Move spring-security-webflux into spring-security-web

Fixes gh-4662

config/spring-security-config.gradle

@@ -15,12 +15,13 @@ dependencies {
 	optional project(':spring-security-jwt-jose')
 	optional project(':spring-security-openid')
 	optional project(':spring-security-web')
-	optional project(':spring-security-webflux')
+	optional 'io.projectreactor:reactor-core'
 	optional 'org.aspectj:aspectjweaver'
 	optional 'org.springframework:spring-jdbc'
 	optional 'org.springframework:spring-tx'
 	optional 'org.springframework:spring-webmvc'
 	optional'org.springframework:spring-web'
+	optional'org.springframework:spring-webflux'
 	optional'org.springframework:spring-websocket'
 
 	provided 'javax.servlet:javax.servlet-api'
@@ -28,7 +29,7 @@ dependencies {
 	testCompile project(':spring-security-aspects')
 	testCompile project(':spring-security-cas')
 	testCompile project(path : ':spring-security-core', configuration : 'tests')
-	testCompile project(path : ':spring-security-webflux', configuration : 'tests')
+	testCompile project(path : ':spring-security-web', configuration : 'tests')
 	testCompile apachedsDependencies
 	testCompile powerMock2Dependencies
 	testCompile spockDependencies

samples/javaconfig/hellowebflux-method/spring-security-samples-javaconfig-hellowebflux-method.gradle

@@ -3,7 +3,7 @@ apply plugin: 'io.spring.convention.spring-sample'
 dependencies {
 	compile project(':spring-security-core')
 	compile project(':spring-security-config')
-	compile project(':spring-security-webflux')
+	compile project(':spring-security-web')
 	compile 'com.fasterxml.jackson.core:jackson-databind'
 	compile 'io.netty:netty-buffer'
 	compile 'io.projectreactor.ipc:reactor-netty'

samples/javaconfig/hellowebflux/spring-security-samples-javaconfig-hellowebflux.gradle

@@ -3,7 +3,7 @@ apply plugin: 'io.spring.convention.spring-sample'
 dependencies {
 	compile project(':spring-security-core')
 	compile project(':spring-security-config')
-	compile project(':spring-security-webflux')
+	compile project(':spring-security-web')
 	compile 'com.fasterxml.jackson.core:jackson-databind'
 	compile 'io.netty:netty-buffer'
 	compile 'io.projectreactor.ipc:reactor-netty'

samples/javaconfig/hellowebfluxfn/spring-security-samples-javaconfig-hellowebfluxfn.gradle

@@ -3,7 +3,7 @@ apply plugin: 'io.spring.convention.spring-sample'
 dependencies {
 	compile project(':spring-security-core')
 	compile project(':spring-security-config')
-	compile project(':spring-security-webflux')
+	compile project(':spring-security-web')
 	compile 'com.fasterxml.jackson.core:jackson-databind'
 	compile 'io.netty:netty-buffer'
 	compile 'io.projectreactor.ipc:reactor-netty'

web/spring-security-web.gradle

@@ -10,16 +10,20 @@ dependencies {
 	compile 'org.springframework:spring-web'
 
 	optional 'com.fasterxml.jackson.core:jackson-databind'
+	optional 'io.projectreactor:reactor-core'
 	optional 'org.springframework:spring-jdbc'
 	optional 'org.springframework:spring-tx'
+	optional 'org.springframework:spring-webflux'
 	optional 'org.springframework:spring-webmvc'
 
 	provided 'javax.servlet:javax.servlet-api'
 
 	testCompile project(path: ':spring-security-core', configuration: 'tests')
 	testCompile 'commons-codec:commons-codec'
+	testCompile 'io.projectreactor:reactor-test'
 	testCompile 'org.codehaus.groovy:groovy-all'
 	testCompile 'org.skyscreamer:jsonassert'
+	testCompile 'org.springframework:spring-webflux'
 	testCompile powerMock2Dependencies
 	testCompile spockDependencies
 	testCompile slf4jDependencies

web/src/main/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcher.java

@@ -24,13 +24,12 @@ import java.util.Set;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.springframework.http.InvalidMediaTypeException;
 import reactor.core.publisher.Mono;
 
 import org.springframework.http.MediaType;
 import org.springframework.util.Assert;
 import org.springframework.web.accept.ContentNegotiationStrategy;
-import org.springframework.web.reactive.accept.HeaderContentTypeResolver;
-import org.springframework.web.reactive.accept.RequestedContentTypeResolver;
 import org.springframework.web.server.NotAcceptableStatusException;
 import org.springframework.web.server.ServerWebExchange;
 
@@ -40,7 +39,6 @@ import org.springframework.web.server.ServerWebExchange;
  */
 public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 	private final Log logger = LogFactory.getLog(getClass());
-	private RequestedContentTypeResolver requestedContentTypeResolver = new HeaderContentTypeResolver();
 
 	private final Collection<MediaType> matchingMediaTypes;
 	private boolean useEquals;
@@ -62,7 +60,7 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 	public Mono<MatchResult> matches(ServerWebExchange exchange) {
 		List<MediaType> httpRequestMediaTypes;
 		try {
-			httpRequestMediaTypes = this.requestedContentTypeResolver.resolveMediaTypes(exchange);
+			httpRequestMediaTypes = resolveMediaTypes(exchange);
 		}
 		catch (NotAcceptableStatusException e) {
 			this.logger.debug("Failed to parse MediaTypes, returning false", e);
@@ -121,16 +119,6 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 		this.useEquals = useEquals;
 	}
 
-	/**
-	 * Sets the {@link RequestedContentTypeResolver} to be used
-	 * @param requestedContentTypeResolver the resolver to use. Default is {@link HeaderContentTypeResolver}
-	 */
-	public void setRequestedContentTypeResolver(
-		RequestedContentTypeResolver requestedContentTypeResolver) {
-		Assert.notNull(requestedContentTypeResolver, "requestedContentTypeResolver cannot be null");
-		this.requestedContentTypeResolver = requestedContentTypeResolver;
-	}
-
 	/**
 	 * Set the {@link MediaType} to ignore from the {@link ContentNegotiationStrategy}.
 	 * This is useful if for example, you want to match on
@@ -143,10 +131,22 @@ public class MediaTypeServerWebExchangeMatcher implements ServerWebExchangeMatch
 		this.ignoredMediaTypes = ignoredMediaTypes;
 	}
 
+	private List<MediaType> resolveMediaTypes(ServerWebExchange exchange) throws NotAcceptableStatusException {
+		try {
+			List<MediaType> mediaTypes = exchange.getRequest().getHeaders().getAccept();
+			MediaType.sortBySpecificityAndQuality(mediaTypes);
+			return mediaTypes;
+		}
+		catch (InvalidMediaTypeException ex) {
+			String value = exchange.getRequest().getHeaders().getFirst("Accept");
+			throw new NotAcceptableStatusException(
+				"Could not parse 'Accept' header [" + value + "]: " + ex.getMessage());
+		}
+	}
+
 	@Override
 	public String toString() {
-		return "MediaTypeRequestMatcher [requestedContentTypeResolver="
-			+ this.requestedContentTypeResolver + ", matchingMediaTypes="
+		return "MediaTypeRequestMatcher [matchingMediaTypes="
 			+ this.matchingMediaTypes + ", useEquals=" + this.useEquals
 			+ ", ignoredMediaTypes=" + this.ignoredMediaTypes + "]";
 	}

web/src/test/java/org/springframework/security/web/server/util/matcher/MediaTypeServerWebExchangeMatcherTests.java

@@ -16,34 +16,23 @@
 
 package org.springframework.security.web.server.util.matcher;
 
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 
 import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
 
 import org.springframework.http.MediaType;
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 import org.springframework.mock.web.server.MockServerWebExchange;
-import org.springframework.web.reactive.accept.RequestedContentTypeResolver;
 import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
  * @since 5.0
  */
-@RunWith(MockitoJUnitRunner.class)
 public class MediaTypeServerWebExchangeMatcherTests {
-	@Mock
-	private RequestedContentTypeResolver resolver;
-
 	private MediaTypeServerWebExchangeMatcher matcher;
 
 	@Test(expected = IllegalArgumentException.class)
@@ -111,26 +100,6 @@ public class MediaTypeServerWebExchangeMatcherTests {
 		assertThat(matcher.matches(exchange(MediaType.TEXT_HTML)).block().isMatch()).isFalse();
 	}
 
-	@Test
-	public void matchWhenCustomResolverAndAcceptEqualThenMatch() {
-		MediaType acceptType = MediaType.TEXT_HTML;
-		when(this.resolver.resolveMediaTypes(any())).thenReturn(Arrays.asList(acceptType));
-		MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(acceptType);
-		matcher.setRequestedContentTypeResolver(this.resolver);
-
-		assertThat(matcher.matches(exchange(acceptType)).block().isMatch()).isTrue();
-	}
-
-	@Test
-	public void matchWhenCustomResolverAndDifferentAcceptThenNotMatch() {
-		MediaType acceptType = MediaType.TEXT_HTML;
-		when(this.resolver.resolveMediaTypes(any())).thenReturn(Arrays.asList(acceptType));
-		MediaTypeServerWebExchangeMatcher matcher = new MediaTypeServerWebExchangeMatcher(MediaType.APPLICATION_JSON);
-		matcher.setRequestedContentTypeResolver(this.resolver);
-
-		assertThat(matcher.matches(exchange(acceptType)).block().isMatch()).isFalse();
-	}
-
 	private static ServerWebExchange exchange(MediaType... accept) {
 		return MockServerWebExchange.from(MockServerHttpRequest.get("/").accept(accept).build());
 	}

webflux/spring-security-webflux.gradle

@@ -1,13 +0,0 @@
-apply plugin: 'io.spring.convention.spring-module'
-
-dependencies {
-	compile project(':spring-security-core')
-	compile project(':spring-security-web')
-	compile 'org.springframework:spring-webflux'
-
-	testCompile 'io.projectreactor:reactor-test'
-	testCompile 'org.springframework:spring-test'
-
-	integrationTestCompile 'com.squareup.okhttp3:mockwebserver'
-	integrationTestCompile 'io.projectreactor.ipc:reactor-netty'
-}

webflux/src/integration-test/java/webclient/oauth2/poc/WebClientOAuth2PocTests.java

@@ -1,105 +0,0 @@
-/*
- * Copyright 2002-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package webclient.oauth2.poc;
-
-import okhttp3.mockwebserver.MockResponse;
-import okhttp3.mockwebserver.MockWebServer;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.http.HttpStatus;
-import org.springframework.web.reactive.function.client.ClientRequest;
-import org.springframework.web.reactive.function.client.ClientResponse;
-import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
-import org.springframework.web.reactive.function.client.WebClient;
-import reactor.core.publisher.Mono;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.basicAuthentication;
-
-/**
- * @author Rob Winch
- * @since 5.0
- */
-public class WebClientOAuth2PocTests {
-
-	private MockWebServer server;
-
-	private WebClient webClient;
-
-
-	@Before
-	public void setup() {
-		this.server = new MockWebServer();
-		String baseUrl = this.server.url("/").toString();
-		this.webClient = WebClient.create(baseUrl);
-	}
-
-	@After
-	public void shutdown() throws Exception {
-		this.server.shutdown();
-	}
-
-	@Test
-	public void httpBasicWhenNeeded() throws Exception {
-		this.server.enqueue(new MockResponse().setResponseCode(401).setHeader("WWW-Authenticate", "Basic realm=\"Test\""));
-		this.server.enqueue(new MockResponse().setResponseCode(200).setBody("OK"));
-
-		ClientResponse response = this.webClient
-			.mutate()
-			.filter(basicIfNeeded("rob", "rob"))
-			.build()
-			.get()
-			.uri("/")
-			.exchange()
-			.block();
-
-		assertThat(response.statusCode()).isEqualTo(HttpStatus.OK);
-
-		assertThat(this.server.takeRequest().getHeader("Authorization")).isNull();
-		assertThat(this.server.takeRequest().getHeader("Authorization")).isEqualTo("Basic cm9iOnJvYg==");
-	}
-
-
-	@Test
-	public void httpBasicWhenNotNeeded() throws Exception {
-		this.server.enqueue(new MockResponse().setResponseCode(200).setBody("OK"));
-
-		ClientResponse response = this.webClient
-			.mutate()
-			.filter(basicIfNeeded("rob", "rob"))
-			.build()
-			.get()
-			.uri("/")
-			.exchange()
-			.block();
-
-		assertThat(response.statusCode()).isEqualTo(HttpStatus.OK);
-
-		assertThat(this.server.getRequestCount()).isEqualTo(1);
-		assertThat(this.server.takeRequest().getHeader("Authorization")).isNull();
-	}
-
-	private ExchangeFilterFunction basicIfNeeded(String username, String password) {
-		return (request, next) ->
-			next.exchange(request)
-				.filter( r -> !HttpStatus.UNAUTHORIZED.equals(r.statusCode()))
-				.switchIfEmpty( Mono.defer(() -> {
-					return basicAuthentication(username, password).filter(request, next);
-				}));
-	}
-}

webflux/src/test/resources/logback-test.xml

@@ -1,15 +0,0 @@
-<configuration>
-	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
-	<encoder>
-		<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
-	</encoder>
-	</appender>
-
-	<logger name="org.springframework.security" level="${sec.log.level:-WARN}"/>
-
-
-	<root level="${root.level:-WARN}">
-	<appender-ref ref="STDOUT" />
-	</root>
-
-</configuration>