GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

EnableWebFluxSecurity uses PasswordEncoder Bean

pull/4423/merge
Rob Winch 9 years ago
parent
895f0d108c
commit
be0081290b
2 changed files with 61 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 19
      config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java
  2. 47
      config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java

19
config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java
Unescape View File

@ -26,6 +26,7 @@ import org.springframework.security.authentication.ReactiveAuthenticationManager
import org.springframework.security.authentication.UserDetailsRepositoryAuthenticationManager; import org.springframework.security.authentication.UserDetailsRepositoryAuthenticationManager;
import org.springframework.security.config.web.server.HttpSecurity; import org.springframework.security.config.web.server.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsRepository; import org.springframework.security.core.userdetails.UserDetailsRepository;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver; import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver;
import org.springframework.security.web.server.context.WebSessionSecurityContextRepository; import org.springframework.security.web.server.context.WebSessionSecurityContextRepository;
import org.springframework.web.reactive.config.WebFluxConfigurer; import org.springframework.web.reactive.config.WebFluxConfigurer;
@ -50,6 +51,9 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
@Autowired(required = false) @Autowired(required = false)
private UserDetailsRepository userDetailsRepository; private UserDetailsRepository userDetailsRepository;
@Autowired(required = false)
private PasswordEncoder passwordEncoder;
@Override @Override
public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) { public void configureArgumentResolvers(ArgumentResolverConfigurer configurer) {
configurer.addCustomResolver(authenticationPrincipalArgumentResolver()); configurer.addCustomResolver(authenticationPrincipalArgumentResolver());
@ -57,7 +61,7 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
@Bean @Bean
public AuthenticationPrincipalArgumentResolver authenticationPrincipalArgumentResolver() { public AuthenticationPrincipalArgumentResolver authenticationPrincipalArgumentResolver() {
return new AuthenticationPrincipalArgumentResolver(adapterRegistry); return new AuthenticationPrincipalArgumentResolver(this.adapterRegistry);
} }
@Bean(HTTPSECURITY_BEAN_NAME) @Bean(HTTPSECURITY_BEAN_NAME)
@ -71,11 +75,16 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
} }
private ReactiveAuthenticationManager authenticationManager() { private ReactiveAuthenticationManager authenticationManager() {
if(authenticationManager != null) { if(this.authenticationManager != null) {
return authenticationManager; return this.authenticationManager;
} }
if(userDetailsRepository != null) { if(this.userDetailsRepository != null) {
return new UserDetailsRepositoryAuthenticationManager(userDetailsRepository); UserDetailsRepositoryAuthenticationManager manager =
new UserDetailsRepositoryAuthenticationManager(this.userDetailsRepository);
if(this.passwordEncoder != null) {
manager.setPasswordEncoder(this.passwordEncoder);
}
return manager;
} }
return null; return null;
} }

47
config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
Unescape View File

@ -33,6 +33,8 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.MapUserDetailsRepository; import org.springframework.security.core.userdetails.MapUserDetailsRepository;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsRepository; import org.springframework.security.core.userdetails.UserDetailsRepository;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.test.web.reactive.server.WebTestClientBuilder; import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.WebFilterChainFilter; import org.springframework.security.web.server.WebFilterChainFilter;
@ -127,6 +129,51 @@ public class EnableWebFluxSecurityTests {
} }
} }
@RunWith(SpringRunner.class)
public static class CustomPasswordEncoder {
@Autowired
WebFilterChainFilter springSecurityFilterChain;
@Test
public void passwordEncoderBeanIsUsed() {
WebTestClient client = WebTestClientBuilder.bindToWebFilters(
springSecurityFilterChain,
(exchange,chain) ->
Mono.currentContext()
.flatMap( c -> c.<Mono<Principal>>get(Authentication.class))
.flatMap( principal -> exchange.getResponse()
.writeWith(Mono.just(toDataBuffer(principal.getName()))))
)
.filter(basicAuthentication())
.build();
client
.get()
.uri("/")
.attributes(basicAuthenticationCredentials("user","password"))
.exchange()
.expectStatus().isOk()
.expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo("user"));
}
@EnableWebFluxSecurity
static class Config {
@Bean
public UserDetailsRepository userDetailsRepository(PasswordEncoder encoder) {
return new MapUserDetailsRepository(User.withUsername("user")
.password(encoder.encode("password"))
.roles("USER")
.build()
);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
}
@RunWith(SpringRunner.class) @RunWith(SpringRunner.class)
public static class MultiHttpSecurity { public static class MultiHttpSecurity {
@Autowired @Autowired

Write Preview
Loading…
Cancel
Save