Add Request Path Extraction Support
Closes gh-13256
This commit is contained in:
committed by
Josh Cummings
parent
b82bd471bd
commit
ec02c22459
@@ -40,8 +40,10 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
|
||||
import org.springframework.security.config.core.GrantedAuthorityDefaults;
|
||||
import org.springframework.security.config.test.SpringTestContext;
|
||||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
@@ -543,6 +545,17 @@ public class AuthorizeHttpRequestsConfigurerTests {
|
||||
this.mvc.perform(request).andExpect(status().isOk());
|
||||
request = get("/user/deny");
|
||||
this.mvc.perform(request).andExpect(status().isUnauthorized());
|
||||
|
||||
UserDetails user = TestAuthentication.withUsername("taehong").build();
|
||||
Authentication authentication = TestAuthentication.authenticated(user);
|
||||
request = get("/v2/user/{username}", user.getUsername()).with(authentication(authentication));
|
||||
this.mvc.perform(request).andExpect(status().isOk());
|
||||
|
||||
request = get("/v2/user/{username}", "withNoAuthentication");
|
||||
this.mvc.perform(request).andExpect(status().isUnauthorized());
|
||||
|
||||
request = get("/v2/user/{username}", "another").with(authentication(authentication));
|
||||
this.mvc.perform(request).andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
private static RequestPostProcessor remoteAddress(String remoteAddress) {
|
||||
@@ -1067,6 +1080,7 @@ public class AuthorizeHttpRequestsConfigurerTests {
|
||||
.httpBasic(withDefaults())
|
||||
.authorizeHttpRequests((requests) -> requests
|
||||
.requestMatchers("/user/{username}").access(new WebExpressionAuthorizationManager("#username == 'user'"))
|
||||
.requestMatchers("/v2/user/{username}").hasVariable("username").equalTo(Authentication::getName)
|
||||
);
|
||||
// @formatter:on
|
||||
return http.build();
|
||||
@@ -1080,6 +1094,11 @@ public class AuthorizeHttpRequestsConfigurerTests {
|
||||
return username;
|
||||
}
|
||||
|
||||
@RequestMapping("/v2/user/{username}")
|
||||
String pathV2(@PathVariable("username") String username) {
|
||||
return username;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user