Fix requiresAuthenticationMatcher not being used

eleftherias · eleftherias · commit 9dd3dfe7182c · 2020-01-27T16:56:59.000+01:00
The custom server requiresAuthenticationMatcher was not always picked up Fixes: gh-7863
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -3049,7 +3049,9 @@ public FormLoginSpec authenticationSuccessHandler(
 		public FormLoginSpec loginPage(String loginPage) {
 			this.defaultEntryPoint = new RedirectServerAuthenticationEntryPoint(loginPage);
 			this.authenticationEntryPoint = this.defaultEntryPoint;
-			this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, loginPage);
+			if (this.requiresAuthenticationMatcher == null) {
+				this.requiresAuthenticationMatcher = ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, loginPage);
+			}
 			if (this.authenticationFailureHandler == null) {
 				this.authenticationFailureHandler = new RedirectServerAuthenticationFailureHandler(loginPage + "?error");
 			}
diff --git a/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java b/config/src/test/java/org/springframework/security/config/web/server/FormLoginTests.java
@@ -37,6 +37,7 @@
 import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
 import org.springframework.security.web.server.context.ServerSecurityContextRepository;
 import org.springframework.security.web.server.csrf.CsrfToken;
+import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
 import org.springframework.stereotype.Controller;
 import org.springframework.test.web.reactive.server.WebTestClient;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -245,6 +246,31 @@ public void formLoginWhenCustomAuthenticationFailureHandlerThenUsed() {
 		assertThat(driver.getCurrentUrl()).endsWith("/failure");
 	}
 
+	@Test
+	public void formLoginWhenCustomRequiresAuthenticationMatcherThenUsed() {
+		SecurityWebFilterChain securityWebFilter = this.http
+			.authorizeExchange()
+				.pathMatchers("/login", "/sign-in").permitAll()
+				.anyExchange().authenticated()
+				.and()
+			.formLogin()
+				.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in"))
+				.and()
+			.build();
+
+		WebTestClient webTestClient = WebTestClientBuilder
+				.bindToWebFilters(securityWebFilter)
+				.build();
+
+		WebDriver driver = WebTestClientHtmlUnitDriverBuilder
+				.webTestClientSetup(webTestClient)
+				.build();
+
+		driver.get("http://localhost/sign-in");
+
+		assertThat(driver.getCurrentUrl()).endsWith("/login?error");
+	}
+
 	@Test
 	public void authenticationSuccess() {
 		SecurityWebFilterChain securityWebFilter = this.http
