Add RedirectServerAuthenticationFailureHandler
Fixes gh-4816
This commit is contained in:
Rob Winch
parent
060d8689fe
commit
8f6491b281
|
|
@ -0,0 +1,63 @@
|
|||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.server.authentication;
|
||||
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.server.DefaultServerRedirectStrategy;
|
||||
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
|
||||
import org.springframework.security.web.server.ServerRedirectStrategy;
|
||||
import org.springframework.security.web.server.WebFilterExchange;
|
||||
import org.springframework.security.web.server.savedrequest.ServerRequestCache;
|
||||
import org.springframework.security.web.server.savedrequest.WebSessionServerRequestCache;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
/**
|
||||
* Performs a redirect to a specified location.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 5.0
|
||||
*/
|
||||
public class RedirectServerAuthenticationFailureHandler
|
||||
implements ServerAuthenticationFailureHandler {
|
||||
private final URI location;
|
||||
|
||||
private ServerRedirectStrategy serverRedirectStrategy = new DefaultServerRedirectStrategy();
|
||||
|
||||
public RedirectServerAuthenticationFailureHandler(String location) {
|
||||
Assert.notNull(location, "location cannot be null");
|
||||
this.location = URI.create(location);
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the RedirectStrategy to use.
|
||||
* @param serverRedirectStrategy the strategy to use. Default is DefaultRedirectStrategy.
|
||||
*/
|
||||
public void setServerRedirectStrategy(ServerRedirectStrategy serverRedirectStrategy) {
|
||||
Assert.notNull(serverRedirectStrategy, "redirectStrategy cannot be null");
|
||||
this.serverRedirectStrategy = serverRedirectStrategy;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Mono<Void> onAuthenticationFailure(
|
||||
WebFilterExchange webFilterExchange, AuthenticationException exception) {
|
||||
return this.serverRedirectStrategy.sendRedirect(webFilterExchange.getExchange(), this.location);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,103 @@
|
|||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.web.server.authentication;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.junit.MockitoJUnitRunner;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
|
||||
import org.springframework.mock.web.server.MockServerWebExchange;
|
||||
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.server.ServerRedirectStrategy;
|
||||
import org.springframework.security.web.server.WebFilterExchange;
|
||||
import org.springframework.web.server.handler.DefaultWebFilterChain;
|
||||
import reactor.core.publisher.Mono;
|
||||
import reactor.test.publisher.PublisherProbe;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
* @since 5.0
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class RedirectServerAuthenticationFailureHandlerTests {
|
||||
|
||||
private WebFilterExchange exchange;
|
||||
@Mock
|
||||
private ServerRedirectStrategy serverRedirectStrategy;
|
||||
|
||||
private String location = "/login";
|
||||
|
||||
private RedirectServerAuthenticationFailureHandler handler =
|
||||
new RedirectServerAuthenticationFailureHandler(this.location);
|
||||
|
||||
private AuthenticationException exception = new AuthenticationCredentialsNotFoundException("Authentication Required");
|
||||
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void constructorStringWhenNullLocationThenException() {
|
||||
new RedirectServerAuthenticationEntryPoint((String) null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void commenceWhenNoSubscribersThenNoActions() {
|
||||
this.exchange = createExchange();
|
||||
this.handler.onAuthenticationFailure(this.exchange,
|
||||
this.exception);
|
||||
|
||||
assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).isNull();
|
||||
assertThat(this.exchange.getExchange().getSession().block().isStarted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void commenceWhenSubscribeThenStatusAndLocationSet() {
|
||||
this.exchange = createExchange();
|
||||
|
||||
this.handler.onAuthenticationFailure(this.exchange, this.exception).block();
|
||||
|
||||
assertThat(this.exchange.getExchange().getResponse().getStatusCode()).isEqualTo(
|
||||
HttpStatus.FOUND);
|
||||
assertThat(this.exchange.getExchange().getResponse().getHeaders().getLocation()).hasPath(this.location);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void commenceWhenCustomServerRedirectStrategyThenCustomServerRedirectStrategyUsed() {
|
||||
PublisherProbe<Void> redirectResult = PublisherProbe.empty();
|
||||
when(this.serverRedirectStrategy.sendRedirect(any(), any())).thenReturn(redirectResult.mono());
|
||||
this.handler.setServerRedirectStrategy(this.serverRedirectStrategy);
|
||||
this.exchange = createExchange();
|
||||
|
||||
this.handler.onAuthenticationFailure(this.exchange, this.exception).block();
|
||||
|
||||
redirectResult.assertWasSubscribed();
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void setRedirectStrategyWhenNullThenException() {
|
||||
this.handler.setServerRedirectStrategy(null);
|
||||
}
|
||||
|
||||
private WebFilterExchange createExchange() {
|
||||
return new WebFilterExchange(MockServerWebExchange.from(MockServerHttpRequest.get("/").build()), new DefaultWebFilterChain(e -> Mono.empty()));
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue