WebFlux HTTP Basic & Form Login Sessions

By default both HTTP Basic and form log are enabled. Now HTTP Session will
not be used for HTTP Basic, but will be for form log in.
This commit is contained in:
Rob Winch
2017-09-13 14:43:20 -05:00
parent 9133eb1b78
commit 0a36359f11
7 changed files with 19 additions and 108 deletions

View File

@@ -40,6 +40,7 @@ import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.WebFilterChainFilter;
import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.reactive.server.FluxExchangeResult;
import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
@@ -75,6 +76,21 @@ public class EnableWebFluxSecurityTests {
.expectBody().isEmpty();
}
@Test
public void authenticateWhenBasicThenNoSession() {
WebTestClient client = WebTestClientBuilder
.bindToWebFilters(this.springSecurityFilterChain)
.filter(basicAuthentication())
.build();
FluxExchangeResult<String> result = client.get()
.attributes(basicAuthenticationCredentials("user", "password")).exchange()
.expectStatus()
.isOk()
.returnResult(String.class);
result.assertWithDiagnostics(() -> assertThat(result.getResponseCookies().isEmpty()));
}
@Test
public void defaultPopulatesReactorContext() {
Principal currentPrincipal = new TestingAuthenticationToken("user", "password", "ROLE_USER");