Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Configuration for ReactiveUserDetailsPasswordService

Browse Source 
Issue: gh-2778
This commit is contained in:
Rob Winch 2018-07-14 23:38:05 -05:00
parent 72a267a311
commit a66b945ab7
4 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
View File

@ -28,6 +28,7 @@ import org.springframework.core.ReactiveAdapterRegistry;
import org.springframework.security.authentication.ReactiveAuthenticationManager; import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager; import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager;
import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService; import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver; import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver;
@ -54,6 +55,9 @@ class ServerHttpSecurityConfiguration implements WebFluxConfigurer {
@Autowired(required = false) @Autowired(required = false)
private PasswordEncoder passwordEncoder; private PasswordEncoder passwordEncoder;
@Autowired(required = false)
private ReactiveUserDetailsPasswordService userDetailsPasswordService;
@Autowired(required = false) @Autowired(required = false)
private BeanFactory beanFactory; private BeanFactory beanFactory;
@ -92,6 +96,7 @@ class ServerHttpSecurityConfiguration implements WebFluxConfigurer {
if(this.passwordEncoder != null) { if(this.passwordEncoder != null) {
manager.setPasswordEncoder(this.passwordEncoder); manager.setPasswordEncoder(this.passwordEncoder);
} }
manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
return manager; return manager;
} }
return null; return null;

28
config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
View File

@ -237,6 +237,34 @@ public class EnableWebFluxSecurityTests {
} }
} }
@Test
public void passwordUpdateManagerUsed() {
this.spring.register(MapReactiveUserDetailsServiceConfig.class).autowire();
WebTestClient client = WebTestClientBuilder.bindToWebFilters(this.springSecurityFilterChain).build();
client
.get()
.uri("/")
.headers(h -> h.setBasicAuth("user", "password"))
.exchange()
.expectStatus().isOk();
ReactiveUserDetailsService users = this.spring.getContext().getBean(ReactiveUserDetailsService.class);
assertThat(users.findByUsername("user").block().getPassword()).startsWith("{bcrypt}");
}
@EnableWebFluxSecurity
static class MapReactiveUserDetailsServiceConfig {
@Bean
public MapReactiveUserDetailsService userDetailsService() {
return new MapReactiveUserDetailsService(User.withUsername("user")
.password("{noop}password")
.roles("USER")
.build()
);
}
}
@Test @Test
public void formLoginWorks() { public void formLoginWorks() {
this.spring.register(Config.class).autowire(); this.spring.register(Config.class).autowire();

1
core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java
View File

@ -20,7 +20,6 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService; import org.springframework.security.core.userdetails.ReactiveUserDetailsPasswordService;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService; import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.Assert; import org.springframework.util.Assert;

2
core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java
View File

@ -115,7 +115,6 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
public void authenticateWhenPasswordServiceAndBadCredentialsThenNotUpdated() { public void authenticateWhenPasswordServiceAndBadCredentialsThenNotUpdated() {
when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user));
when(this.encoder.matches(any(), any())).thenReturn(false); when(this.encoder.matches(any(), any())).thenReturn(false);
when(this.userDetailsPasswordService.updatePassword(any(), any())).thenReturn(Mono.just(this.user));
this.manager.setPasswordEncoder(this.encoder); this.manager.setPasswordEncoder(this.encoder);
this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
@ -132,7 +131,6 @@ public class UserDetailsRepositoryReactiveAuthenticationManagerTests {
when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user));
when(this.encoder.matches(any(), any())).thenReturn(true); when(this.encoder.matches(any(), any())).thenReturn(true);
when(this.encoder.upgradeEncoding(any())).thenReturn(false); when(this.encoder.upgradeEncoding(any())).thenReturn(false);
when(this.userDetailsPasswordService.updatePassword(any(), any())).thenReturn(Mono.just(this.user));
this.manager.setPasswordEncoder(this.encoder); this.manager.setPasswordEncoder(this.encoder);
this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService);
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(