Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add authenticated().withAuthentication(Consumer<Authentication>)

Browse Source 
This allows arbitrary assertions of the authenticated user

Fixes: gh-4996
This commit is contained in:
Rob Winch 2018-02-02 16:40:43 -06:00
parent 1cb581a0c6
commit e1a8d250de
3 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/manual/src/docs/asciidoc/_includes/test.adoc
View File

@ -694,6 +694,16 @@ mvc
.andExpect(authenticated().withUsername("admin")); .andExpect(authenticated().withUsername("admin"));
---- ----
We can also make arbitrary assertions on the authentication
[source,java]
----
mvc
.perform(formLogin())
.andExpect(authenticated().withAuthentication(auth ->
assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken.class)));
----
[[test-webflux]] [[test-webflux]]
== WebFlux Support == WebFlux Support

16
test/src/main/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchers.java
View File

@ -17,6 +17,7 @@ package org.springframework.security.test.web.servlet.response;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.function.Consumer;
import org.springframework.security.authentication.AuthenticationTrustResolver; import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl; import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
@ -88,6 +89,7 @@ public final class SecurityMockMvcResultMatchers {
private Object expectedAuthenticationPrincipal; private Object expectedAuthenticationPrincipal;
private String expectedAuthenticationName; private String expectedAuthenticationName;
private Collection<? extends GrantedAuthority> expectedGrantedAuthorities; private Collection<? extends GrantedAuthority> expectedGrantedAuthorities;
private Consumer<Authentication> assertAuthentication;
@Override @Override
public void match(MvcResult result) throws Exception { public void match(MvcResult result) throws Exception {
@ -97,6 +99,10 @@ public final class SecurityMockMvcResultMatchers {
assertTrue("Authentication should not be null", auth != null); assertTrue("Authentication should not be null", auth != null);
if (this.assertAuthentication != null) {
this.assertAuthentication.accept(auth);
}
if (this.expectedContext != null) { if (this.expectedContext != null) {
assertEquals(this.expectedContext + " does not equal " + context, assertEquals(this.expectedContext + " does not equal " + context,
this.expectedContext, context); this.expectedContext, context);
@ -140,6 +146,16 @@ public final class SecurityMockMvcResultMatchers {
} }
} }
/**
* Allows for any validating the authentication with arbitrary assertions
* @param assesrtAuthentication the Consumer which validates the authentication
* @return the AuthenticatedMatcher to perform additional assertions
*/
public AuthenticatedMatcher withAuthentication(Consumer<Authentication> assesrtAuthentication) {
this.assertAuthentication = assesrtAuthentication;
return this;
}
/** /**
* Specifies the expected username * Specifies the expected username
* *

16
test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
View File

@ -21,6 +21,7 @@ import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
@ -37,6 +38,7 @@ import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import static org.assertj.core.api.Assertions.assertThat;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated; import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity; import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
@ -60,6 +62,20 @@ public class SecurityMockMvcResultMatchersTests {
// @formatter:on // @formatter:on
} }
@Test
public void withAuthenticationWhenMatchesThenSuccess() throws Exception {
this.mockMvc.perform(formLogin())
.andExpect(authenticated().withAuthentication(auth ->
assertThat(auth).isInstanceOf(UsernamePasswordAuthenticationToken.class)));
}
@Test(expected = AssertionError.class)
public void withAuthenticationWhenNotMatchesThenFails() throws Exception {
this.mockMvc
.perform(formLogin())
.andExpect(authenticated().withAuthentication(auth -> assertThat(auth.getName()).isEqualTo("notmatch")));
}
// SEC-2719 // SEC-2719
@Test @Test
public void withRolesNotOrderSensitive() throws Exception { public void withRolesNotOrderSensitive() throws Exception {