Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-29 07:12:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

EnableWebFluxSecurity uses PasswordEncoder Bean

Browse Source
This commit is contained in:
Rob Winch 2017-08-30 10:02:00 -05:00
parent 895f0d108c
commit be0081290b
2 changed files with 61 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java
View File

@ -26,6 +26,7 @@ import org.springframework.security.authentication.ReactiveAuthenticationManager
import org.springframework.security.authentication.UserDetailsRepositoryAuthenticationManager; import org.springframework.security.authentication.UserDetailsRepositoryAuthenticationManager;
import org.springframework.security.config.web.server.HttpSecurity; import org.springframework.security.config.web.server.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsRepository; import org.springframework.security.core.userdetails.UserDetailsRepository;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver; import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver;
import org.springframework.security.web.server.context.WebSessionSecurityContextRepository; import org.springframework.security.web.server.context.WebSessionSecurityContextRepository;
import org.springframework.web.reactive.config.WebFluxConfigurer; import org.springframework.web.reactive.config.WebFluxConfigurer;
@ -50,6 +51,9 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
@Autowired(required = false) @Autowired(required = false)
private UserDetailsRepository userDetailsRepository; private UserDetailsRepository userDetailsRepository;
@Autowired(required = false)
private PasswordEncoder passwordEncoder;
@Override @Override
public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) { public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) {
configurer.addCustomResolver(authenticationPrincipalArgumentResolver()); configurer.addCustomResolver(authenticationPrincipalArgumentResolver());
@ -57,7 +61,7 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
@Bean @Bean
public AuthenticationPrincipalArgumentResolver authenticationPrincipalArgumentResolver() { public AuthenticationPrincipalArgumentResolver authenticationPrincipalArgumentResolver() {
return new AuthenticationPrincipalArgumentResolver(adapterRegistry); return new AuthenticationPrincipalArgumentResolver(this.adapterRegistry);
} }
@Bean(HTTPSECURITY_BEAN_NAME) @Bean(HTTPSECURITY_BEAN_NAME)
@ -71,11 +75,16 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
} }
private ReactiveAuthenticationManager authenticationManager() { private ReactiveAuthenticationManager authenticationManager() {
if(authenticationManager != null) { if(this.authenticationManager != null) {
return authenticationManager; return this.authenticationManager;
} }
if(userDetailsRepository != null) { if(this.userDetailsRepository != null) {
return new UserDetailsRepositoryAuthenticationManager(userDetailsRepository); UserDetailsRepositoryAuthenticationManager manager =
new UserDetailsRepositoryAuthenticationManager(this.userDetailsRepository);
if(this.passwordEncoder != null) {
manager.setPasswordEncoder(this.passwordEncoder);
}
return manager;
} }
return null; return null;
} }

47
config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
View File

@ -33,6 +33,8 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.MapUserDetailsRepository; import org.springframework.security.core.userdetails.MapUserDetailsRepository;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsRepository; import org.springframework.security.core.userdetails.UserDetailsRepository;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder; import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.WebFilterChainFilter; import org.springframework.security.web.server.WebFilterChainFilter;
@ -127,6 +129,51 @@ public class EnableWebFluxSecurityTests {
} }
} }
@RunWith(SpringRunner.class)
public static class CustomPasswordEncoder {
@Autowired
WebFilterChainFilter springSecurityFilterChain;
@Test
public void passwordEncoderBeanIsUsed() {
WebTestClient client = WebTestClientBuilder.bindToWebFilters(
springSecurityFilterChain,
(exchange,chain) ->
Mono.currentContext()
.flatMap( c -> c.<Mono<Principal>>get(Authentication.class))
.flatMap( principal -> exchange.getResponse()
.writeWith(Mono.just(toDataBuffer(principal.getName()))))
)
.filter(basicAuthentication())
.build();
client
.get()
.uri("/")
.attributes(basicAuthenticationCredentials("user","password"))
.exchange()
.expectStatus().isOk()
.expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo("user"));
}
@EnableWebFluxSecurity
static class Config {
@Bean
public UserDetailsRepository userDetailsRepository(PasswordEncoder encoder) {
return new MapUserDetailsRepository(User.withUsername("user")
.password(encoder.encode("password"))
.roles("USER")
.build()
);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
}
@RunWith(SpringRunner.class) @RunWith(SpringRunner.class)
public static class MultiHttpSecurity { public static class MultiHttpSecurity {
@Autowired @Autowired