From ab49acc782a3512170bf1ccf1b3188269a915de4 Mon Sep 17 00:00:00 2001 From: Guirong Hu Date: Wed, 5 Jan 2022 12:06:21 +0800 Subject: [PATCH 1/2] Stop configuring a default user with SAML 2.0 Login See gh-29263 --- .../UserDetailsServiceAutoConfiguration.java | 5 +++-- ...rDetailsServiceAutoConfigurationTests.java | 20 ++++++++++++++++++- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.java index d7e70ed371..6d5d4b08b3 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 the original author or authors. + * Copyright 2012-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -61,7 +61,8 @@ import org.springframework.util.StringUtils; AuthenticationManagerResolver.class }, type = { "org.springframework.security.oauth2.jwt.JwtDecoder", "org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector", - "org.springframework.security.oauth2.client.registration.ClientRegistrationRepository" }) + "org.springframework.security.oauth2.client.registration.ClientRegistrationRepository", + "org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository" }) public class UserDetailsServiceAutoConfiguration { private static final String NOOP_PASSWORD_PREFIX = "{noop}"; diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfigurationTests.java index 96a00518ad..097a237ddc 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfigurationTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2021 the original author or authors. + * Copyright 2012-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -46,6 +46,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio import org.springframework.security.oauth2.jwt.JwtDecoder; import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector; import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.Mockito.mock; @@ -156,6 +157,12 @@ class UserDetailsServiceAutoConfigurationTests { .run(((context) -> assertThat(context).doesNotHaveBean(InMemoryUserDetailsManager.class))); } + @Test + void userDetailsServiceWhenRelyingPartyRegistrationRepositoryBeanPresent() { + this.contextRunner.withUserConfiguration(TestConfigWithRelyingPartyRegistrationRepository.class) + .run(((context) -> assertThat(context).doesNotHaveBean(InMemoryUserDetailsManager.class))); + } + @Test void generatedPasswordShouldNotBePrintedIfAuthenticationManagerBuilderIsUsed(CapturedOutput output) { this.contextRunner.withUserConfiguration(TestConfigWithAuthenticationManagerBuilder.class) @@ -234,6 +241,17 @@ class UserDetailsServiceAutoConfigurationTests { } + @Configuration(proxyBeanMethods = false) + @Import(TestSecurityConfiguration.class) + static class TestConfigWithRelyingPartyRegistrationRepository { + + @Bean + RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() { + return mock(RelyingPartyRegistrationRepository.class); + } + + } + @Configuration(proxyBeanMethods = false) @Import(TestSecurityConfiguration.class) static class TestConfigWithJwtDecoder { From e92e35d56fec825a036a91a808b1975ade2a548a Mon Sep 17 00:00:00 2001 From: Stephane Nicoll Date: Mon, 10 Jan 2022 16:25:43 +0100 Subject: [PATCH 2/2] Polish "Stop configuring a default user with SAML 2.0 Login" See gh-29263 --- .../UserDetailsServiceAutoConfigurationTests.java | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfigurationTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfigurationTests.java index 097a237ddc..2ae8c294b3 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfigurationTests.java @@ -159,7 +159,9 @@ class UserDetailsServiceAutoConfigurationTests { @Test void userDetailsServiceWhenRelyingPartyRegistrationRepositoryBeanPresent() { - this.contextRunner.withUserConfiguration(TestConfigWithRelyingPartyRegistrationRepository.class) + this.contextRunner + .withBean(RelyingPartyRegistrationRepository.class, + () -> mock(RelyingPartyRegistrationRepository.class)) .run(((context) -> assertThat(context).doesNotHaveBean(InMemoryUserDetailsManager.class))); } @@ -241,17 +243,6 @@ class UserDetailsServiceAutoConfigurationTests { } - @Configuration(proxyBeanMethods = false) - @Import(TestSecurityConfiguration.class) - static class TestConfigWithRelyingPartyRegistrationRepository { - - @Bean - RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() { - return mock(RelyingPartyRegistrationRepository.class); - } - - } - @Configuration(proxyBeanMethods = false) @Import(TestSecurityConfiguration.class) static class TestConfigWithJwtDecoder {