diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java new file mode 100644 index 0000000000..287bf36a18 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandler.java @@ -0,0 +1,63 @@ +/* + * Copyright 2002-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.web.server.authentication; + +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.server.DefaultServerRedirectStrategy; +import org.springframework.security.web.server.ServerAuthenticationEntryPoint; +import org.springframework.security.web.server.ServerRedirectStrategy; +import org.springframework.security.web.server.WebFilterExchange; +import org.springframework.security.web.server.savedrequest.ServerRequestCache; +import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache; +import org.springframework.util.Assert; +import org.springframework.web.server.ServerWebExchange; +import reactor.core.publisher.Mono; + +import java.net.URI; + +/** + * Performs a redirect to a specified location. + * + * @author Rob Winch + * @since 5.0 + */ +public class RedirectServerAuthenticationFailureHandler + implements ServerAuthenticationFailureHandler { + private final URI location; + + private ServerRedirectStrategy serverRedirectStrategy = new DefaultServerRedirectStrategy(); + + public RedirectServerAuthenticationFailureHandler(String location) { + Assert.notNull(location, "location cannot be null"); + this.location = URI.create(location); + } + + /** + * Sets the RedirectStrategy to use. + * @param serverRedirectStrategy the strategy to use. Default is DefaultRedirectStrategy. + */ + public void setServerRedirectStrategy(ServerRedirectStrategy serverRedirectStrategy) { + Assert.notNull(serverRedirectStrategy, "redirectStrategy cannot be null"); + this.serverRedirectStrategy = serverRedirectStrategy; + } + + @Override + public Mono onAuthenticationFailure( + WebFilterExchange webFilterExchange, AuthenticationException exception) { + return this.serverRedirectStrategy.sendRedirect(webFilterExchange.getExchange(), this.location); + } +} diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java new file mode 100644 index 0000000000..c959b46a51 --- /dev/null +++ b/web/src/test/java/org/springframework/security/web/server/authentication/RedirectServerAuthenticationFailureHandlerTests.java @@ -0,0 +1,103 @@ +/* + * Copyright 2002-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.web.server.authentication; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.junit.MockitoJUnitRunner; +import org.springframework.http.HttpStatus; +import org.springframework.mock.http.server.reactive.MockServerHttpRequest; +import org.springframework.mock.web.server.MockServerWebExchange; +import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.server.ServerRedirectStrategy; +import org.springframework.security.web.server.WebFilterExchange; +import org.springframework.web.server.handler.DefaultWebFilterChain; +import reactor.core.publisher.Mono; +import reactor.test.publisher.PublisherProbe; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +/** + * @author Rob Winch + * @since 5.0 + */ +@RunWith(MockitoJUnitRunner.class) +public class RedirectServerAuthenticationFailureHandlerTests { + + private WebFilterExchange exchange; + @Mock + private ServerRedirectStrategy serverRedirectStrategy; + + private String location = "/login"; + + private RedirectServerAuthenticationFailureHandler handler = + new RedirectServerAuthenticationFailureHandler(this.location); + + private AuthenticationException exception = new AuthenticationCredentialsNotFoundException("Authentication Required"); + + + @Test(expected = IllegalArgumentException.class) + public void constructorStringWhenNullLocationThenException() { + new RedirectServerAuthenticationEntryPoint((String) null); + } + + @Test + public void commenceWhenNoSubscribersThenNoActions() { + this.exchange = createExchange(); + this.handler.onAuthenticationFailure(this.exchange, + this.exception); + + assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).isNull(); + assertThat(this.exchange.getExchange().getSession().block().isStarted()).isFalse(); + } + + @Test + public void commenceWhenSubscribeThenStatusAndLocationSet() { + this.exchange = createExchange(); + + this.handler.onAuthenticationFailure(this.exchange, this.exception).block(); + + assertThat(this.exchange.getExchange().getResponse().getStatusCode()).isEqualTo( + HttpStatus.FOUND); + assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).hasPath(this.location); + } + + @Test + public void commenceWhenCustomServerRedirectStrategyThenCustomServerRedirectStrategyUsed() { + PublisherProbe redirectResult = PublisherProbe.empty(); + when(this.serverRedirectStrategy.sendRedirect(any(), any())).thenReturn(redirectResult.mono()); + this.handler.setServerRedirectStrategy(this.serverRedirectStrategy); + this.exchange = createExchange(); + + this.handler.onAuthenticationFailure(this.exchange, this.exception).block(); + + redirectResult.assertWasSubscribed(); + } + + @Test(expected = IllegalArgumentException.class) + public void setRedirectStrategyWhenNullThenException() { + this.handler.setServerRedirectStrategy(null); + } + + private WebFilterExchange createExchange() { + return new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/").build()), new DefaultWebFilterChain(e -> Mono.empty())); + } +}