Harmonize ReactiveSecurityAutoConfiguration

Fixes gh-14263
pull/14419/head
Madhura Bhave 6 years ago
parent feff65e73e
commit e41394233b

@ -16,22 +16,40 @@
package org.springframework.boot.autoconfigure.security.reactive; package org.springframework.boot.autoconfigure.security.reactive;
import reactor.core.publisher.Flux;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.SecurityProperties; import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.web.server.WebFilterChainProxy;
/** /**
* {@link EnableAutoConfiguration Auto-configuration} for Spring Security in a reactive * {@link EnableAutoConfiguration Auto-configuration} for Spring Security in a reactive
* application. * application. Switches on {@link EnableWebFluxSecurity} for a reactive web application
* if this annotation has not been added by the user. It delegates to Spring Security's
* content-negotiation mechanism for authentication. This configuration also backs off if
* a bean of type {@link WebFilterChainProxy} has been configured in any other way.
* *
* @author Madhura Bhave * @author Madhura Bhave
* @since 2.0.0 * @since 2.0.0
*/ */
@Configuration @Configuration
@EnableConfigurationProperties(SecurityProperties.class) @EnableConfigurationProperties(SecurityProperties.class)
@Import(WebFluxSecurityConfiguration.class) @ConditionalOnClass({ Flux.class, EnableWebFluxSecurity.class,
WebFilterChainProxy.class })
public class ReactiveSecurityAutoConfiguration { public class ReactiveSecurityAutoConfiguration {
@Configuration
@ConditionalOnMissingBean(WebFilterChainProxy.class)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
@EnableWebFluxSecurity
static class EnableWebFluxSecurityConfiguration {
}
} }

@ -1,46 +0,0 @@
/*
* Copyright 2012-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.autoconfigure.security.reactive;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.web.server.WebFilterChainProxy;
/**
* Switches on {@link EnableWebFluxSecurity} for a reactive web application if this
* annotation has not been added by the user. It delegates to Spring Security's
* content-negotiation mechanism for authentication. This configuration also backs off if
* a bean of type {@link WebFilterChainProxy} has been configured in any other way.
*
* @author Madhura Bhave
*/
@Configuration
@ConditionalOnClass({ EnableWebFluxSecurity.class, WebFilterChainProxy.class })
@ConditionalOnMissingBean(WebFilterChainProxy.class)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
class WebFluxSecurityConfiguration {
@Configuration
@EnableWebFluxSecurity
static class EnableWebFluxSecurityConfiguration {
}
}

@ -20,9 +20,12 @@ import org.junit.Test;
import org.springframework.boot.autoconfigure.AutoConfigurations; import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner; import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.web.server.WebFilterChainProxy; import org.springframework.security.web.server.WebFilterChainProxy;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
/** /**
* Tests for {@link ReactiveSecurityAutoConfiguration}. * Tests for {@link ReactiveSecurityAutoConfiguration}.
@ -34,17 +37,33 @@ public class ReactiveSecurityAutoConfigurationTests {
private ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner(); private ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner();
@Test @Test
public void importsConfigurationThatEnablesWebFluxSecurity() { public void backsOffWhenWebFilterChainProxyBeanPresent() {
this.contextRunner
.withConfiguration(
AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
.withUserConfiguration(WebFilterChainProxyConfiguration.class)
.run((context) -> assertThat(context)
.hasSingleBean(WebFilterChainProxy.class));
}
@Test
public void enablesWebFluxSecurity() {
this.contextRunner this.contextRunner
.withConfiguration( .withConfiguration(
AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class, AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class,
ReactiveUserDetailsServiceAutoConfiguration.class)) ReactiveUserDetailsServiceAutoConfiguration.class))
.run((context) -> { .run((context) -> assertThat(context).getBean(WebFilterChainProxy.class)
assertThat(context).getBean(WebFilterChainProxy.class).isNotNull(); .isNotNull());
assertThat(context).getBean(WebFluxSecurityConfiguration.class) }
.isNotNull();
assertThat(context).getBean(WebFilterChainProxy.class).isNotNull(); @Configuration
}); static class WebFilterChainProxyConfiguration {
@Bean
public WebFilterChainProxy webFilterChainProxy() {
return mock(WebFilterChainProxy.class);
}
} }
} }

@ -1,73 +0,0 @@
/*
* Copyright 2012-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.autoconfigure.security.reactive;
import org.junit.Test;
import org.springframework.boot.autoconfigure.AutoConfigurations;
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.web.server.WebFilterChainProxy;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
/**
* Tests for {@link WebFluxSecurityConfiguration}.
*
* @author Madhura Bhave
*/
public class WebFluxSecurityConfigurationTests {
private final ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner();
@Test
public void backsOffWhenWebFilterChainProxyBeanPresent() {
this.contextRunner
.withConfiguration(
AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
.withUserConfiguration(WebFilterChainProxyConfiguration.class)
.run((context) -> assertThat(context)
.doesNotHaveBean(WebFluxSecurityConfiguration.class));
}
@Test
public void enablesWebFluxSecurity() {
this.contextRunner
.withConfiguration(
AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class,
ReactiveUserDetailsServiceAutoConfiguration.class))
.run((context) -> {
assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
assertThat(context).getBean(WebFluxSecurityConfiguration.class)
.isNotNull();
assertThat(context).getBean(WebFilterChainProxy.class).isNotNull();
});
}
@Configuration
static class WebFilterChainProxyConfiguration {
@Bean
public WebFilterChainProxy webFilterChainProxy() {
return mock(WebFilterChainProxy.class);
}
}
}
Loading…
Cancel
Save