Remove ExchangeFilterFunctions

Issue: gh-5612

Author: rwinch

config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java

@@ -68,8 +68,6 @@
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.csrf;
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.Credentials.basicAuthenticationCredentials;
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.basicAuthentication;
 
 /**
  * @author Rob Winch
@@ -122,11 +120,10 @@ public void authenticateWhenBasicThenNoSession() {
 
 		WebTestClient client = WebTestClientBuilder
 			.bindToWebFilters(this.springSecurityFilterChain)
-			.filter(basicAuthentication())
 			.build();
 
 		FluxExchangeResult<String> result = client.get()
-			.attributes(basicAuthenticationCredentials("user", "password"))
+			.headers(headers -> headers.setBasicAuth("user", "password"))
 			.exchange()
 			.expectStatus()
 			.isOk()
@@ -171,13 +168,12 @@ public void defaultPopulatesReactorContextWhenAuthenticating() {
 					.flatMap( principal -> exchange.getResponse()
 						.writeWith(Mono.just(toDataBuffer(principal.getName()))))
 		)
-		.filter(basicAuthentication())
 		.build();
 
 		client
 			.get()
 			.uri("/")
-			.attributes(basicAuthenticationCredentials("user", "password"))
+			.headers(headers -> headers.setBasicAuth("user", "password"))
 			.exchange()
 			.expectStatus().isOk()
 			.expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo("user"));
@@ -208,13 +204,12 @@ public void passwordEncoderBeanIsUsed() {
 					.flatMap( principal -> exchange.getResponse()
 						.writeWith(Mono.just(toDataBuffer(principal.getName()))))
 		)
-		.filter(basicAuthentication())
 		.build();
 
 		client
 			.get()
 			.uri("/")
-			.attributes(basicAuthenticationCredentials("user", "password"))
+			.headers(headers -> headers.setBasicAuth("user", "password"))
 			.exchange()
 			.expectStatus().isOk()
 			.expectBody(String.class).consumeWith( result -> assertThat(result.getResponseBody()).isEqualTo("user"));

config/src/test/java/org/springframework/security/config/web/server/ExceptionHandlingSpecTests.java

@@ -25,8 +25,6 @@
 import org.springframework.security.web.server.authorization.HttpStatusServerAccessDeniedHandler;
 import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler;
 import org.springframework.test.web.reactive.server.WebTestClient;
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.Credentials.basicAuthenticationCredentials;
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.basicAuthentication;
 
 /**
  * @author Denys Ivano
@@ -96,13 +94,12 @@ public void defaultAccessDeniedHandler() {
 
 		WebTestClient client = WebTestClientBuilder
 			.bindToWebFilters(securityWebFilter)
-			.filter(basicAuthentication())
 			.build();
 
 		client
 			.get()
 			.uri("/admin")
-			.attributes(basicAuthenticationCredentials("user", "password"))
+			.headers(headers -> headers.setBasicAuth("user", "password"))
 			.exchange()
 			.expectStatus().isForbidden();
 	}
@@ -122,13 +119,12 @@ public void customAccessDeniedHandler() {
 
 		WebTestClient client = WebTestClientBuilder
 			.bindToWebFilters(securityWebFilter)
-			.filter(basicAuthentication())
 			.build();
 
 		client
 			.get()
 			.uri("/admin")
-			.attributes(basicAuthenticationCredentials("user", "password"))
+			.headers(headers -> headers.setBasicAuth("user", "password"))
 			.exchange()
 			.expectStatus().isBadRequest();
 	}

config/src/test/java/org/springframework/security/config/web/server/ServerHttpSecurityTests.java

@@ -40,7 +40,6 @@
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Matchers.any;
 import static org.mockito.Mockito.when;
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.basicAuthentication;
 
 /**
  * @author Rob Winch
@@ -92,12 +91,9 @@ public void basic() {
 
 		WebTestClient client = buildClient();
 
-		EntityExchangeResult<String> result = client
-			.mutate()
-			.filter(basicAuthentication("rob", "rob"))
-			.build()
-			.get()
+		EntityExchangeResult<String> result = client.get()
 			.uri("/")
+			.headers(headers -> headers.setBasicAuth("rob", "rob"))
 			.exchange()
 			.expectStatus().isOk()
 			.expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+")

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClient.java

@@ -23,12 +23,10 @@
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
 import org.springframework.web.reactive.function.BodyInserters;
-import org.springframework.web.reactive.function.client.ExchangeFilterFunctions;
 import org.springframework.web.reactive.function.client.WebClient;
 import reactor.core.publisher.Mono;
 
 import static org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors.oauth2AccessTokenResponse;
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.Credentials.basicAuthenticationCredentials;
 
 /**
  * An implementation of an {@link ReactiveOAuth2AccessTokenResponseClient} that "exchanges"
@@ -49,7 +47,6 @@
  */
 public class WebClientReactiveAuthorizationCodeTokenResponseClient implements ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
 	private WebClient webClient = WebClient.builder()
-			.filter(ExchangeFilterFunctions.basicAuthentication())
 			.build();
 
 	@Override
@@ -66,7 +63,7 @@ public Mono<OAuth2AccessTokenResponse> getTokenResponse(OAuth2AuthorizationCodeG
 			return this.webClient.post()
 					.uri(tokenUri)
 					.accept(MediaType.APPLICATION_JSON)
-					.attributes(basicAuthenticationCredentials(clientRegistration.getClientId(), clientRegistration.getClientSecret()))
+					.headers(headers -> headers.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret()))
 					.body(body)
 					.exchange()
 					.flatMap(response -> response.body(oauth2AccessTokenResponse()))

samples/boot/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java

@@ -15,19 +15,16 @@
  */
 package sample;
 
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.Credentials.basicAuthenticationCredentials;
-
-import java.util.Map;
 import java.util.function.Consumer;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.reactive.server.WebTestClient;
-import org.springframework.web.reactive.function.client.ExchangeFilterFunctions;
 
 /**
  * @author Rob Winch
@@ -37,13 +34,8 @@
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 public class HelloWebfluxMethodApplicationITests {
 
-	WebTestClient rest;
-
 	@Autowired
-	public void setRest(WebTestClient rest) {
-		this.rest = rest
-				.mutateWith((b, h, c) -> b.filter(ExchangeFilterFunctions.basicAuthentication()));
-	}
+	WebTestClient rest;
 
 
 	@Test
@@ -60,7 +52,7 @@ public void messageWhenUserThenForbidden() throws Exception {
 		this.rest
 				.get()
 				.uri("/message")
-				.attributes(robsCredentials())
+				.headers(robsCredentials())
 				.exchange()
 				.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
 	}
@@ -70,18 +62,18 @@ public void messageWhenAdminThenOk() throws Exception {
 		this.rest
 				.get()
 				.uri("/message")
-				.attributes(adminCredentials())
+				.headers(adminCredentials())
 				.exchange()
 				.expectStatus().isOk()
 				.expectBody(String.class).isEqualTo("Hello World!");
 	}
 
-	private Consumer<Map<String, Object>> robsCredentials() {
-		return basicAuthenticationCredentials("rob", "rob");
+	private Consumer<HttpHeaders> robsCredentials() {
+		return httpHeaders -> httpHeaders.setBasicAuth("rob", "rob");
 	}
 
-	private Consumer<Map<String, Object>> adminCredentials() {
-		return basicAuthenticationCredentials("admin", "admin");
+	private Consumer<HttpHeaders> adminCredentials() {
+		return httpHeaders -> httpHeaders.setBasicAuth("admin", "admin");
 	}
 }
 

samples/boot/hellowebflux-method/src/test/java/sample/HelloWebfluxMethodApplicationTests.java

@@ -17,17 +17,15 @@
 
 import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockUser;
 import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.springSecurity;
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.basicAuthentication;
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.Credentials.basicAuthenticationCredentials;
 
-import java.util.Map;
 import java.util.function.Consumer;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.context.ApplicationContext;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.junit4.SpringRunner;
@@ -48,7 +46,6 @@ public void setup(ApplicationContext context) {
 				.bindToApplicationContext(context)
 				.apply(springSecurity())
 				.configureClient()
-				.filter(basicAuthentication())
 				.build();
 	}
 
@@ -68,7 +65,7 @@ public void messageWhenUserThenForbidden() throws Exception {
 		this.rest
 			.get()
 			.uri("/message")
-			.attributes(robsCredentials())
+			.headers(robsCredentials())
 			.exchange()
 			.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
 	}
@@ -78,7 +75,7 @@ public void messageWhenAdminThenOk() throws Exception {
 		this.rest
 			.get()
 			.uri("/message")
-			.attributes(adminCredentials())
+			.headers(adminCredentials())
 			.exchange()
 			.expectStatus().isOk()
 			.expectBody(String.class).isEqualTo("Hello World!");
@@ -130,11 +127,11 @@ public void messageWhenMutateWithMockAdminThenOk() throws Exception {
 			.expectBody(String.class).isEqualTo("Hello World!");
 	}
 
-	private Consumer<Map<String, Object>> robsCredentials() {
-		return basicAuthenticationCredentials("rob", "rob");
+	private Consumer<HttpHeaders> robsCredentials() {
+		return httpHeaders -> httpHeaders.setBasicAuth("rob", "rob");
 	}
 
-	private Consumer<Map<String, Object>> adminCredentials() {
-		return basicAuthenticationCredentials("admin", "admin");
+	private Consumer<HttpHeaders> adminCredentials() {
+		return httpHeaders -> httpHeaders.setBasicAuth("admin", "admin");
 	}
 }

samples/boot/hellowebflux/src/integration-test/java/sample/HelloWebfluxApplicationITests.java

@@ -15,18 +15,15 @@
  */
 package sample;
 
-import static org.springframework.web.reactive.function.client.ExchangeFilterFunctions.Credentials.basicAuthenticationCredentials;
-
-import java.util.Map;
 import java.util.function.Consumer;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.HttpHeaders;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.reactive.server.WebTestClient;
-import org.springframework.web.reactive.function.client.ExchangeFilterFunctions;
 
 /**
  * @author Rob Winch
@@ -36,13 +33,8 @@
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 public class HelloWebfluxApplicationITests {
 
-	WebTestClient rest;
-
 	@Autowired
-	public void setRest(WebTestClient rest) {
-		this.rest = rest
-				.mutateWith((b, h, c) -> b.filter(ExchangeFilterFunctions.basicAuthentication()));
-	}
+	WebTestClient rest;
 
 	@Test
 	public void basicWhenNoCredentialsThenUnauthorized() throws Exception {
@@ -58,7 +50,7 @@ public void basicWhenValidCredentialsThenOk() throws Exception {
 		this.rest
 			.get()
 			.uri("/")
-			.attributes(userCredentials())
+			.headers(userCredentials())
 			.exchange()
 			.expectStatus().isOk()
 			.expectBody().json("{\"message\":\"Hello user!\"}");
@@ -69,17 +61,17 @@ public void basicWhenInvalidCredentialsThenUnauthorized() throws Exception {
 		this.rest
 			.get()
 			.uri("/")
-			.attributes(invalidCredentials())
+			.headers(invalidCredentials())
 			.exchange()
 			.expectStatus().isUnauthorized()
 			.expectBody().isEmpty();
 	}
 
-	private Consumer<Map<String, Object>> userCredentials() {
-		return basicAuthenticationCredentials("user", "user");
+	private Consumer<HttpHeaders> userCredentials() {
+		return httpHeaders -> httpHeaders.setBasicAuth("user", "user");
 	}
 
-	private Consumer<Map<String, Object>> invalidCredentials() {
-		return basicAuthenticationCredentials("user", "INVALID");
+	private Consumer<HttpHeaders> invalidCredentials() {
+		return httpHeaders -> httpHeaders.setBasicAuth("user", "INVALID");
 	}
 }