root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Render default UIs using lightweight templates

This commit is contained in:
Daniel Garnier-Moiroux 2024-08-08 09:06:25 +02:00 committed by Rob Winch
parent a953a3d162
commit 8d47906191
9 changed files with 1258 additions and 518 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

454
config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java
View File

@ -67,140 +67,142 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
@ExtendWith(SpringTestContextExtension.class)
public class DefaultLoginPageConfigurerTests {
//@formatter:off
public static final String EXPECTED_HTML_HEAD = " <head>\n"
+ " <meta charset=\"utf-8\">\n"
+ " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+ " <meta name=\"description\" content=\"\">\n"
+ " <meta name=\"author\" content=\"\">\n"
+ " <title>Please sign in</title>\n"
+ " <style>\n"
+ " /* General layout */\n"
+ " body {\n"
+ " font-family: system-ui, \"Segoe UI\", Roboto, \"Helvetica Neue\", Arial, sans-serif;\n"
+ " background-color: #eee;\n"
+ " padding: 40px 0;\n"
+ " margin: 0;\n"
+ " line-height: 1.5;\n"
+ " }\n"
+ " \n"
+ " h2 {\n"
+ " margin-top: 0;\n"
+ " margin-bottom: 0.5rem;\n"
+ " font-size: 2rem;\n"
+ " font-weight: 500;\n"
+ " line-height: 2rem;\n"
+ " }\n"
+ " \n"
+ " .content {\n"
+ " margin-right: auto;\n"
+ " margin-left: auto;\n"
+ " padding-right: 15px;\n"
+ " padding-left: 15px;\n"
+ " width: 100%;\n"
+ " box-sizing: border-box;\n"
+ " }\n"
+ " \n"
+ " @media (min-width: 800px) {\n"
+ " .content {\n"
+ " max-width: 760px;\n"
+ " }\n"
+ " }\n"
+ " \n"
+ " /* Components */\n"
+ " a,\n"
+ " a:visited {\n"
+ " text-decoration: none;\n"
+ " color: #06f;\n"
+ " }\n"
+ " \n"
+ " a:hover {\n"
+ " text-decoration: underline;\n"
+ " color: #003c97;\n"
+ " }\n"
+ " \n"
+ " input[type=\"text\"],\n"
+ " input[type=\"password\"] {\n"
+ " height: auto;\n"
+ " width: 100%;\n"
+ " font-size: 1rem;\n"
+ " padding: 0.5rem;\n"
+ " box-sizing: border-box;\n"
+ " }\n"
+ " \n"
+ " button {\n"
+ " padding: 0.5rem 1rem;\n"
+ " font-size: 1.25rem;\n"
+ " line-height: 1.5;\n"
+ " border: none;\n"
+ " border-radius: 0.1rem;\n"
+ " width: 100%;\n"
+ " }\n"
+ " \n"
+ " button.primary {\n"
+ " color: #fff;\n"
+ " background-color: #06f;\n"
+ " }\n"
+ " \n"
+ " .alert {\n"
+ " padding: 0.75rem 1rem;\n"
+ " margin-bottom: 1rem;\n"
+ " line-height: 1.5;\n"
+ " border-radius: 0.1rem;\n"
+ " width: 100%;\n"
+ " box-sizing: border-box;\n"
+ " border-width: 1px;\n"
+ " border-style: solid;\n"
+ " }\n"
+ " \n"
+ " .alert.alert-danger {\n"
+ " color: #6b1922;\n"
+ " background-color: #f7d5d7;\n"
+ " border-color: #eab6bb;\n"
+ " }\n"
+ " \n"
+ " .alert.alert-success {\n"
+ " color: #145222;\n"
+ " background-color: #d1f0d9;\n"
+ " border-color: #c2ebcb;\n"
+ " }\n"
+ " \n"
+ " .screenreader {\n"
+ " position: absolute;\n"
+ " clip: rect(0 0 0 0);\n"
+ " height: 1px;\n"
+ " width: 1px;\n"
+ " padding: 0;\n"
+ " border: 0;\n"
+ " overflow: hidden;\n"
+ " }\n"
+ " \n"
+ " table {\n"
+ " width: 100%;\n"
+ " max-width: 100%;\n"
+ " margin-bottom: 2rem;\n"
+ " }\n"
+ " \n"
+ " .table-striped tr:nth-of-type(2n + 1) {\n"
+ " background-color: #e1e1e1;\n"
+ " }\n"
+ " \n"
+ " td {\n"
+ " padding: 0.75rem;\n"
+ " vertical-align: top;\n"
+ " }\n"
+ " \n"
+ " /* Login / logout layouts */\n"
+ " .login-form,\n"
+ " .logout-form {\n"
+ " max-width: 340px;\n"
+ " padding: 0 15px 15px 15px;\n"
+ " margin: 0 auto 2rem auto;\n"
+ " box-sizing: border-box;\n"
+ " }\n"
+ " </style>\n"
+ " </head>\n";
//@formatter:on
public static final String EXPECTED_HTML_HEAD = """
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Please sign in</title>
<style>
/* General layout */
body {
font-family: system-ui, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
background-color: #eee;
padding: 40px 0;
margin: 0;
line-height: 1.5;
}
\s\s\s\s
h2 {
margin-top: 0;
margin-bottom: 0.5rem;
font-size: 2rem;
font-weight: 500;
line-height: 2rem;
}
\s\s\s\s
.content {
margin-right: auto;
margin-left: auto;
padding-right: 15px;
padding-left: 15px;
width: 100%;
box-sizing: border-box;
}
\s\s\s\s
@media (min-width: 800px) {
.content {
max-width: 760px;
}
}
\s\s\s\s
/* Components */
a,
a:visited {
text-decoration: none;
color: #06f;
}
\s\s\s\s
a:hover {
text-decoration: underline;
color: #003c97;
}
\s\s\s\s
input[type="text"],
input[type="password"] {
height: auto;
width: 100%;
font-size: 1rem;
padding: 0.5rem;
box-sizing: border-box;
}
\s\s\s\s
button {
padding: 0.5rem 1rem;
font-size: 1.25rem;
line-height: 1.5;
border: none;
border-radius: 0.1rem;
width: 100%;
}
\s\s\s\s
button.primary {
color: #fff;
background-color: #06f;
}
\s\s\s\s
.alert {
padding: 0.75rem 1rem;
margin-bottom: 1rem;
line-height: 1.5;
border-radius: 0.1rem;
width: 100%;
box-sizing: border-box;
border-width: 1px;
border-style: solid;
}
\s\s\s\s
.alert.alert-danger {
color: #6b1922;
background-color: #f7d5d7;
border-color: #eab6bb;
}
\s\s\s\s
.alert.alert-success {
color: #145222;
background-color: #d1f0d9;
border-color: #c2ebcb;
}
\s\s\s\s
.screenreader {
position: absolute;
clip: rect(0 0 0 0);
height: 1px;
width: 1px;
padding: 0;
border: 0;
overflow: hidden;
}
\s\s\s\s
table {
width: 100%;
max-width: 100%;
margin-bottom: 2rem;
}
\s\s\s\s
.table-striped tr:nth-of-type(2n + 1) {
background-color: #e1e1e1;
}
\s\s\s\s
td {
padding: 0.75rem;
vertical-align: top;
}
\s\s\s\s
/* Login / logout layouts */
.login-form,
.logout-form {
max-width: 340px;
padding: 0 15px 15px 15px;
margin: 0 auto 2rem auto;
box-sizing: border-box;
}
</style>
</head>
""";
public final SpringTestContext spring = new SpringTestContext(this);
@ -222,26 +224,32 @@ public class DefaultLoginPageConfigurerTests {
this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
.andExpect((result) -> {
CsrfToken token = (CsrfToken) result.getRequest().getAttribute(CsrfToken.class.getName());
assertThat(result.getResponse().getContentAsString()).isEqualTo("<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ EXPECTED_HTML_HEAD
+ " <body>\n"
+ " <div class=\"content\">\n"
+ " <form class=\"login-form\" method=\"post\" action=\"/login\">\n"
+ " <h2>Please sign in</h2>\n"
+ " <p>\n"
+ " <label for=\"username\" class=\"screenreader\">Username</label>\n"
+ " <input type=\"text\" id=\"username\" name=\"username\" placeholder=\"Username\" required autofocus>\n"
+ " </p>\n"
+ " <p>\n"
+ " <label for=\"password\" class=\"screenreader\">Password</label>\n"
+ " <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n"
+ " </p>\n"
+ "<input name=\"" + token.getParameterName() + "\" type=\"hidden\" value=\"" + token.getToken() + "\" />\n"
+ " <button type=\"submit\" class=\"primary\">Sign in</button>\n"
+ " </form>\n"
+ "</div>\n"
+ "</body></html>");
assertThat(result.getResponse().getContentAsString()).isEqualTo(
EXPECTED_HTML_HEAD +
"""
<body>
<div class="content">
<form class="login-form" method="post" action="/login">
<h2>Please sign in</h2>
\s
<p>
<label for="username" class="screenreader">Username</label>
<input type="text" id="username" name="username" placeholder="Username" required autofocus>
</p>
<p>
<label for="password" class="screenreader">Password</label>
<input type="password" id="password" name="password" placeholder="Password" required>
</p>
<input name="_csrf" type="hidden" value="%s" />
<button type="submit" class="primary">Sign in</button>
</form>
</div>
</body>
</html>""".formatted(token.getToken()));
});
// @formatter:on
}
@ -263,25 +271,32 @@ public class DefaultLoginPageConfigurerTests {
.sessionAttr(csrfAttributeName, csrfToken))
.andExpect((result) -> {
CsrfToken token = (CsrfToken) result.getRequest().getAttribute(CsrfToken.class.getName());
assertThat(result.getResponse().getContentAsString()).isEqualTo("<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ EXPECTED_HTML_HEAD
+ " <body>\n"
+ " <div class=\"content\">\n"
+ " <form class=\"login-form\" method=\"post\" action=\"/login\">\n"
+ " <h2>Please sign in</h2>\n"
+ "<div class=\"alert alert-danger\" role=\"alert\">Bad credentials</div> <p>\n"
+ " <label for=\"username\" class=\"screenreader\">Username</label>\n"
+ " <input type=\"text\" id=\"username\" name=\"username\" placeholder=\"Username\" required autofocus>\n"
+ " </p>\n" + " <p>\n"
+ " <label for=\"password\" class=\"screenreader\">Password</label>\n"
+ " <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n"
+ " </p>\n"
+ "<input name=\"" + token.getParameterName() + "\" type=\"hidden\" value=\"" + token.getToken() + "\" />\n"
+ " <button type=\"submit\" class=\"primary\">Sign in</button>\n"
+ " </form>\n"
+ "</div>\n"
+ "</body></html>");
assertThat(result.getResponse().getContentAsString()).isEqualTo(
EXPECTED_HTML_HEAD +
"""
<body>
<div class="content">
<form class="login-form" method="post" action="/login">
<h2>Please sign in</h2>
<div class="alert alert-danger" role="alert">Bad credentials</div>
<p>
<label for="username" class="screenreader">Username</label>
<input type="text" id="username" name="username" placeholder="Username" required autofocus>
</p>
<p>
<label for="password" class="screenreader">Password</label>
<input type="password" id="password" name="password" placeholder="Password" required>
</p>
<input name="_csrf" type="hidden" value="%s" />
<button type="submit" class="primary">Sign in</button>
</form>
</div>
</body>
</html>""".formatted(token.getToken()));
});
// @formatter:on
}
@ -307,26 +322,32 @@ public class DefaultLoginPageConfigurerTests {
this.mvc.perform(get("/login?logout").sessionAttr(csrfAttributeName, csrfToken))
.andExpect((result) -> {
CsrfToken token = (CsrfToken) result.getRequest().getAttribute(CsrfToken.class.getName());
assertThat(result.getResponse().getContentAsString()).isEqualTo("<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ EXPECTED_HTML_HEAD
+ " <body>\n"
+ " <div class=\"content\">\n"
+ " <form class=\"login-form\" method=\"post\" action=\"/login\">\n"
+ " <h2>Please sign in</h2>\n"
+ "<div class=\"alert alert-success\" role=\"alert\">You have been signed out</div> <p>\n"
+ " <label for=\"username\" class=\"screenreader\">Username</label>\n"
+ " <input type=\"text\" id=\"username\" name=\"username\" placeholder=\"Username\" required autofocus>\n"
+ " </p>\n"
+ " <p>\n"
+ " <label for=\"password\" class=\"screenreader\">Password</label>\n"
+ " <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n"
+ " </p>\n"
+ "<input name=\"" + token.getParameterName() + "\" type=\"hidden\" value=\"" + token.getToken() + "\" />\n"
+ " <button type=\"submit\" class=\"primary\">Sign in</button>\n"
+ " </form>\n"
+ "</div>\n"
+ "</body></html>");
assertThat(result.getResponse().getContentAsString()).isEqualTo(
EXPECTED_HTML_HEAD +
"""
<body>
<div class="content">
<form class="login-form" method="post" action="/login">
<h2>Please sign in</h2>
<div class="alert alert-success" role="alert">You have been signed out</div>
<p>
<label for="username" class="screenreader">Username</label>
<input type="text" id="username" name="username" placeholder="Username" required autofocus>
</p>
<p>
<label for="password" class="screenreader">Password</label>
<input type="password" id="password" name="password" placeholder="Password" required>
</p>
<input name="_csrf" type="hidden" value="%s" />
<button type="submit" class="primary">Sign in</button>
</form>
</div>
</body>
</html>""".formatted(token.getToken()));
});
// @formatter:on
}
@ -352,27 +373,32 @@ public class DefaultLoginPageConfigurerTests {
this.mvc.perform(get("/login").sessionAttr(csrfAttributeName, csrfToken))
.andExpect((result) -> {
CsrfToken token = (CsrfToken) result.getRequest().getAttribute(CsrfToken.class.getName());
assertThat(result.getResponse().getContentAsString()).isEqualTo("<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ EXPECTED_HTML_HEAD
+ " <body>\n"
+ " <div class=\"content\">\n"
+ " <form class=\"login-form\" method=\"post\" action=\"/login\">\n"
+ " <h2>Please sign in</h2>\n"
+ " <p>\n"
+ " <label for=\"username\" class=\"screenreader\">Username</label>\n"
+ " <input type=\"text\" id=\"username\" name=\"username\" placeholder=\"Username\" required autofocus>\n"
+ " </p>\n"
+ " <p>\n"
+ " <label for=\"password\" class=\"screenreader\">Password</label>\n"
+ " <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n"
+ " </p>\n"
+ "<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>\n"
+ "<input name=\"" + token.getParameterName() + "\" type=\"hidden\" value=\"" + token.getToken() + "\" />\n"
+ " <button type=\"submit\" class=\"primary\">Sign in</button>\n"
+ " </form>\n"
+ "</div>\n"
+ "</body></html>");
assertThat(result.getResponse().getContentAsString()).isEqualTo(
EXPECTED_HTML_HEAD +
"""
<body>
<div class="content">
<form class="login-form" method="post" action="/login">
<h2>Please sign in</h2>
\s
<p>
<label for="username" class="screenreader">Username</label>
<input type="text" id="username" name="username" placeholder="Username" required autofocus>
</p>
<p>
<label for="password" class="screenreader">Password</label>
<input type="password" id="password" name="password" placeholder="Password" required>
</p>
<p><input type='checkbox' name='remember-me'/> Remember me on this computer.</p>
<input name="_csrf" type="hidden" value="%s" />
<button type="submit" class="primary">Sign in</button>
</form>
</div>
</body>
</html>""".formatted(token.getToken()));
});
// @formatter:on
}

366
config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java
View File

@ -45,140 +45,142 @@ public class FormLoginBeanDefinitionParserTests {
private static final String CONFIG_LOCATION_PREFIX = "classpath:org/springframework/security/config/http/FormLoginBeanDefinitionParserTests";
//@formatter:off
public static final String EXPECTED_HTML_HEAD = " <head>\n"
+ " <meta charset=\"utf-8\">\n"
+ " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n"
+ " <meta name=\"description\" content=\"\">\n"
+ " <meta name=\"author\" content=\"\">\n"
+ " <title>Please sign in</title>\n"
+ " <style>\n"
+ " /* General layout */\n"
+ " body {\n"
+ " font-family: system-ui, \"Segoe UI\", Roboto, \"Helvetica Neue\", Arial, sans-serif;\n"
+ " background-color: #eee;\n"
+ " padding: 40px 0;\n"
+ " margin: 0;\n"
+ " line-height: 1.5;\n"
+ " }\n"
+ " \n"
+ " h2 {\n"
+ " margin-top: 0;\n"
+ " margin-bottom: 0.5rem;\n"
+ " font-size: 2rem;\n"
+ " font-weight: 500;\n"
+ " line-height: 2rem;\n"
+ " }\n"
+ " \n"
+ " .content {\n"
+ " margin-right: auto;\n"
+ " margin-left: auto;\n"
+ " padding-right: 15px;\n"
+ " padding-left: 15px;\n"
+ " width: 100%;\n"
+ " box-sizing: border-box;\n"
+ " }\n"
+ " \n"
+ " @media (min-width: 800px) {\n"
+ " .content {\n"
+ " max-width: 760px;\n"
+ " }\n"
+ " }\n"
+ " \n"
+ " /* Components */\n"
+ " a,\n"
+ " a:visited {\n"
+ " text-decoration: none;\n"
+ " color: #06f;\n"
+ " }\n"
+ " \n"
+ " a:hover {\n"
+ " text-decoration: underline;\n"
+ " color: #003c97;\n"
+ " }\n"
+ " \n"
+ " input[type=\"text\"],\n"
+ " input[type=\"password\"] {\n"
+ " height: auto;\n"
+ " width: 100%;\n"
+ " font-size: 1rem;\n"
+ " padding: 0.5rem;\n"
+ " box-sizing: border-box;\n"
+ " }\n"
+ " \n"
+ " button {\n"
+ " padding: 0.5rem 1rem;\n"
+ " font-size: 1.25rem;\n"
+ " line-height: 1.5;\n"
+ " border: none;\n"
+ " border-radius: 0.1rem;\n"
+ " width: 100%;\n"
+ " }\n"
+ " \n"
+ " button.primary {\n"
+ " color: #fff;\n"
+ " background-color: #06f;\n"
+ " }\n"
+ " \n"
+ " .alert {\n"
+ " padding: 0.75rem 1rem;\n"
+ " margin-bottom: 1rem;\n"
+ " line-height: 1.5;\n"
+ " border-radius: 0.1rem;\n"
+ " width: 100%;\n"
+ " box-sizing: border-box;\n"
+ " border-width: 1px;\n"
+ " border-style: solid;\n"
+ " }\n"
+ " \n"
+ " .alert.alert-danger {\n"
+ " color: #6b1922;\n"
+ " background-color: #f7d5d7;\n"
+ " border-color: #eab6bb;\n"
+ " }\n"
+ " \n"
+ " .alert.alert-success {\n"
+ " color: #145222;\n"
+ " background-color: #d1f0d9;\n"
+ " border-color: #c2ebcb;\n"
+ " }\n"
+ " \n"
+ " .screenreader {\n"
+ " position: absolute;\n"
+ " clip: rect(0 0 0 0);\n"
+ " height: 1px;\n"
+ " width: 1px;\n"
+ " padding: 0;\n"
+ " border: 0;\n"
+ " overflow: hidden;\n"
+ " }\n"
+ " \n"
+ " table {\n"
+ " width: 100%;\n"
+ " max-width: 100%;\n"
+ " margin-bottom: 2rem;\n"
+ " }\n"
+ " \n"
+ " .table-striped tr:nth-of-type(2n + 1) {\n"
+ " background-color: #e1e1e1;\n"
+ " }\n"
+ " \n"
+ " td {\n"
+ " padding: 0.75rem;\n"
+ " vertical-align: top;\n"
+ " }\n"
+ " \n"
+ " /* Login / logout layouts */\n"
+ " .login-form,\n"
+ " .logout-form {\n"
+ " max-width: 340px;\n"
+ " padding: 0 15px 15px 15px;\n"
+ " margin: 0 auto 2rem auto;\n"
+ " box-sizing: border-box;\n"
+ " }\n"
+ " </style>\n"
+ " </head>\n";
//@formatter:on
public static final String EXPECTED_HTML_HEAD = """
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Please sign in</title>
<style>
/* General layout */
body {
font-family: system-ui, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
background-color: #eee;
padding: 40px 0;
margin: 0;
line-height: 1.5;
}
\s\s\s\s
h2 {
margin-top: 0;
margin-bottom: 0.5rem;
font-size: 2rem;
font-weight: 500;
line-height: 2rem;
}
\s\s\s\s
.content {
margin-right: auto;
margin-left: auto;
padding-right: 15px;
padding-left: 15px;
width: 100%;
box-sizing: border-box;
}
\s\s\s\s
@media (min-width: 800px) {
.content {
max-width: 760px;
}
}
\s\s\s\s
/* Components */
a,
a:visited {
text-decoration: none;
color: #06f;
}
\s\s\s\s
a:hover {
text-decoration: underline;
color: #003c97;
}
\s\s\s\s
input[type="text"],
input[type="password"] {
height: auto;
width: 100%;
font-size: 1rem;
padding: 0.5rem;
box-sizing: border-box;
}
\s\s\s\s
button {
padding: 0.5rem 1rem;
font-size: 1.25rem;
line-height: 1.5;
border: none;
border-radius: 0.1rem;
width: 100%;
}
\s\s\s\s
button.primary {
color: #fff;
background-color: #06f;
}
\s\s\s\s
.alert {
padding: 0.75rem 1rem;
margin-bottom: 1rem;
line-height: 1.5;
border-radius: 0.1rem;
width: 100%;
box-sizing: border-box;
border-width: 1px;
border-style: solid;
}
\s\s\s\s
.alert.alert-danger {
color: #6b1922;
background-color: #f7d5d7;
border-color: #eab6bb;
}
\s\s\s\s
.alert.alert-success {
color: #145222;
background-color: #d1f0d9;
border-color: #c2ebcb;
}
\s\s\s\s
.screenreader {
position: absolute;
clip: rect(0 0 0 0);
height: 1px;
width: 1px;
padding: 0;
border: 0;
overflow: hidden;
}
\s\s\s\s
table {
width: 100%;
max-width: 100%;
margin-bottom: 2rem;
}
\s\s\s\s
.table-striped tr:nth-of-type(2n + 1) {
background-color: #e1e1e1;
}
\s\s\s\s
td {
padding: 0.75rem;
vertical-align: top;
}
\s\s\s\s
/* Login / logout layouts */
.login-form,
.logout-form {
max-width: 340px;
padding: 0 15px 15px 15px;
margin: 0 auto 2rem auto;
box-sizing: border-box;
}
</style>
</head>
""";
public final SpringTestContext spring = new SpringTestContext(this);
@ -188,27 +190,30 @@ public class FormLoginBeanDefinitionParserTests {
@Test
public void getLoginWhenAutoConfigThenShowsDefaultLoginPage() throws Exception {
this.spring.configLocations(this.xml("Simple")).autowire();
// @formatter:off
String expectedContent = "<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ EXPECTED_HTML_HEAD
+ " <body>\n"
+ " <div class=\"content\">\n"
+ " <form class=\"login-form\" method=\"post\" action=\"/login\">\n"
+ " <h2>Please sign in</h2>\n"
+ " <p>\n"
+ " <label for=\"username\" class=\"screenreader\">Username</label>\n"
+ " <input type=\"text\" id=\"username\" name=\"username\" placeholder=\"Username\" required autofocus>\n"
+ " </p>\n"
+ " <p>\n"
+ " <label for=\"password\" class=\"screenreader\">Password</label>\n"
+ " <input type=\"password\" id=\"password\" name=\"password\" placeholder=\"Password\" required>\n"
+ " </p>\n"
+ " <button type=\"submit\" class=\"primary\">Sign in</button>\n"
+ " </form>\n"
+ "</div>\n"
+ "</body></html>";
// @formatter:on
String expectedContent = EXPECTED_HTML_HEAD + """
<body>
<div class="content">
<form class="login-form" method="post" action="/login">
<h2>Please sign in</h2>
\s
<p>
<label for="username" class="screenreader">Username</label>
<input type="text" id="username" name="username" placeholder="Username" required autofocus>
</p>
<p>
<label for="password" class="screenreader">Password</label>
<input type="password" id="password" name="password" placeholder="Password" required>
</p>
<button type="submit" class="primary">Sign in</button>
</form>
</div>
</body>
</html>""";
this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
}
@ -221,31 +226,32 @@ public class FormLoginBeanDefinitionParserTests {
@Test
public void getLoginWhenConfiguredWithCustomAttributesThenLoginPageReflects() throws Exception {
this.spring.configLocations(this.xml("WithCustomAttributes")).autowire();
// @formatter:off
String expectedContent = "<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ EXPECTED_HTML_HEAD
+ " <body>\n"
+ " <div class=\"content\">\n"
+ " <form class=\"login-form\" method=\"post\" action=\"/signin\">\n"
+ " <h2>Please sign in</h2>\n"
+ " <p>\n"
+ " <label for=\"username\" class=\"screenreader\">Username</label>\n"
+ " <input type=\"text\" id=\"username\" name=\"custom_user\" placeholder=\"Username\" required autofocus>\n"
+ " </p>\n"
+ " <p>\n"
+ " <label for=\"password\" class=\"screenreader\">Password</label>\n"
+ " <input type=\"password\" id=\"password\" name=\"custom_pass\" placeholder=\"Password\" required>\n"
+ " </p>\n"
+ " <button type=\"submit\" class=\"primary\">Sign in</button>\n"
+ " </form>\n"
+ "</div>\n"
+ "</body></html>";
this.mvc.perform(get("/login"))
.andExpect(content().string(expectedContent));
this.mvc.perform(get("/logout"))
.andExpect(status().is3xxRedirection());
// @formatter:on
String expectedContent = EXPECTED_HTML_HEAD + """
<body>
<div class="content">
<form class="login-form" method="post" action="/signin">
<h2>Please sign in</h2>
\s
<p>
<label for="username" class="screenreader">Username</label>
<input type="text" id="username" name="custom_user" placeholder="Username" required autofocus>
</p>
<p>
<label for="password" class="screenreader">Password</label>
<input type="password" id="password" name="custom_pass" placeholder="Password" required>
</p>
<button type="submit" class="primary">Sign in</button>
</form>
</div>
</body>
</html>""";
this.mvc.perform(get("/login")).andExpect(content().string(expectedContent));
this.mvc.perform(get("/logout")).andExpect(status().is3xxRedirection());
}
@Test

280
web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
View File

@ -21,6 +21,7 @@ import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;
import java.util.function.Function;
import java.util.stream.Collectors;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
@ -38,7 +39,6 @@ import org.springframework.security.web.util.CssUtils;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
import org.springframework.web.util.HtmlUtils;
/**
* For internal use with namespace configuration in the case where a user doesn't
@ -205,87 +205,106 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
private String generateLoginPageHtml(HttpServletRequest request, boolean loginError, boolean logoutSuccess) {
String errorMsg = loginError ? getLoginErrorMessage(request) : "Invalid credentials";
String contextPath = request.getContextPath();
StringBuilder sb = new StringBuilder();
sb.append("<!DOCTYPE html>\n");
sb.append("<html lang=\"en\">\n");
sb.append(" <head>\n");
sb.append(" <meta charset=\"utf-8\">\n");
sb.append(" <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n");
sb.append(" <meta name=\"description\" content=\"\">\n");
sb.append(" <meta name=\"author\" content=\"\">\n");
sb.append(" <title>Please sign in</title>\n");
sb.append(CssUtils.getCssStyleBlock().indent(4));
sb.append(" </head>\n");
sb.append(" <body>\n");
sb.append(" <div class=\"content\">\n");
if (this.formLoginEnabled) {
sb.append(" <form class=\"login-form\" method=\"post\" action=\"" + contextPath
+ this.authenticationUrl + "\">\n");
sb.append(" <h2>Please sign in</h2>\n");
sb.append(createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + " <p>\n");
sb.append(" <label for=\"username\" class=\"screenreader\">Username</label>\n");
sb.append(" <input type=\"text\" id=\"username\" name=\"" + this.usernameParameter
+ "\" placeholder=\"Username\" required autofocus>\n");
sb.append(" </p>\n");
sb.append(" <p>\n");
sb.append(" <label for=\"password\" class=\"screenreader\">Password</label>\n");
sb.append(" <input type=\"password\" id=\"password\" name=\"" + this.passwordParameter
+ "\" placeholder=\"Password\" required>\n");
sb.append(" </p>\n");
sb.append(createRememberMe(this.rememberMeParameter) + renderHiddenInputs(request));
sb.append(" <button type=\"submit\" class=\"primary\">Sign in</button>\n");
sb.append(" </form>\n");
return HtmlTemplates.fromTemplate(LOGIN_PAGE_TEMPLATE)
.withRawHtml("cssStyle", CssUtils.getCssStyleBlock().indent(4))
.withRawHtml("formLogin", renderFormLogin(request, loginError, logoutSuccess, contextPath, errorMsg))
.withRawHtml("oneTimeTokenLogin",
renderOneTimeTokenLogin(request, loginError, logoutSuccess, contextPath, errorMsg))
.withRawHtml("oauth2Login", renderOAuth2Login(loginError, logoutSuccess, errorMsg, contextPath))
.withRawHtml("saml2Login", renderSaml2Login(loginError, logoutSuccess, errorMsg, contextPath))
.render();
}
private String renderFormLogin(HttpServletRequest request, boolean loginError, boolean logoutSuccess,
String contextPath, String errorMsg) {
if (!this.formLoginEnabled) {
return "";
}
if (this.oneTimeTokenEnabled) {
sb.append(" <form id=\"ott-form\" class=\"login-form\" method=\"post\" action=\"" + contextPath
+ this.generateOneTimeTokenUrl + "\">\n");
sb.append(" <h2>Request a One-Time Token</h2>\n");
sb.append(createError(loginError, errorMsg) + createLogoutSuccess(logoutSuccess) + "<p>\n");
sb.append(" <label for=\"ott-username\" class=\"screenreader\">Username</label>\n");
sb.append(
" <input type=\"text\" id=\"ott-username\" name=\"username\" placeholder=\"Username\" required>\n");
sb.append(" </p>\n");
sb.append(renderHiddenInputs(request));
sb.append(" <button class=\"primary\" type=\"submit\" form=\"ott-form\">Send Token</button>\n");
sb.append(" </form>\n");
String hiddenInputs = this.resolveHiddenInputs.apply(request)
.entrySet()
.stream()
.map((inputKeyValue) -> renderHiddenInput(inputKeyValue.getKey(), inputKeyValue.getValue()))
.collect(Collectors.joining("\n"));
return HtmlTemplates.fromTemplate(LOGIN_FORM_TEMPLATE)
.withValue("loginUrl", contextPath + this.authenticationUrl)
.withRawHtml("errorMessage", renderError(loginError, errorMsg))
.withRawHtml("logoutMessage", renderSuccess(logoutSuccess))
.withValue("usernameParameter", this.usernameParameter)
.withValue("passwordParameter", this.passwordParameter)
.withRawHtml("rememberMeInput", renderRememberMe(this.rememberMeParameter))
.withRawHtml("hiddenInputs", hiddenInputs)
.render();
}
private String renderOneTimeTokenLogin(HttpServletRequest request, boolean loginError, boolean logoutSuccess,
String contextPath, String errorMsg) {
if (!this.oneTimeTokenEnabled) {
return "";
}
if (this.oauth2LoginEnabled) {
sb.append("<h2>Login with OAuth 2.0</h2>");
sb.append(createError(loginError, errorMsg));
sb.append(createLogoutSuccess(logoutSuccess));
sb.append("<table class=\"table table-striped\">\n");
for (Map.Entry<String, String> clientAuthenticationUrlToClientName : this.oauth2AuthenticationUrlToClientName
.entrySet()) {
sb.append(" <tr><td>");
String url = clientAuthenticationUrlToClientName.getKey();
sb.append("<a href=\"").append(contextPath).append(url).append("\">");
String clientName = HtmlUtils.htmlEscape(clientAuthenticationUrlToClientName.getValue());
sb.append(clientName);
sb.append("</a>");
sb.append("</td></tr>\n");
}
sb.append("</table>\n");
String hiddenInputs = this.resolveHiddenInputs.apply(request)
.entrySet()
.stream()
.map((inputKeyValue) -> renderHiddenInput(inputKeyValue.getKey(), inputKeyValue.getValue()))
.collect(Collectors.joining("\n"));
return HtmlTemplates.fromTemplate(ONE_TIME_TEMPLATE)
.withValue("generateOneTimeTokenUrl", contextPath + this.generateOneTimeTokenUrl)
.withRawHtml("errorMessage", renderError(loginError, errorMsg))
.withRawHtml("logoutMessage", renderSuccess(logoutSuccess))
.withRawHtml("hiddenInputs", hiddenInputs)
.render();
}
private String renderOAuth2Login(boolean loginError, boolean logoutSuccess, String errorMsg, String contextPath) {
if (!this.oauth2LoginEnabled) {
return "";
}
if (this.saml2LoginEnabled) {
sb.append("<h2>Login with SAML 2.0</h2>");
sb.append(createError(loginError, errorMsg));
sb.append(createLogoutSuccess(logoutSuccess));
sb.append("<table class=\"table table-striped\">\n");
for (Map.Entry<String, String> relyingPartyUrlToName : this.saml2AuthenticationUrlToProviderName
.entrySet()) {
sb.append(" <tr><td>");
String url = relyingPartyUrlToName.getKey();
sb.append("<a href=\"").append(contextPath).append(url).append("\">");
String partyName = HtmlUtils.htmlEscape(relyingPartyUrlToName.getValue());
sb.append(partyName);
sb.append("</a>");
sb.append("</td></tr>\n");
}
sb.append("</table>\n");
String oauth2Rows = this.oauth2AuthenticationUrlToClientName.entrySet()
.stream()
.map((urlToName) -> renderOAuth2Row(contextPath, urlToName.getKey(), urlToName.getValue()))
.collect(Collectors.joining("\n"));
return HtmlTemplates.fromTemplate(OAUTH2_LOGIN_TEMPLATE)
.withRawHtml("errorMessage", renderError(loginError, errorMsg))
.withRawHtml("logoutMessage", renderSuccess(logoutSuccess))
.withRawHtml("oauth2Rows", oauth2Rows)
.render();
}
private static String renderOAuth2Row(String contextPath, String url, String clientName) {
return HtmlTemplates.fromTemplate(OAUTH2_ROW_TEMPLATE)
.withValue("url", contextPath + url)
.withValue("clientName", clientName)
.render();
}
private String renderSaml2Login(boolean loginError, boolean logoutSuccess, String errorMsg, String contextPath) {
if (!this.saml2LoginEnabled) {
return "";
}
sb.append("</div>\n");
sb.append("</body></html>");
return sb.toString();
String samlRows = this.saml2AuthenticationUrlToProviderName.entrySet()
.stream()
.map((urlToName) -> renderSaml2Row(contextPath, urlToName.getKey(), urlToName.getValue()))
.collect(Collectors.joining("\n"));
return HtmlTemplates.fromTemplate(SAML_LOGIN_TEMPLATE)
.withRawHtml("errorMessage", renderError(loginError, errorMsg))
.withRawHtml("logoutMessage", renderSuccess(logoutSuccess))
.withRawHtml("samlRows", samlRows)
.render();
}
private static String renderSaml2Row(String contextPath, String url, String clientName) {
return HtmlTemplates.fromTemplate(SAML_ROW_TEMPLATE)
.withValue("url", contextPath + url)
.withValue("clientName", clientName)
.render();
}
private String getLoginErrorMessage(HttpServletRequest request) {
@ -303,23 +322,21 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
return exception.getMessage();
}
private String renderHiddenInputs(HttpServletRequest request) {
StringBuilder sb = new StringBuilder();
for (Map.Entry<String, String> input : this.resolveHiddenInputs.apply(request).entrySet()) {
sb.append("<input name=\"");
sb.append(input.getKey());
sb.append("\" type=\"hidden\" value=\"");
sb.append(input.getValue());
sb.append("\" />\n");
}
return sb.toString();
private String renderHiddenInput(String name, String value) {
return HtmlTemplates.fromTemplate(HIDDEN_HTML_INPUT_TEMPLATE)
.withValue("name", name)
.withValue("value", value)
.render();
}
private String createRememberMe(String paramName) {
private String renderRememberMe(String paramName) {
if (paramName == null) {
return "";
}
return "<p><input type='checkbox' name='" + paramName + "'/> Remember me on this computer.</p>\n";
return HtmlTemplates
.fromTemplate("<p><input type='checkbox' name='{{paramName}}'/> Remember me on this computer.</p>")
.withValue("paramName", paramName)
.render();
}
private boolean isLogoutSuccess(HttpServletRequest request) {
@ -334,14 +351,14 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
return matches(request, this.failureUrl);
}
private String createError(boolean isError, String message) {
private String renderError(boolean isError, String message) {
if (!isError) {
return "";
}
return "<div class=\"alert alert-danger\" role=\"alert\">" + HtmlUtils.htmlEscape(message) + "</div>";
return HtmlTemplates.fromTemplate(ALERT_TEMPLATE).withValue("message", message).render();
}
private String createLogoutSuccess(boolean isLogoutSuccess) {
private String renderSuccess(boolean isLogoutSuccess) {
if (!isLogoutSuccess) {
return "";
}
@ -367,4 +384,81 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
return uri.equals(request.getContextPath() + url);
}
private static final String LOGIN_PAGE_TEMPLATE = """
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Please sign in</title>
{{cssStyle}}
</head>
<body>
<div class="content">
{{formLogin}}
{{oneTimeTokenLogin}}
{{oauth2Login}}
{{saml2Login}}
</div>
</body>
</html>""";
private static final String LOGIN_FORM_TEMPLATE = """
<form class="login-form" method="post" action="{{loginUrl}}">
<h2>Please sign in</h2>
{{errorMessage}}{{logoutMessage}}
<p>
<label for="username" class="screenreader">Username</label>
<input type="text" id="username" name="{{usernameParameter}}" placeholder="Username" required autofocus>
</p>
<p>
<label for="password" class="screenreader">Password</label>
<input type="password" id="password" name="{{passwordParameter}}" placeholder="Password" required>
</p>
{{rememberMeInput}}
{{hiddenInputs}}
<button type="submit" class="primary">Sign in</button>
</form>""";
private static final String HIDDEN_HTML_INPUT_TEMPLATE = """
<input name="{{name}}" type="hidden" value="{{value}}" />
""";
private static final String ALERT_TEMPLATE = """
<div class="alert alert-danger" role="alert">{{message}}</div>""";
private static final String OAUTH2_LOGIN_TEMPLATE = """
<h2>Login with OAuth 2.0</h2>
{{errorMessage}}{{logoutMessage}}
<table class="table table-striped">
{{oauth2Rows}}
</table>""";
private static final String OAUTH2_ROW_TEMPLATE = """
<tr><td><a href="{{url}}">{{clientName}}</a></td></tr>""";
private static final String SAML_LOGIN_TEMPLATE = """
<h2>Login with SAML 2.0</h2>
{{errorMessage}}{{logoutMessage}}
<table class="table table-striped">
{{samlRows}}
</table>""";
private static final String SAML_ROW_TEMPLATE = OAUTH2_ROW_TEMPLATE;
private static final String ONE_TIME_TEMPLATE = """
<form id="ott-form" class="login-form" method="post" action="{{generateOneTimeTokenUrl}}">
<h2>Request a One-Time Token</h2>
{{errorMessage}}{{logoutMessage}}
<p>
<label for="ott-username" class="screenreader">Username</label>
<input type="text" id="ott-username" name="username" placeholder="Username" required>
</p>
{{hiddenInputs}}
<button class="primary" type="submit" form="ott-form">Send Token</button>
</form>
""";
}

65
web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java
View File

@ -61,30 +61,13 @@ public class DefaultLogoutPageGeneratingFilter extends OncePerRequestFilter {
}
private void renderLogout(HttpServletRequest request, HttpServletResponse response) throws IOException {
StringBuilder sb = new StringBuilder();
sb.append("<!DOCTYPE html>\n");
sb.append("<html lang=\"en\">\n");
sb.append(" <head>\n");
sb.append(" <meta charset=\"utf-8\">\n");
sb.append(" <meta name=\"viewport\" content=\"width=device-width, initial-scale=1, shrink-to-fit=no\">\n");
sb.append(" <meta name=\"description\" content=\"\">\n");
sb.append(" <meta name=\"author\" content=\"\">\n");
sb.append(" <title>Confirm Log Out?</title>\n");
sb.append(CssUtils.getCssStyleBlock().indent(4));
sb.append(" </head>\n");
sb.append(" <body>\n");
sb.append(" <div class=\"content\">\n");
sb.append(" <form class=\"logout-form\" method=\"post\" action=\"" + request.getContextPath()
+ "/logout\">\n");
sb.append(" <h2>Are you sure you want to log out?</h2>\n");
sb.append(renderHiddenInputs(request));
sb.append(" <button class=\"primary\" type=\"submit\">Log Out</button>\n");
sb.append(" </form>\n");
sb.append(" </div>\n");
sb.append(" </body>\n");
sb.append("</html>");
String renderedPage = HtmlTemplates.fromTemplate(LOGOUT_PAGE_TEMPLATE)
.withRawHtml("cssStyle", CssUtils.getCssStyleBlock().indent(4))
.withValue("contextPath", request.getContextPath())
.withRawHtml("hiddenInputs", renderHiddenInputs(request).indent(8))
.render();
response.setContentType("text/html;charset=UTF-8");
response.getWriter().write(sb.toString());
response.getWriter().write(renderedPage);
}
/**
@ -101,13 +84,39 @@ public class DefaultLogoutPageGeneratingFilter extends OncePerRequestFilter {
private String renderHiddenInputs(HttpServletRequest request) {
StringBuilder sb = new StringBuilder();
for (Map.Entry<String, String> input : this.resolveHiddenInputs.apply(request).entrySet()) {
sb.append("<input name=\"");
sb.append(input.getKey());
sb.append("\" type=\"hidden\" value=\"");
sb.append(input.getValue());
sb.append("\" />\n");
String inputElement = HtmlTemplates.fromTemplate(HIDDEN_HTML_INPUT_TEMPLATE)
.withValue("name", input.getKey())
.withValue("value", input.getValue())
.render();
sb.append(inputElement);
}
return sb.toString();
}
private static final String LOGOUT_PAGE_TEMPLATE = """
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Confirm Log Out?</title>
{{cssStyle}}
</head>
<body>
<div class="content">
<form class="logout-form" method="post" action="{{contextPath}}/logout">
<h2>Are you sure you want to log out?</h2>
{{hiddenInputs}}
<button class="primary" type="submit">Log Out</button>
</form>
</div>
</body>
</html>""";
private static final String HIDDEN_HTML_INPUT_TEMPLATE = """
<input name="{{name}}" type="hidden" value="{{value}}" />
""";
}

107
web/src/main/java/org/springframework/security/web/authentication/ui/HtmlTemplates.java Normal file
View File

@ -0,0 +1,107 @@
/*
* Copyright 2002-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.authentication.ui;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.springframework.util.StringUtils;
import org.springframework.web.util.HtmlUtils;
/**
* Render HTML templates using string substitution. Intended for internal use. Variables
* can be templated using double curly-braces: {@code {{name}}}.
*
* @author Daniel Garnier-Moiroux
* @since 6.4
*/
final class HtmlTemplates {
private HtmlTemplates() {
}
static Builder fromTemplate(String template) {
return new Builder(template);
}
static final class Builder {
private final String template;
private final Map<String, String> values = new HashMap<>();
private Builder(String template) {
this.template = template;
}
/**
* HTML-escape, and inject value {@code value} in every {@code {{key}}}
* placeholder.
* @param key the placeholder name
* @param value the value to inject
* @return this instance for further templating
*/
Builder withValue(String key, String value) {
this.values.put(key, HtmlUtils.htmlEscape(value));
return this;
}
/**
* Inject value {@code value} in every {@code {{key}}} placeholder without
* HTML-escaping. Useful for injecting "sub-templates".
* @param key the placeholder name
* @param value the value to inject
* @return this instance for further templating
*/
Builder withRawHtml(String key, String value) {
if (!value.isEmpty() && value.charAt(value.length() - 1) == '\n') {
value = value.substring(0, value.length() - 1);
}
this.values.put(key, value);
return this;
}
/**
* Render the template. All placeholders MUST have a corresponding value. If a
* placeholder does not have a corresponding value, throws
* {@link IllegalStateException}.
* @return the rendered template
*/
String render() {
String template = this.template;
for (String key : this.values.keySet()) {
String pattern = Pattern.quote("{{" + key + "}}");
template = template.replaceAll(pattern, this.values.get(key));
}
String unusedPlaceholders = Pattern.compile("\\{\\{([a-zA-Z0-9]+)}}")
.matcher(template)
.results()
.map((result) -> result.group(1))
.collect(Collectors.joining(", "));
if (StringUtils.hasLength(unusedPlaceholders)) {
throw new IllegalStateException("Unused placeholders in template: [%s]".formatted(unusedPlaceholders));
}
return template;
}
}
}

197
web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
View File

@ -16,10 +16,12 @@
package org.springframework.security.web.authentication;
import java.io.IOException;
import java.util.Collections;
import java.util.Locale;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import org.junit.jupiter.api.Test;
import org.springframework.context.support.MessageSourceAccessor;
@ -195,15 +197,204 @@ public class DefaultLoginPageGeneratingFilterTests {
filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, this.chain);
assertThat(response.getContentAsString()).contains("Request a One-Time Token");
assertThat(response.getContentAsString()).contains("""
<form id="ott-form" class="login-form" method="post" action="/ott/authenticate">
<form id="ott-form" class="login-form" method="post" action="/ott/authenticate">
<h2>Request a One-Time Token</h2>
<p>
\s
<p>
<label for="ott-username" class="screenreader">Username</label>
<input type="text" id="ott-username" name="username" placeholder="Username" required>
</p>
<button class="primary" type="submit" form="ott-form">Send Token</button>
\s
<button class="primary" type="submit" form="ott-form">Send Token</button>
</form>
""");
}
@Test
void generatesThenRenders() throws ServletException, IOException {
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
new UsernamePasswordAuthenticationFilter());
filter.setLoginPageUrl(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
filter.setSaml2LoginEnabled(true);
String clientName = "Google < > \" \' &";
filter.setSaml2AuthenticationUrlToProviderName(Collections.singletonMap("/saml/sso/google", clientName));
filter.setOauth2LoginEnabled(true);
clientName = "Google < > \" \' &";
filter.setOauth2AuthenticationUrlToClientName(
Collections.singletonMap("/oauth2/authorization/google", clientName));
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
request.setQueryString("error");
MockHttpServletResponse response = new MockHttpServletResponse();
request.getSession()
.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException("Bad credentials"));
filter.doFilter(request, response, this.chain);
assertThat(response.getContentAsString()).isEqualTo("""
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Please sign in</title>
<style>
/* General layout */
body {
font-family: system-ui, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
background-color: #eee;
padding: 40px 0;
margin: 0;
line-height: 1.5;
}
\s\s\s\s
h2 {
margin-top: 0;
margin-bottom: 0.5rem;
font-size: 2rem;
font-weight: 500;
line-height: 2rem;
}
\s\s\s\s
.content {
margin-right: auto;
margin-left: auto;
padding-right: 15px;
padding-left: 15px;
width: 100%;
box-sizing: border-box;
}
\s\s\s\s
@media (min-width: 800px) {
.content {
max-width: 760px;
}
}
\s\s\s\s
/* Components */
a,
a:visited {
text-decoration: none;
color: #06f;
}
\s\s\s\s
a:hover {
text-decoration: underline;
color: #003c97;
}
\s\s\s\s
input[type="text"],
input[type="password"] {
height: auto;
width: 100%;
font-size: 1rem;
padding: 0.5rem;
box-sizing: border-box;
}
\s\s\s\s
button {
padding: 0.5rem 1rem;
font-size: 1.25rem;
line-height: 1.5;
border: none;
border-radius: 0.1rem;
width: 100%;
}
\s\s\s\s
button.primary {
color: #fff;
background-color: #06f;
}
\s\s\s\s
.alert {
padding: 0.75rem 1rem;
margin-bottom: 1rem;
line-height: 1.5;
border-radius: 0.1rem;
width: 100%;
box-sizing: border-box;
border-width: 1px;
border-style: solid;
}
\s\s\s\s
.alert.alert-danger {
color: #6b1922;
background-color: #f7d5d7;
border-color: #eab6bb;
}
\s\s\s\s
.alert.alert-success {
color: #145222;
background-color: #d1f0d9;
border-color: #c2ebcb;
}
\s\s\s\s
.screenreader {
position: absolute;
clip: rect(0 0 0 0);
height: 1px;
width: 1px;
padding: 0;
border: 0;
overflow: hidden;
}
\s\s\s\s
table {
width: 100%;
max-width: 100%;
margin-bottom: 2rem;
}
\s\s\s\s
.table-striped tr:nth-of-type(2n + 1) {
background-color: #e1e1e1;
}
\s\s\s\s
td {
padding: 0.75rem;
vertical-align: top;
}
\s\s\s\s
/* Login / logout layouts */
.login-form,
.logout-form {
max-width: 340px;
padding: 0 15px 15px 15px;
margin: 0 auto 2rem auto;
box-sizing: border-box;
}
</style>
</head>
<body>
<div class="content">
<form class="login-form" method="post" action="null">
<h2>Please sign in</h2>
<div class="alert alert-danger" role="alert">Bad credentials</div>
<p>
<label for="username" class="screenreader">Username</label>
<input type="text" id="username" name="username" placeholder="Username" required autofocus>
</p>
<p>
<label for="password" class="screenreader">Password</label>
<input type="password" id="password" name="password" placeholder="Password" required>
</p>
<button type="submit" class="primary">Sign in</button>
</form>
<h2>Login with OAuth 2.0</h2>
<div class="alert alert-danger" role="alert">Bad credentials</div>
<table class="table table-striped">
<tr><td><a href="/oauth2/authorization/google">Google &lt; &gt; &quot; &#39; &amp;</a></td></tr>
</table>
<h2>Login with SAML 2.0</h2>
<div class="alert alert-danger" role="alert">Bad credentials</div>
<table class="table table-striped">
<tr><td><a href="/saml/sso/google">Google &lt; &gt; &quot; &#39; &amp;</a></td></tr>
</table>
</div>
</body>
</html>""");
}
}

152
web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java
View File

@ -59,4 +59,156 @@ public class DefaultLogoutPageGeneratingFilterTests {
.andExpect(content().string(containsString("action=\"/context/logout\"")));
}
@Test
void doFilterWhenRequestContextAndHiddenInputsSetThenRendered() throws Exception {
this.filter.setResolveHiddenInputs((r) -> Collections.singletonMap("_csrf", "csrf-token-1"));
MockMvc mockMvc = MockMvcBuilders.standaloneSetup(new Object()).addFilters(this.filter).build();
mockMvc.perform(get("/context/logout").contextPath("/context")).andExpect(content().string("""
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Confirm Log Out?</title>
<style>
/* General layout */
body {
font-family: system-ui, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
background-color: #eee;
padding: 40px 0;
margin: 0;
line-height: 1.5;
}
\s\s\s\s
h2 {
margin-top: 0;
margin-bottom: 0.5rem;
font-size: 2rem;
font-weight: 500;
line-height: 2rem;
}
\s\s\s\s
.content {
margin-right: auto;
margin-left: auto;
padding-right: 15px;
padding-left: 15px;
width: 100%;
box-sizing: border-box;
}
\s\s\s\s
@media (min-width: 800px) {
.content {
max-width: 760px;
}
}
\s\s\s\s
/* Components */
a,
a:visited {
text-decoration: none;
color: #06f;
}
\s\s\s\s
a:hover {
text-decoration: underline;
color: #003c97;
}
\s\s\s\s
input[type="text"],
input[type="password"] {
height: auto;
width: 100%;
font-size: 1rem;
padding: 0.5rem;
box-sizing: border-box;
}
\s\s\s\s
button {
padding: 0.5rem 1rem;
font-size: 1.25rem;
line-height: 1.5;
border: none;
border-radius: 0.1rem;
width: 100%;
}
\s\s\s\s
button.primary {
color: #fff;
background-color: #06f;
}
\s\s\s\s
.alert {
padding: 0.75rem 1rem;
margin-bottom: 1rem;
line-height: 1.5;
border-radius: 0.1rem;
width: 100%;
box-sizing: border-box;
border-width: 1px;
border-style: solid;
}
\s\s\s\s
.alert.alert-danger {
color: #6b1922;
background-color: #f7d5d7;
border-color: #eab6bb;
}
\s\s\s\s
.alert.alert-success {
color: #145222;
background-color: #d1f0d9;
border-color: #c2ebcb;
}
\s\s\s\s
.screenreader {
position: absolute;
clip: rect(0 0 0 0);
height: 1px;
width: 1px;
padding: 0;
border: 0;
overflow: hidden;
}
\s\s\s\s
table {
width: 100%;
max-width: 100%;
margin-bottom: 2rem;
}
\s\s\s\s
.table-striped tr:nth-of-type(2n + 1) {
background-color: #e1e1e1;
}
\s\s\s\s
td {
padding: 0.75rem;
vertical-align: top;
}
\s\s\s\s
/* Login / logout layouts */
.login-form,
.logout-form {
max-width: 340px;
padding: 0 15px 15px 15px;
margin: 0 auto 2rem auto;
box-sizing: border-box;
}
</style>
</head>
<body>
<div class="content">
<form class="logout-form" method="post" action="/context/logout">
<h2>Are you sure you want to log out?</h2>
<input name="_csrf" type="hidden" value="csrf-token-1" />
<button class="primary" type="submit">Log Out</button>
</form>
</div>
</body>
</html>"""));
}
}

147
web/src/test/java/org/springframework/security/web/authentication/ui/HtmlTemplatesTests.java Normal file
View File

@ -0,0 +1,147 @@
/*
* Copyright 2002-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.authentication.ui;
import org.junit.jupiter.api.Test;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
/**
* @author Daniel Garnier-Moiroux
* @since 6.4
*/
class HtmlTemplatesTests {
@Test
void processTemplateWhenNoVariablesThenRendersTemplate() {
String template = """
<ul>
<li>Lorem ipsum dolor sit amet</li>
<li>consectetur adipiscing elit</li>
<li>sed do eiusmod tempor incididunt ut labore</li>
<li>et dolore magna aliqua</li>
</ul>
""";
assertThat(HtmlTemplates.fromTemplate(template).render()).isEqualTo(template);
}
@Test
void renderWhenVariablesThenRendersTemplate() {
String template = """
<ul>
<li>{{one}}</li>
<li>{{two}}</li>
</ul>
""";
String renderedTemplate = HtmlTemplates.fromTemplate(template)
.withValue("one", "Lorem ipsum dolor sit amet")
.withValue("two", "consectetur adipiscing elit")
.render();
assertThat(renderedTemplate).isEqualTo("""
<ul>
<li>Lorem ipsum dolor sit amet</li>
<li>consectetur adipiscing elit</li>
</ul>
""");
}
@Test
void renderWhenVariablesThenEscapedAndRender() {
String template = "<p>{{content}}</p>";
String renderedTemplate = HtmlTemplates.fromTemplate(template)
.withValue("content", "The <a> tag is very common in HTML.")
.render();
assertThat(renderedTemplate).isEqualTo("<p>The &lt;a&gt; tag is very common in HTML.</p>");
}
@Test
void renderWhenRawHtmlVariablesThenRendersTemplate() {
String template = """
<p>
The {{title}} is a placeholder text used in print.
</p>
""";
String renderedTemplate = HtmlTemplates.fromTemplate(template)
.withRawHtml("title", "<strong>Lorem Ipsum</strong>")
.render();
assertThat(renderedTemplate).isEqualTo("""
<p>
The <strong>Lorem Ipsum</strong> is a placeholder text used in print.
</p>
""");
}
@Test
void renderWhenRawHtmlVariablesThenTrimsTrailingNewline() {
String template = """
<ul>
{{content}}
</ul>
""";
String renderedTemplate = HtmlTemplates.fromTemplate(template)
.withRawHtml("content", "<li>Lorem ipsum dolor sit amet</li>".indent(2))
.render();
assertThat(renderedTemplate).isEqualTo("""
<ul>
<li>Lorem ipsum dolor sit amet</li>
</ul>
""");
}
@Test
void renderWhenEmptyVariablesThenRender() {
String template = """
<li>One: {{one}}</li>
{{two}}
""";
String renderedTemplate = HtmlTemplates.fromTemplate(template)
.withValue("one", "")
.withRawHtml("two", "")
.render();
assertThat(renderedTemplate).isEqualTo("""
<li>One: </li>
""");
}
@Test
void renderWhenMissingVariablesThenThrows() {
String template = """
<li>One: {{one}}</li>
<li>Two: {{two}}</li>
{{three}}
""";
HtmlTemplates.Builder templateBuilder = HtmlTemplates.fromTemplate(template)
.withValue("one", "Lorem ipsum dolor sit amet");
assertThatExceptionOfType(IllegalStateException.class).isThrownBy(templateBuilder::render)
.withMessage("Unused placeholders in template: [two, three]");
}
}

8
web/src/test/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilterTests.java
View File

@ -43,4 +43,12 @@ public class LogoutPageGeneratingWebFilterTests {
assertThat(exchange.getResponse().getBodyAsString().block()).contains("action=\"/logout\"");
}
@Test
void filterThenRendersPage() {
LogoutPageGeneratingWebFilter filter = new LogoutPageGeneratingWebFilter();
MockServerWebExchange exchange = MockServerWebExchange
.from(MockServerHttpRequest.get("/test/logout").contextPath("/test"));
filter.filter(exchange, (e) -> Mono.empty()).block();
}
}