Added support for Anonymous Authentication
1. Created new WebFilter AnonymousAuthenticationWebFilter to for anonymous authentication 2. Created class AnonymousSpec, method anonymous to configure anonymous authentication in ServerHttpSecurity 3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for anonymous authentication in SecurityWebFiltersOrder 4. Added tests for anonymous authentication in AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests 5. Added support for Controller in WebTestClientBuilder Fixes: gh-5934
This commit is contained in:
@@ -34,8 +34,6 @@ import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
|
||||
import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
|
||||
import org.springframework.web.server.WebFilterChain;
|
||||
import reactor.core.publisher.Mono;
|
||||
import reactor.test.publisher.TestPublisher;
|
||||
|
||||
@@ -63,6 +61,9 @@ import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
import org.springframework.web.server.WebFilter;
|
||||
import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
|
||||
import org.springframework.web.server.WebFilterChain;
|
||||
import org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
@@ -216,6 +217,44 @@ public class ServerHttpSecurityTests {
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void anonymous(){
|
||||
SecurityWebFilterChain securityFilterChain = this.http.anonymous().and().build();
|
||||
WebTestClient client = WebTestClientBuilder.bindToControllerAndWebFilters(AnonymousAuthenticationWebFilterTests.HttpMeController.class,
|
||||
securityFilterChain).build();
|
||||
|
||||
client.get()
|
||||
.uri("/me")
|
||||
.exchange()
|
||||
.expectStatus().isOk()
|
||||
.expectBody(String.class).isEqualTo("anonymousUser");
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void basicWithAnonymous() {
|
||||
given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN")));
|
||||
|
||||
this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
|
||||
this.http.httpBasic().and().anonymous();
|
||||
this.http.authenticationManager(this.authenticationManager);
|
||||
ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
|
||||
authorize.anyExchange().hasAuthority("ROLE_ADMIN");
|
||||
|
||||
WebTestClient client = buildClient();
|
||||
|
||||
EntityExchangeResult<String> result = client.get()
|
||||
.uri("/")
|
||||
.headers(headers -> headers.setBasicAuth("rob", "rob"))
|
||||
.exchange()
|
||||
.expectStatus().isOk()
|
||||
.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")
|
||||
.expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok"))
|
||||
.returnResult();
|
||||
|
||||
assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
|
||||
}
|
||||
|
||||
private <T extends WebFilter> Optional<T> getWebFilter(SecurityWebFilterChain filterChain, Class<T> filterClass) {
|
||||
return (Optional<T>) filterChain.getWebFilters()
|
||||
.filter(Objects::nonNull)
|
||||
@@ -242,7 +281,6 @@ public class ServerHttpSecurityTests {
|
||||
}
|
||||
|
||||
private static class TestWebFilter implements WebFilter {
|
||||
|
||||
@Override
|
||||
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
|
||||
return chain.filter(exchange);
|
||||
|
||||
Reference in New Issue
Block a user