GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Remove AuthorizationWebProxyConfiguration From Reactive 

Closes gh-17545
pull/17552/head
Josh Cummings 8 months ago
parent
d2fcba82f7
commit
72eb3065de
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
2 changed files with 0 additions and 67 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
  2. 61
      config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java

6
config/src/main/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecuritySelector.java
Unescape View File

@ -38,9 +38,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector { @@ -38,9 +38,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector {
private static final boolean isDataPresent = ClassUtils
.isPresent("org.springframework.security.data.aot.hint.AuthorizeReturnObjectDataHintsRegistrar", null);
private static final boolean isWebPresent = ClassUtils.isPresent("org.springframework.web.server.ServerWebExchange",
null);
private static final boolean isObservabilityPresent = ClassUtils
.isPresent("io.micrometer.observation.ObservationRegistry", null);
@ -64,9 +61,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector { @@ -64,9 +61,6 @@ class ReactiveMethodSecuritySelector implements ImportSelector {
if (isDataPresent) {
imports.add(AuthorizationProxyDataConfiguration.class.getName());
}
if (isWebPresent) {
imports.add(AuthorizationProxyWebConfiguration.class.getName());
}
if (isObservabilityPresent) {
imports.add(ReactiveMethodObservationConfiguration.class.getName());
}

61
config/src/test/java/org/springframework/security/config/annotation/method/configuration/PrePostReactiveMethodSecurityConfigurationTests.java
Unescape View File

@ -40,8 +40,6 @@ import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProce @@ -40,8 +40,6 @@ import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProce
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Role;
import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.annotation.Secured;
@ -67,7 +65,6 @@ import org.springframework.security.test.context.annotation.SecurityTestExecutio @@ -67,7 +65,6 @@ import org.springframework.security.test.context.annotation.SecurityTestExecutio
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.stereotype.Component;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.web.servlet.ModelAndView;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@ -364,48 +361,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests { @@ -364,48 +361,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
}
@Test
@WithMockUser(authorities = "airplane:read")
public void findByIdWhenAuthorizedResponseEntityThenAuthorizes() {
this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
Flight flight = flights.webFindById("1").block().getBody();
assertThatNoException().isThrownBy(() -> flight.getAltitude().block());
assertThatNoException().isThrownBy(() -> flight.getSeats().block());
}
@Test
@WithMockUser(authorities = "seating:read")
public void findByIdWhenUnauthorizedResponseEntityThenDenies() {
this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
Flight flight = flights.webFindById("1").block().getBody();
assertThatNoException().isThrownBy(() -> flight.getSeats().block());
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
}
@Test
@WithMockUser(authorities = "airplane:read")
public void findByIdWhenAuthorizedModelAndViewThenAuthorizes() {
this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight");
assertThatNoException().isThrownBy(() -> flight.getAltitude().block());
assertThatNoException().isThrownBy(() -> flight.getSeats().block());
assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull();
}
@Test
@WithMockUser(authorities = "seating:read")
public void findByIdWhenUnauthorizedModelAndViewThenDenies() {
this.spring.register(AuthorizeResultConfig.class).autowire();
FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class);
Flight flight = (Flight) flights.webViewFindById("1").block().getModel().get("flight");
assertThatNoException().isThrownBy(() -> flight.getSeats().block());
assertThatExceptionOfType(AccessDeniedException.class).isThrownBy(() -> flight.getAltitude().block());
assertThat(flights.webViewFindById("5").block().getModel().get("flight")).isNull();
}
@Test
@WithMockUser(authorities = "seating:read")
public void findAllWhenUnauthorizedResultThenDenies() {
@ -769,22 +724,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests { @@ -769,22 +724,6 @@ public class PrePostReactiveMethodSecurityConfigurationTests {
return Mono.empty();
}
Mono<ResponseEntity<Flight>> webFindById(String id) {
Flight flight = this.flights.get(id);
if (flight == null) {
return Mono.just(ResponseEntity.notFound().build());
}
return Mono.just(ResponseEntity.ok(flight));
}
Mono<ModelAndView> webViewFindById(String id) {
Flight flight = this.flights.get(id);
if (flight == null) {
return Mono.just(new ModelAndView("error", HttpStatusCode.valueOf(404)));
}
return Mono.just(new ModelAndView("flights", Map.of("flight", flight)));
}
}
@AuthorizeReturnObject

Write Preview
Loading…
Cancel
Save