Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Polish Reactive Method Security reference 

Issue gh-4757
This commit is contained in:
Rob Winch 2017-10-30 16:27:33 -05:00
parent d664ff2e26
commit e95430fa36
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
View File

@ -50,6 +50,25 @@ public class ReactiveSecurityContextHolderTests {
.verifyComplete(); .verifyComplete();
} }
@Test
public void demo() {
Authentication authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
Mono<String> messageByUsername = ReactiveSecurityContextHolder.getContext()
.map(SecurityContext::getAuthentication)
.map(Authentication::getName)
.flatMap(this::findMessageByUsername)
.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
StepVerifier.create(messageByUsername)
.expectNext("Hi user")
.verifyComplete();
}
private Mono<String> findMessageByUsername(String username) {
return Mono.just("Hi " + username);
}
@Test @Test
public void setContextAndClearAndGetContextThenEmitsEmpty() { public void setContextAndClearAndGetContextThenEmitsEmpty() {
SecurityContext expectedContext = new SecurityContextImpl( SecurityContext expectedContext = new SecurityContextImpl(

29
docs/manual/src/docs/asciidoc/index.adoc
View File

@ -1136,7 +1136,34 @@ For additional information about methods that can be overridden, refer to the `G
[[jc-erms] [[jc-erms]
==== EnableReactiveMethodSecurity ==== EnableReactiveMethodSecurity
Spring Security supports method security using https://projectreactor.io/docs/core/release/reference/#context[Reactor's Context]. Spring Security supports method security using https://projectreactor.io/docs/core/release/reference/#context[Reactor's Context] which is setup using `ReactiveSecurityContextHolder`.
For example, this demonstrates how to retrieve the currently logged in user's message.
[source,java]
----
Authentication authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
Mono<String> messageByUsername = ReactiveSecurityContextHolder.getContext()
.map(SecurityContext::getAuthentication)
.map(Authentication::getName)
.flatMap(this::findMessageByUsername)
// In a WebFlux application the `subscriberContext` is automatically setup using `ReactorContextWebFilter`
.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
StepVerifier.create(messageByUsername)
.expectNext("Hi user")
.verifyComplete();
----
with `this::findMessageByUsername` defined as:
[source,java]
----
Mono<String> findMessageByUsername(String username) {
return Mono.just("Hi " + username);
}
----
Below is a minimal method security configuration when using method security in reactive applications. Below is a minimal method security configuration when using method security in reactive applications.
[source,java] [source,java]