mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-10-24 11:18:45 +00:00
Remove blocking call from ExceptionTranslationWebFilter
This also means that the exception message is no longer retrieved from a MessageSource. This is consistent with the other WebFilters. Closes gh-10864
This commit is contained in:
parent
da606627b6
commit
ae8e77f9ff
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@ -20,7 +20,6 @@ import reactor.core.publisher.Mono;
|
|||||||
|
|
||||||
import org.springframework.context.MessageSource;
|
import org.springframework.context.MessageSource;
|
||||||
import org.springframework.context.MessageSourceAware;
|
import org.springframework.context.MessageSourceAware;
|
||||||
import org.springframework.context.support.MessageSourceAccessor;
|
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
||||||
@ -29,7 +28,6 @@ import org.springframework.security.authentication.AuthenticationTrustResolverIm
|
|||||||
import org.springframework.security.authentication.InsufficientAuthenticationException;
|
import org.springframework.security.authentication.InsufficientAuthenticationException;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
|
||||||
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
|
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
|
||||||
import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;
|
import org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
@ -51,8 +49,6 @@ public class ExceptionTranslationWebFilter implements WebFilter, MessageSourceAw
|
|||||||
|
|
||||||
private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
|
private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
|
||||||
|
|
||||||
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
|
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
|
||||||
return chain.filter(exchange).onErrorResume(AccessDeniedException.class, (denied) -> exchange.getPrincipal()
|
return chain.filter(exchange).onErrorResume(AccessDeniedException.class, (denied) -> exchange.getPrincipal()
|
||||||
@ -60,8 +56,7 @@ public class ExceptionTranslationWebFilter implements WebFilter, MessageSourceAw
|
|||||||
&& !(this.authenticationTrustResolver.isAnonymous((Authentication) principal)))))
|
&& !(this.authenticationTrustResolver.isAnonymous((Authentication) principal)))))
|
||||||
.switchIfEmpty(commenceAuthentication(exchange,
|
.switchIfEmpty(commenceAuthentication(exchange,
|
||||||
new InsufficientAuthenticationException(
|
new InsufficientAuthenticationException(
|
||||||
this.messages.getMessage("ExceptionTranslationWebFilter.insufficientAuthentication",
|
"Full authentication is required to access this resource")))
|
||||||
"Full authentication is required to access this resource"))))
|
|
||||||
.flatMap((principal) -> this.accessDeniedHandler.handle(exchange, denied)).then());
|
.flatMap((principal) -> this.accessDeniedHandler.handle(exchange, denied)).then());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -99,11 +94,10 @@ public class ExceptionTranslationWebFilter implements WebFilter, MessageSourceAw
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* @since 5.5
|
* @since 5.5
|
||||||
|
* @deprecated This class no longer retrieves error messages from a MessageSource
|
||||||
*/
|
*/
|
||||||
@Override
|
@Deprecated
|
||||||
public void setMessageSource(MessageSource messageSource) {
|
public void setMessageSource(MessageSource messageSource) {
|
||||||
Assert.notNull(messageSource, "messageSource cannot be null");
|
|
||||||
this.messages = new MessageSourceAccessor(messageSource);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private <T> Mono<T> commenceAuthentication(ServerWebExchange exchange, AuthenticationException denied) {
|
private <T> Mono<T> commenceAuthentication(ServerWebExchange exchange, AuthenticationException denied) {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@ -161,9 +161,4 @@ public class ExceptionTranslationWebFilterTests {
|
|||||||
assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAuthenticationTrustResolver(null));
|
assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setAuthenticationTrustResolver(null));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void setMessageSource() {
|
|
||||||
assertThatIllegalArgumentException().isThrownBy(() -> this.filter.setMessageSource(null));
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user