From bb11a818579d66a7d20afb1243d750efbd76053b Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Mon, 11 Jun 2018 14:30:11 -0500 Subject: [PATCH] Add UserDetailsRepositoryReactiveAuthenticationManager.setScheduler Fixes: gh-5417 --- ...positoryReactiveAuthenticationManager.java | 21 ++++- ...oryReactiveAuthenticationManagerTests.java | 88 +++++++++++++++++++ 2 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java diff --git a/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java index 0dbab23978..c60ea15f5c 100644 --- a/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java +++ b/core/src/main/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManager.java @@ -23,6 +23,7 @@ import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.util.Assert; import reactor.core.publisher.Mono; +import reactor.core.scheduler.Scheduler; import reactor.core.scheduler.Schedulers; /** @@ -37,6 +38,8 @@ public class UserDetailsRepositoryReactiveAuthenticationManager implements React private PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); + private Scheduler scheduler = Schedulers.parallel(); + public UserDetailsRepositoryReactiveAuthenticationManager(ReactiveUserDetailsService userDetailsService) { Assert.notNull(userDetailsService, "userDetailsService cannot be null"); this.userDetailsService = userDetailsService; @@ -46,7 +49,7 @@ public class UserDetailsRepositoryReactiveAuthenticationManager implements React public Mono authenticate(Authentication authentication) { final String username = authentication.getName(); return this.userDetailsService.findByUsername(username) - .publishOn(Schedulers.parallel()) + .publishOn(this.scheduler) .filter( u -> this.passwordEncoder.matches((String) authentication.getCredentials(), u.getPassword())) .switchIfEmpty(Mono.defer(() -> Mono.error(new BadCredentialsException("Invalid Credentials")))) .map( u -> new UsernamePasswordAuthenticationToken(u, u.getPassword(), u.getAuthorities()) ); @@ -61,4 +64,20 @@ public class UserDetailsRepositoryReactiveAuthenticationManager implements React Assert.notNull(passwordEncoder, "passwordEncoder cannot be null"); this.passwordEncoder = passwordEncoder; } + + /** + * Sets the {@link Scheduler} used by the {@link UserDetailsRepositoryReactiveAuthenticationManager}. + * The default is {@code Schedulers.parallel()} because modern password encoding is + * a CPU intensive task that is non blocking. This means validation is bounded by the + * number of CPUs. Some applications may want to customize the {@link Scheduler}. For + * example, if users are stuck using the insecure {@link org.springframework.security.crypto.password.NoOpPasswordEncoder} + * they might want to leverage {@code Schedulers.immediate()}. + * + * @param scheduler the {@link Scheduler} to use. Cannot be null. + * @since 5.0.6 + */ + public void setScheduler(Scheduler scheduler) { + Assert.notNull(scheduler, "scheduler cannot be null"); + this.scheduler = scheduler; + } } diff --git a/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java new file mode 100644 index 0000000000..238c075fc1 --- /dev/null +++ b/core/src/test/java/org/springframework/security/authentication/UserDetailsRepositoryReactiveAuthenticationManagerTests.java @@ -0,0 +1,88 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.authentication; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.junit.MockitoJUnitRunner; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.userdetails.ReactiveUserDetailsService; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.crypto.password.PasswordEncoder; +import reactor.core.publisher.Mono; +import reactor.core.scheduler.Scheduler; +import reactor.core.scheduler.Schedulers; + +import static org.assertj.core.api.Assertions.*; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +/** + * @author Rob Winch + * @since 5.1 + */ +@RunWith(MockitoJUnitRunner.class) +public class UserDetailsRepositoryReactiveAuthenticationManagerTests { + @Mock + private ReactiveUserDetailsService userDetailsService; + + @Mock + private PasswordEncoder encoder; + + @Mock + private Scheduler scheduler; + + private UserDetails user = User.withUsername("user") + .password("password") + .roles("USER") + .build(); + + private UserDetailsRepositoryReactiveAuthenticationManager manager; + + @Before + public void setup() { + this.manager = new UserDetailsRepositoryReactiveAuthenticationManager(this.userDetailsService); + when(this.scheduler.schedule(any())).thenAnswer(a -> { + Runnable r = a.getArgument(0); + return Schedulers.immediate().schedule(r); + }); + } + + @Test + public void setSchedulerWhenNullThenIllegalArgumentException() { + assertThatCode(() -> this.manager.setScheduler(null)) + .isInstanceOf(IllegalArgumentException.class); + } + + @Test + public void authentiateWhenCustomSchedulerThenUsed() { + when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); + when(this.encoder.matches(any(), any())).thenReturn(true); + this.manager.setScheduler(this.scheduler); + this.manager.setPasswordEncoder(this.encoder); + UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( + this.user, this.user.getPassword()); + + Authentication result = this.manager.authenticate(token).block(); + + verify(this.scheduler).schedule(any()); + } +}