pull/10544/merge
Andy Wilkinson 7 years ago
parent 871d65d8f1
commit 60afbdc868

@ -98,17 +98,20 @@ class CloudFoundryWebFluxEndpointHandlerMapping
@ResponseBody
private Publisher<ResponseEntity<Object>> links(ServerWebExchange exchange) {
ServerHttpRequest request = exchange.getRequest();
return this.securityInterceptor.preHandle(exchange, "").map(securityResponse -> {
if (!securityResponse.getStatus().equals(HttpStatus.OK)) {
return new ResponseEntity<>(securityResponse.getStatus());
}
AccessLevel accessLevel = exchange
.getAttribute(AccessLevel.REQUEST_ATTRIBUTE);
Map<String, Link> links = this.endpointLinksResolver
.resolveLinks(getEndpoints(), request.getURI().toString());
return new ResponseEntity<>(Collections.singletonMap("_links",
getAccessibleLinks(accessLevel, links)), HttpStatus.OK);
});
return this.securityInterceptor.preHandle(exchange, "")
.map((securityResponse) -> {
if (!securityResponse.getStatus().equals(HttpStatus.OK)) {
return new ResponseEntity<>(securityResponse.getStatus());
}
AccessLevel accessLevel = exchange
.getAttribute(AccessLevel.REQUEST_ATTRIBUTE);
Map<String, Link> links = this.endpointLinksResolver
.resolveLinks(getEndpoints(), request.getURI().toString());
return new ResponseEntity<>(
Collections.singletonMap("_links",
getAccessibleLinks(accessLevel, links)),
HttpStatus.OK);
});
}
private Map<String, Link> getAccessibleLinks(AccessLevel accessLevel,

@ -68,11 +68,11 @@ class ReactiveTokenValidator {
private Mono<Void> validateKeyIdAndSignature(Token token) {
String keyId = token.getKeyId();
return this.securityService.fetchTokenKeys()
.filter(tokenKeys -> tokenKeys.containsKey(keyId))
.filter((tokenKeys) -> tokenKeys.containsKey(keyId))
.switchIfEmpty(Mono.error(
new CloudFoundryAuthorizationException(Reason.INVALID_KEY_ID,
"Key Id present in token header does not match")))
.filter(tokenKeys -> hasValidSignature(token, tokenKeys.get(keyId)))
.filter((tokenKeys) -> hasValidSignature(token, tokenKeys.get(keyId)))
.switchIfEmpty(Mono.error(new CloudFoundryAuthorizationException(
Reason.INVALID_SIGNATURE, "RSA Signature did not match content")))
.then();

@ -130,10 +130,9 @@ public class ReactiveCloudFoundrySecurityInterceptorTests {
.header(HttpHeaders.AUTHORIZATION, "bearer " + mockAccessToken())
.build());
StepVerifier.create(this.interceptor.preHandle(request, "/a"))
.consumeNextWith((response) -> {
assertThat(response.getStatus())
.isEqualTo(Reason.ACCESS_DENIED.getStatus());
}).verifyComplete();
.consumeNextWith((response) -> assertThat(response.getStatus())
.isEqualTo(Reason.ACCESS_DENIED.getStatus()))
.verifyComplete();
}
@Test

@ -70,15 +70,15 @@ public class ReactiveCloudFoundrySecurityServiceTests {
@Test
public void getAccessLevelWhenSpaceDeveloperShouldReturnFull() throws Exception {
String responseBody = "{\"read_sensitive_data\": true,\"read_basic_data\": true}";
prepareResponse(response -> response.setBody(responseBody)
prepareResponse((response) -> response.setBody(responseBody)
.setHeader("Content-Type", "application/json"));
StepVerifier
.create(this.securityService.getAccessLevel("my-access-token",
"my-app-id"))
.consumeNextWith(accessLevel -> assertThat(accessLevel)
.consumeNextWith((accessLevel) -> assertThat(accessLevel)
.isEqualTo(AccessLevel.FULL))
.expectComplete().verify();
expectRequest(request -> {
expectRequest((request) -> {
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
.isEqualTo("bearer my-access-token");
assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER_PERMISSIONS);
@ -89,15 +89,15 @@ public class ReactiveCloudFoundrySecurityServiceTests {
public void getAccessLevelWhenNotSpaceDeveloperShouldReturnRestricted()
throws Exception {
String responseBody = "{\"read_sensitive_data\": false,\"read_basic_data\": true}";
prepareResponse(response -> response.setBody(responseBody)
prepareResponse((response) -> response.setBody(responseBody)
.setHeader("Content-Type", "application/json"));
StepVerifier
.create(this.securityService.getAccessLevel("my-access-token",
"my-app-id"))
.consumeNextWith(accessLevel -> assertThat(accessLevel)
.consumeNextWith((accessLevel) -> assertThat(accessLevel)
.isEqualTo(AccessLevel.RESTRICTED))
.expectComplete().verify();
expectRequest(request -> {
expectRequest((request) -> {
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
.isEqualTo("bearer my-access-token");
assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER_PERMISSIONS);
@ -106,17 +106,17 @@ public class ReactiveCloudFoundrySecurityServiceTests {
@Test
public void getAccessLevelWhenTokenIsNotValidShouldThrowException() throws Exception {
prepareResponse(response -> response.setResponseCode(401));
prepareResponse((response) -> response.setResponseCode(401));
StepVerifier.create(
this.securityService.getAccessLevel("my-access-token", "my-app-id"))
.consumeErrorWith(throwable -> {
.consumeErrorWith((throwable) -> {
assertThat(throwable)
.isInstanceOf(CloudFoundryAuthorizationException.class);
assertThat(
((CloudFoundryAuthorizationException) throwable).getReason())
.isEqualTo(Reason.INVALID_TOKEN);
}).verify();
expectRequest(request -> {
expectRequest((request) -> {
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
.isEqualTo("bearer my-access-token");
assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER_PERMISSIONS);
@ -125,17 +125,17 @@ public class ReactiveCloudFoundrySecurityServiceTests {
@Test
public void getAccessLevelWhenForbiddenShouldThrowException() throws Exception {
prepareResponse(response -> response.setResponseCode(403));
prepareResponse((response) -> response.setResponseCode(403));
StepVerifier.create(
this.securityService.getAccessLevel("my-access-token", "my-app-id"))
.consumeErrorWith(throwable -> {
.consumeErrorWith((throwable) -> {
assertThat(throwable)
.isInstanceOf(CloudFoundryAuthorizationException.class);
assertThat(
((CloudFoundryAuthorizationException) throwable).getReason())
.isEqualTo(Reason.ACCESS_DENIED);
}).verify();
expectRequest(request -> {
expectRequest((request) -> {
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
.isEqualTo("bearer my-access-token");
assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER_PERMISSIONS);
@ -145,17 +145,17 @@ public class ReactiveCloudFoundrySecurityServiceTests {
@Test
public void getAccessLevelWhenCloudControllerIsNotReachableThrowsException()
throws Exception {
prepareResponse(response -> response.setResponseCode(500));
prepareResponse((response) -> response.setResponseCode(500));
StepVerifier.create(
this.securityService.getAccessLevel("my-access-token", "my-app-id"))
.consumeErrorWith(throwable -> {
.consumeErrorWith((throwable) -> {
assertThat(throwable)
.isInstanceOf(CloudFoundryAuthorizationException.class);
assertThat(
((CloudFoundryAuthorizationException) throwable).getReason())
.isEqualTo(Reason.SERVICE_UNAVAILABLE);
}).verify();
expectRequest(request -> {
expectRequest((request) -> {
assertThat(request.getHeader(HttpHeaders.AUTHORIZATION))
.isEqualTo("bearer my-access-token");
assertThat(request.getPath()).isEqualTo(CLOUD_CONTROLLER_PERMISSIONS);
@ -173,78 +173,76 @@ public class ReactiveCloudFoundrySecurityServiceTests {
+ "kqwIn7Glry9n9Suxygbf8g5AzpWcusZgDLIIZ7JTUldBb8qU2a0Dl4mvLZOn4wPo\n"
+ "jfj9Cw2QICsc5+Pwf21fP+hzf+1WSRHbnYv8uanRO0gZ8ekGaghM/2H6gqJbo2nI\n"
+ "JwIDAQAB\n-----END PUBLIC KEY-----";
prepareResponse(response -> {
prepareResponse((response) -> {
response.setBody("{\"token_endpoint\":\"/my-uaa.com\"}");
response.setHeader("Content-Type", "application/json");
});
String responseBody = "{\"keys\" : [ {\"kid\":\"test-key\",\"value\" : \""
+ tokenKeyValue.replace("\n", "\\n") + "\"} ]}";
prepareResponse(response -> {
prepareResponse((response) -> {
response.setBody(responseBody);
response.setHeader("Content-Type", "application/json");
});
StepVerifier.create(this.securityService.fetchTokenKeys())
.consumeNextWith(tokenKeys -> assertThat(tokenKeys.get("test-key"))
.consumeNextWith((tokenKeys) -> assertThat(tokenKeys.get("test-key"))
.isEqualTo(tokenKeyValue))
.expectComplete().verify();
expectRequest(request -> assertThat(request.getPath())
expectRequest((request) -> assertThat(request.getPath())
.isEqualTo("/my-cloud-controller.com/info"));
expectRequest(request -> assertThat(request.getPath())
expectRequest((request) -> assertThat(request.getPath())
.isEqualTo("/my-uaa.com/token_keys"));
}
@Test
public void fetchTokenKeysWhenNoKeysReturnedFromUAA() throws Exception {
prepareResponse(response -> {
prepareResponse((response) -> {
response.setBody("{\"token_endpoint\":\"/my-uaa.com\"}");
response.setHeader("Content-Type", "application/json");
});
String responseBody = "{\"keys\": []}";
prepareResponse(response -> {
prepareResponse((response) -> {
response.setBody(responseBody);
response.setHeader("Content-Type", "application/json");
});
StepVerifier.create(this.securityService.fetchTokenKeys())
.consumeNextWith(tokenKeys -> assertThat(tokenKeys).hasSize(0))
.consumeNextWith((tokenKeys) -> assertThat(tokenKeys).hasSize(0))
.expectComplete().verify();
expectRequest(request -> assertThat(request.getPath())
expectRequest((request) -> assertThat(request.getPath())
.isEqualTo("/my-cloud-controller.com/info"));
expectRequest(request -> assertThat(request.getPath())
expectRequest((request) -> assertThat(request.getPath())
.isEqualTo("/my-uaa.com/token_keys"));
}
@Test
public void fetchTokenKeysWhenUnsuccessfulShouldThrowException() throws Exception {
prepareResponse(response -> {
prepareResponse((response) -> {
response.setBody("{\"token_endpoint\":\"/my-uaa.com\"}");
response.setHeader("Content-Type", "application/json");
});
prepareResponse(response -> {
response.setResponseCode(500);
});
prepareResponse((response) -> response.setResponseCode(500));
StepVerifier.create(this.securityService.fetchTokenKeys())
.consumeErrorWith(throwable -> assertThat(
.consumeErrorWith((throwable) -> assertThat(
((CloudFoundryAuthorizationException) throwable).getReason())
.isEqualTo(Reason.SERVICE_UNAVAILABLE))
.verify();
expectRequest(request -> assertThat(request.getPath())
expectRequest((request) -> assertThat(request.getPath())
.isEqualTo("/my-cloud-controller.com/info"));
expectRequest(request -> assertThat(request.getPath())
expectRequest((request) -> assertThat(request.getPath())
.isEqualTo("/my-uaa.com/token_keys"));
}
@Test
public void getUaaUrlShouldCallCloudControllerInfoOnlyOnce() throws Exception {
prepareResponse(response -> {
prepareResponse((response) -> {
response.setBody("{\"token_endpoint\":\"" + UAA_URL + "\"}");
response.setHeader("Content-Type", "application/json");
});
StepVerifier.create(this.securityService.getUaaUrl())
.consumeNextWith(uaaUrl -> assertThat(uaaUrl).isEqualTo(UAA_URL))
.consumeNextWith((uaaUrl) -> assertThat(uaaUrl).isEqualTo(UAA_URL))
.expectComplete().verify();
// this.securityService.getUaaUrl().block(); //FIXME subscribe again to check that
// it isn't called again
expectRequest(request -> assertThat(request.getPath())
expectRequest((request) -> assertThat(request.getPath())
.isEqualTo(CLOUD_CONTROLLER + "/info"));
expectRequestCount(1);
}
@ -252,16 +250,16 @@ public class ReactiveCloudFoundrySecurityServiceTests {
@Test
public void getUaaUrlWhenCloudControllerUrlIsNotReachableShouldThrowException()
throws Exception {
prepareResponse(response -> response.setResponseCode(500));
prepareResponse((response) -> response.setResponseCode(500));
StepVerifier.create(this.securityService.getUaaUrl())
.consumeErrorWith(throwable -> {
.consumeErrorWith((throwable) -> {
assertThat(throwable)
.isInstanceOf(CloudFoundryAuthorizationException.class);
assertThat(
((CloudFoundryAuthorizationException) throwable).getReason())
.isEqualTo(Reason.SERVICE_UNAVAILABLE);
}).verify();
expectRequest(request -> assertThat(request.getPath())
expectRequest((request) -> assertThat(request.getPath())
.isEqualTo(CLOUD_CONTROLLER + "/info"));
}

@ -60,7 +60,7 @@ public class MetricsRestTemplateCustomizerTests {
String result = restTemplate.getForObject("/test/{id}", String.class, 123);
MockClock.clock(registry).add(SimpleConfig.DEFAULT_STEP);
assertThat(registry.find("http.client.requests")
.meters()).anySatisfy(m -> assertThat(
.meters()).anySatisfy((m) -> assertThat(
StreamSupport.stream(m.getId().getTags().spliterator(), false)
.map(Tag::getKey)).doesNotContain("bucket"));
assertThat(registry.find("http.client.requests")

@ -123,7 +123,7 @@ public class DefaultErrorWebExceptionHandler extends AbstractErrorWebExceptionHa
"error/" + SERIES_VIEWS.get(errorStatus.series()), "error/error")
.flatMap((viewName) -> renderErrorView(viewName, response, error))
.switchIfEmpty(renderDefaultErrorView(response, error)).next()
.doOnNext(resp -> logError(request, errorStatus));
.doOnNext((resp) -> logError(request, errorStatus));
}
/**
@ -138,7 +138,7 @@ public class DefaultErrorWebExceptionHandler extends AbstractErrorWebExceptionHa
return ServerResponse.status(getHttpStatus(error))
.contentType(MediaType.APPLICATION_JSON_UTF8)
.body(BodyInserters.fromObject(error))
.doOnNext(resp -> logError(request, errorStatus));
.doOnNext((resp) -> logError(request, errorStatus));
}
/**

@ -18,7 +18,8 @@ package org.springframework.boot.autoconfigure.data.neo4j.city;
import java.io.Serializable;
import org.neo4j.ogm.annotation.GraphId;
import org.neo4j.ogm.annotation.GeneratedValue;
import org.neo4j.ogm.annotation.Id;
import org.neo4j.ogm.annotation.NodeEntity;
import org.springframework.boot.autoconfigure.data.neo4j.country.Country;
@ -28,7 +29,8 @@ public class City implements Serializable {
private static final long serialVersionUID = 1L;
@GraphId
@Id
@GeneratedValue
private Long id;
private String name;

@ -18,7 +18,8 @@ package org.springframework.boot.autoconfigure.data.neo4j.country;
import java.io.Serializable;
import org.neo4j.ogm.annotation.GraphId;
import org.neo4j.ogm.annotation.GeneratedValue;
import org.neo4j.ogm.annotation.Id;
import org.neo4j.ogm.annotation.NodeEntity;
@NodeEntity
@ -26,7 +27,8 @@ public class Country implements Serializable {
private static final long serialVersionUID = 1L;
@GraphId
@Id
@GeneratedValue
private Long id;
private String name;

@ -93,7 +93,7 @@ public class OAuth2WebSecurityConfigurationTests {
@Test
public void configurationRegistersAuthorizedClientServiceBean() throws Exception {
this.contextRunner.withUserConfiguration(ClientRepositoryConfiguration.class,
OAuth2WebSecurityConfiguration.class).run(context -> {
OAuth2WebSecurityConfiguration.class).run((context) -> {
OAuth2AuthorizedClientService bean = context
.getBean(OAuth2AuthorizedClientService.class);
OAuth2AuthorizedClientService authorizedClientService = (OAuth2AuthorizedClientService) ReflectionTestUtils
@ -108,7 +108,7 @@ public class OAuth2WebSecurityConfigurationTests {
this.contextRunner
.withUserConfiguration(OAuth2AuthorizedClientServiceConfiguration.class,
OAuth2WebSecurityConfiguration.class)
.run(context -> {
.run((context) -> {
OAuth2AuthorizedClientService bean = context
.getBean(OAuth2AuthorizedClientService.class);
OAuth2AuthorizedClientService authorizedClientService = (OAuth2AuthorizedClientService) ReflectionTestUtils

@ -16,7 +16,8 @@
package org.springframework.boot.test.autoconfigure.data.neo4j;
import org.neo4j.ogm.annotation.GraphId;
import org.neo4j.ogm.annotation.GeneratedValue;
import org.neo4j.ogm.annotation.Id;
import org.neo4j.ogm.annotation.NodeEntity;
import org.neo4j.ogm.annotation.Property;
@ -28,7 +29,8 @@ import org.neo4j.ogm.annotation.Property;
@NodeEntity
public class ExampleGraph {
@GraphId
@Id
@GeneratedValue
private Long id;
@Property

@ -460,16 +460,16 @@ public class LogbackLoggingSystemTests extends AbstractLoggingSystemTests {
return context.getLogger(org.slf4j.Logger.ROOT_LOGGER_NAME);
}
private static ConsoleAppender getConsoleAppender() {
return (ConsoleAppender) getRootLogger().getAppender("CONSOLE");
private static ConsoleAppender<?> getConsoleAppender() {
return (ConsoleAppender<?>) getRootLogger().getAppender("CONSOLE");
}
private static RollingFileAppender getFileAppender() {
return (RollingFileAppender) getRootLogger().getAppender("FILE");
private static RollingFileAppender<?> getFileAppender() {
return (RollingFileAppender<?>) getRootLogger().getAppender("FILE");
}
private static SizeAndTimeBasedRollingPolicy getRollingPolicy() {
return (SizeAndTimeBasedRollingPolicy) getFileAppender().getRollingPolicy();
private static SizeAndTimeBasedRollingPolicy<?> getRollingPolicy() {
return (SizeAndTimeBasedRollingPolicy<?>) getFileAppender().getRollingPolicy();
}
private String getLineWithText(File file, String outputSearch) throws Exception {

@ -1,5 +1,5 @@
/*
* Copyright 2012-2016 the original author or authors.
* Copyright 2012-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -16,13 +16,15 @@
package sample.data.neo4j;
import org.neo4j.ogm.annotation.GraphId;
import org.neo4j.ogm.annotation.GeneratedValue;
import org.neo4j.ogm.annotation.Id;
import org.neo4j.ogm.annotation.NodeEntity;
@NodeEntity
public class Customer {
@GraphId
@Id
@GeneratedValue
private Long id;
private String firstName;
@ -38,8 +40,8 @@ public class Customer {
@Override
public String toString() {
return String.format("Customer[id=%s, firstName='%s', lastName='%s']", id,
firstName, lastName);
return String.format("Customer[id=%s, firstName='%s', lastName='%s']", this.id,
this.firstName, this.lastName);
}
}

Loading…
Cancel
Save