ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter
Issue: gh-4719
This commit is contained in:
@@ -0,0 +1,102 @@
|
||||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.server.context;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
import org.springframework.security.test.web.reactive.server.WebTestHandler;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
* @since 5.0
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class ReactorContextWebFilterTests {
|
||||
@Mock
|
||||
private Authentication principal;
|
||||
|
||||
@Mock
|
||||
private ServerSecurityContextRepository repository;
|
||||
|
||||
private MockServerHttpRequest.BaseBuilder<?> exchange = MockServerHttpRequest.get("/");
|
||||
|
||||
private ReactorContextWebFilter filter;
|
||||
|
||||
private WebTestHandler handler;
|
||||
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
this.filter = new ReactorContextWebFilter(this.repository);
|
||||
this.handler = WebTestHandler.bindToWebFilters(this.filter);
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorNullSecurityContextRepository() {
|
||||
ServerSecurityContextRepository repository = null;
|
||||
new ReactorContextWebFilter(repository);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenNoPrincipalAccessThenNoInteractions() {
|
||||
this.handler.exchange(this.exchange);
|
||||
|
||||
verifyZeroInteractions(this.repository);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenGetPrincipalMonoThenNoInteractions() {
|
||||
this.handler = WebTestHandler.bindToWebFilters(this.filter, (e,c) -> {
|
||||
ReactiveSecurityContextHolder.getContext();
|
||||
return c.filter(e);
|
||||
});
|
||||
|
||||
this.handler.exchange(this.exchange);
|
||||
|
||||
verifyZeroInteractions(this.repository);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenPrincipalAndGetPrincipalThenInteractAndUseOriginalPrincipal() {
|
||||
SecurityContextImpl context = new SecurityContextImpl(this.principal);
|
||||
when(this.repository.load(any())).thenReturn(Mono.just(context));
|
||||
this.handler = WebTestHandler.bindToWebFilters(this.filter, (e,c) ->
|
||||
ReactiveSecurityContextHolder.getContext()
|
||||
.map(SecurityContext::getAuthentication)
|
||||
.doOnSuccess( p -> assertThat(p).isSameAs(this.principal))
|
||||
.flatMap(p -> c.filter(e))
|
||||
);
|
||||
|
||||
WebTestHandler.WebHandlerResult result = this.handler.exchange(this.exchange);
|
||||
|
||||
verify(this.repository).load(any());
|
||||
}
|
||||
}
|
||||
@@ -36,57 +36,56 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
* @author Rob Winch
|
||||
* @since 5.0
|
||||
*/
|
||||
public class AuthenticationReactorContextWebFilterTests {
|
||||
AuthenticationReactorContextWebFilter filter = new AuthenticationReactorContextWebFilter();
|
||||
public class SecurityContextServerWebExchangeWebFilterTests {
|
||||
SecurityContextServerWebExchangeWebFilter filter = new SecurityContextServerWebExchangeWebFilter();
|
||||
|
||||
Principal principal = new TestingAuthenticationToken("user","password", "ROLE_USER");
|
||||
Authentication principal = new TestingAuthenticationToken("user","password", "ROLE_USER");
|
||||
|
||||
ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
|
||||
|
||||
@Test
|
||||
public void filterWhenExistingContextAndPrincipalNotNullThenContextPopulated() {
|
||||
exchange = exchange.mutate().principal(Mono.just(principal)).build();
|
||||
StepVerifier.create(filter.filter(exchange,
|
||||
new DefaultWebFilterChain( e ->
|
||||
ReactiveSecurityContextHolder.getContext()
|
||||
.map(SecurityContext::getAuthentication)
|
||||
Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain( e ->
|
||||
e.getPrincipal()
|
||||
.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(principal))
|
||||
.flatMap( contextPrincipal -> Mono.subscriberContext())
|
||||
.doOnSuccess( context -> assertThat(context.<String>get("foo")).isEqualTo("bar"))
|
||||
.then()
|
||||
)
|
||||
)
|
||||
.subscriberContext( context -> context.put("foo", "bar")))
|
||||
.verifyComplete();
|
||||
.subscriberContext( context -> context.put("foo", "bar"))
|
||||
.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
|
||||
|
||||
StepVerifier.create(result)
|
||||
.verifyComplete();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenPrincipalNotNullThenContextPopulated() {
|
||||
exchange = exchange.mutate().principal(Mono.just(principal)).build();
|
||||
StepVerifier.create(filter.filter(exchange,
|
||||
new DefaultWebFilterChain( e ->
|
||||
ReactiveSecurityContextHolder.getContext()
|
||||
.map(SecurityContext::getAuthentication)
|
||||
.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(principal))
|
||||
Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain( e ->
|
||||
e.getPrincipal()
|
||||
.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(this.principal))
|
||||
.then()
|
||||
)
|
||||
))
|
||||
.verifyComplete();
|
||||
)
|
||||
.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
|
||||
|
||||
StepVerifier.create(result)
|
||||
.verifyComplete();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenPrincipalNullThenContextEmpty() {
|
||||
Authentication defaultAuthentication = new TestingAuthenticationToken("anonymouse","anonymous", "TEST");
|
||||
StepVerifier.create(filter.filter(exchange,
|
||||
new DefaultWebFilterChain( e ->
|
||||
ReactiveSecurityContextHolder.getContext()
|
||||
.map(SecurityContext::getAuthentication)
|
||||
Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain( e ->
|
||||
e.getPrincipal()
|
||||
.defaultIfEmpty(defaultAuthentication)
|
||||
.doOnSuccess( contextPrincipal -> assertThat(contextPrincipal).isEqualTo(defaultAuthentication)
|
||||
)
|
||||
.then()
|
||||
)
|
||||
.then()
|
||||
)
|
||||
))
|
||||
.verifyComplete();
|
||||
);
|
||||
StepVerifier.create(result)
|
||||
.verifyComplete();
|
||||
}
|
||||
}
|
||||
@@ -1,113 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.server.context;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
|
||||
import org.springframework.mock.web.server.MockServerWebExchange;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
import org.springframework.security.test.web.reactive.server.WebTestHandler;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.security.Principal;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
* @since 5.0
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class ServerSecurityContextRepositoryWebFilterTests {
|
||||
@Mock
|
||||
Authentication principal;
|
||||
|
||||
@Mock ServerSecurityContextRepository repository;
|
||||
|
||||
MockServerHttpRequest.BaseBuilder<?> exchange = MockServerHttpRequest.get("/");
|
||||
|
||||
SecurityContextRepositoryWebFilter filter;
|
||||
|
||||
WebTestHandler filters;
|
||||
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
filter = new SecurityContextRepositoryWebFilter(repository);
|
||||
filters = WebTestHandler.bindToWebFilters(filter);
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorNullSecurityContextRepository() {
|
||||
ServerSecurityContextRepository repository = null;
|
||||
new SecurityContextRepositoryWebFilter(repository);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenNoPrincipalAccessThenNoInteractions() {
|
||||
filters.exchange(exchange);
|
||||
|
||||
verifyZeroInteractions(repository);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenGetPrincipalMonoThenNoInteractions() {
|
||||
filters = WebTestHandler.bindToWebFilters(filter, (e,c) -> {
|
||||
Mono<Principal> p = e.getPrincipal();
|
||||
return c.filter(e);
|
||||
});
|
||||
|
||||
filters.exchange(exchange);
|
||||
|
||||
verifyZeroInteractions(repository);
|
||||
}
|
||||
|
||||
// We must use the original principal if the result is empty for test support to work
|
||||
@Test
|
||||
public void filterWhenEmptyAndGetPrincipalThenInteractAndUseOriginalPrincipal() {
|
||||
when(repository.load(any())).thenReturn(Mono.empty());
|
||||
filters = WebTestHandler.bindToWebFilters(filter, (e,c) -> e.getPrincipal().flatMap( p-> c.filter(e))) ;
|
||||
|
||||
ServerWebExchange exchangeWithPrincipal = MockServerWebExchange.from(exchange.build()).mutate().principal(Mono.just(principal)).build();
|
||||
WebTestHandler.WebHandlerResult result = filters.exchange(exchangeWithPrincipal);
|
||||
|
||||
verify(repository).load(any());
|
||||
assertThat(result.getExchange().getPrincipal().block()).isSameAs(principal);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterWhenPrincipalAndGetPrincipalThenInteractAndUseOriginalPrincipal() {
|
||||
SecurityContextImpl context = new SecurityContextImpl();
|
||||
context.setAuthentication(principal);
|
||||
when(repository.load(any())).thenReturn(Mono.just(context));
|
||||
filters = WebTestHandler.bindToWebFilters(filter, (e,c) -> e.getPrincipal().flatMap( p-> c.filter(e))) ;
|
||||
|
||||
WebTestHandler.WebHandlerResult result = filters.exchange(exchange);
|
||||
|
||||
verify(repository).load(any());
|
||||
assertThat(result.getExchange().getPrincipal().block()).isSameAs(principal);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user