EnableWebFluxSecurity uses PasswordEncoder Bean
This commit is contained in:
Rob Winch
parent
895f0d108c
commit
be0081290b
|
|
@ -26,6 +26,7 @@ import org.springframework.security.authentication.ReactiveAuthenticationManager
|
|||
import org.springframework.security.authentication.UserDetailsRepositoryAuthenticationManager;
|
||||
import org.springframework.security.config.web.server.HttpSecurity;
|
||||
import org.springframework.security.core.userdetails.UserDetailsRepository;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver;
|
||||
import org.springframework.security.web.server.context.WebSessionSecurityContextRepository;
|
||||
import org.springframework.web.reactive.config.WebFluxConfigurer;
|
||||
|
|
@ -50,6 +51,9 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
|
|||
@Autowired(required = false)
|
||||
private UserDetailsRepository userDetailsRepository;
|
||||
|
||||
@Autowired(required = false)
|
||||
private PasswordEncoder passwordEncoder;
|
||||
|
||||
@Override
|
||||
public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) {
|
||||
configurer.addCustomResolver(authenticationPrincipalArgumentResolver());
|
||||
|
|
@ -57,7 +61,7 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
|
|||
|
||||
@Bean
|
||||
public AuthenticationPrincipalArgumentResolver authenticationPrincipalArgumentResolver() {
|
||||
return new AuthenticationPrincipalArgumentResolver(adapterRegistry);
|
||||
return new AuthenticationPrincipalArgumentResolver(this.adapterRegistry);
|
||||
}
|
||||
|
||||
@Bean(HTTPSECURITY_BEAN_NAME)
|
||||
|
|
@ -71,11 +75,16 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
|
|||
}
|
||||
|
||||
private ReactiveAuthenticationManager authenticationManager() {
|
||||
if(authenticationManager != null) {
|
||||
return authenticationManager;
|
||||
if(this.authenticationManager != null) {
|
||||
return this.authenticationManager;
|
||||
}
|
||||
if(userDetailsRepository != null) {
|
||||
return new UserDetailsRepositoryAuthenticationManager(userDetailsRepository);
|
||||
if(this.userDetailsRepository != null) {
|
||||
UserDetailsRepositoryAuthenticationManager manager =
|
||||
new UserDetailsRepositoryAuthenticationManager(this.userDetailsRepository);
|
||||
if(this.passwordEncoder != null) {
|
||||
manager.setPasswordEncoder(this.passwordEncoder);
|
||||
}
|
||||
return manager;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -33,6 +33,8 @@ import org.springframework.security.core.Authentication;
|
|||
import org.springframework.security.core.userdetails.MapUserDetailsRepository;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetailsRepository;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
|
||||
import org.springframework.security.web.server.SecurityWebFilterChain;
|
||||
import org.springframework.security.web.server.WebFilterChainFilter;
|
||||
|
|
@ -127,6 +129,51 @@ public class EnableWebFluxSecurityTests {
|
|||
}
|
||||
}
|
||||
|
||||
@RunWith(SpringRunner.class)
|
||||
public static class CustomPasswordEncoder {
|
||||
@Autowired
|
||||
WebFilterChainFilter springSecurityFilterChain;
|
||||
|
||||
@Test
|
||||
public void passwordEncoderBeanIsUsed() {
|
||||
WebTestClient client = WebTestClientBuilder.bindToWebFilters(
|
||||
springSecurityFilterChain,
|
||||
(exchange,chain) ->
|
||||
Mono.currentContext()
|
||||
.flatMap( c -> c.<Mono<Principal>>get(Authentication.class))
|
||||
.flatMap( principal -> exchange.getResponse()
|
||||
.writeWith(Mono.just(toDataBuffer(principal.getName()))))
|
||||
)
|
||||
.filter(basicAuthentication())
|
||||
.build();
|
||||
|
||||
client
|
||||
.get()
|
||||
.uri("/")
|
||||
.attributes(basicAuthenticationCredentials("user","password"))
|
||||
.exchange()
|
||||
.expectStatus().isOk()
|
||||
.expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo("user"));
|
||||
}
|
||||
|
||||
@EnableWebFluxSecurity
|
||||
static class Config {
|
||||
@Bean
|
||||
public UserDetailsRepository userDetailsRepository(PasswordEncoder encoder) {
|
||||
return new MapUserDetailsRepository(User.withUsername("user")
|
||||
.password(encoder.encode("password"))
|
||||
.roles("USER")
|
||||
.build()
|
||||
);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public PasswordEncoder passwordEncoder() {
|
||||
return new BCryptPasswordEncoder();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@RunWith(SpringRunner.class)
|
||||
public static class MultiHttpSecurity {
|
||||
@Autowired
|
||||
|
|
|
|||
Loading…
Reference in New Issue