From 1640a1f4628046f85636350b245a2aa191107781 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Fri, 24 Aug 2018 09:37:18 -0500 Subject: [PATCH] Polish ServerAuthenticationConverter Fix package tangles Issue: gh-5338 --- .../config/web/server/ServerHttpSecurity.java | 4 +- ...erverFormLoginAuthenticationConverter.java | 20 +++------- ...erverHttpBasicAuthenticationConverter.java | 22 +++-------- .../AuthenticationWebFilter.java | 1 - ...erverFormLoginAuthenticationConverter.java | 38 +++++++++++++++++++ ...erverHttpBasicAuthenticationConverter.java | 38 +++++++++++++++++++ ...FormLoginAuthenticationConverterTests.java | 4 +- ...HttpBasicAuthenticationConverterTests.java | 4 +- 8 files changed, 93 insertions(+), 38 deletions(-) create mode 100644 web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java create mode 100644 web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java rename web/src/test/java/org/springframework/security/web/server/{ => authentication}/ServerFormLoginAuthenticationConverterTests.java (96%) rename web/src/test/java/org/springframework/security/web/server/{ => authentication}/ServerHttpBasicAuthenticationConverterTests.java (96%) diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java index d2edb13414..b8bca8aa03 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java @@ -71,8 +71,6 @@ import org.springframework.security.web.server.DelegatingServerAuthenticationEnt import org.springframework.security.web.server.MatcherSecurityWebFilterChain; import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.ServerAuthenticationEntryPoint; -import org.springframework.security.web.server.ServerFormLoginAuthenticationConverter; -import org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter; import org.springframework.security.web.server.WebFilterExchange; import org.springframework.security.web.server.authentication.AuthenticationWebFilter; import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint; @@ -82,6 +80,8 @@ import org.springframework.security.web.server.authentication.RedirectServerAuth import org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler; import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler; import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler; +import org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter; +import org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter; import org.springframework.security.web.server.authentication.logout.LogoutWebFilter; import org.springframework.security.web.server.authentication.logout.ServerLogoutHandler; import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler; diff --git a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java index e0dfa95472..27a3b7bd21 100644 --- a/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java +++ b/web/src/main/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverter.java @@ -15,7 +15,6 @@ */ package org.springframework.security.web.server; -import org.springframework.security.web.server.authentication.ServerAuthenticationConverter; import org.springframework.util.Assert; import reactor.core.publisher.Mono; @@ -32,31 +31,22 @@ import java.util.function.Function; * * @author Rob Winch * @since 5.0 + * @deprecated use {@link org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter} + * instead. */ +@Deprecated public class ServerFormLoginAuthenticationConverter implements - ServerAuthenticationConverter, Function> { private String usernameParameter = "username"; private String passwordParameter = "password"; - @Override - public Mono convert(ServerWebExchange exchange) { - return exchange.getFormData() - .map( data -> createAuthentication(data)); - } - - /** - * Alias for {@link #convert(ServerWebExchange)} - * @param exchange the {@link ServerWebExchange} to use - * @return the {@link Authentication} - * @deprecated Use {@link #convert(ServerWebExchange)} - */ @Override @Deprecated public Mono apply(ServerWebExchange exchange) { - return convert(exchange); + return exchange.getFormData() + .map( data -> createAuthentication(data)); } private UsernamePasswordAuthenticationToken createAuthentication( diff --git a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java index 35f55f971b..bad3423cb7 100644 --- a/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java +++ b/web/src/main/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverter.java @@ -22,7 +22,6 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; -import org.springframework.security.web.server.authentication.ServerAuthenticationConverter; import org.springframework.web.server.ServerWebExchange; import reactor.core.publisher.Mono; @@ -32,15 +31,18 @@ import reactor.core.publisher.Mono; * * @author Rob Winch * @since 5.0 + * @deprecated Use {@link org.springframework.security.web.server.authentication.ServerHttpBasicAuthenticationConverter} + * instead. */ +@Deprecated public class ServerHttpBasicAuthenticationConverter implements - ServerAuthenticationConverter, Function> { public static final String BASIC = "Basic "; @Override - public Mono convert(ServerWebExchange exchange) { + @Deprecated + public Mono apply(ServerWebExchange exchange) { ServerHttpRequest request = exchange.getRequest(); String authorization = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION); @@ -49,7 +51,7 @@ public class ServerHttpBasicAuthenticationConverter implements } String credentials = authorization.length() <= BASIC.length() ? - "" : authorization.substring(BASIC.length(), authorization.length()); + "" : authorization.substring(BASIC.length(), authorization.length()); byte[] decodedCredentials = base64Decode(credentials); String decodedAuthz = new String(decodedCredentials); String[] userParts = decodedAuthz.split(":"); @@ -64,18 +66,6 @@ public class ServerHttpBasicAuthenticationConverter implements return Mono.just(new UsernamePasswordAuthenticationToken(username, password)); } - /** - * Alias for {@link #convert(ServerWebExchange)} - * @param exchange the {@link ServerWebExchange} to use - * @return the {@link Authentication} - * @deprecated Use {@link #convert(ServerWebExchange)} - */ - @Override - @Deprecated - public Mono apply(ServerWebExchange exchange) { - return convert(exchange); - } - private byte[] base64Decode(String value) { try { return Base64.getDecoder().decode(value); diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java index 4fc59f87d6..5bbf7013ad 100644 --- a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java @@ -22,7 +22,6 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.security.core.context.SecurityContextImpl; -import org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter; import org.springframework.security.web.server.WebFilterExchange; import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository; import org.springframework.security.web.server.context.ServerSecurityContextRepository; diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java new file mode 100644 index 0000000000..1c97a99987 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverter.java @@ -0,0 +1,38 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.web.server.authentication; + +import org.springframework.security.core.Authentication; +import org.springframework.web.server.ServerWebExchange; +import reactor.core.publisher.Mono; + +/** + * Converts a ServerWebExchange into a UsernamePasswordAuthenticationToken from the form + * data HTTP parameters. + * + * @author Rob Winch + * @since 5.1 + */ +@SuppressWarnings("deprecation") +public class ServerFormLoginAuthenticationConverter + extends org.springframework.security.web.server.ServerFormLoginAuthenticationConverter + implements ServerAuthenticationConverter { + + @Override + public Mono convert(ServerWebExchange exchange) { + return apply(exchange); + } +} diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java b/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java new file mode 100644 index 0000000000..e812314156 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverter.java @@ -0,0 +1,38 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.web.server.authentication; + +import org.springframework.security.core.Authentication; +import org.springframework.web.server.ServerWebExchange; +import reactor.core.publisher.Mono; + +/** + * Converts from a {@link ServerWebExchange} to an {@link Authentication} that can be authenticated. + * + * @author Rob Winch + * @since 5.1 + */ +@SuppressWarnings("deprecation") +public class ServerHttpBasicAuthenticationConverter + extends org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter + implements ServerAuthenticationConverter { + + + @Override + public Mono convert(ServerWebExchange exchange) { + return apply(exchange); + } +} diff --git a/web/src/test/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java similarity index 96% rename from web/src/test/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverterTests.java rename to web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java index 294b532079..82e495dc8b 100644 --- a/web/src/test/java/org/springframework/security/web/server/ServerFormLoginAuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerFormLoginAuthenticationConverterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.web.server; +package org.springframework.security.web.server.authentication; import org.junit.Before; import org.junit.Test; diff --git a/web/src/test/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java similarity index 96% rename from web/src/test/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverterTests.java rename to web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java index 375360b17f..654eae50f9 100644 --- a/web/src/test/java/org/springframework/security/web/server/ServerHttpBasicAuthenticationConverterTests.java +++ b/web/src/test/java/org/springframework/security/web/server/authentication/ServerHttpBasicAuthenticationConverterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,7 +14,7 @@ * limitations under the License. */ -package org.springframework.security.web.server; +package org.springframework.security.web.server.authentication; import org.junit.Test; import org.springframework.http.HttpHeaders;