Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

AuthenticationWebFilter handle empty Authentication 

Fixes: gh-5333
This commit is contained in:
Rob Winch 2018-05-11 01:10:57 -05:00
parent c696640276
commit d874c4954e
2 changed files with 27 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
View File

@ -17,17 +17,15 @@ package org.springframework.security.web.server.authentication;
import java.util.function.Function; import java.util.function.Function;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import reactor.core.publisher.Mono;
import org.springframework.security.authentication.ReactiveAuthenticationManager; import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl; import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter; import org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter;
import org.springframework.security.web.server.WebFilterExchange; import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository; import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher; import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers; import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -35,6 +33,8 @@ import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter; import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain; import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
/** /**
* A {@link WebFilter} that performs authentication of a particular request. An outline of the logic: * A {@link WebFilter} that performs authentication of a particular request. An outline of the logic:
* *
@ -97,6 +97,7 @@ public class AuthenticationWebFilter implements WebFilter {
WebFilterChain chain, Authentication token) { WebFilterChain chain, Authentication token) {
WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain); WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
return this.authenticationManager.authenticate(token) return this.authenticationManager.authenticate(token)
.switchIfEmpty(Mono.defer(() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
.flatMap(authentication -> onAuthenticationSuccess(authentication, webFilterExchange)) .flatMap(authentication -> onAuthenticationSuccess(authentication, webFilterExchange))
.onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler .onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler
.onAuthenticationFailure(webFilterExchange, e)); .onAuthenticationFailure(webFilterExchange, e));

21
web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
View File

@ -204,6 +204,27 @@ public class AuthenticationWebFilterTests {
verifyZeroInteractions(this.failureHandler); verifyZeroInteractions(this.failureHandler);
} }
@Test
public void filterWhenConvertAndAuthenticationEmptyThenServerError() {
Mono<Authentication> authentication = Mono.just(new TestingAuthenticationToken("test", "this", "ROLE_USER"));
when(this.authenticationConverter.apply(any())).thenReturn(authentication);
when(this.authenticationManager.authenticate(any())).thenReturn(Mono.empty());
WebTestClient client = WebTestClientBuilder
.bindToWebFilters(this.filter)
.build();
client
.get()
.uri("/")
.exchange()
.expectStatus().is5xxServerError()
.expectBody().isEmpty();
verify(this.securityContextRepository, never()).save(any(), any());
verifyZeroInteractions(this.successHandler, this.failureHandler);
}
@Test @Test
public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() { public void filterWhenNotMatchAndConvertAndAuthenticationSuccessThenContinues() {
this.filter.setRequiresAuthenticationMatcher(e -> ServerWebExchangeMatcher.MatchResult.notMatch()); this.filter.setRequiresAuthenticationMatcher(e -> ServerWebExchangeMatcher.MatchResult.notMatch());