WebFlux HTTP Basic & Form Login Sessions
By default both HTTP Basic and form log are enabled. Now HTTP Session will not be used for HTTP Basic, but will be for form log in.
This commit is contained in:
@@ -40,6 +40,7 @@ import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
import org.springframework.security.web.server.WebFilterChainFilter;
|
||||
import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.reactive.server.FluxExchangeResult;
|
||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||
import org.springframework.util.LinkedMultiValueMap;
|
||||
import org.springframework.util.MultiValueMap;
|
||||
@@ -75,6 +76,21 @@ public class EnableWebFluxSecurityTests {
|
||||
.expectBody().isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenBasicThenNoSession() {
|
||||
WebTestClient client = WebTestClientBuilder
|
||||
.bindToWebFilters(this.springSecurityFilterChain)
|
||||
.filter(basicAuthentication())
|
||||
.build();
|
||||
|
||||
FluxExchangeResult<String> result = client.get()
|
||||
.attributes(basicAuthenticationCredentials("user", "password")).exchange()
|
||||
.expectStatus()
|
||||
.isOk()
|
||||
.returnResult(String.class);
|
||||
result.assertWithDiagnostics(() -> assertThat(result.getResponseCookies().isEmpty()));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void defaultPopulatesReactorContext() {
|
||||
Principal currentPrincipal = new TestingAuthenticationToken("user", "password", "ROLE_USER");
|
||||
|
||||
Reference in New Issue
Block a user