root
/
spring-boot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
root-patch-6
root-patch-5
root-patch-4
root-patch-3
root-patch-2
root-patch-1
3.1.x
3.0.x
2.7.x
2.6.x
2.5.x
2.4.x
2.3.x
2.2.x
2.1.x
2.0.x
1.5.x
1.4.x
1.3.x
1.2.x
1.0.x
1.1.x
v3.2.0-M3
v3.1.4
v3.0.11
v2.7.16
v3.2.0-M2
v3.1.3
v3.0.10
v2.7.15
v3.2.0-M1
v3.1.2
v3.0.9
v2.7.14
v3.1.1
v3.0.8
v2.7.13
v3.1.0
v2.6.15
v2.5.15
v3.0.7
v2.7.12
v3.1.0-RC2
v3.1.0-RC1
v3.0.6
v2.7.11
v3.1.0-M2
v3.0.5
v2.7.10
v3.0.4
v3.1.0-M1
v3.0.3
v2.7.9
v3.0.2
v2.7.8
v3.0.1
v2.7.7
v3.0.0
v2.7.6
v2.6.14
v3.0.0-RC2
v3.0.0-RC1
v2.7.5
v2.6.13
v3.0.0-M5
v2.7.4
v2.6.12
v2.7.3
v2.6.11
v3.0.0-M4
v2.7.2
v2.6.10
v2.7.1
v2.6.9
v3.0.0-M3
v2.7.0
v2.6.8
v2.5.14
v2.7.0-RC1
v2.6.7
v2.5.13
v2.6.6
v2.5.12
v3.0.0-M2
v2.7.0-M3
v2.6.5
v2.5.11
v2.7.0-M2
v2.6.4
v2.5.10
v3.0.0-M1
v2.7.0-M1
v2.6.3
v2.5.9
v2.6.2
v2.5.8
v2.6.1
v2.6.0
v2.5.7
v2.4.13
v2.6.0-RC1
v2.5.6
v2.4.12
v2.6.0-M3
v2.5.5
v2.4.11
v2.6.0-M2
v2.5.4
v2.4.10
v2.6.0-M1
v2.5.3
v2.4.9
v2.5.2
v2.4.8
v2.5.1
v2.4.7
v2.3.12.RELEASE
v2.5.0
v2.4.6
v2.3.11.RELEASE
v2.5.0-RC1
v2.4.5
v2.3.10.RELEASE
v2.5.0-M3
v2.4.4
v2.5.0-M2
v2.4.3
v2.3.9.RELEASE
v2.5.0-M1
v2.4.2
v2.3.8.RELEASE
v2.2.13.RELEASE
v2.4.1
v2.3.7.RELEASE
v2.2.12.RELEASE
v2.4.0
v2.3.6.RELEASE
v2.4.0-RC1
v2.3.5.RELEASE
v2.2.11.RELEASE
v2.1.18.RELEASE
v2.4.0-M4
v2.4.0-M3
v2.3.4.RELEASE
v2.2.10.RELEASE
v2.1.17.RELEASE
v2.4.0-M2
v2.3.3.RELEASE
v2.3.2.RELEASE
v2.2.9.RELEASE
v2.1.16.RELEASE
v2.4.0-M1
v2.3.1.RELEASE
v2.2.8.RELEASE
v2.1.15.RELEASE
v2.3.0.RELEASE
v2.2.7.RELEASE
v2.1.14.RELEASE
v2.3.0.RC1
v2.3.0.M4
v2.2.6.RELEASE
v2.3.0.M3
v2.2.5.RELEASE
v2.1.13.RELEASE
v2.3.0.M2
v2.3.0.M1
v2.2.4.RELEASE
v2.2.3.RELEASE
v2.1.12.RELEASE
v2.2.2.RELEASE
v2.1.11.RELEASE
v2.2.1.RELEASE
v2.1.10.RELEASE
v2.2.0.RELEASE
v2.2.0.RC1
v2.1.9.RELEASE
v2.2.0.M6
v2.1.8.RELEASE
v2.2.0.M5
v2.1.7.RELEASE
v1.5.22.RELEASE
v2.2.0.M4
v2.1.6.RELEASE
v2.2.0.M3
v2.1.5.RELEASE
v1.5.21.RELEASE
v2.2.0.M2
v2.1.4.RELEASE
v2.0.9.RELEASE
v1.5.20.RELEASE
v2.2.0.M1
v2.1.3.RELEASE
v2.1.2.RELEASE
v2.0.8.RELEASE
v1.5.19.RELEASE
v2.1.1.RELEASE
v2.0.7.RELEASE
v1.5.18.RELEASE
v2.1.0.RELEASE
v2.1.0.RC1
v2.0.6.RELEASE
v1.5.17.RELEASE
v2.1.0.M4
v2.1.0.M3
v2.0.5.RELEASE
v1.5.16.RELEASE
v2.1.0.M2
v2.1.0.M1
v2.0.4.RELEASE
v1.5.15.RELEASE
v2.0.3.RELEASE
v1.5.14.RELEASE
v2.0.2.RELEASE
v1.5.13.RELEASE
v1.5.12.RELEASE
v2.0.1.RELEASE
v1.5.11.RELEASE
v2.0.0.RELEASE
v2.0.0.RC2
v2.0.0.RC1
v1.5.10.RELEASE
v2.0.0.M7
v1.5.9.RELEASE
v2.0.0.M6
v1.5.8.RELEASE
v2.0.0.M5
v2.0.0.M4
v1.5.7.RELEASE
v1.5.6.RELEASE
v2.0.0.M3
v1.5.5.RELEASE
v2.0.0.M2
v1.5.4.RELEASE
v1.4.7.RELEASE
v2.0.0.M1
v1.5.3.RELEASE
v1.4.6.RELEASE
v1.5.2.RELEASE
v1.4.5.RELEASE
v1.5.1.RELEASE
v1.5.0.RELEASE
v1.4.4.RELEASE
v1.5.0.RC1
v1.4.3.RELEASE
v1.4.2.RELEASE
v1.4.1.RELEASE
v1.3.8.RELEASE
v1.4.0.RELEASE
v1.3.7.RELEASE
v1.4.0.RC1
v1.3.6.RELEASE
v1.4.0.M3
v1.3.5.RELEASE
v1.3.4.RELEASE
v1.4.0.M2
v1.4.0.M1
v1.3.3.RELEASE
v1.3.2.RELEASE
v1.3.1.RELEASE
v1.2.8.RELEASE
v1.3.0.RELEASE
v1.3.0.RC1
v1.2.7.RELEASE
v1.2.6.RELEASE
v1.3.0.M5
v1.3.0.M4
v1.3.0.M3
v1.3.0.M2
v1.2.5.RELEASE
v1.3.0.M1
v1.2.4.RELEASE
v1.2.3.RELEASE
v1.1.12.RELEASE
v1.2.2.RELEASE
v1.1.11.RELEASE
v1.2.1.RELEASE
v1.1.10.RELEASE
v1.2.0.RELEASE
v1.2.0.RC2
v1.2.0.RC1
v1.1.9.RELEASE
v1.2.0.M2
v1.1.8.RELEASE
v1.1.7.RELEASE
v1.2.0.M1
v1.1.6.RELEASE
v1.1.5.RELEASE
v1.1.4.RELEASE
v1.1.3.RELEASE
v1.1.2.RELEASE
v1.1.1.RELEASE
v1.1.0.RELEASE
v1.1.0.RC1
v1.1.0.M2
v1.1.0.M1
v1.0.2.RELEASE
v1.0.1.RELEASE
v1.0.0.RELEASE
v1.0.0.RC5
v1.0.0.RC4
v1.0.0.RC3
v1.0.0.RC2
v1.0.0.RC1
v0.5.0.M7
v0.5.0.M6
v0.5.0.M5
v0.5.0.M4
v0.5.0.M3
v0.5.0.M1
v0.5.0.M2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e473364e4e'
${ noResults }
spring-boot/spring-boot-samples/spring-boot-sample-secure/src/test/java/sample/secure/SampleSecureApplicationTest...

99 lines
3.2 KiB
Java
Raw Normal View History Unescape Escape

Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
/*
Update copyright header for files changed in 2014
11 years ago
* Copyright 2012-2014 the original author or authors.
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package sample.secure;
import org.junit.After;
Support for AuthenticationManagerBuilder injection into user code Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
11 years ago
import org.junit.Before;
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.SpringApplicationConfiguration;
Support for AuthenticationManagerBuilder injection into user code Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
11 years ago
import org.springframework.context.ApplicationContext;
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import sample.secure.SampleSecureApplicationTests.TestConfiguration;
Polish
11 years ago
import static org.junit.Assert.assertEquals;
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
/**
* Basic integration tests for demo application.
Remote trailing whitespace
11 years ago
*
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
* @author Dave Syer
*/
@RunWith(SpringJUnit4ClassRunner.class)
Reformat code
9 years ago
@SpringApplicationConfiguration({ SampleSecureApplication.class, TestConfiguration.class })
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
public class SampleSecureApplicationTests {
@Autowired
private SampleService service;
@Autowired
Support for AuthenticationManagerBuilder injection into user code Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
11 years ago
private ApplicationContext context;
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
private Authentication authentication;
Support for AuthenticationManagerBuilder injection into user code Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
11 years ago
@Before
public void init() {
Refactor AuthenticationManagerConfiguration to make sure it works if user also adds @EnableWebMvcSecurity. The problem is that the ordering of the init() and configure() methods in the Spring Security configurers can force things to happen too early unless we are careful. It's still a bit twitchy I would say, but this relatively small change seems to fix the GS guide and not break any existing tests. I added a sample which mimic ths GS guide so we get an integration test that executes the new code paths. Fixes gh-1364
10 years ago
AuthenticationManager authenticationManager = this.context
.getBean(AuthenticationManager.class);
Reformat code use Eclipse Mars
9 years ago
this.authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken("user", "password"));
Support for AuthenticationManagerBuilder injection into user code Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
11 years ago
}
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
@After
public void close() {
SecurityContextHolder.clearContext();
}
@Test(expected = AuthenticationException.class)
public void secure() throws Exception {
Polish
11 years ago
assertEquals(this.service.secure(), "Hello Security");
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
}
@Test
public void authenticated() throws Exception {
Polish
11 years ago
SecurityContextHolder.getContext().setAuthentication(this.authentication);
assertEquals(this.service.secure(), "Hello Security");
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
}
@Test
public void preauth() throws Exception {
Polish
11 years ago
SecurityContextHolder.getContext().setAuthentication(this.authentication);
assertEquals(this.service.authorized(), "Hello World");
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
}
@Test(expected = AccessDeniedException.class)
public void denied() throws Exception {
Polish
11 years ago
SecurityContextHolder.getContext().setAuthentication(this.authentication);
assertEquals(this.service.denied(), "Goodbye World");
Allow @EnableGlobalMethodSecurity in a non webapp Fixes gh-202
11 years ago
}
@PropertySource("classpath:test.properties")
@Configuration
protected static class TestConfiguration {
}
}