Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-04 04:19:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add denyAll method in AuthorizePayloadsSpec.Access

Browse Source 
See gh-7437

Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
This commit is contained in:
Jesús Ascama 2019-09-17 19:54:55 -05:00
parent 338b637ab5
commit daf6b53e3a
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
View File

@ -104,6 +104,7 @@ import java.util.List;
* } * }
* </pre> * </pre>
* @author Rob Winch * @author Rob Winch
* @author Jesús Ascama Arias
* @since 5.2 * @since 5.2
*/ */
public class RSocketSecurity { public class RSocketSecurity {
@ -325,6 +326,11 @@ public class RSocketSecurity {
AuthorizePayloadsSpec.this.authzBuilder.add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization)); AuthorizePayloadsSpec.this.authzBuilder.add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization));
return AuthorizePayloadsSpec.this; return AuthorizePayloadsSpec.this;
} }
public AuthorizePayloadsSpec denyAll() {
return access((a, ctx) -> Mono
.just(new AuthorizationDecision(false)));
}
} }
} }

17
config/src/test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
View File

@ -51,6 +51,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;
/** /**
* @author Rob Winch * @author Rob Winch
* @author Jesús Ascama Arias
*/ */
@ContextConfiguration @ContextConfiguration
@RunWith(SpringRunner.class) @RunWith(SpringRunner.class)
@ -167,6 +168,21 @@ public class RSocketMessageHandlerConnectionITests {
// .isInstanceOf(RejectedSetupException.class); // .isInstanceOf(RejectedSetupException.class);
} }
@Test
public void connectionDenied() {
UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
this.requester = requester()
.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
.block();
assertThatCode(() -> this.requester.route("prohibit")
.data("data")
.retrieveMono(String.class)
.block())
.isInstanceOf(ApplicationErrorException.class);
}
private RSocketRequester.Builder requester() { private RSocketRequester.Builder requester() {
return RSocketRequester.builder() return RSocketRequester.builder()
.rsocketStrategies(this.handler.getRSocketStrategies()); .rsocketStrategies(this.handler.getRSocketStrategies());
@ -225,6 +241,7 @@ public class RSocketMessageHandlerConnectionITests {
.setup().hasRole("SETUP") .setup().hasRole("SETUP")
.route("secure.admin.*").hasRole("ADMIN") .route("secure.admin.*").hasRole("ADMIN")
.route("secure.**").hasRole("USER") .route("secure.**").hasRole("USER")
.route("prohibit").denyAll()
.anyRequest().permitAll() .anyRequest().permitAll()
) )
.basicAuthentication(Customizer.withDefaults()); .basicAuthentication(Customizer.withDefaults());