Allow setting authenticationEntryPoint for Http Basic

1. Added method authenticationEntryPoint in ServerHttpSecurity to allow
setting authenticationEntryPoint.
2. Added test in ServerHttpSecurityTests to check if
if specified realm name set by authenticationEntryPoint is
returned

Fixes: gh-6270
This commit is contained in:
Ankur Pathak
2018-12-13 09:31:28 +05:30
committed by Rob Winch
parent a90c217446
commit 3bcb1d9458
2 changed files with 37 additions and 0 deletions

View File

@@ -64,6 +64,7 @@ import org.springframework.web.server.WebFilter;
import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
import org.springframework.web.server.WebFilterChain;
import org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests;
import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;
/**
* @author Rob Winch
@@ -255,6 +256,29 @@ public class ServerHttpSecurityTests {
assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
}
@Test
public void basicWithCustomRealmName() {
this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
authenticationEntryPoint.setRealm("myrealm");
this.http.httpBasic().authenticationEntryPoint(authenticationEntryPoint);
this.http.authenticationManager(this.authenticationManager);
ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
authorize.anyExchange().authenticated();
WebTestClient client = buildClient();
EntityExchangeResult<String> result = client.get()
.uri("/")
.exchange()
.expectStatus().isUnauthorized()
.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, value -> assertThat(value).contains("myrealm"))
.expectBody(String.class)
.returnResult();
assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
}
private <T extends WebFilter> Optional<T> getWebFilter(SecurityWebFilterChain filterChain, Class<T> filterClass) {
return (Optional<T>) filterChain.getWebFilters()
.filter(Objects::nonNull)