailureWhenDefaultsThenAuthenticationServiceExceptionSwallowed() {
|
||||
AuthenticationServiceException e = new AuthenticationServiceException("fail");
|
||||
given(this.authenticationEntryPoint.commence(this.exchange, e)).willReturn(Mono.empty());
|
||||
this.handler.onAuthenticationFailure(this.filterExchange, e).block();
|
||||
}
|
||||
|
||||
@Test
|
||||
void handleWhenRethrowingThenAuthenticationServiceExceptionRethrown() {
|
||||
AuthenticationServiceException e = new AuthenticationServiceException("fail");
|
||||
this.handler.setRethrowAuthenticationServiceException(true);
|
||||
assertThatExceptionOfType(AuthenticationServiceException.class)
|
||||
.isThrownBy(() -> this.handler.onAuthenticationFailure(this.filterExchange, e).block());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user