From 3bcb1d945881a9d64902308f159cfd4d027ac173 Mon Sep 17 00:00:00 2001 From: Ankur Pathak Date: Thu, 13 Dec 2018 09:31:28 +0530 Subject: [PATCH] Allow setting authenticationEntryPoint for Http Basic 1. Added method authenticationEntryPoint in ServerHttpSecurity to allow setting authenticationEntryPoint. 2. Added test in ServerHttpSecurityTests to check if if specified realm name set by authenticationEntryPoint is returned Fixes: gh-6270 --- .../config/web/server/ServerHttpSecurity.java | 13 ++++++++++ .../web/server/ServerHttpSecurityTests.java | 24 +++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java index d469d8627f..39acc42793 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java @@ -1878,6 +1878,19 @@ public class ServerHttpSecurity { return this; } + /** + * Allows easily setting the entry point. + * @param authenticationEntryPoint the {@link ServerAuthenticationEntryPoint} to use + * @return {@link HttpBasicSpec} for additional customization + * @since 5.2.0 + * @author Ankur Pathak + */ + public HttpBasicSpec authenticationEntryPoint(ServerAuthenticationEntryPoint authenticationEntryPoint){ + Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null"); + this.entryPoint = authenticationEntryPoint; + return this; + } + /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring diff --git a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java index 720312d493..e8bb2b779a 100644 --- a/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java @@ -64,6 +64,7 @@ import org.springframework.web.server.WebFilter; import org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter; import org.springframework.web.server.WebFilterChain; import org.springframework.security.web.server.authentication.AnonymousAuthenticationWebFilterTests; +import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint; /** * @author Rob Winch @@ -255,6 +256,29 @@ public class ServerHttpSecurityTests { assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); } + @Test + public void basicWithCustomRealmName() { + this.http.securityContextRepository(new WebSessionServerSecurityContextRepository()); + HttpBasicServerAuthenticationEntryPoint authenticationEntryPoint = new HttpBasicServerAuthenticationEntryPoint(); + authenticationEntryPoint.setRealm("myrealm"); + this.http.httpBasic().authenticationEntryPoint(authenticationEntryPoint); + this.http.authenticationManager(this.authenticationManager); + ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); + authorize.anyExchange().authenticated(); + + WebTestClient client = buildClient(); + + EntityExchangeResult result = client.get() + .uri("/") + .exchange() + .expectStatus().isUnauthorized() + .expectHeader().value(HttpHeaders.WWW_AUTHENTICATE, value -> assertThat(value).contains("myrealm")) + .expectBody(String.class) + .returnResult(); + + assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); + } + private Optional getWebFilter(SecurityWebFilterChain filterChain, Class filterClass) { return (Optional) filterChain.getWebFilters() .filter(Objects::nonNull)