Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent basic authentication from popping up #4556

Merged
merged 1 commit into from Sep 7, 2023
Merged

Prevent basic authentication from popping up #4556

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 4 additions & 1 deletion application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java
View file
Open in desktop
Expand Up @@ -29,6 +29,7 @@
import run.halo.app.infra.AnonymousUserConst;
import run.halo.app.infra.properties.HaloProperties;
import run.halo.app.plugin.extensionpoint.ExtensionGetter;
import run.halo.app.security.DefaultServerAuthenticationEntryPoint;
import run.halo.app.security.DefaultUserDetailService;
import run.halo.app.security.DynamicMatcherSecurityWebFilterChain;
import run.halo.app.security.authentication.SecurityConfigurer;
Expand Down Expand Up @@ -66,7 +67,9 @@ SecurityWebFilterChain apiFilterChain(ServerHttpSecurity http,
spec.principal(AnonymousUserConst.PRINCIPAL);
})
.securityContextRepository(securityContextRepository)
.httpBasic(withDefaults());
.httpBasic(withDefaults())
.exceptionHandling(
spec -> spec.authenticationEntryPoint(new DefaultServerAuthenticationEntryPoint()));

// Integrate with other configurers separately
securityConfigurers.orderedStream()
Expand Down
31 changes: 31 additions & 0 deletions application/src/main/java/run/halo/app/security/DefaultServerAuthenticationEntryPoint.java
View file
Open in desktop
@@ -0,0 +1,31 @@
package run.halo.app.security;

import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/**
* Default authentication entry point.
* See <a href="https://datatracker.ietf.org/doc/html/rfc7235#section-4.1">
* https://datatracker.ietf.org/doc/html/rfc7235#section-4.1</a>
* for more.
*
* @author johnniang
*/
public class DefaultServerAuthenticationEntryPoint implements ServerAuthenticationEntryPoint {

@Override
public Mono<Void> commence(ServerWebExchange exchange, AuthenticationException ex) {
return Mono.defer(() -> {
var response = exchange.getResponse();
var wwwAuthenticate = "FormLogin realm=\"console\"";
response.getHeaders().set(HttpHeaders.WWW_AUTHENTICATE, wwwAuthenticate);
response.setStatusCode(HttpStatus.UNAUTHORIZED);
return response.setComplete();
});
}

}
35 changes: 35 additions & 0 deletions ...cation/src/test/java/run/halo/app/security/DefaultServerAuthenticationEntryPointTest.java
View file
Open in desktop
@@ -0,0 +1,35 @@
package run.halo.app.security;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.springframework.http.HttpHeaders.WWW_AUTHENTICATE;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.junit.jupiter.MockitoExtension;
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
import org.springframework.mock.web.server.MockServerWebExchange;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import reactor.test.StepVerifier;

@ExtendWith(MockitoExtension.class)
class DefaultServerAuthenticationEntryPointTest {

@InjectMocks
DefaultServerAuthenticationEntryPoint entryPoint;

@Test
void commence() {
var mockReq = MockServerHttpRequest.get("/protected")
.build();
var mockExchange = MockServerWebExchange.builder(mockReq)
.build();
var commenceMono = entryPoint.commence(mockExchange,
new AuthenticationCredentialsNotFoundException("Not Found"));
StepVerifier.create(commenceMono)
.verifyComplete();
var headers = mockExchange.getResponse().getHeaders();
assertEquals("FormLogin realm=\"console\"", headers.getFirst(WWW_AUTHENTICATE));
}

}