From d83b67e4cb86a5639f3a6ec048a3ba14bea5b0a4 Mon Sep 17 00:00:00 2001
From: Tao Qian <tqian@vmware.com>
Date: Wed, 28 Mar 2018 12:28:09 -0700
Subject: [PATCH] Add NegatedServerWebExchangeMatcher

Fixes: gh-5170
---
 .../NegatedServerWebExchangeMatcher.java      | 49 +++++++++++++
 .../NegatedServerWebExchangeMatcherTests.java | 71 +++++++++++++++++++
 2 files changed, 120 insertions(+)
 create mode 100644 web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
 create mode 100644 web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java

diff --git a/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
new file mode 100644
index 0000000000..c61032cca5
--- /dev/null
+++ b/web/src/main/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcher.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.web.server.util.matcher;
+
+import org.springframework.util.Assert;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Mono;
+
+/**
+ * @author Tao Qian
+ * @since 5.0
+ */
+public class NegatedServerWebExchangeMatcher implements ServerWebExchangeMatcher {
+	private final ServerWebExchangeMatcher matcher;
+
+	public NegatedServerWebExchangeMatcher(ServerWebExchangeMatcher matcher) {
+		Assert.notNull(matcher, "matcher cannot be null");
+		this.matcher = matcher;
+	}
+
+	/* (non-Javadoc)
+	 * @see org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher#matches(org.springframework.web.server.ServerWebExchange)
+	 */
+	@Override
+	public Mono<MatchResult> matches(ServerWebExchange exchange) {
+		return matcher.matches(exchange)
+			.flatMap(m -> m.isMatch() ? MatchResult.notMatch() : MatchResult.match());
+	}
+
+	@Override
+	public String toString() {
+		return "NegatedServerWebExchangeMatcher{" +
+				"matcher=" + matcher +
+				'}';
+	}
+}
diff --git a/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
new file mode 100644
index 0000000000..251a8b03db
--- /dev/null
+++ b/web/src/test/java/org/springframework/security/web/server/util/matcher/NegatedServerWebExchangeMatcherTests.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2002-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.server.util.matcher;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.springframework.web.server.ServerWebExchange;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+/**
+ * @author Tao Qian
+ * @since 5.0
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class NegatedServerWebExchangeMatcherTests {
+	@Mock
+	ServerWebExchange exchange;
+	@Mock
+	ServerWebExchangeMatcher matcher1;
+
+	NegatedServerWebExchangeMatcher matcher;
+
+	@Before
+	public void setUp() throws Exception {
+		matcher = new NegatedServerWebExchangeMatcher(matcher1);
+	}
+
+	@Test
+	public void matchesWhenFalseThenTrue() throws Exception {
+		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.notMatch());
+
+		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+
+		assertThat(matches.isMatch()).isTrue();
+		assertThat(matches.getVariables()).isEmpty();
+
+		verify(matcher1).matches(exchange);
+	}
+
+	@Test
+	public void matchesWhenTrueThenFalse() throws Exception {
+		when(matcher1.matches(exchange)).thenReturn(ServerWebExchangeMatcher.MatchResult.match());
+
+		ServerWebExchangeMatcher.MatchResult matches = matcher.matches(exchange).block();
+
+		assertThat(matches.isMatch()).isFalse();
+		assertThat(matches.getVariables()).isEmpty();
+
+		verify(matcher1).matches(exchange);
+	}
+}