protected void configure(ServerHttpSecurity http) { if (this.authenticationEntryPoint == null) { this.isEntryPointExplicit = false; loginPage("/login"); } else { this.isEntryPointExplicit = true; } if (http.requestCache != null) { ServerRequestCache requestCache = http.requestCache.requestCache; this.defaultSuccessHandler.setRequestCache(requestCache); if (this.defaultEntryPoint != null) { this.defaultEntryPoint.setRequestCache(requestCache); } } MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher( MediaType.TEXT_HTML); htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); ServerHttpSecurity.this.defaultEntryPoints.add(0, new DelegateEntry(htmlMatcher, this.authenticationEntryPoint)); AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter( this.authenticationManager); authenticationFilter.setRequiresAuthenticationMatcher(this.requiresAuthenticationMatcher); authenticationFilter.setAuthenticationFailureHandler(this.authenticationFailureHandler); authenticationFilter.setAuthenticationConverter(new ServerFormLoginAuthenticationConverter()); authenticationFilter.setAuthenticationSuccessHandler(this.authenticationSuccessHandler); authenticationFilter.setSecurityContextRepository(this.securityContextRepository); http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.FORM_LOGIN); }
protected void configure(ServerHttpSecurity http) { ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository(); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository(); OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = getRedirectWebFilter(); ReactiveAuthenticationManager manager = getAuthenticationManager(); AuthenticationWebFilter authenticationFilter = new OAuth2LoginAuthenticationWebFilter(manager, authorizedClientRepository); authenticationFilter.setRequiresAuthenticationMatcher(getAuthenticationMatcher()); authenticationFilter.setServerAuthenticationConverter(getAuthenticationConverter(clientRegistrationRepository)); RedirectServerAuthenticationSuccessHandler redirectHandler = new RedirectServerAuthenticationSuccessHandler(); authenticationFilter.setAuthenticationSuccessHandler(redirectHandler); authenticationFilter.setAuthenticationFailureHandler(new ServerAuthenticationFailureHandler() { @Override public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) { return Mono.error(exception); } }); authenticationFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository()); MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher( MediaType.TEXT_HTML); htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); Map<String, String> urlToText = http.oauth2Login.getLinks(); if (urlToText.size() == 1) { http.defaultEntryPoints.add(new DelegateEntry(htmlMatcher, new RedirectServerAuthenticationEntryPoint(urlToText.keySet().iterator().next()))); } else { http.defaultEntryPoints.add(new DelegateEntry(htmlMatcher, new RedirectServerAuthenticationEntryPoint("/login"))); } http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC); http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION); }
@Override protected Mono<Void> onAuthenticationSuccess(Authentication authentication, WebFilterExchange webFilterExchange) { OAuth2LoginAuthenticationToken authenticationResult = (OAuth2LoginAuthenticationToken) authentication; OAuth2AuthorizedClient authorizedClient = new OAuth2AuthorizedClient( authenticationResult.getClientRegistration(), authenticationResult.getName(), authenticationResult.getAccessToken(), authenticationResult.getRefreshToken()); OAuth2AuthenticationToken result = new OAuth2AuthenticationToken( authenticationResult.getPrincipal(), authenticationResult.getAuthorities(), authenticationResult.getClientRegistration().getRegistrationId()); return this.authorizedClientRepository.saveAuthorizedClient(authorizedClient, authenticationResult, webFilterExchange.getExchange()) .then(super.onAuthenticationSuccess(result, webFilterExchange)); } }
protected void configure(ServerHttpSecurity http) { MediaTypeServerWebExchangeMatcher restMatcher = new MediaTypeServerWebExchangeMatcher( MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML); restMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); ServerHttpSecurity.this.defaultEntryPoints.add(new DelegateEntry(restMatcher, this.entryPoint)); AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter( this.authenticationManager); authenticationFilter.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(this.entryPoint)); authenticationFilter.setAuthenticationConverter(new ServerHttpBasicAuthenticationConverter()); if (this.securityContextRepository != null) { authenticationFilter.setSecurityContextRepository(this.securityContextRepository); } http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.HTTP_BASIC); }
protected void configure(ServerHttpSecurity http) { this.bearerTokenServerWebExchangeMatcher.setBearerTokenConverter(bearerTokenConverter); registerDefaultAccessDeniedHandler(http); registerDefaultAuthenticationEntryPoint(http); registerDefaultCsrfOverride(http); ReactiveAuthenticationManager authenticationManager = getAuthenticationManager(); AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(authenticationManager); oauth2.setServerAuthenticationConverter(bearerTokenConverter); oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint)); http .addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION); }
/** * Use the already implemented logic by AuthenticationWebFilter and set a custom * converter that will handle requests containing a Bearer token inside * the HTTP Authorization header. * Set a dummy authentication manager to this filter, it's not needed because * the converter handles this. * * @return bearerAuthenticationFilter that will authorize requests containing a JWT */ private AuthenticationWebFilter bearerAuthenticationFilter(){ AuthenticationWebFilter bearerAuthenticationFilter; Function<ServerWebExchange, Mono<Authentication>> bearerConverter; ReactiveAuthenticationManager authManager; authManager = new BearerTokenReactiveAuthenticationManager(); bearerAuthenticationFilter = new AuthenticationWebFilter(authManager); bearerConverter = new ServerHttpBearerAuthenticationConverter(); bearerAuthenticationFilter.setAuthenticationConverter(bearerConverter); bearerAuthenticationFilter.setRequiresAuthenticationMatcher(ServerWebExchangeMatchers.pathMatchers("/api/**")); return bearerAuthenticationFilter; } }
/** * Use the already implemented logic in AuthenticationWebFilter and set a custom * SuccessHandler that will return a JWT when a user is authenticated with user/password * Create an AuthenticationManager using the UserDetailsService defined above * * @return AuthenticationWebFilter */ private AuthenticationWebFilter basicAuthenticationFilter(){ UserDetailsRepositoryReactiveAuthenticationManager authManager; AuthenticationWebFilter basicAuthenticationFilter; ServerAuthenticationSuccessHandler successHandler; authManager = new UserDetailsRepositoryReactiveAuthenticationManager(userDetailsRepository()); successHandler = new BasicAuthenticationSuccessHandler(); basicAuthenticationFilter = new AuthenticationWebFilter(authManager); basicAuthenticationFilter.setAuthenticationSuccessHandler(successHandler); return basicAuthenticationFilter; }
/** * Sets the strategy used for converting from a {@link ServerWebExchange} to an {@link Authentication} used for * authenticating with the provided {@link ReactiveAuthenticationManager}. If the result is empty, then it signals * that no authentication attempt should be made. The default converter is * {@link ServerHttpBasicAuthenticationConverter} * @param authenticationConverter the converter to use * @deprecated As of 5.1 in favor of {@link #setServerAuthenticationConverter(ServerAuthenticationConverter)} * @see #setServerAuthenticationConverter(ServerAuthenticationConverter) */ @Deprecated public void setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>> authenticationConverter) { Assert.notNull(authenticationConverter, "authenticationConverter cannot be null"); setServerAuthenticationConverter(authenticationConverter::apply); }
private Mono<Void> filterInternal(ServerWebExchange wrappedExchange, WebFilterChain chain) { return this.requiresAuthenticationMatcher.matches(wrappedExchange) .filter( matchResult -> matchResult.isMatch()) .flatMap( matchResult -> this.authenticationConverter.apply(wrappedExchange)) .switchIfEmpty(chain.filter(wrappedExchange).then(Mono.empty())) .flatMap( token -> authenticate(wrappedExchange, chain, token)); }
protected void configure(ServerHttpSecurity http) { ServerBearerTokenAuthenticationConverter bearerTokenConverter = new ServerBearerTokenAuthenticationConverter(); this.bearerTokenServerWebExchangeMatcher.setBearerTokenConverter(bearerTokenConverter); registerDefaultAccessDeniedHandler(http); registerDefaultAuthenticationEntryPoint(http); registerDefaultCsrfOverride(http); ReactiveAuthenticationManager authenticationManager = getAuthenticationManager(); AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(authenticationManager); oauth2.setServerAuthenticationConverter(bearerTokenConverter); oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint)); http .addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION); }
protected void configure(ServerHttpSecurity http) { MediaTypeServerWebExchangeMatcher restMatcher = new MediaTypeServerWebExchangeMatcher( MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML); restMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); ServerHttpSecurity.this.defaultEntryPoints.add(new DelegateEntry(restMatcher, this.entryPoint)); AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter( this.authenticationManager); authenticationFilter.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(this.entryPoint)); authenticationFilter.setAuthenticationConverter(new ServerHttpBasicAuthenticationConverter()); if (this.securityContextRepository != null) { authenticationFilter.setSecurityContextRepository(this.securityContextRepository); } http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.HTTP_BASIC); }
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { return this.requiresAuthenticationMatcher.matches(exchange) .filter( matchResult -> matchResult.isMatch()) .flatMap( matchResult -> this.authenticationConverter.convert(exchange)) .switchIfEmpty(chain.filter(exchange).then(Mono.empty())) .flatMap( token -> authenticate(exchange, chain, token)); }
protected void configure(ServerHttpSecurity http) { if (this.authenticationEntryPoint == null) { this.isEntryPointExplicit = false; loginPage("/login"); } else { this.isEntryPointExplicit = true; } if (http.requestCache != null) { ServerRequestCache requestCache = http.requestCache.requestCache; this.defaultSuccessHandler.setRequestCache(requestCache); if (this.defaultEntryPoint != null) { this.defaultEntryPoint.setRequestCache(requestCache); } } MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher( MediaType.TEXT_HTML); htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); ServerHttpSecurity.this.defaultEntryPoints.add(0, new DelegateEntry(htmlMatcher, this.authenticationEntryPoint)); AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter( this.authenticationManager); authenticationFilter.setRequiresAuthenticationMatcher(this.requiresAuthenticationMatcher); authenticationFilter.setAuthenticationFailureHandler(this.authenticationFailureHandler); authenticationFilter.setAuthenticationConverter(new ServerFormLoginAuthenticationConverter()); authenticationFilter.setAuthenticationSuccessHandler(this.authenticationSuccessHandler); authenticationFilter.setSecurityContextRepository(this.securityContextRepository); http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.FORM_LOGIN); }
protected void configure(ServerHttpSecurity http) { ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository(); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository(); OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(clientRegistrationRepository); ReactiveAuthenticationManager manager = getAuthenticationManager(); AuthenticationWebFilter authenticationFilter = new OAuth2LoginAuthenticationWebFilter(manager, authorizedClientRepository); authenticationFilter.setRequiresAuthenticationMatcher(createAttemptAuthenticationRequestMatcher()); authenticationFilter.setServerAuthenticationConverter(getAuthenticationConverter(clientRegistrationRepository)); RedirectServerAuthenticationSuccessHandler redirectHandler = new RedirectServerAuthenticationSuccessHandler(); authenticationFilter.setAuthenticationSuccessHandler(redirectHandler); authenticationFilter.setAuthenticationFailureHandler(new ServerAuthenticationFailureHandler() { @Override public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) { return Mono.error(exception); } }); authenticationFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository()); MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher( MediaType.TEXT_HTML); htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); Map<String, String> urlToText = http.oauth2Login.getLinks(); if (urlToText.size() == 1) { http.defaultEntryPoints.add(new DelegateEntry(htmlMatcher, new RedirectServerAuthenticationEntryPoint(urlToText.keySet().iterator().next()))); } else { http.defaultEntryPoints.add(new DelegateEntry(htmlMatcher, new RedirectServerAuthenticationEntryPoint("/login"))); } http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC); http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION); }
protected AuthenticationWebFilter tokenAuthenticationFilter() { AuthenticationWebFilter filter = new AuthenticationWebFilter(tokenAuthenticationManager()); filter.setServerAuthenticationConverter(tokenAuthenticationConverter()); filter.setAuthenticationFailureHandler(authenticationFailureHandler()); return filter; }
protected void configure(ServerHttpSecurity http) { MediaTypeServerWebExchangeMatcher restMatcher = new MediaTypeServerWebExchangeMatcher( MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML); restMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); ServerHttpSecurity.this.defaultEntryPoints.add(new DelegateEntry(restMatcher, this.entryPoint)); AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter( this.authenticationManager); authenticationFilter.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(this.entryPoint)); authenticationFilter.setAuthenticationConverter(new ServerHttpBasicAuthenticationConverter()); if (this.securityContextRepository != null) { authenticationFilter.setSecurityContextRepository(this.securityContextRepository); } http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.HTTP_BASIC); }
private Mono<Void> authenticate(ServerWebExchange wrappedExchange, WebFilterChain chain, Authentication token) { WebFilterExchange webFilterExchange = new WebFilterExchange(wrappedExchange, chain); return this.authenticationManager.authenticate(token) .flatMap(authentication -> onAuthenticationSuccess(authentication, webFilterExchange)) .onErrorResume(AuthenticationException.class, e -> this.authenticationFailureHandler.onAuthenticationFailure(webFilterExchange, e)); }
protected void configure(ServerHttpSecurity http) { if (this.authenticationEntryPoint == null) { this.isEntryPointExplicit = false; loginPage("/login"); } else { this.isEntryPointExplicit = true; } if (http.requestCache != null) { ServerRequestCache requestCache = http.requestCache.requestCache; this.defaultSuccessHandler.setRequestCache(requestCache); if (this.defaultEntryPoint != null) { this.defaultEntryPoint.setRequestCache(requestCache); } } MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher( MediaType.TEXT_HTML); htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); ServerHttpSecurity.this.defaultEntryPoints.add(0, new DelegateEntry(htmlMatcher, this.authenticationEntryPoint)); AuthenticationWebFilter authenticationFilter = new AuthenticationWebFilter( this.authenticationManager); authenticationFilter.setRequiresAuthenticationMatcher(this.requiresAuthenticationMatcher); authenticationFilter.setAuthenticationFailureHandler(this.authenticationFailureHandler); authenticationFilter.setAuthenticationConverter(new ServerFormLoginAuthenticationConverter()); authenticationFilter.setAuthenticationSuccessHandler(this.authenticationSuccessHandler); authenticationFilter.setSecurityContextRepository(this.securityContextRepository); http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.FORM_LOGIN); }
protected void configure(ServerHttpSecurity http) { ReactiveClientRegistrationRepository clientRegistrationRepository = getClientRegistrationRepository(); ServerOAuth2AuthorizedClientRepository authorizedClientRepository = getAuthorizedClientRepository(); OAuth2AuthorizationRequestRedirectWebFilter oauthRedirectFilter = new OAuth2AuthorizationRequestRedirectWebFilter(clientRegistrationRepository); ReactiveAuthenticationManager manager = getAuthenticationManager(); AuthenticationWebFilter authenticationFilter = new OAuth2LoginAuthenticationWebFilter(manager, authorizedClientRepository); authenticationFilter.setRequiresAuthenticationMatcher(createAttemptAuthenticationRequestMatcher()); authenticationFilter.setServerAuthenticationConverter(getAuthenticationConverter(clientRegistrationRepository)); RedirectServerAuthenticationSuccessHandler redirectHandler = new RedirectServerAuthenticationSuccessHandler(); authenticationFilter.setAuthenticationSuccessHandler(redirectHandler); authenticationFilter.setAuthenticationFailureHandler(new ServerAuthenticationFailureHandler() { @Override public Mono<Void> onAuthenticationFailure(WebFilterExchange webFilterExchange, AuthenticationException exception) { return Mono.error(exception); } }); authenticationFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository()); MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher( MediaType.TEXT_HTML); htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); Map<String, String> urlToText = http.oauth2Login.getLinks(); if (urlToText.size() == 1) { http.defaultEntryPoints.add(new DelegateEntry(htmlMatcher, new RedirectServerAuthenticationEntryPoint(urlToText.keySet().iterator().next()))); } else { http.defaultEntryPoints.add(new DelegateEntry(htmlMatcher, new RedirectServerAuthenticationEntryPoint("/login"))); } http.addFilterAt(oauthRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC); http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION); }
protected void configure(ServerHttpSecurity http) { ServerBearerTokenAuthenticationConverter bearerTokenConverter = new ServerBearerTokenAuthenticationConverter(); this.bearerTokenServerWebExchangeMatcher.setBearerTokenConverter(bearerTokenConverter); registerDefaultAccessDeniedHandler(http); registerDefaultAuthenticationEntryPoint(http); registerDefaultCsrfOverride(http); ReactiveAuthenticationManager authenticationManager = getAuthenticationManager(); AuthenticationWebFilter oauth2 = new AuthenticationWebFilter(authenticationManager); oauth2.setServerAuthenticationConverter(bearerTokenConverter); oauth2.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint)); http .addFilterAt(oauth2, SecurityWebFiltersOrder.AUTHENTICATION); }