Allow setting authenticationEntryPoint for Http Basic
1. Added method authenticationEntryPoint in ServerHttpSecurity to allow setting authenticationEntryPoint. 2. Added test in ServerHttpSecurityTests to check if if specified realm name set by authenticationEntryPoint is returned Fixes: gh-6270
This commit is contained in:
@@ -64,6 +64,7 @@ import org.springframework.web.server.WebFilter;
|
||||
import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter;
|
||||
import org.springframework.web.server.WebFilterChain;
|
||||
import org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests;
|
||||
import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
@@ -255,6 +256,29 @@ public class ServerHttpSecurityTests {
|
||||
assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void basicWithCustomRealmName() {
|
||||
this.http.securityContextRepository(new WebSessionServerSecurityContextRepository());
|
||||
HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint();
|
||||
authenticationEntryPoint.setRealm("myrealm");
|
||||
this.http.httpBasic().authenticationEntryPoint(authenticationEntryPoint);
|
||||
this.http.authenticationManager(this.authenticationManager);
|
||||
ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange();
|
||||
authorize.anyExchange().authenticated();
|
||||
|
||||
WebTestClient client = buildClient();
|
||||
|
||||
EntityExchangeResult<String> result = client.get()
|
||||
.uri("/")
|
||||
.exchange()
|
||||
.expectStatus().isUnauthorized()
|
||||
.expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, value -> assertThat(value).contains("myrealm"))
|
||||
.expectBody(String.class)
|
||||
.returnResult();
|
||||
|
||||
assertThat(result.getResponseCookies().getFirst("SESSION")).isNull();
|
||||
}
|
||||
|
||||
private <T extends WebFilter> Optional<T> getWebFilter(SecurityWebFilterChain filterChain, Class<T> filterClass) {
|
||||
return (Optional<T>) filterChain.getWebFilters()
|
||||
.filter(Objects::nonNull)
|
||||
|
||||
Reference in New Issue
Block a user