Add FormLogin Configuration

Fixes gh-4537
This commit is contained in:
Rob Winch
2017-09-12 16:23:35 -05:00
parent fca8bf6088
commit d93c774691
5 changed files with 461 additions and 11 deletions

View File

@@ -41,6 +41,9 @@ import org.springframework.security.web.server.WebFilterChainFilter;
import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.reactive.function.BodyInserters;
import reactor.core.publisher.Mono;
import java.nio.charset.StandardCharsets;
@@ -144,8 +147,8 @@ public class EnableWebFluxSecurityTests {
.flatMap( principal -> exchange.getResponse()
.writeWith(Mono.just(toDataBuffer(principal.getName()))))
)
.filter(basicAuthentication())
.build();
.filter(basicAuthentication())
.build();
client
.get()
@@ -174,6 +177,49 @@ public class EnableWebFluxSecurityTests {
}
}
@RunWith(SpringRunner.class)
public static class FormLoginTests {
@Autowired
WebFilterChainFilter springSecurityFilterChain;
@Test
public void formLoginWorks() {
WebTestClient client = WebTestClientBuilder.bindToWebFilters(
springSecurityFilterChain,
(exchange,chain) ->
Mono.subscriberContext()
.flatMap( c -> c.<Mono<Principal>>get(Authentication.class))
.flatMap( principal -> exchange.getResponse()
.writeWith(Mono.just(toDataBuffer(principal.getName()))))
)
.build();
MultiValueMap<String, String> data = new LinkedMultiValueMap<>();
data.add("username", "user");
data.add("password", "password");
client
.post()
.uri("/login")
.body(BodyInserters.fromFormData(data))
.exchange()
.expectStatus().is3xxRedirection()
.expectHeader().valueMatches("Location", "/");
}
@EnableWebFluxSecurity
static class Config {
@Bean
public UserDetailsRepository userDetailsRepository() {
return new MapUserDetailsRepository(User.withUsername("user")
.password("password")
.roles("USER")
.build()
);
}
}
}
@RunWith(SpringRunner.class)
public static class MultiHttpSecurity {
@Autowired

View File

@@ -0,0 +1,255 @@
/*
*
* * Copyright 2002-2017 the original author or authors.
* *
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
* *
* * http://www.apache.org/licenses/LICENSE-2.0
* *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* * See the License for the specific language governing permissions and
* * limitations under the License.
*
*/
package org.springframework.security.config.web.server;
import org.junit.Test;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import org.openqa.selenium.support.PageFactory;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.UserDetailsRepositoryAuthenticationManager;
import org.springframework.security.core.userdetails.MapUserDetailsRepository;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverBuilder;
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.WebFilterChainFilter;
import org.springframework.stereotype.Controller;
import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import static org.assertj.core.api.Assertions.assertThat;
/**
* @author Rob Winch
* @since 5.0
*/
public class FormLoginTests {
private UserDetails user = User.withUsername("user").password("password").roles("USER").build();
private HttpSecurity http = HttpSecurity.http();
ReactiveAuthenticationManager manager = new UserDetailsRepositoryAuthenticationManager(new MapUserDetailsRepository(this.user));
@Test
public void defaultLoginPage() {
SecurityWebFilterChain securityWebFilter = this.http
.authenticationManager(this.manager)
.authorizeExchange()
.anyExchange().authenticated()
.and()
.formLogin().and()
.build();
WebTestClient webTestClient = WebTestClientBuilder
.bindToWebFilters(securityWebFilter)
.build();
WebDriver driver = WebTestClientHtmlUnitDriverBuilder
.webTestClientSetup(webTestClient)
.build();
DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class);
HomePage homePage = loginPage.loginForm()
.username("user")
.password("password")
.submit(HomePage.class);
homePage.assertAt();
}
@Test
public void customLoginPage() {
SecurityWebFilterChain securityWebFilter = this.http
.authenticationManager(this.manager)
.authorizeExchange()
.pathMatchers("/login").permitAll()
.anyExchange().authenticated()
.and()
.formLogin()
.loginPage("/login")
.and()
.build();
WebTestClient webTestClient = WebTestClient
.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
.webFilter(WebFilterChainFilter.fromSecurityWebFilterChains(securityWebFilter))
.build();
WebDriver driver = WebTestClientHtmlUnitDriverBuilder
.webTestClientSetup(webTestClient)
.build();
CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class)
.assertAt();
HomePage homePage = loginPage.loginForm()
.username("user")
.password("password")
.submit(HomePage.class);
homePage.assertAt();
}
public static class CustomLoginPage {
private WebDriver driver;
private LoginForm loginForm;
public CustomLoginPage(WebDriver webDriver) {
this.driver = webDriver;
this.loginForm = PageFactory.initElements(webDriver, LoginForm.class);
}
public CustomLoginPage assertAt() {
assertThat(this.driver.getTitle()).isEqualTo("Custom Log In Page");
return this;
}
public LoginForm loginForm() {
return this.loginForm;
}
public static class LoginForm {
private WebDriver driver;
private WebElement username;
private WebElement password;
@FindBy(css = "button[type=submit]")
private WebElement submit;
public LoginForm(WebDriver driver) {
this.driver = driver;
}
public LoginForm username(String username) {
this.username.sendKeys(username);
return this;
}
public LoginForm password(String password) {
this.password.sendKeys(password);
return this;
}
public <T> T submit(Class<T> page) {
this.submit.click();
return PageFactory.initElements(this.driver, page);
}
}
}
public static class DefaultLoginPage {
private WebDriver driver;
private LoginForm loginForm;
public DefaultLoginPage(WebDriver webDriver) {
this.driver = webDriver;
this.loginForm = PageFactory.initElements(webDriver, LoginForm.class);
}
public LoginForm loginForm() {
return this.loginForm;
}
public static class LoginForm {
private WebDriver driver;
private WebElement username;
private WebElement password;
@FindBy(css = "button[type=submit]")
private WebElement submit;
public LoginForm(WebDriver driver) {
this.driver = driver;
}
public LoginForm username(String username) {
this.username.sendKeys(username);
return this;
}
public LoginForm password(String password) {
this.password.sendKeys(password);
return this;
}
public <T> T submit(Class<T> page) {
this.submit.click();
return PageFactory.initElements(this.driver, page);
}
}
}
public static class HomePage {
private WebDriver driver;
public HomePage(WebDriver driver) {
this.driver = driver;
}
public void assertAt() {
assertThat(this.driver.getPageSource()).contains("ok");
}
static <T> T to(WebDriver driver, Class<T> page) {
driver.get("http://localhost/");
return PageFactory.initElements(driver, page);
}
}
@Controller
public static class CustomLoginPageController {
@ResponseBody
@GetMapping("/login")
public String login() {
return "<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ " <head>\n"
+ " <meta charset=\"utf-8\">\n"
+ " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+ " <meta name=\"description\" content=\"\">\n"
+ " <meta name=\"author\" content=\"\">\n"
+ " <title>Custom Log In Page</title>\n"
+ " </head>\n"
+ " <body>\n"
+ " <div>\n"
+ " <form method=\"post\" action=\"/login\">\n"
+ " <h2>Please sign in</h2>\n"
+ " <p>\n"
+ " <label for=\"username\">Username</label>\n"
+ " <input type=\"text\" id=\"username\" name=\"username\" placeholder=\"Username\" required autofocus>\n"
+ " </p>\n"
+ " <p>\n"
+ " <label for=\"password\" class=\"sr-only\">Password</label>\n"
+ " <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n"
+ " </p>\n"
+ " <button type=\"submit\">Sign in</button>\n"
+ " </form>\n"
+ " </div>\n"
+ " </body>\n"
+ "</html>";
}
}
}