Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix requiresAuthenticationMatcher not being used 

The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
This commit is contained in:
Eleftheria Stein 2020-01-27 16:11:44 +01:00
parent 29377545d9
commit a512789a93
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
View File

@ -3049,7 +3049,9 @@ public class ServerHttpSecurity {
public FormLoginSpec loginPage(String loginPage) { public FormLoginSpec loginPage(String loginPage) {
this.defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(loginPage); this.defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(loginPage);
this.authenticationEntryPoint = this.defaultEntryPoint; this.authenticationEntryPoint = this.defaultEntryPoint;
this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, loginPage); if (this.requiresAuthenticationMatcher == null) {
this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, loginPage);
}
if (this.authenticationFailureHandler == null) { if (this.authenticationFailureHandler == null) {
this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(loginPage + "?error"); this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(loginPage + "?error");
} }

26
config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
View File

@ -37,6 +37,7 @@ import org.springframework.security.web.server.authentication.RedirectServerAuth
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler; import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.context.ServerSecurityContextRepository; import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import org.springframework.security.web.server.csrf.CsrfToken; import org.springframework.security.web.server.csrf.CsrfToken;
import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.test.web.reactive.server.WebTestClient; import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
@ -245,6 +246,31 @@ public class FormLoginTests {
assertThat(driver.getCurrentUrl()).endsWith("/failure"); assertThat(driver.getCurrentUrl()).endsWith("/failure");
} }
@Test
public void formLoginWhenCustomRequiresAuthenticationMatcherThenUsed() {
SecurityWebFilterChain securityWebFilter = this.http
.authorizeExchange()
.pathMatchers("/login", "/sign-in").permitAll()
.anyExchange().authenticated()
.and()
.formLogin()
.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in"))
.and()
.build();
WebTestClient webTestClient = WebTestClientBuilder
.bindToWebFilters(securityWebFilter)
.build();
WebDriver driver = WebTestClientHtmlUnitDriverBuilder
.webTestClientSetup(webTestClient)
.build();
driver.get("http://localhost/sign-in");
assertThat(driver.getCurrentUrl()).endsWith("/login?error");
}
@Test @Test
public void authenticationSuccess() { public void authenticationSuccess() {
SecurityWebFilterChain securityWebFilter = this.http SecurityWebFilterChain securityWebFilter = this.http