Change AuthenticationWebFilter's constructor

jzheaux · jzheaux · commit cb9fd0915021 · 2020-01-31T09:31:28.000-07:00
Fixes gh-7872
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -31,8 +31,6 @@
 import java.util.function.Function;
 import java.util.function.Supplier;
 
-import org.springframework.security.oauth2.client.web.server.ServerAuthorizationRequestRepository;
-import org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository;
 import reactor.core.publisher.Mono;
 import reactor.util.context.Context;
 
@@ -44,7 +42,6 @@
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
-import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.DelegatingReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
@@ -1581,7 +1578,7 @@ public class OAuth2ResourceServerSpec {
 
 		private JwtSpec jwt;
 		private OpaqueTokenSpec opaqueToken;
-		private ReactiveAuthenticationManagerResolver<ServerHttpRequest> authenticationManagerResolver;
+		private ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
 
 		/**
 		 * Configures the {@link ServerAccessDeniedHandler} to use for requests authenticating with
@@ -1631,10 +1628,10 @@ public OAuth2ResourceServerSpec bearerTokenConverter(ServerAuthenticationConvert
 		 *
 		 * @param authenticationManagerResolver the {@link ReactiveAuthenticationManagerResolver}
 		 * @return the {@link OAuth2ResourceServerSpec} for additional configuration
-		 * @since 5.2
+		 * @since 5.3
 		 */
 		public OAuth2ResourceServerSpec authenticationManagerResolver(
-				ReactiveAuthenticationManagerResolver<ServerHttpRequest> authenticationManagerResolver) {
+				ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver) {
 			Assert.notNull(authenticationManagerResolver, "authenticationManagerResolver cannot be null");
 			this.authenticationManagerResolver = authenticationManagerResolver;
 			return this;
diff --git a/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java b/config/src/test/java/org/springframework/security/config/web/server/OAuth2ResourceServerSpecTests.java
@@ -49,7 +49,6 @@
 import org.springframework.core.convert.converter.Converter;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
-import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
@@ -76,6 +75,7 @@
 import org.springframework.web.context.support.GenericWebApplicationContext;
 import org.springframework.web.reactive.DispatcherHandler;
 import org.springframework.web.reactive.config.EnableWebFlux;
+import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
@@ -280,13 +280,13 @@ public void getWhenUsingCustomAuthenticationManagerInLambdaThenUsesItAccordingly
 	public void getWhenUsingCustomAuthenticationManagerResolverThenUsesItAccordingly() {
 		this.spring.register(CustomAuthenticationManagerResolverConfig.class).autowire();
 
-		ReactiveAuthenticationManagerResolver<ServerHttpRequest> authenticationManagerResolver =
+		ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver =
 				this.spring.getContext().getBean(ReactiveAuthenticationManagerResolver.class);
 
 		ReactiveAuthenticationManager authenticationManager =
 				this.spring.getContext().getBean(ReactiveAuthenticationManager.class);
 
-		when(authenticationManagerResolver.resolve(any(ServerHttpRequest.class)))
+		when(authenticationManagerResolver.resolve(any(ServerWebExchange.class)))
 			.thenReturn(Mono.just(authenticationManager));
 		when(authenticationManager.authenticate(any(Authentication.class)))
 			.thenReturn(Mono.error(new OAuth2AuthenticationException(new OAuth2Error("mock-failure"))));
@@ -697,7 +697,7 @@ SecurityWebFilterChain springSecurity(ServerHttpSecurity http) {
 		}
 
 		@Bean
-		ReactiveAuthenticationManagerResolver<ServerHttpRequest> authenticationManagerResolver() {
+		ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver() {
 			return mock(ReactiveAuthenticationManagerResolver.class);
 		}
 
diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/AuthenticationWebFilter.java
@@ -17,7 +17,8 @@
 
 import java.util.function.Function;
 
-import org.springframework.http.server.reactive.ServerHttpRequest;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
 import org.springframework.security.core.Authentication;
@@ -34,8 +35,6 @@
 import org.springframework.web.server.WebFilter;
 import org.springframework.web.server.WebFilterChain;
 
-import reactor.core.publisher.Mono;
-
 /**
  * A {@link WebFilter} that performs authentication of a particular request. An outline of the logic:
  *
@@ -69,7 +68,7 @@
  * @since 5.0
  */
 public class AuthenticationWebFilter implements WebFilter {
-	private final ReactiveAuthenticationManagerResolver<ServerHttpRequest> authenticationManagerResolver;
+	private final ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
 
 	private ServerAuthenticationSuccessHandler authenticationSuccessHandler = new WebFilterChainServerAuthenticationSuccessHandler();
 
@@ -93,9 +92,9 @@ public AuthenticationWebFilter(ReactiveAuthenticationManager authenticationManag
 	/**
 	 * Creates an instance
 	 * @param authenticationManagerResolver the authentication manager resolver to use
-	 * @since 5.2
+	 * @since 5.3
 	 */
-	public AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<ServerHttpRequest> authenticationManagerResolver) {
+	public AuthenticationWebFilter(ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver) {
 		Assert.notNull(authenticationManagerResolver, "authenticationResolverManager cannot be null");
 		this.authenticationManagerResolver = authenticationManagerResolver;
 	}
@@ -113,7 +112,7 @@ private Mono<Void> authenticate(ServerWebExchange exchange,
 		WebFilterChain chain, Authentication token) {
 		WebFilterExchange webFilterExchange = new WebFilterExchange(exchange, chain);
 
-		return this.authenticationManagerResolver.resolve(exchange.getRequest())
+		return this.authenticationManagerResolver.resolve(exchange)
 			.flatMap(authenticationManager -> authenticationManager.authenticate(token))
 			.switchIfEmpty(Mono.defer(() -> Mono.error(new IllegalStateException("No provider found for " + token.getClass()))))
 			.flatMap(authentication -> onAuthenticationSuccess(authentication, webFilterExchange))
diff --git a/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authentication/AuthenticationWebFilterTests.java
@@ -23,7 +23,6 @@
 import org.mockito.junit.MockitoJUnitRunner;
 import reactor.core.publisher.Mono;
 
-import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
@@ -34,9 +33,15 @@
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 import org.springframework.test.web.reactive.server.EntityExchangeResult;
 import org.springframework.test.web.reactive.server.WebTestClient;
+import org.springframework.web.server.ServerWebExchange;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.any;
+import static org.mockito.Mockito.eq;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.mockito.Mockito.when;
 
 /**
  * @author Rob Winch
@@ -56,7 +61,7 @@ public class AuthenticationWebFilterTests {
 	@Mock
 	private ServerSecurityContextRepository securityContextRepository;
 	@Mock
-	private ReactiveAuthenticationManagerResolver<ServerHttpRequest> authenticationManagerResolver;
+	private ReactiveAuthenticationManagerResolver<ServerWebExchange> authenticationManagerResolver;
 
 	private AuthenticationWebFilter filter;
 
