Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 08:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish WebFlux Referrer-Policy header config

Browse Source
This commit is contained in:
Vedran Pavic 2018-09-20 21:42:42 +02:00 committed by Rob Winch
parent 9565e90b6e
commit 79828d4f7b
2 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
View File

@ -29,12 +29,6 @@ import java.util.List;
import java.util.Map;
import java.util.function.Function;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import reactor.core.publisher.Mono;
import reactor.util.context.Context;
@ -53,6 +47,7 @@ import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeReactiveAuthenticationManager;
@ -60,9 +55,11 @@ import org.springframework.security.oauth2.client.authentication.OAuth2LoginReac
import org.springframework.security.oauth2.client.endpoint.WebClientReactiveAuthorizationCodeTokenResponseClient;
import org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcReactiveOAuth2UserService;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService;
import org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.server.OAuth2AuthorizationCodeGrantWebFilter;
@ -70,6 +67,8 @@ import org.springframework.security.oauth2.client.web.server.OAuth2Authorization
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationCodeAuthenticationTokenConverter;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.server.authentication.OAuth2LoginAuthenticationWebFilter;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager;
@ -87,6 +86,7 @@ import org.springframework.security.web.server.authentication.HttpBasicServerAut
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationEntryPoint;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.security.web.server.authentication.ServerAuthenticationEntryPointFailureHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
@ -2087,8 +2087,8 @@ public class ServerHttpSecurity {
* @param referrerPolicy the policy to use
* @return the {@link ReferrerPolicySpec} to configure
*/
public HeaderSpec referrerPolicy(ReferrerPolicy referrerPolicy) {
return referrerPolicy().referrerPolicy(referrerPolicy);
public ReferrerPolicySpec referrerPolicy(ReferrerPolicy referrerPolicy) {
return new ReferrerPolicySpec(referrerPolicy);
}
/**
@ -2292,21 +2292,11 @@ public class ServerHttpSecurity {
* Configures {@code Referrer-Policy} response header.
*
* @see #referrerPolicy()
* @see #referrerPolicy(ReferrerPolicy)
* @since 5.1
*/
public class ReferrerPolicySpec {
/**
* Set the policy to be used in the response header. Defaults to the
* {@link ReferrerPolicy#NO_REFERRER} header.
* @param referrerPolicy the policy
* @return the {@link HeaderSpec} to continue configuring
*/
public HeaderSpec referrerPolicy(ReferrerPolicy referrerPolicy) {
HeaderSpec.this.referrerPolicy.setPolicy(referrerPolicy);
return HeaderSpec.this;
}
/**
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}.
@ -2319,6 +2309,10 @@ public class ServerHttpSecurity {
private ReferrerPolicySpec() {
}
private ReferrerPolicySpec(ReferrerPolicy referrerPolicy) {
HeaderSpec.this.referrerPolicy.setPolicy(referrerPolicy);
}
}
private HeaderSpec() {

9
config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
View File

@ -182,6 +182,15 @@ public class HeaderSpecTests {
assertHeaders();
}
@Test
public void headersWhenReferrerPolicyCustomEnabledThenFeaturePolicyCustomWritten() {
this.expectedHeaders.add(ReferrerPolicyServerHttpHeadersWriter.REFERRER_POLICY,
ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE.getPolicy());
this.headers.referrerPolicy(ReferrerPolicy.NO_REFERRER_WHEN_DOWNGRADE);
assertHeaders();
}
private void expectHeaderNamesNotPresent(String... headerNames) {
for (String headerName : headerNames) {
this.expectedHeaders.remove(headerName);