Add DelegatingServerAuthenticationConverter

Closes spring-projectsgh-14644

Author: kse-music

web/src/main/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationConverter.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.server.authentication;
+
+import java.util.List;
+
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.util.Assert;
+import org.springframework.web.server.ServerWebExchange;
+
+/**
+ * A {@link ServerAuthenticationConverter} that delegates to other
+ * {@link ServerAuthenticationConverter} instances.
+ *
+ * @author DingHao
+ * @since 6.3
+ */
+public class DelegatingServerAuthenticationConverter implements ServerAuthenticationConverter {
+
+	private final List<ServerAuthenticationConverter> delegates;
+
+	public DelegatingServerAuthenticationConverter(ServerAuthenticationConverter... converters) {
+		this(List.of(converters));
+	}
+
+	public DelegatingServerAuthenticationConverter(List<ServerAuthenticationConverter> converters) {
+		Assert.notEmpty(converters, "converters cannot be null");
+		this.delegates = converters;
+	}
+
+	@Override
+	public Mono<Authentication> convert(ServerWebExchange exchange) {
+		return Flux.fromIterable(this.delegates).concatMap(converter -> converter.convert(exchange)).next();
+	}
+
+}

web/src/test/java/org/springframework/security/web/server/authentication/DelegatingServerAuthenticationConverterTest.java

@@ -0,0 +1,109 @@
+/*
+ * Copyright 2002-2024 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.server.authentication;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
+import org.springframework.mock.web.server.MockServerWebExchange;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.util.ObjectUtils;
+import org.springframework.web.server.ServerWebExchange;
+import reactor.core.publisher.Mono;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author DingHao
+ * @since 6.3
+ */
+@ExtendWith(MockitoExtension.class)
+public class DelegatingServerAuthenticationConverterTest {
+
+	DelegatingServerAuthenticationConverter converter = new DelegatingServerAuthenticationConverter(
+			new ApkServerAuthenticationConverter(), new ServerHttpBasicAuthenticationConverter());
+
+	MockServerHttpRequest.BaseBuilder<?> request = MockServerHttpRequest.get("/");
+
+	@Test
+	public void applyServerHttpBasicAuthenticationConverter() {
+		Mono<Authentication> result = this.converter.convert(MockServerWebExchange
+			.from(this.request.header(HttpHeaders.AUTHORIZATION, "Basic dXNlcjpwYXNzd29yZA==").build()));
+		UsernamePasswordAuthenticationToken authentication = result.cast(UsernamePasswordAuthenticationToken.class)
+			.block();
+		assertThat(authentication.getPrincipal()).isEqualTo("user");
+		assertThat(authentication.getCredentials()).isEqualTo("password");
+	}
+
+	@Test
+	public void applyApkServerAuthenticationConverter() {
+		String apk = "123e4567e89b12d3a456426655440000";
+		Mono<Authentication> result = this.converter
+			.convert(MockServerWebExchange.from(this.request.header("apk", apk).build()));
+		ApkTokenAuthenticationToken authentication = result.cast(ApkTokenAuthenticationToken.class).block();
+		assertThat(authentication.getApk()).isEqualTo(apk);
+	}
+
+	private static String getApk(ServerHttpRequest request) {
+		String apk = request.getHeaders().getFirst("APK");
+		if (ObjectUtils.isEmpty(apk)) {
+			apk = request.getQueryParams().getFirst("apk");
+		}
+		return apk;
+	}
+
+	static class ApkServerAuthenticationConverter implements ServerAuthenticationConverter {
+
+		@Override
+		public Mono<Authentication> convert(ServerWebExchange exchange) {
+			return Mono.justOrEmpty(getApk(exchange.getRequest())).map(ApkTokenAuthenticationToken::new);
+		}
+
+	}
+
+	static class ApkTokenAuthenticationToken extends AbstractAuthenticationToken {
+
+		private final String apk;
+
+		public ApkTokenAuthenticationToken(String apk) {
+			super(AuthorityUtils.NO_AUTHORITIES);
+			this.apk = apk;
+		}
+
+		public String getApk() {
+			return this.apk;
+		}
+
+		@Override
+		public Object getCredentials() {
+			return this.getApk();
+		}
+
+		@Override
+		public Object getPrincipal() {
+			return this.getApk();
+		}
+
+	}
+
+}