Cleanup and fix tests

This commit is contained in:
Oleg Zhurakousky
2023-07-20 16:50:16 +02:00
parent 8486e0bcb9
commit efda7285ad
7 changed files with 70 additions and 28 deletions

View File

@@ -217,7 +217,7 @@ public class ProxyServletContext implements ServletContext {
@Override
public Map<String, ? extends ServletRegistration> getServletRegistrations() {
throw new UnsupportedOperationException("This ServletContext does not represent a running web container");
return this.registrations;
}
@Override

View File

@@ -72,27 +72,24 @@ public class PetStoreSpringAppConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable() // need for POST
.addFilterBefore(new GenericFilterBean() {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(UsernamePasswordAuthenticationToken.authenticated("user", "password",
Collections.singleton(new SimpleGrantedAuthority("USER"))));
HttpSession session = ((HttpServletRequest) request).getSession();
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
chain.doFilter(request, response);
}
}, SecurityContextHolderFilter.class)
.authorizeHttpRequests((requests) -> requests
.requestMatchers("/", "/pets", "/pets/").hasAnyAuthority("USER")
.requestMatchers("/foo").hasAnyAuthority("FOO")
.anyRequest().authenticated()
http
.addFilterBefore(new GenericFilterBean() {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(UsernamePasswordAuthenticationToken.authenticated("user", "password",
Collections.singleton(new SimpleGrantedAuthority("USER"))));
HttpSession session = ((HttpServletRequest) request).getSession();
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
chain.doFilter(request, response);
}
}, SecurityContextHolderFilter.class)
.securityMatcher("/foo")
.authorizeHttpRequests(authorize -> authorize
.anyRequest().hasRole("FOO")
)
.exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and()
.logout((logout) -> logout.permitAll());
.exceptionHandling(f -> f.accessDeniedHandler(accessDeniedHandler()));
return http.build();
}