diff --git a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java index 5f2045e9099..b3a566086f5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/method/configuration/ReactiveMethodSecurityConfigurationTests.java @@ -20,6 +20,7 @@ import java.util.List; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import java.util.function.Consumer; import java.util.function.Function; import org.junit.jupiter.api.Test; @@ -40,12 +41,14 @@ import org.springframework.security.access.prepost.PostFilter; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreFilter; -import org.springframework.security.authentication.TestingAuthenticationToken; +import org.springframework.security.authentication.TestAuthentication; import org.springframework.security.authorization.method.AuthorizeReturnObject; import org.springframework.security.config.core.GrantedAuthorityDefaults; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; +import org.springframework.security.core.Authentication; import org.springframework.security.core.context.ReactiveSecurityContextHolder; +import org.springframework.security.core.userdetails.User; import static org.assertj.core.api.Assertions.assertThat; @@ -63,8 +66,7 @@ public class ReactiveMethodSecurityConfigurationTests { @Test public void rolePrefixWithGrantedAuthorityDefaults() throws NoSuchMethodException { this.spring.register(WithRolePrefixConfiguration.class).autowire(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", - "CUSTOM_ABC"); + Authentication authentication = TestAuthentication.authenticatedUser(authorities("CUSTOM_ABC")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation); @@ -78,8 +80,7 @@ public void rolePrefixWithGrantedAuthorityDefaults() throws NoSuchMethodExceptio @Test public void rolePrefixWithDefaultConfig() throws NoSuchMethodException { this.spring.register(ReactiveMethodSecurityConfiguration.class).autowire(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", - "ROLE_ABC"); + Authentication authentication = TestAuthentication.authenticatedUser(authorities("ROLE_ABC")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation); @@ -91,8 +92,7 @@ public void rolePrefixWithDefaultConfig() throws NoSuchMethodException { @Test public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() throws NoSuchMethodException { this.spring.register(SubclassConfig.class).autowire(); - TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", - "ROLE_ABC"); + Authentication authentication = TestAuthentication.authenticatedUser(authorities("ROLE_ABC")); MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class); EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation); @@ -105,7 +105,7 @@ public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled public void findByIdWhenAuthorizedResultThenAuthorizes() { this.spring.register(AuthorizeResultConfig.class).autowire(); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); - TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "airplane:read"); + Authentication pilot = TestAuthentication.authenticatedUser(authorities("airplane:read")); StepVerifier .create(flights.findById("1") .flatMap(Flight::getAltitude) @@ -124,7 +124,7 @@ public void findByIdWhenAuthorizedResultThenAuthorizes() { public void findByIdWhenUnauthorizedResultThenDenies() { this.spring.register(AuthorizeResultConfig.class).autowire(); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); - TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "seating:read"); + Authentication pilot = TestAuthentication.authenticatedUser(authorities("seating:read")); StepVerifier .create(flights.findById("1") .flatMap(Flight::getSeats) @@ -142,7 +142,7 @@ public void findByIdWhenUnauthorizedResultThenDenies() { public void findAllWhenUnauthorizedResultThenDenies() { this.spring.register(AuthorizeResultConfig.class).autowire(); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); - TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "seating:read"); + Authentication pilot = TestAuthentication.authenticatedUser(authorities("seating:read")); StepVerifier .create(flights.findAll() .flatMap(Flight::getSeats) @@ -160,7 +160,7 @@ public void findAllWhenUnauthorizedResultThenDenies() { public void removeWhenAuthorizedResultThenRemoves() { this.spring.register(AuthorizeResultConfig.class).autowire(); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); - TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "seating:read"); + Authentication pilot = TestAuthentication.authenticatedUser(authorities("seating:read")); StepVerifier.create(flights.remove("1").contextWrite(ReactiveSecurityContextHolder.withAuthentication(pilot))) .verifyComplete(); } @@ -169,7 +169,7 @@ public void removeWhenAuthorizedResultThenRemoves() { public void findAllWhenPostFilterThenFilters() { this.spring.register(AuthorizeResultConfig.class).autowire(); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); - TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "airplane:read"); + Authentication pilot = TestAuthentication.authenticatedUser(authorities("airplane:read")); StepVerifier .create(flights.findAll() .flatMap(Flight::getPassengers) @@ -183,7 +183,7 @@ public void findAllWhenPostFilterThenFilters() { public void findAllWhenPreFilterThenFilters() { this.spring.register(AuthorizeResultConfig.class).autowire(); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); - TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "airplane:read"); + Authentication pilot = TestAuthentication.authenticatedUser(authorities("airplane:read")); StepVerifier .create(flights.findAll() .flatMap((flight) -> flight.board(Flux.just("John Doe", "John")).then(Mono.just(flight))) @@ -198,7 +198,7 @@ public void findAllWhenPreFilterThenFilters() { public void findAllWhenNestedPreAuthorizeThenAuthorizes() { this.spring.register(AuthorizeResultConfig.class).autowire(); FlightRepository flights = this.spring.getContext().getBean(FlightRepository.class); - TestingAuthenticationToken pilot = new TestingAuthenticationToken("user", "pass", "seating:read"); + Authentication pilot = TestAuthentication.authenticatedUser(authorities("seating:read")); StepVerifier .create(flights.findAll() .flatMap(Flight::getPassengers) @@ -207,6 +207,10 @@ public void findAllWhenNestedPreAuthorizeThenAuthorizes() { .verifyError(AccessDeniedException.class); } + private static Consumer authorities(String... authorities) { + return (builder) -> builder.authorities(authorities); + } + @Configuration @EnableReactiveMethodSecurity // this imports ReactiveMethodSecurityConfiguration static class WithRolePrefixConfiguration { diff --git a/core/src/test/java/org/springframework/security/authentication/TestAuthentication.java b/core/src/test/java/org/springframework/security/authentication/TestAuthentication.java index 51c81e9626c..41cfcdf4ebd 100644 --- a/core/src/test/java/org/springframework/security/authentication/TestAuthentication.java +++ b/core/src/test/java/org/springframework/security/authentication/TestAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,9 +16,12 @@ package org.springframework.security.authentication; +import java.util.function.Consumer; + import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.PasswordEncodedUser; +import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; /** @@ -42,6 +45,12 @@ public static Authentication authenticatedUser() { return authenticated(user()); } + public static Authentication authenticatedUser(Consumer consumer) { + User.UserBuilder builder = withUsername("user"); + consumer.accept(builder); + return authenticated(builder.build()); + } + public static Authentication authenticated(UserDetails user) { return UsernamePasswordAuthenticationToken.authenticated(user, null, user.getAuthorities()); }