Merge remote-tracking branch 'origin/5.8.x'
This commit is contained in:
commit
5afc7cb04f
|
@ -37,4 +37,7 @@
|
|||
<suppress files="WithSecurityContextTestExecutionListenerTests\.java" checks="SpringMethodVisibility"/>
|
||||
<suppress files="AbstractOAuth2AuthorizationGrantRequestEntityConverter\.java" checks="SpringMethodVisibility"/>
|
||||
<suppress files="JoseHeader\.java" checks="SpringMethodVisibility"/>
|
||||
|
||||
<!-- Lambdas that we can't replace with a method reference because a closure is required -->
|
||||
<suppress files="BearerTokenAuthenticationFilter\.java" checks="SpringLambda"/>
|
||||
</suppressions>
|
||||
|
|
|
@ -36,12 +36,14 @@ import org.springframework.security.authentication.AuthenticationManager;
|
|||
import org.springframework.security.authentication.AuthenticationManagerResolver;
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolderStrategy;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
|
||||
import org.springframework.security.oauth2.server.resource.BearerTokenError;
|
||||
import org.springframework.security.oauth2.server.resource.BearerTokenErrorCodes;
|
||||
import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
|
||||
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
|
@ -203,6 +205,19 @@ public class BearerTokenAuthenticationFilterTests {
|
|||
.isThrownBy(() -> filter.doFilter(this.request, this.response, this.filterChain));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenCustomEntryPointAndAuthenticationErrorThenUses() throws ServletException, IOException {
|
||||
AuthenticationException exception = new InvalidBearerTokenException("message");
|
||||
given(this.bearerTokenResolver.resolve(this.request)).willReturn("token");
|
||||
given(this.authenticationManager.authenticate(any())).willThrow(exception);
|
||||
BearerTokenAuthenticationFilter filter = addMocks(
|
||||
new BearerTokenAuthenticationFilter(this.authenticationManager));
|
||||
AuthenticationEntryPoint entrypoint = mock(AuthenticationEntryPoint.class);
|
||||
filter.setAuthenticationEntryPoint(entrypoint);
|
||||
filter.doFilter(this.request, this.response, this.filterChain);
|
||||
verify(entrypoint).commence(any(), any(), any(InvalidBearerTokenException.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterWhenCustomAuthenticationDetailsSourceThenUses() throws ServletException, IOException {
|
||||
given(this.bearerTokenResolver.resolve(this.request)).willReturn("token");
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -22,6 +22,7 @@ import jakarta.servlet.ServletException;
|
|||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.util.Assert;
|
||||
|
@ -34,6 +35,8 @@ import org.springframework.util.Assert;
|
|||
*/
|
||||
public class AuthenticationEntryPointFailureHandler implements AuthenticationFailureHandler {
|
||||
|
||||
private boolean rethrowAuthenticationServiceException = false;
|
||||
|
||||
private final AuthenticationEntryPoint authenticationEntryPoint;
|
||||
|
||||
public AuthenticationEntryPointFailureHandler(AuthenticationEntryPoint authenticationEntryPoint) {
|
||||
|
@ -44,7 +47,25 @@ public class AuthenticationEntryPointFailureHandler implements AuthenticationFai
|
|||
@Override
|
||||
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
|
||||
AuthenticationException exception) throws IOException, ServletException {
|
||||
if (!this.rethrowAuthenticationServiceException) {
|
||||
this.authenticationEntryPoint.commence(request, response, exception);
|
||||
return;
|
||||
}
|
||||
if (!AuthenticationServiceException.class.isAssignableFrom(exception.getClass())) {
|
||||
this.authenticationEntryPoint.commence(request, response, exception);
|
||||
return;
|
||||
}
|
||||
throw exception;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set whether to rethrow {@link AuthenticationServiceException}s (defaults to false)
|
||||
* @param rethrowAuthenticationServiceException whether to rethrow
|
||||
* {@link AuthenticationServiceException}s
|
||||
* @since 5.8
|
||||
*/
|
||||
public void setRethrowAuthenticationServiceException(boolean rethrowAuthenticationServiceException) {
|
||||
this.rethrowAuthenticationServiceException = rethrowAuthenticationServiceException;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -18,6 +18,7 @@ package org.springframework.security.web.server.authentication;
|
|||
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.server.WebFilterExchange;
|
||||
|
@ -34,6 +35,8 @@ public class ServerAuthenticationEntryPointFailureHandler implements ServerAuthe
|
|||
|
||||
private final ServerAuthenticationEntryPoint authenticationEntryPoint;
|
||||
|
||||
private boolean rethrowAuthenticationServiceException = false;
|
||||
|
||||
public ServerAuthenticationEntryPointFailureHandler(ServerAuthenticationEntryPoint authenticationEntryPoint) {
|
||||
Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
|
||||
this.authenticationEntryPoint = authenticationEntryPoint;
|
||||
|
@ -41,7 +44,23 @@ public class ServerAuthenticationEntryPointFailureHandler implements ServerAuthe
|
|||
|
||||
@Override
|
||||
public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) {
|
||||
if (!this.rethrowAuthenticationServiceException) {
|
||||
return this.authenticationEntryPoint.commence(webFilterExchange.getExchange(), exception);
|
||||
}
|
||||
if (!AuthenticationServiceException.class.isAssignableFrom(exception.getClass())) {
|
||||
return this.authenticationEntryPoint.commence(webFilterExchange.getExchange(), exception);
|
||||
}
|
||||
return Mono.error(exception);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set whether to rethrow {@link AuthenticationServiceException}s (defaults to false)
|
||||
* @param rethrowAuthenticationServiceException whether to rethrow
|
||||
* {@link AuthenticationServiceException}s
|
||||
* @since 5.8
|
||||
*/
|
||||
public void setRethrowAuthenticationServiceException(boolean rethrowAuthenticationServiceException) {
|
||||
this.rethrowAuthenticationServiceException = rethrowAuthenticationServiceException;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
/*
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.authentication;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
/**
|
||||
* Tests for {@link AuthenticationEntryPointFailureHandler}
|
||||
*/
|
||||
public class AuthenticationEntryPointFailureHandlerTests {
|
||||
|
||||
@Test
|
||||
void onAuthenticationFailureWhenDefaultsThenAuthenticationServiceExceptionSwallowed() throws Exception {
|
||||
AuthenticationEntryPoint entryPoint = mock(AuthenticationEntryPoint.class);
|
||||
AuthenticationEntryPointFailureHandler handler = new AuthenticationEntryPointFailureHandler(entryPoint);
|
||||
handler.onAuthenticationFailure(null, null, new AuthenticationServiceException("fail"));
|
||||
}
|
||||
|
||||
@Test
|
||||
void handleWhenRethrowingThenAuthenticationServiceExceptionRethrown() {
|
||||
AuthenticationEntryPoint entryPoint = mock(AuthenticationEntryPoint.class);
|
||||
AuthenticationEntryPointFailureHandler handler = new AuthenticationEntryPointFailureHandler(entryPoint);
|
||||
handler.setRethrowAuthenticationServiceException(true);
|
||||
assertThatExceptionOfType(AuthenticationServiceException.class).isThrownBy(
|
||||
() -> handler.onAuthenticationFailure(null, null, new AuthenticationServiceException("fail")));
|
||||
}
|
||||
|
||||
}
|
|
@ -23,6 +23,7 @@ import org.mockito.Mock;
|
|||
import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationServiceException;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.server.WebFilterExchange;
|
||||
|
@ -30,6 +31,7 @@ import org.springframework.web.server.ServerWebExchange;
|
|||
import org.springframework.web.server.WebFilterChain;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
|
||||
|
@ -68,4 +70,19 @@ public class ServerAuthenticationEntryPointFailureHandlerTests {
|
|||
assertThat(this.handler.onAuthenticationFailure(this.filterExchange, e)).isEqualTo(result);
|
||||
}
|
||||
|
||||
@Test
|
||||
void onAuthenticationFailureWhenDefaultsThenAuthenticationServiceExceptionSwallowed() {
|
||||
AuthenticationServiceException e = new AuthenticationServiceException("fail");
|
||||
given(this.authenticationEntryPoint.commence(this.exchange, e)).willReturn(Mono.empty());
|
||||
this.handler.onAuthenticationFailure(this.filterExchange, e).block();
|
||||
}
|
||||
|
||||
@Test
|
||||
void handleWhenRethrowingThenAuthenticationServiceExceptionRethrown() {
|
||||
AuthenticationServiceException e = new AuthenticationServiceException("fail");
|
||||
this.handler.setRethrowAuthenticationServiceException(true);
|
||||
assertThatExceptionOfType(AuthenticationServiceException.class)
|
||||
.isThrownBy(() -> this.handler.onAuthenticationFailure(this.filterExchange, e).block());
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue