From f77cfbc0d15ecc167ba62c7cd216ebffba2665c9 Mon Sep 17 00:00:00 2001 From: mibo Date: Mon, 10 Dec 2018 21:17:44 +0100 Subject: [PATCH] Add Anonymous Support to AuthenticatedReactiveAuthorizationManager Fixes: gh-6235 --- .../AuthenticatedReactiveAuthorizationManager.java | 14 ++++++++++++++ ...enticatedReactiveAuthorizationManagerTests.java | 10 ++++++++++ 2 files changed, 24 insertions(+) diff --git a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java index 64fced35644..f5cbdddd08d 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManager.java @@ -16,6 +16,8 @@ package org.springframework.security.authorization; +import org.springframework.security.authentication.AuthenticationTrustResolver; +import org.springframework.security.authentication.AuthenticationTrustResolverImpl; import org.springframework.security.core.Authentication; import reactor.core.publisher.Mono; @@ -30,13 +32,25 @@ */ public class AuthenticatedReactiveAuthorizationManager implements ReactiveAuthorizationManager { + private AuthenticationTrustResolver authTrustResolver = new AuthenticationTrustResolverImpl(); + @Override public Mono check(Mono authentication, T object) { return authentication + .filter(this::isNotAnonymous) .map(a -> new AuthorizationDecision(a.isAuthenticated())) .defaultIfEmpty(new AuthorizationDecision(false)); } + /** + * Verify (via {@link AuthenticationTrustResolver}) that the given authentication is not anonymous. + * @param authentication to be checked + * @return true if not anonymous, otherwise false. + */ + private boolean isNotAnonymous(Authentication authentication) { + return !authTrustResolver.isAnonymous(authentication); + } + /** * Gets an instance of {@link AuthenticatedReactiveAuthorizationManager} * @param diff --git a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java index 2d05e46ddd6..587beeee52f 100644 --- a/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java +++ b/core/src/test/java/org/springframework/security/authorization/AuthenticatedReactiveAuthorizationManagerTests.java @@ -20,11 +20,13 @@ import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.junit.MockitoJUnitRunner; +import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.Authentication; import reactor.core.publisher.Mono; import reactor.test.StepVerifier; import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; /** @@ -62,6 +64,14 @@ public void checkWhenEmptyThenReturnFalse() { assertThat(granted).isFalse(); } + @Test + public void checkWhenAnonymousAuthenticatedThenReturnFalse() { + AnonymousAuthenticationToken anonymousAuthenticationToken = mock(AnonymousAuthenticationToken.class); + + boolean granted = manager.check(Mono.just(anonymousAuthenticationToken), null).block().isGranted(); + + assertThat(granted).isFalse(); + } @Test public void checkWhenErrorThenError() {