@Before public void setup() { this.filter = new OAuth2AuthorizationCodeGrantWebFilter( this.authenticationManager, this.clientRegistrationRepository, this.authorizedClientRepository); }
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { return this.requiresAuthenticationMatcher.matches(exchange) .filter( matchResult -> matchResult.isMatch()) .flatMap( matchResult -> this.authenticationConverter.convert(exchange)) .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) .flatMap( token -> authenticate(exchange, chain, token)); }
private Mono<Void> authenticate(ServerWebExchange exchange, WebFilterChain chain, Authentication token) { WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain); return this.authenticationManager.authenticate(token) .switchIfEmpty(Mono.defer(() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass())))) .flatMap(authentication -> onAuthenticationSuccess(authentication, webFilterExchange)) .onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler .onAuthenticationFailure(webFilterExchange, e)); }
@Test public void filterWhenMatchThenAuthorizedClientSaved() { Mono<Authentication> authentication = Mono .just(TestOAuth2AuthorizationCodeAuthenticationTokens.unauthenticated()); OAuth2AuthorizationCodeAuthenticationToken authenticated = TestOAuth2AuthorizationCodeAuthenticationTokens .authenticated(); ServerAuthenticationConverter converter = e -> authentication; this.filter = new OAuth2AuthorizationCodeGrantWebFilter( this.authenticationManager, converter, this.authorizedClientRepository); MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest .get("/authorize/oauth2/code/registration-id")); DefaultWebFilterChain chain = new DefaultWebFilterChain( e -> e.getResponse().setComplete()); when(this.authenticationManager.authenticate(any())).thenReturn(Mono.just( authenticated)); when(this.authorizedClientRepository.saveAuthorizedClient(any(), any(), any())) .thenReturn(Mono.empty()); this.filter.filter(exchange, chain).block(); verify(this.authorizedClientRepository).saveAuthorizedClient(any(), any(AnonymousAuthenticationToken.class), any()); } }
@Test public void filterWhenNotMatchThenAuthenticationManagerNotCalled() { MockServerWebExchange exchange = MockServerWebExchange .from(MockServerHttpRequest.get("/")); DefaultWebFilterChain chain = new DefaultWebFilterChain( e -> e.getResponse().setComplete()); this.filter.filter(exchange, chain).block(); verifyZeroInteractions(this.authenticationManager); }
@Test public void constructorWhenClientRegistrationRepositoryNullThenIllegalArgumentException() { this.clientRegistrationRepository = null; assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter( this.authenticationManager, this.clientRegistrationRepository, this.authorizedClientRepository)) .isInstanceOf(IllegalArgumentException.class); }
private Mono<Void> authenticate(ServerWebExchange exchange, WebFilterChain chain, Authentication token) { WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain); return this.authenticationManager.authenticate(token) .switchIfEmpty(Mono.defer(() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass())))) .flatMap(authentication -> onAuthenticationSuccess(authentication, webFilterExchange)) .onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler .onAuthenticationFailure(webFilterExchange, e)); }
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { return this.requiresAuthenticationMatcher.matches(exchange) .filter( matchResult -> matchResult.isMatch()) .flatMap( matchResult -> this.authenticationConverter.convert(exchange)) .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) .flatMap( token -> authenticate(exchange, chain, token)); }
@Test public void constructorWhenAuthenticationManagerNullThenIllegalArgumentException() { this.authenticationManager = null; assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter( this.authenticationManager, this.clientRegistrationRepository, this.authorizedClientRepository)) .isInstanceOf(IllegalArgumentException.class); }
@Test public void constructorWhenAuthorizedClientRepositoryNullThenIllegalArgumentException() { this.authorizedClientRepository = null; assertThatCode(() -> new OAuth2AuthorizationCodeGrantWebFilter( this.authenticationManager, this.clientRegistrationRepository, this.authorizedClientRepository)) .isInstanceOf(IllegalArgumentException.class); }
protected void configure(ServerHttpSecurity http) { ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository(); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository(); ServerAuthenticationConverter authenticationConverter = getAuthenticationConverter(); ReactiveAuthenticationManager authenticationManager = getAuthenticationManager(); OAuth2AuthorizationCodeGrantWebFilter codeGrantWebFilter = new OAuth2AuthorizationCodeGrantWebFilter(authenticationManager, authenticationConverter, authorizedClientRepository); OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter( clientRegistrationRepository); http.addFilterAt(codeGrantWebFilter, SecurityWebFiltersOrder.OAUTH2_AUTHORIZATION_CODE); http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC); }
protected void configure(ServerHttpSecurity http) { ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository(); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository(); ServerAuthenticationConverter authenticationConverter = getAuthenticationConverter(); ReactiveAuthenticationManager authenticationManager = getAuthenticationManager(); OAuth2AuthorizationCodeGrantWebFilter codeGrantWebFilter = new OAuth2AuthorizationCodeGrantWebFilter(authenticationManager, authenticationConverter, authorizedClientRepository); OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter( clientRegistrationRepository); http.addFilterAt(codeGrantWebFilter, SecurityWebFiltersOrder.OAUTH2_AUTHORIZATION_CODE); http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC); }
protected void configure(ServerHttpSecurity http) { ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository(); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository(); ServerAuthenticationConverter authenticationConverter = getAuthenticationConverter(); ReactiveAuthenticationManager authenticationManager = getAuthenticationManager(); OAuth2AuthorizationCodeGrantWebFilter codeGrantWebFilter = new OAuth2AuthorizationCodeGrantWebFilter(authenticationManager, authenticationConverter, authorizedClientRepository); OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter( clientRegistrationRepository); http.addFilterAt(codeGrantWebFilter, SecurityWebFiltersOrder.OAUTH2_AUTHORIZATION_CODE); http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC); }