Fix requiresAuthenticationMatcher not being used
The custom server requiresAuthenticationMatcher was not always picked up Fixes: gh-7863
This commit is contained in:
parent
29377545d9
commit
a512789a93
|
@ -3049,7 +3049,9 @@ public class ServerHttpSecurity {
|
||||||
public FormLoginSpec loginPage(String loginPage) {
|
public FormLoginSpec loginPage(String loginPage) {
|
||||||
this.defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(loginPage);
|
this.defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(loginPage);
|
||||||
this.authenticationEntryPoint = this.defaultEntryPoint;
|
this.authenticationEntryPoint = this.defaultEntryPoint;
|
||||||
|
if (this.requiresAuthenticationMatcher == null) {
|
||||||
this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, loginPage);
|
this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, loginPage);
|
||||||
|
}
|
||||||
if (this.authenticationFailureHandler == null) {
|
if (this.authenticationFailureHandler == null) {
|
||||||
this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(loginPage + "?error");
|
this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(loginPage + "?error");
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,6 +37,7 @@ import org.springframework.security.web.server.authentication.RedirectServerAuth
|
||||||
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
|
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
|
||||||
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
|
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
|
||||||
import org.springframework.security.web.server.csrf.CsrfToken;
|
import org.springframework.security.web.server.csrf.CsrfToken;
|
||||||
|
import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
@ -245,6 +246,31 @@ public class FormLoginTests {
|
||||||
assertThat(driver.getCurrentUrl()).endsWith("/failure");
|
assertThat(driver.getCurrentUrl()).endsWith("/failure");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void formLoginWhenCustomRequiresAuthenticationMatcherThenUsed() {
|
||||||
|
SecurityWebFilterChain securityWebFilter = this.http
|
||||||
|
.authorizeExchange()
|
||||||
|
.pathMatchers("/login", "/sign-in").permitAll()
|
||||||
|
.anyExchange().authenticated()
|
||||||
|
.and()
|
||||||
|
.formLogin()
|
||||||
|
.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in"))
|
||||||
|
.and()
|
||||||
|
.build();
|
||||||
|
|
||||||
|
WebTestClient webTestClient = WebTestClientBuilder
|
||||||
|
.bindToWebFilters(securityWebFilter)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
WebDriver driver = WebTestClientHtmlUnitDriverBuilder
|
||||||
|
.webTestClientSetup(webTestClient)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
driver.get("http://localhost/sign-in");
|
||||||
|
|
||||||
|
assertThat(driver.getCurrentUrl()).endsWith("/login?error");
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void authenticationSuccess() {
|
public void authenticationSuccess() {
|
||||||
SecurityWebFilterChain securityWebFilter = this.http
|
SecurityWebFilterChain securityWebFilter = this.http
|
||||||
|
|
Loading…
Reference in New Issue