GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix authenticationFailureHandler not being used 

The custom server authenticationFailureHandler was not always picked up

Fixes: gh-7782
pull/7879/head
Eleftheria Stein 6 years ago
parent
e62fb755e8
commit
29377545d9
2 changed files with 35 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
  2. 32
      config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java

4
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
Unescape View File

@ -3050,7 +3050,9 @@ public class ServerHttpSecurity { @@ -3050,7 +3050,9 @@ public class ServerHttpSecurity {
this.defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(loginPage);
this.authenticationEntryPoint = this.defaultEntryPoint;
this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, loginPage);
this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(loginPage + "?error");
if (this.authenticationFailureHandler == null) {
this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(loginPage + "?error");
}
return this;
}

32
config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
Unescape View File

@ -33,6 +33,7 @@ import org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverB @@ -33,6 +33,7 @@ import org.springframework.security.htmlunit.server.WebTestClientHtmlUnitDriverB
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.WebFilterChainProxy;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import org.springframework.security.web.server.csrf.CsrfToken;
@ -213,6 +214,37 @@ public class FormLoginTests { @@ -213,6 +214,37 @@ public class FormLoginTests {
homePage.assertAt();
}
@Test
public void formLoginWhenCustomAuthenticationFailureHandlerThenUsed() {
SecurityWebFilterChain securityWebFilter = this.http
.authorizeExchange()
.pathMatchers("/login", "/failure").permitAll()
.anyExchange().authenticated()
.and()
.formLogin()
.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure"))
.and()
.build();
WebTestClient webTestClient = WebTestClientBuilder
.bindToWebFilters(securityWebFilter)
.build();
WebDriver driver = WebTestClientHtmlUnitDriverBuilder
.webTestClientSetup(webTestClient)
.build();
DefaultLoginPage loginPage = HomePage.to(driver, DefaultLoginPage.class)
.assertAt();
loginPage.loginForm()
.username("invalid")
.password("invalid")
.submit(HomePage.class);
assertThat(driver.getCurrentUrl()).endsWith("/failure");
}
@Test
public void authenticationSuccess() {
SecurityWebFilterChain securityWebFilter = this.http

Write Preview
Loading…
Cancel
Save