Fix authenticationFailureHandler not being used
The custom server authenticationFailureHandler was not always picked up Fixes: gh-7782
This commit is contained in:
parent
e62fb755e8
commit
29377545d9
|
@ -3050,7 +3050,9 @@ public class ServerHttpSecurity {
|
|||
this.defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(loginPage);
|
||||
this.authenticationEntryPoint = this.defaultEntryPoint;
|
||||
this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, loginPage);
|
||||
if (this.authenticationFailureHandler == null) {
|
||||
this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(loginPage + "?error");
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
|
|
|
@ -33,6 +33,7 @@ import org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverB
|
|||
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
import org.springframework.security.web.server.WebFilterChainProxy;
|
||||
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler;
|
||||
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
|
||||
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
|
||||
import org.springframework.security.web.server.csrf.CsrfToken;
|
||||
|
@ -213,6 +214,37 @@ public class FormLoginTests {
|
|||
homePage.assertAt();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void formLoginWhenCustomAuthenticationFailureHandlerThenUsed() {
|
||||
SecurityWebFilterChain securityWebFilter = this.http
|
||||
.authorizeExchange()
|
||||
.pathMatchers("/login", "/failure").permitAll()
|
||||
.anyExchange().authenticated()
|
||||
.and()
|
||||
.formLogin()
|
||||
.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure"))
|
||||
.and()
|
||||
.build();
|
||||
|
||||
WebTestClient webTestClient = WebTestClientBuilder
|
||||
.bindToWebFilters(securityWebFilter)
|
||||
.build();
|
||||
|
||||
WebDriver driver = WebTestClientHtmlUnitDriverBuilder
|
||||
.webTestClientSetup(webTestClient)
|
||||
.build();
|
||||
|
||||
DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class)
|
||||
.assertAt();
|
||||
|
||||
loginPage.loginForm()
|
||||
.username("invalid")
|
||||
.password("invalid")
|
||||
.submit(HomePage.class);
|
||||
|
||||
assertThat(driver.getCurrentUrl()).endsWith("/failure");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticationSuccess() {
|
||||
SecurityWebFilterChain securityWebFilter = this.http
|
||||
|
|
Loading…
Reference in New Issue