Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-01 10:59:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add support fullyAuthenticated to Kotlin DSL

Browse Source 
Closes gh-16162
This commit is contained in:
Max Batischev 2024-12-06 00:43:14 +03:00 committed by Josh Cummings
parent bb38fd3483
commit 7fae738a9b
2 changed files with 68 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/src/main/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDsl.kt
View File

@ -275,6 +275,13 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl {
val authenticated: AuthorizationManager<RequestAuthorizationContext> = val authenticated: AuthorizationManager<RequestAuthorizationContext> =
AuthenticatedAuthorizationManager.authenticated() AuthenticatedAuthorizationManager.authenticated()
/**
* Specify that URLs are allowed by users who have authenticated and were not "remembered".
* @since 6.5
*/
val fullyAuthenticated: AuthorizationManager<RequestAuthorizationContext> =
AuthenticatedAuthorizationManager.fullyAuthenticated()
internal fun get(): (AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry) -> Unit { internal fun get(): (AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry) -> Unit {
return { requests -> return { requests ->
authorizationRules.forEach { rule -> authorizationRules.forEach { rule ->

63
config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt
View File

@ -27,6 +27,8 @@ import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpMethod import org.springframework.http.HttpMethod
import org.springframework.security.access.hierarchicalroles.RoleHierarchy import org.springframework.security.access.hierarchicalroles.RoleHierarchy
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
import org.springframework.security.authentication.RememberMeAuthenticationToken
import org.springframework.security.authentication.TestAuthentication
import org.springframework.security.authorization.AuthorizationDecision import org.springframework.security.authorization.AuthorizationDecision
import org.springframework.security.authorization.AuthorizationManager import org.springframework.security.authorization.AuthorizationManager
import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity
@ -35,11 +37,11 @@ import org.springframework.security.config.core.GrantedAuthorityDefaults
import org.springframework.security.config.test.SpringTestContext import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.Authentication import org.springframework.security.core.Authentication
import org.springframework.security.core.authority.AuthorityUtils
import org.springframework.security.core.userdetails.User import org.springframework.security.core.userdetails.User
import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.provisioning.InMemoryUserDetailsManager import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.*
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
import org.springframework.security.web.SecurityFilterChain import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.access.intercept.RequestAuthorizationContext import org.springframework.security.web.access.intercept.RequestAuthorizationContext
import org.springframework.security.web.util.matcher.RegexRequestMatcher import org.springframework.security.web.util.matcher.RegexRequestMatcher
@ -961,4 +963,61 @@ class AuthorizeHttpRequestsDslTests {
} }
} }
@Test
fun `request when fully authenticated configured then responds ok`() {
this.spring.register(FullyAuthenticatedConfig::class.java).autowire()
this.mockMvc.get("/path") {
with(user("user").roles("USER"))
}.andExpect {
status {
isOk()
}
}
}
@Test
fun `request when fully authenticated configured and remember-me token then responds unauthorized`() {
this.spring.register(FullyAuthenticatedConfig::class.java).autowire()
val rememberMe = RememberMeAuthenticationToken("key", "user",
AuthorityUtils.createAuthorityList("ROLE_USER"))
this.mockMvc.get("/path") {
with(user("user").roles("USER"))
with(authentication(rememberMe))
}.andExpect {
status {
isUnauthorized()
}
}
}
@Configuration
@EnableWebSecurity
@EnableWebMvc
open class FullyAuthenticatedConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeHttpRequests {
authorize("/path", fullyAuthenticated)
}
httpBasic { }
rememberMe { }
}
return http.build()
}
@Bean
open fun userDetailsService(): UserDetailsService = InMemoryUserDetailsManager(TestAuthentication.user())
@RestController
internal class PathController {
@GetMapping("/path")
fun path(): String {
return "ok"
}
}
}
} }