ReactorContextWebFilter & SecurityContextServerWebExchangeWebFilter

Issue: gh-4719
This commit is contained in:
Rob Winch
2017-10-25 22:02:11 -05:00
parent c63b258b16
commit 437ba56415
8 changed files with 149 additions and 169 deletions

View File

@@ -0,0 +1,102 @@
/*
* Copyright 2002-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.server.context;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.test.web.reactive.server.WebTestHandler;
import reactor.core.publisher.Mono;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.*;
/**
* @author Rob Winch
* @since 5.0
*/
@RunWith(MockitoJUnitRunner.class)
public class ReactorContextWebFilterTests {
@Mock
private Authentication principal;
@Mock
private ServerSecurityContextRepository repository;
private MockServerHttpRequest.BaseBuilder<?> exchange = MockServerHttpRequest.get("/");
private ReactorContextWebFilter filter;
private WebTestHandler handler;
@Before
public void setup() {
this.filter = new ReactorContextWebFilter(this.repository);
this.handler = WebTestHandler.bindToWebFilters(this.filter);
}
@Test(expected = IllegalArgumentException.class)
public void constructorNullSecurityContextRepository() {
ServerSecurityContextRepository repository = null;
new ReactorContextWebFilter(repository);
}
@Test
public void filterWhenNoPrincipalAccessThenNoInteractions() {
this.handler.exchange(this.exchange);
verifyZeroInteractions(this.repository);
}
@Test
public void filterWhenGetPrincipalMonoThenNoInteractions() {
this.handler = WebTestHandler.bindToWebFilters(this.filter, (e,c) -> {
ReactiveSecurityContextHolder.getContext();
return c.filter(e);
});
this.handler.exchange(this.exchange);
verifyZeroInteractions(this.repository);
}
@Test
public void filterWhenPrincipalAndGetPrincipalThenInteractAndUseOriginalPrincipal() {
SecurityContextImpl context = new SecurityContextImpl(this.principal);
when(this.repository.load(any())).thenReturn(Mono.just(context));
this.handler = WebTestHandler.bindToWebFilters(this.filter, (e,c) ->
ReactiveSecurityContextHolder.getContext()
.map(SecurityContext::getAuthentication)
.doOnSuccess( p -> assertThat(p).isSameAs(this.principal))
.flatMap(p -> c.filter(e))
);
WebTestHandler.WebHandlerResult result = this.handler.exchange(this.exchange);
verify(this.repository).load(any());
}
}

View File

@@ -36,57 +36,56 @@ import static org.assertj.core.api.Assertions.assertThat;
* @author Rob Winch
* @since 5.0
*/
public class AuthenticationReactorContextWebFilterTests {
AuthenticationReactorContextWebFilter filter = new AuthenticationReactorContextWebFilter();
public class SecurityContextServerWebExchangeWebFilterTests {
SecurityContextServerWebExchangeWebFilter filter = new SecurityContextServerWebExchangeWebFilter();
Principal principal = new TestingAuthenticationToken("user","password", "ROLE_USER");
Authentication principal = new TestingAuthenticationToken("user","password", "ROLE_USER");
ServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/").build());
@Test
public void filterWhenExistingContextAndPrincipalNotNullThenContextPopulated() {
exchange = exchange.mutate().principal(Mono.just(principal)).build();
StepVerifier.create(filter.filter(exchange,
new DefaultWebFilterChain( e ->
ReactiveSecurityContextHolder.getContext()
.map(SecurityContext::getAuthentication)
Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain( e ->
e.getPrincipal()
.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(principal))
.flatMap( contextPrincipal -> Mono.subscriberContext())
.doOnSuccess( context -> assertThat(context.<String>get("foo")).isEqualTo("bar"))
.then()
)
)
.subscriberContext( context -> context.put("foo", "bar")))
.verifyComplete();
.subscriberContext( context -> context.put("foo", "bar"))
.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
StepVerifier.create(result)
.verifyComplete();
}
@Test
public void filterWhenPrincipalNotNullThenContextPopulated() {
exchange = exchange.mutate().principal(Mono.just(principal)).build();
StepVerifier.create(filter.filter(exchange,
new DefaultWebFilterChain( e ->
ReactiveSecurityContextHolder.getContext()
.map(SecurityContext::getAuthentication)
.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(principal))
Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain( e ->
e.getPrincipal()
.doOnSuccess(contextPrincipal -> assertThat(contextPrincipal).isEqualTo(this.principal))
.then()
)
))
.verifyComplete();
)
.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(this.principal));
StepVerifier.create(result)
.verifyComplete();
}
@Test
public void filterWhenPrincipalNullThenContextEmpty() {
Authentication defaultAuthentication = new TestingAuthenticationToken("anonymouse","anonymous", "TEST");
StepVerifier.create(filter.filter(exchange,
new DefaultWebFilterChain( e ->
ReactiveSecurityContextHolder.getContext()
.map(SecurityContext::getAuthentication)
Mono<Void> result = this.filter.filter(this.exchange, new DefaultWebFilterChain( e ->
e.getPrincipal()
.defaultIfEmpty(defaultAuthentication)
.doOnSuccess( contextPrincipal -> assertThat(contextPrincipal).isEqualTo(defaultAuthentication)
)
.then()
)
.then()
)
))
.verifyComplete();
);
StepVerifier.create(result)
.verifyComplete();
}
}

View File

@@ -1,113 +0,0 @@
/*
* Copyright 2002-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.server.context;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
import org.springframework.mock.web.server.MockServerWebExchange;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.test.web.reactive.server.WebTestHandler;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import java.security.Principal;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.*;
/**
* @author Rob Winch
* @since 5.0
*/
@RunWith(MockitoJUnitRunner.class)
public class ServerSecurityContextRepositoryWebFilterTests {
@Mock
Authentication principal;
@Mock ServerSecurityContextRepository repository;
MockServerHttpRequest.BaseBuilder<?> exchange = MockServerHttpRequest.get("/");
SecurityContextRepositoryWebFilter filter;
WebTestHandler filters;
@Before
public void setup() {
filter = new SecurityContextRepositoryWebFilter(repository);
filters = WebTestHandler.bindToWebFilters(filter);
}
@Test(expected = IllegalArgumentException.class)
public void constructorNullSecurityContextRepository() {
ServerSecurityContextRepository repository = null;
new SecurityContextRepositoryWebFilter(repository);
}
@Test
public void filterWhenNoPrincipalAccessThenNoInteractions() {
filters.exchange(exchange);
verifyZeroInteractions(repository);
}
@Test
public void filterWhenGetPrincipalMonoThenNoInteractions() {
filters = WebTestHandler.bindToWebFilters(filter, (e,c) -> {
Mono<Principal> p = e.getPrincipal();
return c.filter(e);
});
filters.exchange(exchange);
verifyZeroInteractions(repository);
}
// We must use the original principal if the result is empty for test support to work
@Test
public void filterWhenEmptyAndGetPrincipalThenInteractAndUseOriginalPrincipal() {
when(repository.load(any())).thenReturn(Mono.empty());
filters = WebTestHandler.bindToWebFilters(filter, (e,c) -> e.getPrincipal().flatMap( p-> c.filter(e))) ;
ServerWebExchange exchangeWithPrincipal = MockServerWebExchange.from(exchange.build()).mutate().principal(Mono.just(principal)).build();
WebTestHandler.WebHandlerResult result = filters.exchange(exchangeWithPrincipal);
verify(repository).load(any());
assertThat(result.getExchange().getPrincipal().block()).isSameAs(principal);
}
@Test
public void filterWhenPrincipalAndGetPrincipalThenInteractAndUseOriginalPrincipal() {
SecurityContextImpl context = new SecurityContextImpl();
context.setAuthentication(principal);
when(repository.load(any())).thenReturn(Mono.just(context));
filters = WebTestHandler.bindToWebFilters(filter, (e,c) -> e.getPrincipal().flatMap( p-> c.filter(e))) ;
WebTestHandler.WebHandlerResult result = filters.exchange(exchange);
verify(repository).load(any());
assertThat(result.getExchange().getPrincipal().block()).isSameAs(principal);
}
}