Added support for Anonymous Authentication #6198
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ankurpathak
force-pushed
the
gh-5934-fix
branch
2 times, most recently
from
c983bc4 to
f9e8b81
Compare
rwinch
requested changes
Dec 3, 2018
There was a problem hiding this comment.
Thanks for the PR @ankurpathak! I have provided feedback inline. Can you als please add tests for this?
| * public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { | ||
| * http | ||
| * // ... | ||
| * .csrf().key(key) |
There was a problem hiding this comment.
This is fixed like this:
/**
* @since 5.2.0
* @author Ankur Pathak
* Configures annonymous authentication
*
* <pre class="code">
* @Bean
* public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
* http
* // ...
* .anonymous.key("key")
* .authorities("ROLE_ANONYMOUS");
* return http.build();
* }
* </pre>
*/
| @Override | ||
| public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { | ||
| Context context = ReactiveSecurityContextHolder.getContext() | ||
| .filter(Objects::isNull) |
There was a problem hiding this comment.
I don't think you will ever get a null value here since it would just be empty.
| return securityContext; | ||
| })) | ||
| .as(ReactiveSecurityContextHolder::withSecurityContext); | ||
| return Mono.subscriberContext() |
There was a problem hiding this comment.
We should only set the subscriberContext if it changes
There was a problem hiding this comment.
I did it this way. But lots of tests are failing lile RequestCacheTests etc are failing. I have tried almost every thing:
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
return ReactiveSecurityContextHolder.getContext()
.switchIfEmpty(Mono.defer(() -> {
SecurityContext securityContext = new SecurityContextImpl();
securityContext.setAuthentication(createAuthentication(exchange));
return chain.filter(exchange)
.subscriberContext(ReactiveSecurityContextHolder.withSecurityContext(Mono.just(securityContext)))
.then(Mono.empty());
})).flatMap(securityContext -> chain.filter(exchange));
}
I have written Test for it like this and this test is wrking fine:
@Test
public void filterWhenDefaultsAndNoAuthenticationThenContinues() {
WebTestClient client = WebTestClient.bindToController(HttpMeController.class)
.webFilter(new AnonymousAuthenticationWebFilter(UUID.randomUUID().toString()))
.argumentResolvers(config -> {
})
.build();
client.get()
.uri("/me")
.exchange()
.expectStatus().isOk()
.expectBody(String.class).isEqualTo("anonymousUser");
}
@RestController
@RequestMapping("/me")
public static class HttpMeController {
@GetMapping
public Mono<String> me(ServerWebExchange exchange){
return ReactiveSecurityContextHolder
.getContext()
.map(SecurityContext::getAuthentication)
.map(Authentication::getPrincipal)
.ofType(String.class);
}
}
This test is working fine. I don't know where i am going wrong. Can you please help??
There was a problem hiding this comment.
Can you please push the code and point me to the tests that are failing?
There was a problem hiding this comment.
- I have pushed my changes.
- Here is a list of failing tests:
org.springframework.security.config.web.server.RequestCacheTests > requestCacheNoOp FAILED
org.junit.ComparisonFailure at RequestCacheTests.java:96
org.springframework.security.config.web.server.RequestCacheTests > defaultFormLoginRequestCache FAILED
org.junit.ComparisonFailure at RequestCacheTests.java:64
org.springframework.security.config.web.server.OAuth2LoginTests > defaultLoginPageWithMultipleClientRegistrationsThenLinks FAILED
org.junit.ComparisonFailure at OAuth2LoginTests.java:89
org.springframework.security.config.web.server.OAuth2LoginTests > defaultLoginPageWithSingleClientRegistrationThenRedirect FAILED
java.lang.AssertionError at OAuth2LoginTests.java:123
org.springframework.security.config.web.server.FormLoginTests > defaultLoginPage FAILED
org.junit.ComparisonFailure at FormLoginTests.java:69
org.springframework.security.config.web.server.FormLoginTests > customLoginPage FAILED
org.junit.ComparisonFailure at FormLoginTests.java:115
org.springframework.security.config.web.server.LogoutSpecTests > customLogout FAILED
org.junit.ComparisonFailure at LogoutSpecTests.java:99
org.springframework.security.config.web.server.LogoutSpecTests > defaultLogout FAILED
org.junit.ComparisonFailure at LogoutSpecTests.java:54
org.springframework.security.config.web.server.AuthorizeExchangeSpecTests > antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod FAILED
java.lang.AssertionError at AuthorizeExchangeSpecTests.java:55
Caused by: java.lang.AssertionError at AuthorizeExchangeSpecTests.java:55
org.springframework.security.config.web.server.AuthorizeExchangeSpecTests > antMatchersWhenPatternsThenAnyMethod FAILED
java.lang.AssertionError at AuthorizeExchangeSpecTests.java:77
Caused by: java.lang.AssertionError at AuthorizeExchangeSpecTests.java:77
org.springframework.security.config.web.server.ExceptionHandlingSpecTests > defaultAuthenticationEntryPoint FAILED
java.lang.AssertionError at ExceptionHandlingSpecTests.java:55
Caused by: java.lang.AssertionError at ExceptionHandlingSpecTests.java:55
org.springframework.security.config.web.server.ExceptionHandlingSpecTests > customAuthenticationEntryPoint FAILED
java.lang.AssertionError at ExceptionHandlingSpecTests.java:79
Caused by: java.lang.AssertionError at ExceptionHandlingSpecTests.java:79
org.springframework.security.config.web.server.ServerHttpSecurityTests > basicWhenNoCredentialsThenUnauthorized FAILED
java.lang.AssertionError at ServerHttpSecurityTests.java:138
Caused by: java.lang.AssertionError at ServerHttpSecurityTests.java:138
org.springframework.security.config.web.server.ServerHttpSecurityTests > defaults FAILED
java.lang.IllegalStateException at ServerHttpSecurityTests.java:96
org.springframework.security.config.web.server.OAuth2ResourceServerSpecTests > getWhenCustomBearerTokenEntryPointThenResponds FAILED
java.lang.AssertionError at OAuth2ResourceServerSpecTests.java:260
Caused by: java.lang.AssertionError at OAuth2ResourceServerSpecTests.java:260
org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurityTests > defaultMediaAllThenUnAuthorized FAILED
java.lang.AssertionError at EnableWebFluxSecurityTests.java:113
Caused by: java.lang.AssertionError at EnableWebFluxSecurityTests.java:113
org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurityTests > defaultRequiresAuthentication FAILED
java.lang.AssertionError at EnableWebFluxSecurityTests.java:96
Caused by: java.lang.AssertionError at EnableWebFluxSecurityTests.java:96
org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurityTests > multiWorks FAILED
java.lang.AssertionError at EnableWebFluxSecurityTests.java:298
Caused by: java.lang.AssertionError at EnableWebFluxSecurityTests.java:298
rwinch
added
the
status: waiting-for-feedback
ankurpathak
force-pushed
the
gh-5934-fix
branch
from
f9e8b81 to
902c9db
Compare
|
At the moment the biggest problem seems to be that the default behavior has changed. We should require users to explicitly opt into anonymous authentication as making it a default is a breaking change. I also created #6235 for |
ankurpathak
force-pushed
the
gh-5934-fix
branch
from
902c9db to
9c18218
Compare
Thanks for helpling. I have made changes as per your comment making it non default. Now |
ankurpathak
force-pushed
the
gh-5934-fix
branch
from
9c18218 to
219be63
Compare
rwinch
requested changes
Dec 6, 2018
| if (this.anonymous == null) { | ||
| this.anonymous = new AnonymousSpec(); | ||
| } | ||
| return this.anonymous.authorities("ROLE_USER"); |
There was a problem hiding this comment.
This should be ROLE_ANONYMOUS. However given the defaults in AnonymousSpec you should just delete it
ankurpathak
force-pushed
the
gh-5934-fix
branch
2 times, most recently
from
342f546 to
559952f
Compare
|
Thanks we are now just waiting on #6235 being merged |
1. Created new WebFilter AnonymousAuthenticationWebFilter to for anonymous authentication 2. Created class AnonymousSpec, method anonymous to configure anonymous authentication in ServerHttpSecurity 3. Added ANONYMOUS_AUTHENTICATION order after AUTHENTICATION for anonymous authentication in SecurityWebFiltersOrder 4. Added tests for anonymous authentication in AnonymousAuthenticationWebFilterTests and ServerHttpSecurityTests 5. Added support for Controller in WebTestClientBuilder Fixes: spring-projectsgh-5934
ankurpathak
force-pushed
the
gh-5934-fix
branch
from
559952f to
48edf49
Compare
rwinch
removed
the
status: waiting-for-feedback
rwinch
added
status: duplicate
rwinch
approved these changes
Dec 12, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
for anonymous authentication
anonymous authentication in ServerHttpSecurity
anonymous authentication in SecurityWebFiltersOrder
Pull request for github issue:
#5934