Revert "Pick up AuthorizationManager Bean"

This reverts commit 32b83aae63.

Issue gh-11067
This commit is contained in:
Josh Cummings
2022-04-12 09:32:00 -06:00
parent 39b0620a84
commit 147ab42440
4 changed files with 5 additions and 145 deletions

View File

@@ -20,7 +20,6 @@ import java.util.function.Supplier;
import javax.servlet.http.HttpServletRequest;
import org.aopalliance.intercept.MethodInvocation;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -50,12 +49,10 @@ import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
import static org.springframework.security.config.Customizer.withDefaults;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
@@ -399,20 +396,6 @@ public class AuthorizeHttpRequestsConfigurerTests {
this.mvc.perform(requestWithUser).andExpect(status().isOk());
}
@Test
public void getWhenOnlyAuthorizationManagerBeanThenRespondsWithOk() throws Exception {
this.spring.register(NoRequestsConfig.class, AuthorizationManagerConfig.class, BasicController.class)
.autowire();
AuthorizationManager<HttpServletRequest> request = (AuthorizationManager<HttpServletRequest>) this.spring
.getContext().getBean("request");
given(request.check(any(), any())).willReturn(new AuthorizationDecision(true));
this.mvc.perform(get("/")).andExpect(status().isOk());
verify(request).check(any(), any());
AuthorizationManager<MethodInvocation> method = (AuthorizationManager<MethodInvocation>) this.spring
.getContext().getBean("method");
verifyNoInteractions(method);
}
@EnableWebSecurity
static class NoRequestsConfig {
@@ -743,25 +726,6 @@ public class AuthorizeHttpRequestsConfigurerTests {
}
@Configuration
static class AuthorizationManagerConfig {
private final AuthorizationManager<HttpServletRequest> request = mock(AuthorizationManager.class);
private final AuthorizationManager<MethodInvocation> method = mock(AuthorizationManager.class);
@Bean
AuthorizationManager<HttpServletRequest> request() {
return this.request;
}
@Bean
AuthorizationManager<MethodInvocation> method() {
return this.method;
}
}
@RestController
static class BasicController {

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2019 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,29 +16,14 @@
package org.springframework.security.config.web.server;
import org.aopalliance.intercept.MethodInvocation;
import org.junit.jupiter.api.Test;
import reactor.core.publisher.Mono;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
import org.springframework.security.config.test.SpringTestContext;
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.web.server.ServerWebExchange;
import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoInteractions;
import static org.springframework.security.config.Customizer.withDefaults;
/**
* @author Rob Winch
@@ -48,8 +33,6 @@ public class AuthorizeExchangeSpecTests {
ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication();
public final SpringTestContext spring = new SpringTestContext(this);
@Test
public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {
this.http.csrf().disable().authorizeExchange().pathMatchers(HttpMethod.POST, "/a", "/b").denyAll().anyExchange()
@@ -124,26 +107,6 @@ public class AuthorizeExchangeSpecTests {
// @formatter:on
}
@Test
public void buildWhenAuthorizationManagerThenWorks() {
this.spring.register(NoRequestsConfig.class, AuthorizationManagerConfig.class).autowire();
ReactiveAuthorizationManager<ServerWebExchange> request = (ReactiveAuthorizationManager<ServerWebExchange>) this.spring
.getContext().getBean("request");
given(request.verify(any(), any())).willReturn(Mono.empty());
SecurityWebFilterChain filterChain = this.spring.getContext().getBean(SecurityWebFilterChain.class);
WebTestClient client = WebTestClientBuilder.bindToWebFilters(filterChain).build();
// @formatter:off
client.get()
.uri("/a")
.exchange()
.expectStatus().isOk();
// @formatter:on
verify(request).verify(any(), any());
ReactiveAuthorizationManager<MethodInvocation> method = (ReactiveAuthorizationManager<MethodInvocation>) this.spring
.getContext().getBean("method");
verifyNoInteractions(method);
}
@Test
public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() {
this.http.authorizeExchange().pathMatchers("/incomplete");
@@ -178,38 +141,4 @@ public class AuthorizeExchangeSpecTests {
return WebTestClientBuilder.bindToWebFilters(this.http.build()).build();
}
@EnableWebFluxSecurity
static class NoRequestsConfig {
@Bean
SecurityWebFilterChain filterChain(ServerHttpSecurity http) {
// @formatter:off
return http
.authorizeExchange(withDefaults())
.build();
// @formatter:on
}
}
@Configuration
static class AuthorizationManagerConfig {
private final ReactiveAuthorizationManager<ServerWebExchange> request = mock(
ReactiveAuthorizationManager.class);
private final ReactiveAuthorizationManager<MethodInvocation> method = mock(ReactiveAuthorizationManager.class);
@Bean
ReactiveAuthorizationManager<ServerWebExchange> request() {
return this.request;
}
@Bean
ReactiveAuthorizationManager<MethodInvocation> method() {
return this.method;
}
}
}