Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add ContinueOnError Support For Failed Authentications 

Closes gh-14521
This commit is contained in:
ruabtmh 2024-02-13 11:47:23 +03:00 committed by Josh Cummings
parent 4d383023cb
commit 09010f3f51
2 changed files with 58 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -18,7 +18,10 @@ package org.springframework.security.authentication;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.function.Function;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import reactor.core.publisher.Flux; import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
@ -28,7 +31,7 @@ import org.springframework.util.Assert;
/** /**
* A {@link ReactiveAuthenticationManager} that delegates to other * A {@link ReactiveAuthenticationManager} that delegates to other
* {@link ReactiveAuthenticationManager} instances using the result from the first non * {@link ReactiveAuthenticationManager} instances using the result from the first non
* empty result. * empty result. Errors from delegates will be ignored if continueOnError is true.
* *
* @author Rob Winch * @author Rob Winch
* @since 5.1 * @since 5.1
@ -37,6 +40,10 @@ public class DelegatingReactiveAuthenticationManager implements ReactiveAuthenti
private final List<ReactiveAuthenticationManager> delegates; private final List<ReactiveAuthenticationManager> delegates;
private boolean continueOnError = false;
private final Log logger = LogFactory.getLog(getClass());
public DelegatingReactiveAuthenticationManager(ReactiveAuthenticationManager... entryPoints) { public DelegatingReactiveAuthenticationManager(ReactiveAuthenticationManager... entryPoints) {
this(Arrays.asList(entryPoints)); this(Arrays.asList(entryPoints));
} }
@ -48,11 +55,15 @@ public class DelegatingReactiveAuthenticationManager implements ReactiveAuthenti
@Override @Override
public Mono<Authentication> authenticate(Authentication authentication) { public Mono<Authentication> authenticate(Authentication authentication) {
// @formatter:off Flux<ReactiveAuthenticationManager> result = Flux.fromIterable(this.delegates);
return Flux.fromIterable(this.delegates) Function<ReactiveAuthenticationManager, Mono<Authentication>> logging = (m) -> m.authenticate(authentication)
.concatMap((m) -> m.authenticate(authentication)) .doOnError(this.logger::debug);
.next();
// @formatter:on return ((this.continueOnError) ? result.concatMapDelayError(logging) : result.concatMap(logging)).next();
}
public void setContinueOnError(boolean continueOnError) {
this.continueOnError = continueOnError;
} }
} }

41
core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -77,4 +77,43 @@ public class DelegatingReactiveAuthenticationManagerTests {
.verify(); .verify();
} }
@Test
public void authenticateWhenContinueOnErrorAndFirstBadCredentialsThenTriesSecond() {
given(this.delegate1.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test")));
given(this.delegate2.authenticate(any())).willReturn(Mono.just(this.authentication));
DelegatingReactiveAuthenticationManager manager = managerWithContinueOnError();
assertThat(manager.authenticate(this.authentication).block()).isEqualTo(this.authentication);
}
@Test
public void authenticateWhenContinueOnErrorAndBothDelegatesBadCredentialsThenError() {
given(this.delegate1.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test")));
given(this.delegate2.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test")));
DelegatingReactiveAuthenticationManager manager = managerWithContinueOnError();
StepVerifier.create(manager.authenticate(this.authentication))
.expectError(BadCredentialsException.class)
.verify();
}
@Test
public void authenticateWhenContinueOnErrorAndDelegate1NotEmptyThenReturnsNotEmpty() {
given(this.delegate1.authenticate(any())).willReturn(Mono.just(this.authentication));
DelegatingReactiveAuthenticationManager manager = managerWithContinueOnError();
assertThat(manager.authenticate(this.authentication).block()).isEqualTo(this.authentication);
}
private DelegatingReactiveAuthenticationManager managerWithContinueOnError() {
DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
this.delegate2);
manager.setContinueOnError(true);
return manager;
}
} }