Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-01 08:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add TestAuthentication convenience method

Browse Source 
Issue gh-14597
This commit is contained in:
Josh Cummings 2024-03-14 10:05:19 -06:00
parent d169d5a835
commit ce54a6db18
2 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java
View File

@ -20,6 +20,7 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Consumer;
import java.util.function.Function; import java.util.function.Function;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -40,12 +41,14 @@ import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter; import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PreFilter; import org.springframework.security.access.prepost.PreFilter;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestAuthentication;
import org.springframework.security.authorization.method.AuthorizeReturnObject; import org.springframework.security.authorization.method.AuthorizeReturnObject;
import org.springframework.security.config.core.GrantedAuthorityDefaults; import org.springframework.security.config.core.GrantedAuthorityDefaults;
import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContext;
import org.springframework.security.config.test.SpringTestContextExtension; import org.springframework.security.config.test.SpringTestContextExtension;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
@ -63,8 +66,7 @@ public class ReactiveMethodSecurityConfigurationTests {
@Test @Test
public void rolePrefixWithGrantedAuthorityDefaults() throws NoSuchMethodException { public void rolePrefixWithGrantedAuthorityDefaults() throws NoSuchMethodException {
this.spring.register(WithRolePrefixConfiguration.class).autowire(); this.spring.register(WithRolePrefixConfiguration.class).autowire();
TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", Authentication authentication = TestAuthentication.authenticatedUser(authorities("CUSTOM_ABC"));
"CUSTOM_ABC");
MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication,
methodInvocation); methodInvocation);
@ -78,8 +80,7 @@ public class ReactiveMethodSecurityConfigurationTests {
@Test @Test
public void rolePrefixWithDefaultConfig() throws NoSuchMethodException { public void rolePrefixWithDefaultConfig() throws NoSuchMethodException {
this.spring.register(ReactiveMethodSecurityConfiguration.class).autowire(); this.spring.register(ReactiveMethodSecurityConfiguration.class).autowire();
TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", Authentication authentication = TestAuthentication.authenticatedUser(authorities("ROLE_ABC"));
"ROLE_ABC");
MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication,
methodInvocation); methodInvocation);
@ -91,8 +92,7 @@ public class ReactiveMethodSecurityConfigurationTests {
@Test @Test
public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() throws NoSuchMethodException { public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() throws NoSuchMethodException {
this.spring.register(SubclassConfig.class).autowire(); this.spring.register(SubclassConfig.class).autowire();
TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", Authentication authentication = TestAuthentication.authenticatedUser(authorities("ROLE_ABC"));
"ROLE_ABC");
MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication,
methodInvocation); methodInvocation);
@ -105,7 +105,7 @@ public class ReactiveMethodSecurityConfigurationTests {
public void findByIdWhenAuthorizedResultThenAuthorizes() { public void findByIdWhenAuthorizedResultThenAuthorizes() {
this.spring.register(AuthorizeResultConfig.class).autowire(); this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "airplane:read"); Authentication pilot = TestAuthentication.authenticatedUser(authorities("airplane:read"));
StepVerifier StepVerifier
.create(flights.findById("1") .create(flights.findById("1")
.flatMap(Flight::getAltitude) .flatMap(Flight::getAltitude)
@ -124,7 +124,7 @@ public class ReactiveMethodSecurityConfigurationTests {
public void findByIdWhenUnauthorizedResultThenDenies() { public void findByIdWhenUnauthorizedResultThenDenies() {
this.spring.register(AuthorizeResultConfig.class).autowire(); this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "seating:read"); Authentication pilot = TestAuthentication.authenticatedUser(authorities("seating:read"));
StepVerifier StepVerifier
.create(flights.findById("1") .create(flights.findById("1")
.flatMap(Flight::getSeats) .flatMap(Flight::getSeats)
@ -142,7 +142,7 @@ public class ReactiveMethodSecurityConfigurationTests {
public void findAllWhenUnauthorizedResultThenDenies() { public void findAllWhenUnauthorizedResultThenDenies() {
this.spring.register(AuthorizeResultConfig.class).autowire(); this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "seating:read"); Authentication pilot = TestAuthentication.authenticatedUser(authorities("seating:read"));
StepVerifier StepVerifier
.create(flights.findAll() .create(flights.findAll()
.flatMap(Flight::getSeats) .flatMap(Flight::getSeats)
@ -160,7 +160,7 @@ public class ReactiveMethodSecurityConfigurationTests {
public void removeWhenAuthorizedResultThenRemoves() { public void removeWhenAuthorizedResultThenRemoves() {
this.spring.register(AuthorizeResultConfig.class).autowire(); this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "seating:read"); Authentication pilot = TestAuthentication.authenticatedUser(authorities("seating:read"));
StepVerifier.create(flights.remove("1").contextWrite(ReactiveSecurityContextHolder.withAuthentication(pilot))) StepVerifier.create(flights.remove("1").contextWrite(ReactiveSecurityContextHolder.withAuthentication(pilot)))
.verifyComplete(); .verifyComplete();
} }
@ -169,7 +169,7 @@ public class ReactiveMethodSecurityConfigurationTests {
public void findAllWhenPostFilterThenFilters() { public void findAllWhenPostFilterThenFilters() {
this.spring.register(AuthorizeResultConfig.class).autowire(); this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "airplane:read"); Authentication pilot = TestAuthentication.authenticatedUser(authorities("airplane:read"));
StepVerifier StepVerifier
.create(flights.findAll() .create(flights.findAll()
.flatMap(Flight::getPassengers) .flatMap(Flight::getPassengers)
@ -183,7 +183,7 @@ public class ReactiveMethodSecurityConfigurationTests {
public void findAllWhenPreFilterThenFilters() { public void findAllWhenPreFilterThenFilters() {
this.spring.register(AuthorizeResultConfig.class).autowire(); this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "airplane:read"); Authentication pilot = TestAuthentication.authenticatedUser(authorities("airplane:read"));
StepVerifier StepVerifier
.create(flights.findAll() .create(flights.findAll()
.flatMap((flight) -> flight.board(Flux.just("John Doe", "John")).then(Mono.just(flight))) .flatMap((flight) -> flight.board(Flux.just("John Doe", "John")).then(Mono.just(flight)))
@ -198,7 +198,7 @@ public class ReactiveMethodSecurityConfigurationTests {
public void findAllWhenNestedPreAuthorizeThenAuthorizes() { public void findAllWhenNestedPreAuthorizeThenAuthorizes() {
this.spring.register(AuthorizeResultConfig.class).autowire(); this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "seating:read"); Authentication pilot = TestAuthentication.authenticatedUser(authorities("seating:read"));
StepVerifier StepVerifier
.create(flights.findAll() .create(flights.findAll()
.flatMap(Flight::getPassengers) .flatMap(Flight::getPassengers)
@ -207,6 +207,10 @@ public class ReactiveMethodSecurityConfigurationTests {
.verifyError(AccessDeniedException.class); .verifyError(AccessDeniedException.class);
} }
private static Consumer<User.UserBuilder> authorities(String... authorities) {
return (builder) -> builder.authorities(authorities);
}
@Configuration @Configuration
@EnableReactiveMethodSecurity // this imports ReactiveMethodSecurityConfiguration @EnableReactiveMethodSecurity // this imports ReactiveMethodSecurityConfiguration
static class WithRolePrefixConfiguration { static class WithRolePrefixConfiguration {

11
core/src/test/java/org/springframework/security/authentication/TestAuthentication.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -16,9 +16,12 @@
package org.springframework.security.authentication; package org.springframework.security.authentication;
import java.util.function.Consumer;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.PasswordEncodedUser; import org.springframework.security.core.userdetails.PasswordEncodedUser;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
/** /**
@ -42,6 +45,12 @@ public class TestAuthentication extends PasswordEncodedUser {
return authenticated(user()); return authenticated(user());
} }
public static Authentication authenticatedUser(Consumer<User.UserBuilder> consumer) {
User.UserBuilder builder = withUsername("user");
consumer.accept(builder);
return authenticated(builder.build());
}
public static Authentication authenticated(UserDetails user) { public static Authentication authenticated(UserDetails user) {
return UsernamePasswordAuthenticationToken.authenticated(user, null, user.getAuthorities()); return UsernamePasswordAuthenticationToken.authenticated(user, null, user.getAuthorities());
} }