Add Anonymous Support to AuthenticatedReactiveAuthorizationManager
Fixes: gh-6235
This commit is contained in:
parent
1706a5cb83
commit
60e3bf4093
|
@ -16,6 +16,8 @@
|
|||
|
||||
package org.springframework.security.authorization;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
|
@ -30,13 +32,25 @@ import reactor.core.publisher.Mono;
|
|||
*/
|
||||
public class AuthenticatedReactiveAuthorizationManager<T> implements ReactiveAuthorizationManager<T> {
|
||||
|
||||
private AuthenticationTrustResolver authTrustResolver = new AuthenticationTrustResolverImpl();
|
||||
|
||||
@Override
|
||||
public Mono<AuthorizationDecision> check(Mono<Authentication> authentication, T object) {
|
||||
return authentication
|
||||
.filter(this::isNotAnonymous)
|
||||
.map(a -> new AuthorizationDecision(a.isAuthenticated()))
|
||||
.defaultIfEmpty(new AuthorizationDecision(false));
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify (via {@link AuthenticationTrustResolver}) that the given authentication is not anonymous.
|
||||
* @param authentication to be checked
|
||||
* @return <code>true</code> if not anonymous, otherwise <code>false</code>.
|
||||
*/
|
||||
private boolean isNotAnonymous(Authentication authentication) {
|
||||
return !authTrustResolver.isAnonymous(authentication);
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets an instance of {@link AuthenticatedReactiveAuthorizationManager}
|
||||
* @param <T>
|
||||
|
|
|
@ -20,11 +20,13 @@ import org.junit.Test;
|
|||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import reactor.core.publisher.Mono;
|
||||
import reactor.test.StepVerifier;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
|
@ -62,6 +64,14 @@ public class AuthenticatedReactiveAuthorizationManagerTests {
|
|||
assertThat(granted).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void checkWhenAnonymousAuthenticatedThenReturnFalse() {
|
||||
AnonymousAuthenticationToken anonymousAuthenticationToken = mock(AnonymousAuthenticationToken.class);
|
||||
|
||||
boolean granted = manager.check(Mono.just(anonymousAuthenticationToken), null).block().isGranted();
|
||||
|
||||
assertThat(granted).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void checkWhenErrorThenError() {
|
||||
|
|
Loading…
Reference in New Issue