Polish ServerHttpSecurity testing

config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2002-2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.annotation.web.reactive;
+
+import org.springframework.security.authentication.ReactiveAuthenticationManager;
+import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+
+/**
+ * @author Rob Winch
+ * @since 5.0
+ */
+public class ServerHttpSecurityConfigurationBuilder {
+	public static final UserDetails USER = User.withUsername("user").password("password").roles("USER").build();
+	public static final UserDetails ADMIN = User.withUsername("admin").password("password").roles("USER","ADMIN").build();
+
+	public static ServerHttpSecurity http() {
+		return new ServerHttpSecurityConfiguration().httpSecurity();
+	}
+
+	public static ServerHttpSecurity httpWithDefaultAuthentication() {
+		ReactiveAuthenticationManager authenticationManager = new UserDetailsRepositoryReactiveAuthenticationManager(new MapReactiveUserDetailsService(USER,ADMIN));
+		return http()
+			.authenticationManager(authenticationManager);
+	}
+}

config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java

@@ -18,6 +18,7 @@ package org.springframework.security.config.web.server;
 
 import org.junit.Test;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
@@ -26,13 +27,14 @@ import org.springframework.test.web.reactive.server.WebTestClient;
  * @since 5.0
  */
 public class AuthorizeExchangeBuilderTests {
-	ServerHttpSecurity http = ServerHttpSecurity.http();
-	ServerHttpSecurity.AuthorizeExchangeBuilder authorization = this.http.authorizeExchange();
+	ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication();
 
 	@Test
 	public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {
-		this.authorization.pathMatchers(HttpMethod.POST, "/a", "/b").denyAll();
-		this.authorization.anyExchange().permitAll();
+		this.http
+			.authorizeExchange()
+				.pathMatchers(HttpMethod.POST, "/a", "/b").denyAll()
+				.anyExchange().permitAll();
 
 		WebTestClient client = buildClient();
 
@@ -60,8 +62,10 @@ public class AuthorizeExchangeBuilderTests {
 
 	@Test
 	public void antMatchersWhenPatternsThenAnyMethod() {
-		this.authorization.pathMatchers("/a", "/b").denyAll();
-		this.authorization.anyExchange().permitAll();
+		this.http
+			.authorizeExchange()
+				.pathMatchers("/a", "/b").denyAll()
+				.anyExchange().permitAll();
 
 		WebTestClient client = buildClient();
 
@@ -88,19 +92,26 @@ public class AuthorizeExchangeBuilderTests {
 
 	@Test(expected = IllegalStateException.class)
 	public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() {
-		this.authorization.pathMatchers("/incomplete");
-		this.authorization.pathMatchers("/throws-exception");
+		this.http
+			.authorizeExchange()
+				.pathMatchers("/incomplete");
+		this.http
+			.authorizeExchange()
+				.pathMatchers("/throws-exception");
 	}
 
 	@Test(expected = IllegalStateException.class)
 	public void anyExchangeWhenFollowedByMatcherThenThrowsException() {
-		this.authorization.anyExchange().denyAll();
-		this.authorization.pathMatchers("/never-reached");
+		this.http
+			.authorizeExchange().anyExchange().denyAll()
+			.pathMatchers("/never-reached");
 	}
 
 	@Test(expected = IllegalStateException.class)
 	public void buildWhenMatcherDefinedWithNoAccessThenThrowsException() {
-		this.authorization.pathMatchers("/incomplete");
+		this.http
+			.authorizeExchange()
+				.pathMatchers("/incomplete");
 		this.http.build();
 	}
 

config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java

@@ -23,6 +23,7 @@ import org.openqa.selenium.support.FindBy;
 import org.openqa.selenium.support.PageFactory;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager;
+import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -42,20 +43,15 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @since 5.0
  */
 public class FormLoginTests {
-	private UserDetails user = User.withUsername("user").password("password").roles("USER").build();
-	private ServerHttpSecurity http = ServerHttpSecurity.http();
-
-	ReactiveAuthenticationManager manager = new UserDetailsRepositoryReactiveAuthenticationManager(new MapReactiveUserDetailsService(this.user));
+	private ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication();
 
 	@Test
 	public void defaultLoginPage() {
 		SecurityWebFilterChain securityWebFilter = this.http
-			.authenticationManager(this.manager)
 			.authorizeExchange()
 				.anyExchange().authenticated()
 				.and()
 			.formLogin().and()
-			.logout().and()
 			.build();
 
 		WebTestClient webTestClient = WebTestClientBuilder
@@ -92,7 +88,6 @@ public class FormLoginTests {
 	@Test
 	public void customLoginPage() {
 		SecurityWebFilterChain securityWebFilter = this.http
-			.authenticationManager(this.manager)
 			.authorizeExchange()
 				.pathMatchers("/login").permitAll()
 				.anyExchange().authenticated()

config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java

@@ -20,6 +20,7 @@ import org.junit.Test;
 import org.openqa.selenium.WebDriver;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager;
+import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -34,20 +35,14 @@ import org.springframework.security.test.web.reactive.server.WebTestClientBuilde
  */
 public class LogoutBuilderTests {
 
-	private UserDetails user = User.withUsername("user").password("password").roles("USER").build();
-	private ServerHttpSecurity http = ServerHttpSecurity.http();
-
-	ReactiveAuthenticationManager manager = new UserDetailsRepositoryReactiveAuthenticationManager(new MapReactiveUserDetailsService(this.user));
+	private ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication();
 
 	@Test
 	public void defaultLogout() {
 		SecurityWebFilterChain securityWebFilter = this.http
-			.authenticationManager(this.manager)
 			.authorizeExchange()
-			.anyExchange().authenticated()
-			.and()
-			.formLogin().and()
-			.logout().and()
+				.anyExchange().authenticated()
+				.and()
 			.build();
 
 		WebTestClient webTestClient = WebTestClientBuilder
@@ -84,11 +79,9 @@ public class LogoutBuilderTests {
 	@Test
 	public void customLogout() {
 		SecurityWebFilterChain securityWebFilter = this.http
-			.authenticationManager(this.manager)
 			.authorizeExchange()
 				.anyExchange().authenticated()
 				.and()
-			.formLogin().and()
 			.logout()
 				.logoutUrl("/custom-logout")
 				.and()

config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java

@@ -24,6 +24,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 import org.springframework.security.web.server.WebFilterChainProxy;
 import org.springframework.security.web.server.context.ServerSecurityContextRepository;
@@ -45,15 +46,17 @@ import static org.springframework.web.reactive.function.client.ExchangeFilterFun
  */
 @RunWith(MockitoJUnitRunner.class)
 public class ServerHttpSecurityTests {
-	@Mock ServerSecurityContextRepository contextRepository;
 	@Mock
-	ReactiveAuthenticationManager authenticationManager;
+	private ServerSecurityContextRepository contextRepository;
+	@Mock
+	private ReactiveAuthenticationManager authenticationManager;
 
-	ServerHttpSecurity http;
+	private ServerHttpSecurity http;
 
 	@Before
 	public void setup() {
-		this.http = ServerHttpSecurity.http().headers().and();
+		this.http = ServerHttpSecurityConfigurationBuilder.http()
+			.authenticationManager(this.authenticationManager);
 	}
 
 	@Test