Add ContinueOnError Support For Failed Authentications

ruabtmh · ruabtmh · commit 2cabbd899b87 · 2024-02-14T00:23:44.000+03:00
Closes gh-14521
diff --git a/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java b/core/src/main/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,7 +18,10 @@
 
 import java.util.Arrays;
 import java.util.List;
+import java.util.function.Function;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 
@@ -37,6 +40,10 @@ public class DelegatingReactiveAuthenticationManager implements ReactiveAuthenti
 
 	private final List<ReactiveAuthenticationManager> delegates;
 
+	private boolean continueOnError = false;
+
+	private final Log logger = LogFactory.getLog(getClass());
+
 	public DelegatingReactiveAuthenticationManager(ReactiveAuthenticationManager... entryPoints) {
 		this(Arrays.asList(entryPoints));
 	}
@@ -48,11 +55,16 @@ public DelegatingReactiveAuthenticationManager(List<ReactiveAuthenticationManage
 
 	@Override
 	public Mono<Authentication> authenticate(Authentication authentication) {
-		// @formatter:off
-		return Flux.fromIterable(this.delegates)
-				.concatMap((m) -> m.authenticate(authentication))
-				.next();
-		// @formatter:on
+		Flux<ReactiveAuthenticationManager> result = Flux.fromIterable(this.delegates);
+		Function<ReactiveAuthenticationManager, Mono<Authentication>> logging =
+				(m) -> m.authenticate(authentication).doOnError(logger::debug);
+
+		return ((this.continueOnError) ? result.concatMapDelayError(logging)
+				: result.concatMap(logging)).next();
+	}
+
+	public void setContinueOnError(boolean continueOnError) {
+		this.continueOnError = continueOnError;
 	}
 
 }
diff --git a/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java b/core/src/test/java/org/springframework/security/authentication/DelegatingReactiveAuthenticationManagerTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -61,7 +61,7 @@ public void authenticateWhenNotEmptyThenOtherDelegatesNotSubscribed() {
 		// delay to try and force delegate2 to finish (i.e. make sure we didn't use
 		// flatMap)
 		given(this.delegate1.authenticate(any()))
-			.willReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100)));
+				.willReturn(Mono.just(this.authentication).delayElement(Duration.ofMillis(100)));
 		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
 				this.delegate2);
 		StepVerifier.create(manager.authenticate(this.authentication)).expectNext(this.authentication).verifyComplete();
@@ -73,8 +73,46 @@ public void authenticateWhenBadCredentialsThenDelegate2NotInvokedAndError() {
 		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
 				this.delegate2);
 		StepVerifier.create(manager.authenticate(this.authentication))
-			.expectError(BadCredentialsException.class)
-			.verify();
+				.expectError(BadCredentialsException.class)
+				.verify();
 	}
 
+	@Test
+	public void authenticateWhenContinueOnErrorAndFirstBadCredentialsThenTriesSecond() {
+		given(this.delegate1.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test")));
+		given(this.delegate2.authenticate(any())).willReturn(Mono.just(this.authentication));
+
+		DelegatingReactiveAuthenticationManager manager = managerWithContinueOnError();
+
+		assertThat(manager.authenticate(this.authentication).block()).isEqualTo(this.authentication);
+	}
+
+	@Test
+	public void authenticateWhenContinueOnErrorAndBothDelegatesBadCredentialsThenError() {
+		given(this.delegate1.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test")));
+		given(this.delegate2.authenticate(any())).willReturn(Mono.error(new BadCredentialsException("Test")));
+
+		DelegatingReactiveAuthenticationManager manager = managerWithContinueOnError();
+
+		StepVerifier.create(manager.authenticate(this.authentication))
+				.expectError(BadCredentialsException.class)
+				.verify();
+	}
+
+	@Test
+	public void authenticateWhenContinueOnErrorAndDelegate1NotEmptyThenReturnsNotEmpty() {
+		given(this.delegate1.authenticate(any())).willReturn(Mono.just(this.authentication));
+
+		DelegatingReactiveAuthenticationManager manager = managerWithContinueOnError();
+
+		assertThat(manager.authenticate(this.authentication).block()).isEqualTo(this.authentication);
+	}
+
+	private DelegatingReactiveAuthenticationManager managerWithContinueOnError() {
+		DelegatingReactiveAuthenticationManager manager = new DelegatingReactiveAuthenticationManager(this.delegate1,
+				this.delegate2);
+		manager.setContinueOnError(true);
+
+		return manager;
+	}
 }
