From 30487c3b4b76cc0362bc305be19b2e289951406c Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 12 Oct 2017 15:03:50 -0500 Subject: [PATCH] Polish ServerHttpSecurity testing --- ...erverHttpSecurityConfigurationBuilder.java | 43 +++++++++++++++++++ .../server/AuthorizeExchangeBuilderTests.java | 33 +++++++++----- .../config/web/server/FormLoginTests.java | 9 +--- .../config/web/server/LogoutBuilderTests.java | 15 ++----- .../web/server/ServerHttpSecurityTests.java | 11 +++-- 5 files changed, 78 insertions(+), 33 deletions(-) create mode 100644 config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java new file mode 100644 index 0000000000..a9ce45b0bf --- /dev/null +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfigurationBuilder.java @@ -0,0 +1,43 @@ +/* + * Copyright 2002-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.config.annotation.web.reactive; + +import org.springframework.security.authentication.ReactiveAuthenticationManager; +import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; + +/** + * @author Rob Winch + * @since 5.0 + */ +public class ServerHttpSecurityConfigurationBuilder { + public static final UserDetails USER = User.withUsername("user").password("password").roles("USER").build(); + public static final UserDetails ADMIN = User.withUsername("admin").password("password").roles("USER","ADMIN").build(); + + public static ServerHttpSecurity http() { + return new ServerHttpSecurityConfiguration().httpSecurity(); + } + + public static ServerHttpSecurity httpWithDefaultAuthentication() { + ReactiveAuthenticationManager authenticationManager = new UserDetailsRepositoryReactiveAuthenticationManager(new MapReactiveUserDetailsService(USER,ADMIN)); + return http() + .authenticationManager(authenticationManager); + } +} diff --git a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java index 66cae2cbca..6f31ea623b 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java @@ -18,6 +18,7 @@ package org.springframework.security.config.web.server; import org.junit.Test; import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder; import org.springframework.security.test.web.reactive.server.WebTestClientBuilder; import org.springframework.test.web.reactive.server.WebTestClient; @@ -26,13 +27,14 @@ import org.springframework.test.web.reactive.server.WebTestClient; * @since 5.0 */ public class AuthorizeExchangeBuilderTests { - ServerHttpSecurity http = ServerHttpSecurity.http(); - ServerHttpSecurity.AuthorizeExchangeBuilder authorization = this.http.authorizeExchange(); + ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication(); @Test public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() { - this.authorization.pathMatchers(HttpMethod.POST, "/a", "/b").denyAll(); - this.authorization.anyExchange().permitAll(); + this.http + .authorizeExchange() + .pathMatchers(HttpMethod.POST, "/a", "/b").denyAll() + .anyExchange().permitAll(); WebTestClient client = buildClient(); @@ -60,8 +62,10 @@ public class AuthorizeExchangeBuilderTests { @Test public void antMatchersWhenPatternsThenAnyMethod() { - this.authorization.pathMatchers("/a", "/b").denyAll(); - this.authorization.anyExchange().permitAll(); + this.http + .authorizeExchange() + .pathMatchers("/a", "/b").denyAll() + .anyExchange().permitAll(); WebTestClient client = buildClient(); @@ -88,19 +92,26 @@ public class AuthorizeExchangeBuilderTests { @Test(expected = IllegalStateException.class) public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() { - this.authorization.pathMatchers("/incomplete"); - this.authorization.pathMatchers("/throws-exception"); + this.http + .authorizeExchange() + .pathMatchers("/incomplete"); + this.http + .authorizeExchange() + .pathMatchers("/throws-exception"); } @Test(expected = IllegalStateException.class) public void anyExchangeWhenFollowedByMatcherThenThrowsException() { - this.authorization.anyExchange().denyAll(); - this.authorization.pathMatchers("/never-reached"); + this.http + .authorizeExchange().anyExchange().denyAll() + .pathMatchers("/never-reached"); } @Test(expected = IllegalStateException.class) public void buildWhenMatcherDefinedWithNoAccessThenThrowsException() { - this.authorization.pathMatchers("/incomplete"); + this.http + .authorizeExchange() + .pathMatchers("/incomplete"); this.http.build(); } diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java index 4e01584534..1e8e62c941 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java @@ -23,6 +23,7 @@ import org.openqa.selenium.support.FindBy; import org.openqa.selenium.support.PageFactory; import org.springframework.security.authentication.ReactiveAuthenticationManager; import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager; +import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder; import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; @@ -42,20 +43,15 @@ import static org.assertj.core.api.Assertions.assertThat; * @since 5.0 */ public class FormLoginTests { - private UserDetails user = User.withUsername("user").password("password").roles("USER").build(); - private ServerHttpSecurity http = ServerHttpSecurity.http(); - - ReactiveAuthenticationManager manager = new UserDetailsRepositoryReactiveAuthenticationManager(new MapReactiveUserDetailsService(this.user)); + private ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication(); @Test public void defaultLoginPage() { SecurityWebFilterChain securityWebFilter = this.http - .authenticationManager(this.manager) .authorizeExchange() .anyExchange().authenticated() .and() .formLogin().and() - .logout().and() .build(); WebTestClient webTestClient = WebTestClientBuilder @@ -92,7 +88,6 @@ public class FormLoginTests { @Test public void customLoginPage() { SecurityWebFilterChain securityWebFilter = this.http - .authenticationManager(this.manager) .authorizeExchange() .pathMatchers("/login").permitAll() .anyExchange().authenticated() diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java index 10edaf2662..0b48eafc18 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java @@ -20,6 +20,7 @@ import org.junit.Test; import org.openqa.selenium.WebDriver; import org.springframework.security.authentication.ReactiveAuthenticationManager; import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager; +import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder; import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; @@ -34,20 +35,14 @@ import org.springframework.security.test.web.reactive.server.WebTestClientBuilde */ public class LogoutBuilderTests { - private UserDetails user = User.withUsername("user").password("password").roles("USER").build(); - private ServerHttpSecurity http = ServerHttpSecurity.http(); - - ReactiveAuthenticationManager manager = new UserDetailsRepositoryReactiveAuthenticationManager(new MapReactiveUserDetailsService(this.user)); + private ServerHttpSecurity http = ServerHttpSecurityConfigurationBuilder.httpWithDefaultAuthentication(); @Test public void defaultLogout() { SecurityWebFilterChain securityWebFilter = this.http - .authenticationManager(this.manager) .authorizeExchange() - .anyExchange().authenticated() - .and() - .formLogin().and() - .logout().and() + .anyExchange().authenticated() + .and() .build(); WebTestClient webTestClient = WebTestClientBuilder @@ -84,11 +79,9 @@ public class LogoutBuilderTests { @Test public void customLogout() { SecurityWebFilterChain securityWebFilter = this.http - .authenticationManager(this.manager) .authorizeExchange() .anyExchange().authenticated() .and() - .formLogin().and() .logout() .logoutUrl("/custom-logout") .and() diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java index 1a53a6c4fd..0856e080ac 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java @@ -24,6 +24,7 @@ import org.mockito.Mock; import org.mockito.junit.MockitoJUnitRunner; import org.springframework.security.authentication.ReactiveAuthenticationManager; import org.springframework.security.authentication.TestingAuthenticationToken; +import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder; import org.springframework.security.test.web.reactive.server.WebTestClientBuilder; import org.springframework.security.web.server.WebFilterChainProxy; import org.springframework.security.web.server.context.ServerSecurityContextRepository; @@ -45,15 +46,17 @@ import static org.springframework.web.reactive.function.client.ExchangeFilterFun */ @RunWith(MockitoJUnitRunner.class) public class ServerHttpSecurityTests { - @Mock ServerSecurityContextRepository contextRepository; @Mock - ReactiveAuthenticationManager authenticationManager; + private ServerSecurityContextRepository contextRepository; + @Mock + private ReactiveAuthenticationManager authenticationManager; - ServerHttpSecurity http; + private ServerHttpSecurity http; @Before public void setup() { - this.http = ServerHttpSecurity.http().headers().and(); + this.http = ServerHttpSecurityConfigurationBuilder.http() + .authenticationManager(this.authenticationManager); } @Test