Use ServerHttpSecurity Lambda DSL in Tests

Issue gh-13067

Author: jzheaux

config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java

@@ -377,9 +377,7 @@ static class MultiSecurityHttpConfig {
 		@Bean
 		SecurityWebFilterChain apiHttpSecurity(ServerHttpSecurity http) {
 			http.securityMatcher(new PathPatternParserServerWebExchangeMatcher("/api/**"))
-				.authorizeExchange()
-				.anyExchange()
-				.denyAll();
+				.authorizeExchange((exchange) -> exchange.anyExchange().denyAll());
 			return http.build();
 		}
 

config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeSpecTests.java

@@ -35,13 +35,11 @@ public class AuthorizeExchangeSpecTests {
 
 	@Test
 	public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {
-		this.http.csrf()
-			.disable()
-			.authorizeExchange()
-			.pathMatchers(HttpMethod.POST, "/a", "/b")
-			.denyAll()
-			.anyExchange()
-			.permitAll();
+		this.http.csrf((csrf) -> csrf.disable())
+			.authorizeExchange((authorize) -> authorize.pathMatchers(HttpMethod.POST, "/a", "/b")
+				.denyAll()
+				.anyExchange()
+				.permitAll());
 		WebTestClient client = buildClient();
 		// @formatter:off
 		client.get()
@@ -65,7 +63,8 @@ public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {
 
 	@Test
 	public void antMatchersWhenPatternsThenAnyMethod() {
-		this.http.csrf().disable().authorizeExchange().pathMatchers("/a", "/b").denyAll().anyExchange().permitAll();
+		this.http.csrf((csrf) -> csrf.disable())
+			.authorizeExchange((authorize) -> authorize.pathMatchers("/a", "/b").denyAll().anyExchange().permitAll());
 		WebTestClient client = buildClient();
 		// @formatter:off
 		client.get()
@@ -114,25 +113,25 @@ public void antMatchersWhenPatternsInLambdaThenAnyMethod() {
 
 	@Test
 	public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() {
-		this.http.authorizeExchange().pathMatchers("/incomplete");
+		this.http.authorizeExchange((exchange) -> exchange.pathMatchers("/incomplete"));
 		assertThatIllegalStateException()
-			.isThrownBy(() -> this.http.authorizeExchange().pathMatchers("/throws-exception"));
+			.isThrownBy(() -> this.http.authorizeExchange((exchange) -> exchange.pathMatchers("/throws-exception")));
 	}
 
 	@Test
 	public void anyExchangeWhenFollowedByMatcherThenThrowsException() {
 		assertThatIllegalStateException().isThrownBy(() ->
 		// @formatter:off
-			this.http.authorizeExchange()
-					.anyExchange().denyAll()
-					.pathMatchers("/never-reached")
+			this.http.authorizeExchange((exchange) -> exchange
+				.anyExchange().denyAll()
+				.pathMatchers("/never-reached"))
 		// @formatter:on
 		);
 	}
 
 	@Test
 	public void buildWhenMatcherDefinedWithNoAccessThenThrowsException() {
-		this.http.authorizeExchange().pathMatchers("/incomplete");
+		this.http.authorizeExchange((exchange) -> exchange.pathMatchers("/incomplete"));
 		assertThatIllegalStateException().isThrownBy(this.http::build);
 	}
 

config/src/test/java/org/springframework/security/config/web/server/CorsSpecTests.java

@@ -73,7 +73,7 @@ private void givenGetCorsConfigurationWillReturnWildcard() {
 	@Test
 	public void corsWhenEnabledThenAccessControlAllowOriginAndSecurityHeaders() {
 		givenGetCorsConfigurationWillReturnWildcard();
-		this.http.cors().configurationSource(this.source);
+		this.http.cors((cors) -> cors.configurationSource(this.source));
 		this.expectedHeaders.set("Access-Control-Allow-Origin", "*");
 		this.expectedHeaders.set("X-Frame-Options", "DENY");
 		assertHeaders();

config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java

@@ -19,6 +19,7 @@
 import org.junit.jupiter.api.Test;
 
 import org.springframework.http.HttpStatus;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfigurationBuilder;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
 import org.springframework.security.web.server.SecurityWebFilterChain;
@@ -42,12 +43,11 @@ public class ExceptionHandlingSpecTests {
 	public void defaultAuthenticationEntryPoint() {
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.csrf().disable()
-				.authorizeExchange()
-					.anyExchange().authenticated()
-					.and()
-				.exceptionHandling().and()
-				.build();
+			.csrf((csrf) -> csrf.disable())
+			.authorizeExchange((authorize) -> authorize
+				.anyExchange().authenticated())
+			.exceptionHandling(withDefaults())
+			.build();
 		WebTestClient client = WebTestClientBuilder
 				.bindToWebFilters(securityWebFilter)
 				.build();
@@ -83,14 +83,12 @@ public void requestWhenExceptionHandlingWithDefaultsInLambdaThenDefaultAuthentic
 	public void customAuthenticationEntryPoint() {
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.csrf().disable()
-				.authorizeExchange()
-					.anyExchange().authenticated()
-					.and()
-				.exceptionHandling()
-					.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth"))
-					.and()
-				.build();
+			.csrf((csrf) -> csrf.disable())
+			.authorizeExchange((authorize) -> authorize
+				.anyExchange().authenticated())
+			.exceptionHandling((handling) -> handling
+				.authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")))
+			.build();
 		WebTestClient client = WebTestClientBuilder
 				.bindToWebFilters(securityWebFilter)
 				.build();
@@ -128,13 +126,12 @@ public void requestWhenCustomAuthenticationEntryPointInLambdaThenCustomAuthentic
 	public void defaultAccessDeniedHandler() {
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.csrf().disable()
-				.httpBasic().and()
-				.authorizeExchange()
-					.anyExchange().hasRole("ADMIN")
-					.and()
-				.exceptionHandling().and()
-				.build();
+			.csrf((csrf) -> csrf.disable())
+			.httpBasic(Customizer.withDefaults())
+			.authorizeExchange((exchange) -> exchange
+				.anyExchange().hasRole("ADMIN"))
+			.exceptionHandling(withDefaults())
+			.build();
 		WebTestClient client = WebTestClientBuilder
 				.bindToWebFilters(securityWebFilter)
 				.build();
@@ -171,15 +168,13 @@ public void requestWhenExceptionHandlingWithDefaultsInLambdaThenDefaultAccessDen
 	public void customAccessDeniedHandler() {
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.csrf().disable()
-				.httpBasic().and()
-				.authorizeExchange()
-					.anyExchange().hasRole("ADMIN")
-					.and()
-				.exceptionHandling()
-					.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))
-					.and()
-				.build();
+			.csrf((csrf) -> csrf.disable())
+			.httpBasic(Customizer.withDefaults())
+			.authorizeExchange((exchange) -> exchange
+				.anyExchange().hasRole("ADMIN"))
+			.exceptionHandling((handling) -> handling
+				.accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)))
+			.build();
 		WebTestClient client = WebTestClientBuilder
 				.bindToWebFilters(securityWebFilter)
 				.build();

config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java

@@ -69,12 +69,10 @@ public class FormLoginTests {
 	public void defaultLoginPage() {
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange()
-					.anyExchange().authenticated()
-					.and()
-				.formLogin()
-					.and()
-				.build();
+			.authorizeExchange((exchange) -> exchange
+				.anyExchange().authenticated())
+			.formLogin(withDefaults())
+			.build();
 		WebTestClient webTestClient = WebTestClientBuilder
 				.bindToWebFilters(securityWebFilter)
 				.build();
@@ -129,14 +127,12 @@ public void formLoginWhenDefaultsInLambdaThenCreatesDefaultLoginPage() {
 	public void customLoginPage() {
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange()
-					.pathMatchers("/login").permitAll()
-					.anyExchange().authenticated()
-					.and()
-				.formLogin()
-					.loginPage("/login")
-					.and()
-				.build();
+			.authorizeExchange((exchange) -> exchange
+				.pathMatchers("/login").permitAll()
+				.anyExchange().authenticated())
+			.formLogin((login) -> login
+				.loginPage("/login"))
+			.build();
 		WebTestClient webTestClient = WebTestClient
 				.bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController())
 				.webFilter(new WebFilterChainProxy(securityWebFilter))
@@ -189,14 +185,12 @@ public void formLoginWhenCustomLoginPageInLambdaThenUsed() {
 	public void formLoginWhenCustomAuthenticationFailureHandlerThenUsed() {
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange()
-					.pathMatchers("/login", "/failure").permitAll()
-					.anyExchange().authenticated()
-					.and()
-				.formLogin()
-					.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure"))
-					.and()
-				.build();
+			.authorizeExchange((exchange) -> exchange
+				.pathMatchers("/login", "/failure").permitAll()
+				.anyExchange().authenticated())
+			.formLogin((login) -> login
+				.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/failure")))
+			.build();
 		WebTestClient webTestClient = WebTestClientBuilder
 				.bindToWebFilters(securityWebFilter)
 				.build();
@@ -218,14 +212,12 @@ public void formLoginWhenCustomAuthenticationFailureHandlerThenUsed() {
 	public void formLoginWhenCustomRequiresAuthenticationMatcherThenUsed() {
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange()
-					.pathMatchers("/login", "/sign-in").permitAll()
-					.anyExchange().authenticated()
-					.and()
-				.formLogin()
-					.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in"))
-					.and()
-				.build();
+			.authorizeExchange((exchange) -> exchange
+				.pathMatchers("/login", "/sign-in").permitAll()
+				.anyExchange().authenticated())
+			.formLogin((login) -> login
+				.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in")))
+			.build();
 		WebTestClient webTestClient = WebTestClientBuilder
 				.bindToWebFilters(securityWebFilter)
 				.build();
@@ -241,13 +233,11 @@ public void formLoginWhenCustomRequiresAuthenticationMatcherThenUsed() {
 	public void authenticationSuccess() {
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange()
-					.anyExchange().authenticated()
-					.and()
-				.formLogin()
-					.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom"))
-					.and()
-				.build();
+			.authorizeExchange((exchange) -> exchange
+				.anyExchange().authenticated())
+			.formLogin((login) -> login
+				.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom")))
+			.build();
 		WebTestClient webTestClient = WebTestClientBuilder
 				.bindToWebFilters(securityWebFilter)
 				.build();
@@ -275,11 +265,10 @@ public void customAuthenticationManager() {
 			.willReturn(Mono.just(new TestingAuthenticationToken("user", "password", "ROLE_USER", "ROLE_ADMIN")));
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authenticationManager(defaultAuthenticationManager)
-				.formLogin()
-					.authenticationManager(customAuthenticationManager)
-					.and()
-				.build();
+			.authenticationManager(defaultAuthenticationManager)
+			.formLogin((login) -> login
+				.authenticationManager(customAuthenticationManager))
+			.build();
 		WebTestClient webTestClient = WebTestClientBuilder
 				.bindToWebFilters(securityWebFilter)
 				.build();
@@ -309,14 +298,12 @@ public void formLoginSecurityContextRepository() {
 		given(formLoginSecContextRepository.load(any())).willReturn(authentication(token));
 		// @formatter:off
 		SecurityWebFilterChain securityWebFilter = this.http
-				.authorizeExchange()
-					.anyExchange().authenticated()
-					.and()
-				.securityContextRepository(defaultSecContextRepository)
-				.formLogin()
-					.securityContextRepository(formLoginSecContextRepository)
-					.and()
-				.build();
+			.authorizeExchange((exchange) -> exchange
+				.anyExchange().authenticated())
+			.securityContextRepository(defaultSecContextRepository)
+			.formLogin((login) -> login
+				.securityContextRepository(formLoginSecContextRepository))
+			.build();
 		WebTestClient webTestClient = WebTestClientBuilder
 				.bindToWebFilters(securityWebFilter)
 				.build();