diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java index ca715cecf0..ea754f9a24 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java @@ -28,7 +28,6 @@ import org.springframework.security.config.web.server.HttpSecurity; import org.springframework.security.core.userdetails.UserDetailsRepository; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.web.reactive.result.method.annotation.AuthenticationPrincipalArgumentResolver; -import org.springframework.security.web.server.context.WebSessionSecurityContextRepository; import org.springframework.web.reactive.config.WebFluxConfigurer; import org.springframework.web.reactive.result.method.annotation.ArgumentResolverConfigurer; @@ -69,7 +68,6 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer { public HttpSecurity httpSecurity() { return http() .authenticationManager(authenticationManager()) - .securityContextRepository(new WebSessionSecurityContextRepository()) .headers().and() .httpBasic().and() .formLogin().and(); diff --git a/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java index 0f23d462eb..098e2f9372 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java @@ -206,16 +206,9 @@ public class HttpSecurity { } private SecurityContextRepositoryWebFilter securityContextRepositoryWebFilter() { - SecurityContextRepository respository = getSecurityContextRepository(); - return respository == null ? null : - new SecurityContextRepositoryWebFilter(respository); - } - - private SecurityContextRepository getSecurityContextRepository() { - if(this.securityContextRepository == null && this.formLogin != null) { - this.securityContextRepository = this.formLogin.securityContextRepository; - } - return this.securityContextRepository; + SecurityContextRepository repository = this.securityContextRepository; + return repository == null ? null : + new SecurityContextRepositoryWebFilter(repository); } private HttpSecurity() {} diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java index 596071bb23..dc522f3e9a 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java @@ -40,6 +40,7 @@ import org.springframework.security.web.server.SecurityWebFilterChain; import org.springframework.security.web.server.WebFilterChainFilter; import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher; import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.reactive.server.FluxExchangeResult; import org.springframework.test.web.reactive.server.WebTestClient; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; @@ -75,6 +76,21 @@ public class EnableWebFluxSecurityTests { .expectBody().isEmpty(); } + @Test + public void authenticateWhenBasicThenNoSession() { + WebTestClient client = WebTestClientBuilder + .bindToWebFilters(this.springSecurityFilterChain) + .filter(basicAuthentication()) + .build(); + + FluxExchangeResult result = client.get() + .attributes(basicAuthenticationCredentials("user", "password")).exchange() + .expectStatus() + .isOk() + .returnResult(String.class); + result.assertWithDiagnostics(() -> assertThat(result.getResponseCookies().isEmpty())); + } + @Test public void defaultPopulatesReactorContext() { Principal currentPrincipal = new TestingAuthenticationToken("user", "password", "ROLE_USER"); diff --git a/samples/javaconfig/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java b/samples/javaconfig/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java index d83e1a33a1..510398e7fa 100644 --- a/samples/javaconfig/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java +++ b/samples/javaconfig/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java @@ -22,11 +22,9 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Value; -import org.springframework.http.ResponseCookie; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringRunner; -import org.springframework.test.web.reactive.server.ExchangeResult; import org.springframework.test.web.reactive.server.WebTestClient; import org.springframework.web.reactive.function.client.ExchangeFilterFunction; @@ -89,28 +87,6 @@ public class HelloWebfluxApplicationITests { .expectBody().isEmpty(); } - @Test - public void sessionWorks() throws Exception { - ExchangeResult result = this.rest - .mutate() - .filter(userCredentials()) - .build() - .get() - .uri("/") - .exchange() - .expectStatus().isOk() - .returnResult(String.class); - - ResponseCookie session = result.getResponseCookies().getFirst("SESSION"); - - this.rest - .get() - .uri("/") - .cookie(session.getName(), session.getValue()) - .exchange() - .expectStatus().isOk(); - } - private ExchangeFilterFunction userCredentials() { return basicAuthentication("user","user"); } diff --git a/samples/javaconfig/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java b/samples/javaconfig/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java index 9fadddaa90..62e286901b 100644 --- a/samples/javaconfig/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java +++ b/samples/javaconfig/hellowebflux/src/test/java/sample/HelloWebfluxApplicationTests.java @@ -23,11 +23,9 @@ import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; -import org.springframework.http.ResponseCookie; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringRunner; -import org.springframework.test.web.reactive.server.ExchangeResult; import org.springframework.test.web.reactive.server.WebTestClient; import org.springframework.web.reactive.function.client.ExchangeFilterFunction; @@ -91,28 +89,6 @@ public class HelloWebfluxApplicationTests { .expectBody().isEmpty(); } - @Test - public void sessionWorks() throws Exception { - ExchangeResult result = this.rest - .mutate() - .filter(userCredentials()) - .build() - .get() - .uri("/") - .exchange() - .expectStatus().isOk() - .returnResult(String.class); - - ResponseCookie session = result.getResponseCookies().getFirst("SESSION"); - - this.rest - .get() - .uri("/") - .cookie(session.getName(), session.getValue()) - .exchange() - .expectStatus().isOk(); - } - @Test public void mockSupportWhenValidMockUserThenOk() throws Exception { this.rest diff --git a/samples/javaconfig/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java b/samples/javaconfig/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java index 6b529eb71b..7c02a819f1 100644 --- a/samples/javaconfig/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java +++ b/samples/javaconfig/hellowebfluxfn/src/integration-test/java/sample/HelloWebfluxFnApplicationITests.java @@ -22,11 +22,9 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Value; -import org.springframework.http.ResponseCookie; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringRunner; -import org.springframework.test.web.reactive.server.ExchangeResult; import org.springframework.test.web.reactive.server.WebTestClient; import org.springframework.web.reactive.function.client.ExchangeFilterFunction; @@ -88,28 +86,6 @@ public class HelloWebfluxFnApplicationITests { .expectBody().isEmpty(); } - @Test - public void sessionWorks() throws Exception { - ExchangeResult result = this.rest - .mutate() - .filter(userCredentials()) - .build() - .get() - .uri("/") - .exchange() - .expectStatus().isOk() - .returnResult(String.class); - - ResponseCookie session = result.getResponseCookies().getFirst("SESSION"); - - this.rest - .get() - .uri("/") - .cookie(session.getName(), session.getValue()) - .exchange() - .expectStatus().isOk(); - } - private ExchangeFilterFunction userCredentials() { return basicAuthentication("user","user"); } diff --git a/samples/javaconfig/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java b/samples/javaconfig/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java index 4771f4d3ff..5558ee9528 100644 --- a/samples/javaconfig/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java +++ b/samples/javaconfig/hellowebfluxfn/src/test/java/sample/HelloWebfluxFnApplicationTests.java @@ -22,12 +22,10 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.ResponseCookie; import org.springframework.security.web.server.WebFilterChainFilter; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringRunner; -import org.springframework.test.web.reactive.server.ExchangeResult; import org.springframework.test.web.reactive.server.WebTestClient; import org.springframework.web.reactive.function.client.ExchangeFilterFunction; import org.springframework.web.reactive.function.server.RouterFunction; @@ -95,28 +93,6 @@ public class HelloWebfluxFnApplicationTests { .expectBody().isEmpty(); } - @Test - public void sessionWorks() throws Exception { - ExchangeResult result = this.rest - .mutate() - .filter(userCredentials()) - .build() - .get() - .uri("/") - .exchange() - .expectStatus().isOk() - .returnResult(String.class); - - ResponseCookie session = result.getResponseCookies().getFirst("SESSION"); - - this.rest - .get() - .uri("/") - .cookie(session.getName(), session.getValue()) - .exchange() - .expectStatus().isOk(); - } - @Test public void mockSupportWhenValidMockUserThenOk() throws Exception { this.rest