root
/
spring-boot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
root-patch-6
root-patch-5
root-patch-4
root-patch-3
root-patch-2
root-patch-1
3.1.x
3.0.x
2.7.x
2.6.x
2.5.x
2.4.x
2.3.x
2.2.x
2.1.x
2.0.x
1.5.x
1.4.x
1.3.x
1.2.x
1.0.x
1.1.x
v3.2.0-M3
v3.1.4
v3.0.11
v2.7.16
v3.2.0-M2
v3.1.3
v3.0.10
v2.7.15
v3.2.0-M1
v3.1.2
v3.0.9
v2.7.14
v3.1.1
v3.0.8
v2.7.13
v3.1.0
v2.6.15
v2.5.15
v3.0.7
v2.7.12
v3.1.0-RC2
v3.1.0-RC1
v3.0.6
v2.7.11
v3.1.0-M2
v3.0.5
v2.7.10
v3.0.4
v3.1.0-M1
v3.0.3
v2.7.9
v3.0.2
v2.7.8
v3.0.1
v2.7.7
v3.0.0
v2.7.6
v2.6.14
v3.0.0-RC2
v3.0.0-RC1
v2.7.5
v2.6.13
v3.0.0-M5
v2.7.4
v2.6.12
v2.7.3
v2.6.11
v3.0.0-M4
v2.7.2
v2.6.10
v2.7.1
v2.6.9
v3.0.0-M3
v2.7.0
v2.6.8
v2.5.14
v2.7.0-RC1
v2.6.7
v2.5.13
v2.6.6
v2.5.12
v3.0.0-M2
v2.7.0-M3
v2.6.5
v2.5.11
v2.7.0-M2
v2.6.4
v2.5.10
v3.0.0-M1
v2.7.0-M1
v2.6.3
v2.5.9
v2.6.2
v2.5.8
v2.6.1
v2.6.0
v2.5.7
v2.4.13
v2.6.0-RC1
v2.5.6
v2.4.12
v2.6.0-M3
v2.5.5
v2.4.11
v2.6.0-M2
v2.5.4
v2.4.10
v2.6.0-M1
v2.5.3
v2.4.9
v2.5.2
v2.4.8
v2.5.1
v2.4.7
v2.3.12.RELEASE
v2.5.0
v2.4.6
v2.3.11.RELEASE
v2.5.0-RC1
v2.4.5
v2.3.10.RELEASE
v2.5.0-M3
v2.4.4
v2.5.0-M2
v2.4.3
v2.3.9.RELEASE
v2.5.0-M1
v2.4.2
v2.3.8.RELEASE
v2.2.13.RELEASE
v2.4.1
v2.3.7.RELEASE
v2.2.12.RELEASE
v2.4.0
v2.3.6.RELEASE
v2.4.0-RC1
v2.3.5.RELEASE
v2.2.11.RELEASE
v2.1.18.RELEASE
v2.4.0-M4
v2.4.0-M3
v2.3.4.RELEASE
v2.2.10.RELEASE
v2.1.17.RELEASE
v2.4.0-M2
v2.3.3.RELEASE
v2.3.2.RELEASE
v2.2.9.RELEASE
v2.1.16.RELEASE
v2.4.0-M1
v2.3.1.RELEASE
v2.2.8.RELEASE
v2.1.15.RELEASE
v2.3.0.RELEASE
v2.2.7.RELEASE
v2.1.14.RELEASE
v2.3.0.RC1
v2.3.0.M4
v2.2.6.RELEASE
v2.3.0.M3
v2.2.5.RELEASE
v2.1.13.RELEASE
v2.3.0.M2
v2.3.0.M1
v2.2.4.RELEASE
v2.2.3.RELEASE
v2.1.12.RELEASE
v2.2.2.RELEASE
v2.1.11.RELEASE
v2.2.1.RELEASE
v2.1.10.RELEASE
v2.2.0.RELEASE
v2.2.0.RC1
v2.1.9.RELEASE
v2.2.0.M6
v2.1.8.RELEASE
v2.2.0.M5
v2.1.7.RELEASE
v1.5.22.RELEASE
v2.2.0.M4
v2.1.6.RELEASE
v2.2.0.M3
v2.1.5.RELEASE
v1.5.21.RELEASE
v2.2.0.M2
v2.1.4.RELEASE
v2.0.9.RELEASE
v1.5.20.RELEASE
v2.2.0.M1
v2.1.3.RELEASE
v2.1.2.RELEASE
v2.0.8.RELEASE
v1.5.19.RELEASE
v2.1.1.RELEASE
v2.0.7.RELEASE
v1.5.18.RELEASE
v2.1.0.RELEASE
v2.1.0.RC1
v2.0.6.RELEASE
v1.5.17.RELEASE
v2.1.0.M4
v2.1.0.M3
v2.0.5.RELEASE
v1.5.16.RELEASE
v2.1.0.M2
v2.1.0.M1
v2.0.4.RELEASE
v1.5.15.RELEASE
v2.0.3.RELEASE
v1.5.14.RELEASE
v2.0.2.RELEASE
v1.5.13.RELEASE
v1.5.12.RELEASE
v2.0.1.RELEASE
v1.5.11.RELEASE
v2.0.0.RELEASE
v2.0.0.RC2
v2.0.0.RC1
v1.5.10.RELEASE
v2.0.0.M7
v1.5.9.RELEASE
v2.0.0.M6
v1.5.8.RELEASE
v2.0.0.M5
v2.0.0.M4
v1.5.7.RELEASE
v1.5.6.RELEASE
v2.0.0.M3
v1.5.5.RELEASE
v2.0.0.M2
v1.5.4.RELEASE
v1.4.7.RELEASE
v2.0.0.M1
v1.5.3.RELEASE
v1.4.6.RELEASE
v1.5.2.RELEASE
v1.4.5.RELEASE
v1.5.1.RELEASE
v1.5.0.RELEASE
v1.4.4.RELEASE
v1.5.0.RC1
v1.4.3.RELEASE
v1.4.2.RELEASE
v1.4.1.RELEASE
v1.3.8.RELEASE
v1.4.0.RELEASE
v1.3.7.RELEASE
v1.4.0.RC1
v1.3.6.RELEASE
v1.4.0.M3
v1.3.5.RELEASE
v1.3.4.RELEASE
v1.4.0.M2
v1.4.0.M1
v1.3.3.RELEASE
v1.3.2.RELEASE
v1.3.1.RELEASE
v1.2.8.RELEASE
v1.3.0.RELEASE
v1.3.0.RC1
v1.2.7.RELEASE
v1.2.6.RELEASE
v1.3.0.M5
v1.3.0.M4
v1.3.0.M3
v1.3.0.M2
v1.2.5.RELEASE
v1.3.0.M1
v1.2.4.RELEASE
v1.2.3.RELEASE
v1.1.12.RELEASE
v1.2.2.RELEASE
v1.1.11.RELEASE
v1.2.1.RELEASE
v1.1.10.RELEASE
v1.2.0.RELEASE
v1.2.0.RC2
v1.2.0.RC1
v1.1.9.RELEASE
v1.2.0.M2
v1.1.8.RELEASE
v1.1.7.RELEASE
v1.2.0.M1
v1.1.6.RELEASE
v1.1.5.RELEASE
v1.1.4.RELEASE
v1.1.3.RELEASE
v1.1.2.RELEASE
v1.1.1.RELEASE
v1.1.0.RELEASE
v1.1.0.RC1
v1.1.0.M2
v1.1.0.M1
v1.0.2.RELEASE
v1.0.1.RELEASE
v1.0.0.RELEASE
v1.0.0.RC5
v1.0.0.RC4
v1.0.0.RC3
v1.0.0.RC2
v1.0.0.RC1
v0.5.0.M7
v0.5.0.M6
v0.5.0.M5
v0.5.0.M4
v0.5.0.M3
v0.5.0.M1
v0.5.0.M2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '07b88630f4'
${ noResults }
spring-boot/spring-boot-samples/spring-boot-sample-secure/src/test/java/sample/secure/SampleSecureApplicationTest...

101 lines
3.3 KiB
Java
Raw Normal View History Unescape Escape

Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
/*
Update copyright header for files changed in 2014
11 years ago
* Copyright 2012-2014 the original author or authors.
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.secure;
Fix tests Some assumptions were being made in tests, e.g. about there being an AuthenticationManager @Bean, which were false with the new Security 3.2.1 updates from Rob. Also parent-child contexts with the actuator were problematic because they didn't exclude the web configuration for the management security in the parent context. Fixes gh-244
11 years ago
import static org.junit.Assert.assertEquals;
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
import org.junit.After;
Support for AuthenticationManagerBuilder injection into user code Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
11 years ago
import org.junit.Before;
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.SpringApplicationConfiguration;
Support for AuthenticationManagerBuilder injection into user code Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
11 years ago
import org.springframework.context.ApplicationContext;
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
Fix tests Some assumptions were being made in tests, e.g. about there being an AuthenticationManager @Bean, which were false with the new Security 3.2.1 updates from Rob. Also parent-child contexts with the actuator were problematic because they didn't exclude the web configuration for the management security in the parent context. Fixes gh-244
11 years ago
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import sample.secure.SampleSecureApplicationTests.TestConfiguration;
/**
* Basic integration tests for demo application.
*
* @author Dave Syer
*/
@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes = { SampleSecureApplication.class,
TestConfiguration.class })
public class SampleSecureApplicationTests {
@Autowired
private SampleService service;
@Autowired
Support for AuthenticationManagerBuilder injection into user code Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
11 years ago
private ApplicationContext context;
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
private Authentication authentication;
Support for AuthenticationManagerBuilder injection into user code Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
11 years ago
@Before
public void init() {
Apply source cleanup and formatting
11 years ago
AuthenticationManager authenticationManager = context
Fix tests Some assumptions were being made in tests, e.g. about there being an AuthenticationManager @Bean, which were false with the new Security 3.2.1 updates from Rob. Also parent-child contexts with the actuator were problematic because they didn't exclude the web configuration for the management security in the parent context. Fixes gh-244
11 years ago
.getBean(AuthenticationManagerBuilder.class).getOrBuild();
Apply source cleanup and formatting
11 years ago
authentication = authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken("user", "password"));
Support for AuthenticationManagerBuilder injection into user code Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
11 years ago
}
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
@After
public void close() {
SecurityContextHolder.clearContext();
}
@Test(expected = AuthenticationException.class)
public void secure() throws Exception {
assertEquals(service.secure(), "Hello Security");
}
@Test
public void authenticated() throws Exception {
SecurityContextHolder.getContext().setAuthentication(authentication);
assertEquals(service.secure(), "Hello Security");
}
@Test
public void preauth() throws Exception {
SecurityContextHolder.getContext().setAuthentication(authentication);
assertEquals(service.authorized(), "Hello World");
}
@Test(expected = AccessDeniedException.class)
public void denied() throws Exception {
SecurityContextHolder.getContext().setAuthentication(authentication);
assertEquals(service.denied(), "Goodbye World");
}
@PropertySource("classpath:test.properties")
@Configuration
protected static class TestConfiguration {
}
}