Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

EnableWebFluxSecurity creates CsrfRequestDataValueProcessor 

Fixes gh-4762
This commit is contained in:
Rob Winch 2017-11-03 22:54:34 -05:00
parent 676020321e
commit adec62cdf2
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
View File

@ -22,9 +22,11 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
import org.springframework.security.config.web.server.ServerHttpSecurity; import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor;
import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.WebFilterChainProxy; import org.springframework.security.web.server.WebFilterChainProxy;
import org.springframework.util.ObjectUtils; import org.springframework.util.ObjectUtils;
import org.springframework.web.reactive.result.view.AbstractView;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -53,6 +55,11 @@ class WebFluxSecurityConfiguration {
return new WebFilterChainProxy(getSecurityWebFilterChains()); return new WebFilterChainProxy(getSecurityWebFilterChains());
} }
@Bean(name = AbstractView.REQUEST_DATA_VALUE_PROCESSOR_BEAN_NAME)
public CsrfRequestDataValueProcessor requestDataValueProcessor() {
return new CsrfRequestDataValueProcessor();
}
private List<SecurityWebFilterChain> getSecurityWebFilterChains() { private List<SecurityWebFilterChain> getSecurityWebFilterChains() {
List<SecurityWebFilterChain> result = this.securityWebFilterChains; List<SecurityWebFilterChain> result = this.securityWebFilterChains;
if(ObjectUtils.isEmpty(result)) { if(ObjectUtils.isEmpty(result)) {

12
config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
View File

@ -19,6 +19,7 @@ package org.springframework.security.config.annotation.web.reactive;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import; import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.ImportResource; import org.springframework.context.annotation.ImportResource;
@ -40,6 +41,7 @@ import org.springframework.security.core.userdetails.User;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder; import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor;
import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.WebFilterChainProxy; import org.springframework.security.web.server.WebFilterChainProxy;
import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository; import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
@ -49,6 +51,7 @@ import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap; import org.springframework.util.MultiValueMap;
import org.springframework.web.reactive.function.BodyInserters; import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.result.view.AbstractView;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
@ -151,6 +154,15 @@ public class EnableWebFluxSecurityTests {
.expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo("user")); .expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo("user"));
} }
@Test
public void requestDataValueProcessor() {
this.spring.register(Config.class).autowire();
ConfigurableApplicationContext context = this.spring.getContext();
CsrfRequestDataValueProcessor rdvp = context.getBean(AbstractView.REQUEST_DATA_VALUE_PROCESSOR_BEAN_NAME, CsrfRequestDataValueProcessor.class);
assertThat(rdvp).isNotNull();
}
@EnableWebFluxSecurity @EnableWebFluxSecurity
@Import(ReactiveAuthenticationTestConfiguration.class) @Import(ReactiveAuthenticationTestConfiguration.class)
static class Config { static class Config {