Add RedirectAuthenticationSuccessHandler

Fixes gh-4530
2025-06-27 06:12:27 +00:00 · 2017-09-06 16:15:29 -05:00 · 2017-09-06 16:15:29 -05:00 · 5ef55c4652
commit 5ef55c4652
parent 4392d47908
2 changed files with 175 additions and 0 deletions
--- a/webflux/src/main/java/org/springframework/security/web/server/authentication/RedirectAuthenticationSuccessHandler.java
+++ b/webflux/src/main/java/org/springframework/security/web/server/authentication/RedirectAuthenticationSuccessHandler.java
@ -0,0 +1,63 @@
+/*
+ *
+ *  * Copyright 2002-2017 the original author or authors.
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  *      http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+package org.springframework.security.web.server.authentication;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.server.DefaultRedirectStrategy;
+import org.springframework.security.web.server.RedirectStrategy;
+import org.springframework.util.Assert;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
+
+import java.net.URI;
+
+/**
+ * @author Rob Winch
+ * @since 5.0
+ */
+public class RedirectAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
+	private URI location = URI.create("/");
+
+	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+
+	@Override
+	public Mono<Void> success(Authentication authentication,
+		ServerWebExchange exchange, WebFilterChain chain) {
+		return this.redirectStrategy.sendRedirect(exchange, this.location);
+	}
+
+	/**
+	 * Where the user is redirected to upon AuthenticationSuccess
+	 * @param location the location to redirect to. The default is "/"
+	 */
+	public void setLocation(URI location) {
+		Assert.notNull(location, "location cannot be null");
+		this.location = location;
+	}
+
+	/**
+	 * The RedirectStrategy to use.
+	 * @param redirectStrategy the strategy to use. Default is DefaultRedirectStrategy.
+	 */
+	public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
+		Assert.notNull(redirectStrategy, "redirectStrategy cannot be null");
+		this.redirectStrategy = redirectStrategy;
+	}
+}
--- a/webflux/src/test/java/org/springframework/security/web/server/authentication/RedirectAuthenticationSuccessHandlerTests.java
+++ b/webflux/src/test/java/org/springframework/security/web/server/authentication/RedirectAuthenticationSuccessHandlerTests.java
@ -0,0 +1,112 @@
+/*
+ *
+ *  * Copyright 2002-2017 the original author or authors.
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  *      http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+package org.springframework.security.web.server.authentication;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.springframework.http.HttpStatus;
+import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.server.RedirectStrategy;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
+
+import java.net.URI;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.Assert.*;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
+
+/**
+ * @author Rob Winch
+ * @since 5.0
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class RedirectAuthenticationSuccessHandlerTests {
+
+	@Mock
+	private ServerWebExchange exchange;
+	@Mock
+	private WebFilterChain chain;
+	@Mock
+	private RedirectStrategy redirectStrategy;
+	@Mock
+	private Authentication authentication;
+
+	private URI location = URI.create("/");
+
+	private RedirectAuthenticationSuccessHandler handler =
+		new RedirectAuthenticationSuccessHandler();
+
+	@Test(expected = IllegalArgumentException.class)
+	public void constructorStringWhenNullLocationThenException() {
+		new RedirectAuthenticationEntryPoint((String) null);
+	}
+
+	@Test
+	public void successWhenNoSubscribersThenNoActions() {
+		this.handler.success(this.authentication, this.exchange,
+			this.chain);
+
+		verifyZeroInteractions(this.exchange);
+	}
+
+	@Test
+	public void successWhenSubscribeThenStatusAndLocationSet() {
+		this.exchange = MockServerHttpRequest.get("/").toExchange();
+
+		this.handler.success(this.authentication, this.exchange,
+			this.chain).block();
+
+		assertThat(this.exchange.getResponse().getStatusCode()).isEqualTo(
+			HttpStatus.FOUND);
+		assertThat(this.exchange.getResponse().getHeaders().getLocation()).isEqualTo(this.location);
+	}
+
+	@Test
+	public void successWhenCustomLocationThenCustomLocationUsed() {
+		Mono<Void> result = Mono.empty();
+		when(this.redirectStrategy.sendRedirect(any(), any())).thenReturn(result);
+		this.handler.setRedirectStrategy(this.redirectStrategy);
+		this.exchange = MockServerHttpRequest.get("/").toExchange();
+
+		assertThat(this.handler.success(this.authentication, this.exchange,
+			this.chain)).isEqualTo(result);
+		verify(this.redirectStrategy).sendRedirect(any(), eq(this.location));
+	}
+
+	@Test(expected = IllegalArgumentException.class)
+	public void setRedirectStrategyWhenNullThenException() {
+		this.handler.setRedirectStrategy(null);
+	}
+
+	@Test(expected = IllegalArgumentException.class)
+	public void setLocationWhenNullThenException() {
+		this.handler.setLocation(null);
+	}
+}