Simplify AuthenticationManagerConfiguration

Simplify `AuthenticationManagerConfiguration` following the recent
Spring Security auto-configuration updates.

See gh-7958
pull/10447/head
Madhura Bhave 7 years ago committed by Phillip Webb
parent 93f6168fd0
commit c592e3b67d

@ -16,7 +16,6 @@
package org.springframework.boot.autoconfigure.security; package org.springframework.boot.autoconfigure.security;
import java.lang.reflect.Field;
import java.util.UUID; import java.util.UUID;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@ -31,30 +30,21 @@ import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationListener; import org.springframework.context.ApplicationListener;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order; import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationEventPublisher; import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.ObjectPostProcessor; import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityConfigurer; import org.springframework.security.core.userdetails.User;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.ReflectionUtils; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
/** /**
* Configuration for a Spring Security in-memory {@link AuthenticationManager}. Can be * Configuration for a Spring Security in-memory {@link AuthenticationManager}. Adds an
* disabled by providing a bean of type {@link AuthenticationManager}, * {@link InMemoryUserDetailsManager} with a default user and generated password.
* {@link AuthenticationProvider} or {@link UserDetailsService}. The value provided by * This can be disabled by providing a bean of type {@link AuthenticationManager},
* this configuration will become the "global" authentication manager (from Spring * {@link AuthenticationProvider} or {@link UserDetailsService}.
* Security), or the parent of the global instance. Thus it acts as a fallback when no
* others are provided, is used by method security if enabled, and as a parent
* authentication manager for "local" authentication managers in individual filter chains.
* *
* @author Dave Syer * @author Dave Syer
* @author Rob Winch * @author Rob Winch
@ -62,8 +52,6 @@ import org.springframework.util.ReflectionUtils;
*/ */
@Configuration @Configuration
@ConditionalOnBean(ObjectPostProcessor.class) @ConditionalOnBean(ObjectPostProcessor.class)
@ConditionalOnMissingBean({ AuthenticationManager.class, AuthenticationProvider.class,
UserDetailsService.class })
@Order(0) @Order(0)
public class AuthenticationManagerConfiguration { public class AuthenticationManagerConfiguration {
@ -71,15 +59,13 @@ public class AuthenticationManagerConfiguration {
.getLog(AuthenticationManagerConfiguration.class); .getLog(AuthenticationManagerConfiguration.class);
@Bean @Bean
@Primary @ConditionalOnMissingBean({ AuthenticationManager.class, AuthenticationProvider.class,
public AuthenticationManager authenticationManager( UserDetailsService.class })
AuthenticationConfiguration configuration) throws Exception { public InMemoryUserDetailsManager inMemoryUserDetailsManager() throws Exception {
return configuration.getAuthenticationManager(); String password = UUID.randomUUID().toString();
} logger.info(
String.format("%n%nUsing default security password: %s%n", password));
@Bean return new InMemoryUserDetailsManager(User.withUsername("user").password(password).roles().build());
public static SpringBootAuthenticationConfigurerAdapter springBootAuthenticationConfigurerAdapter() {
return new SpringBootAuthenticationConfigurerAdapter();
} }
@Bean @Bean
@ -87,91 +73,6 @@ public class AuthenticationManagerConfiguration {
return new AuthenticationManagerConfigurationListener(); return new AuthenticationManagerConfigurationListener();
} }
/**
* {@link GlobalAuthenticationConfigurerAdapter} to apply
* {@link DefaultInMemoryUserDetailsManagerConfigurer}. We must apply
* {@link DefaultInMemoryUserDetailsManagerConfigurer} in the init phase of the last
* {@link GlobalAuthenticationConfigurerAdapter}. The reason is that the typical flow
* is something like:
*
* <ul>
* <li>A
* {@link GlobalAuthenticationConfigurerAdapter#init(AuthenticationManagerBuilder)}
* exists that adds a {@link SecurityConfigurer} to the
* {@link AuthenticationManagerBuilder}.</li>
* <li>{@link AuthenticationManagerConfiguration} adds
* {@link SpringBootAuthenticationConfigurerAdapter} so it is after the
* {@link SecurityConfigurer} in the first step.</li>
* <li>We then can default an {@link AuthenticationProvider} if necessary. Note we can
* only invoke the
* {@link AuthenticationManagerBuilder#authenticationProvider(AuthenticationProvider)}
* method since all other methods add a {@link SecurityConfigurer} which is not
* allowed in the configure stage. It is not allowed because we guarantee all init
* methods are invoked before configure, which cannot be guaranteed at this point.
* </li>
* </ul>
*/
@Order(Ordered.LOWEST_PRECEDENCE - 100)
private static class SpringBootAuthenticationConfigurerAdapter
extends GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.apply(new DefaultInMemoryUserDetailsManagerConfigurer());
}
}
/**
* {@link InMemoryUserDetailsManagerConfigurer} to add user details from
* {@link SecurityProperties}. This is necessary to delay adding the default user.
*
* <ul>
* <li>A {@link GlobalAuthenticationConfigurerAdapter} will initialize the
* {@link AuthenticationManagerBuilder} with a Configurer which will be after any
* {@link GlobalAuthenticationConfigurerAdapter}.</li>
* <li>{@link SpringBootAuthenticationConfigurerAdapter} will be invoked after all
* {@link GlobalAuthenticationConfigurerAdapter}, but before the Configurers that were
* added by other {@link GlobalAuthenticationConfigurerAdapter} instances.</li>
* <li>A {@link SpringBootAuthenticationConfigurerAdapter} will add
* {@link DefaultInMemoryUserDetailsManagerConfigurer} after all Configurer instances.
* </li>
* <li>All init methods will be invoked.</li>
* <li>All configure methods will be invoked which is where the
* {@link AuthenticationProvider} instances are setup.</li>
* <li>If no AuthenticationProviders were provided,
* {@link DefaultInMemoryUserDetailsManagerConfigurer} will default the value.</li>
* </ul>
*/
private static class DefaultInMemoryUserDetailsManagerConfigurer
extends InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> {
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
if (auth.isConfigured()) {
return;
}
String password = UUID.randomUUID().toString();
logger.info(
String.format("%n%nUsing default security password: %s%n", password));
withUser("user").password(password).roles();
setField(auth, "defaultUserDetailsService", getUserDetailsService());
super.configure(auth);
}
private void setField(Object target, String name, Object value) {
try {
Field field = ReflectionUtils.findField(target.getClass(), name);
ReflectionUtils.makeAccessible(field);
ReflectionUtils.setField(field, target, value);
}
catch (Exception ex) {
logger.info("Could not set " + name);
}
}
}
/** /**
* {@link ApplicationListener} to autowire the {@link AuthenticationEventPublisher} * {@link ApplicationListener} to autowire the {@link AuthenticationEventPublisher}
* into the {@link AuthenticationManager}. * into the {@link AuthenticationManager}.

@ -28,21 +28,17 @@ import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher; import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter; import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.provisioning.InMemoryUserDetailsManager;
/** /**
* {@link EnableAutoConfiguration Auto-configuration} for Spring Security. Provides an * {@link EnableAutoConfiguration Auto-configuration} for Spring Security. Provides an
* {@link AuthenticationManager} based on configuration bound to a * {@link InMemoryUserDetailsManager} with one user (named "user") whose password is
* {@link SecurityProperties} bean. There is one user (named "user") whose password is * random and printed on the console at INFO level during startup. In a webapp, this
* random and printed on the console at INFO level during startup. In a webapp this * configuration also secures all web endpoints (including static resources).
* configuration also secures all web endpoints (except some well-known static resource
* locations) with HTTP basic security. To replace all the default behaviours in a webapp
* provide a {@code @Configuration} with {@code @EnableWebSecurity}. To just add your own
* layer of application security in front of the defaults, add a {@code @Configuration} of
* type {@link WebSecurityConfigurerAdapter}.
* *
* @author Dave Syer * @author Dave Syer
* @author Andy Wilkinson * @author Andy Wilkinson
* @author Madhura Bhave
*/ */
@Configuration @Configuration
@ConditionalOnClass({ AuthenticationManager.class, @ConditionalOnClass({ AuthenticationManager.class,

@ -16,6 +16,7 @@
package org.springframework.boot.autoconfigure.security; package org.springframework.boot.autoconfigure.security;
import java.util.Collections;
import java.util.EnumSet; import java.util.EnumSet;
import javax.servlet.DispatcherType; import javax.servlet.DispatcherType;
@ -38,29 +39,27 @@ import org.springframework.context.ApplicationListener;
import org.springframework.context.annotation.AnnotationConfigApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.mock.web.MockServletContext; import org.springframework.mock.web.MockServletContext;
import org.springframework.orm.jpa.JpaTransactionManager; import org.springframework.orm.jpa.JpaTransactionManager;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.TestingAuthenticationProvider;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent; import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent; import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension; import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.FilterChainProxy;
import org.springframework.test.util.ReflectionTestUtils; import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.fail;
/** /**
* Tests for {@link SecurityAutoConfiguration}. * Tests for {@link SecurityAutoConfiguration}.
@ -68,6 +67,7 @@ import static org.junit.Assert.fail;
* @author Dave Syer * @author Dave Syer
* @author Rob Winch * @author Rob Winch
* @author Andy Wilkinson * @author Andy Wilkinson
* @author Madhura Bhave
*/ */
public class SecurityAutoConfigurationTests { public class SecurityAutoConfigurationTests {
@ -147,120 +147,78 @@ public class SecurityAutoConfigurationTests {
} }
@Test @Test
public void testDisableIgnoredStaticApplicationPaths() throws Exception { public void testEventPublisherInjected() throws Exception {
this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext());
this.context.register(SecurityAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class);
TestPropertyValues.of("security.ignored:none").applyTo(this.context);
this.context.refresh();
// Just the application endpoints now
assertThat(this.context.getBean(FilterChainProxy.class).getFilterChains())
.hasSize(1);
}
@Test
public void testAuthenticationManagerCreated() throws Exception {
this.context = new AnnotationConfigWebApplicationContext(); this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext()); this.context.setServletContext(new MockServletContext());
this.context.register(SecurityAutoConfiguration.class, this.context.register(TestAuthenticationManagerConfiguration.class, SecurityAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class); PropertyPlaceholderAutoConfiguration.class);
this.context.refresh(); this.context.refresh();
assertThat(this.context.getBean(AuthenticationManager.class)).isNotNull();
}
@Test
public void testEventPublisherInjected() throws Exception {
testAuthenticationManagerCreated();
pingAuthenticationListener();
}
private void pingAuthenticationListener() {
AuthenticationListener listener = new AuthenticationListener(); AuthenticationListener listener = new AuthenticationListener();
this.context.addApplicationListener(listener); this.context.addApplicationListener(listener);
AuthenticationManager manager = this.context.getBean(AuthenticationManager.class); AuthenticationManager manager = this.context.getBean(AuthenticationManager.class);
try { manager.authenticate(new TestingAuthenticationToken("foo", "wrong"));
manager.authenticate(new UsernamePasswordAuthenticationToken("foo", "wrong"));
fail("Expected BadCredentialsException");
}
catch (BadCredentialsException e) {
// expected
}
assertThat(listener.event) assertThat(listener.event)
.isInstanceOf(AuthenticationFailureBadCredentialsEvent.class); .isInstanceOf(AuthenticationSuccessEvent.class);
} }
@Test @Test
public void testOverrideAuthenticationManager() throws Exception { public void testDefaultUsernamePassword() throws Exception {
this.context = new AnnotationConfigWebApplicationContext(); this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext()); this.context.setServletContext(new MockServletContext());
this.context.register(TestAuthenticationConfiguration.class, this.context.register(SecurityAutoConfiguration.class);
SecurityAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class);
this.context.refresh(); this.context.refresh();
assertThat(this.context.getBean(AuthenticationManager.class)) UserDetailsService manager = this.context.getBean(UserDetailsService.class);
.isEqualTo(this.context.getBean( assertThat(this.outputCapture.toString()).contains("Using default security password:");
TestAuthenticationConfiguration.class).authenticationManager); assertThat(manager.loadUserByUsername("user")).isNotNull();
} }
@Test @Test
public void testDefaultAuthenticationManagerMakesUserDetailsAvailable() public void defaultUserNotCreatedIfAuthenticationManagerBeanPresent() throws Exception {
throws Exception {
this.context = new AnnotationConfigWebApplicationContext(); this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext()); this.context.setServletContext(new MockServletContext());
this.context.register(UserDetailsSecurityCustomizer.class, this.context.register(TestAuthenticationManagerConfiguration.class,
SecurityAutoConfiguration.class, SecurityAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class); PropertyPlaceholderAutoConfiguration.class);
this.context.refresh(); this.context.refresh();
assertThat(this.context.getBean(UserDetailsSecurityCustomizer.class) AuthenticationManager manager = this.context.getBean(AuthenticationManager.class);
.getUserDetails().loadUserByUsername("user")).isNotNull(); assertThat(manager)
}
@Test
public void testOverrideAuthenticationManagerAndInjectIntoSecurityFilter()
throws Exception {
this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext());
this.context.register(TestAuthenticationConfiguration.class,
SecurityCustomizer.class, SecurityAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class);
this.context.refresh();
assertThat(this.context.getBean(AuthenticationManager.class))
.isEqualTo(this.context.getBean( .isEqualTo(this.context.getBean(
TestAuthenticationConfiguration.class).authenticationManager); TestAuthenticationManagerConfiguration.class).authenticationManager);
assertThat(this.outputCapture.toString())
.doesNotContain("Using default security password: ");
TestingAuthenticationToken token = new TestingAuthenticationToken(
"foo", "bar");
assertThat(manager.authenticate(token)).isNotNull();
} }
@Test @Test
public void testOverrideAuthenticationManagerWithBuilderAndInjectIntoSecurityFilter() public void defaultUserNotCreatedIfUserDetailsServiceBeanPresent() throws Exception {
throws Exception {
this.context = new AnnotationConfigWebApplicationContext(); this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext()); this.context.setServletContext(new MockServletContext());
this.context.register(AuthenticationManagerCustomizer.class, this.context.register(TestUserDetailsServiceConfiguration.class,
SecurityCustomizer.class, SecurityAutoConfiguration.class, SecurityAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class); PropertyPlaceholderAutoConfiguration.class);
this.context.refresh(); this.context.refresh();
UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( UserDetailsService userDetailsService = this.context.getBean(UserDetailsService.class);
"foo", "bar", assertThat(this.outputCapture.toString())
AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")); .doesNotContain("Using default security password: ");
assertThat(this.context.getBean(AuthenticationManager.class).authenticate(user)) assertThat(userDetailsService.loadUserByUsername("foo")).isNotNull();
.isNotNull();
pingAuthenticationListener();
} }
@Test @Test
public void testOverrideAuthenticationManagerWithBuilderAndInjectBuilderIntoSecurityFilter() public void defaultUserNotCreatedIfAuthenticationProviderBeanPresent() throws Exception {
throws Exception {
this.context = new AnnotationConfigWebApplicationContext(); this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext()); this.context.setServletContext(new MockServletContext());
this.context.register(AuthenticationManagerCustomizer.class, this.context.register(TestAuthenticationProviderConfiguration.class,
WorkaroundSecurityCustomizer.class, SecurityAutoConfiguration.class, SecurityAutoConfiguration.class,
PropertyPlaceholderAutoConfiguration.class); PropertyPlaceholderAutoConfiguration.class);
this.context.refresh(); this.context.refresh();
UsernamePasswordAuthenticationToken user = new UsernamePasswordAuthenticationToken( AuthenticationProvider provider = this.context.getBean(AuthenticationProvider.class);
"foo", "bar", assertThat(this.outputCapture.toString())
AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")); .doesNotContain("Using default security password: ");
assertThat(this.context.getBean(AuthenticationManager.class).authenticate(user)) TestingAuthenticationToken token = new TestingAuthenticationToken(
.isNotNull(); "foo", "bar");
assertThat(provider.authenticate(token)).isNotNull();
} }
@Test @Test
@ -279,41 +237,11 @@ public class SecurityAutoConfigurationTests {
assertThat(this.context.getBean(JpaTransactionManager.class)).isNotNull(); assertThat(this.context.getBean(JpaTransactionManager.class)).isNotNull();
} }
@Test
public void testDefaultUsernamePassword() throws Exception {
this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext());
this.context.register(SecurityAutoConfiguration.class);
this.context.refresh();
String password = this.outputCapture.toString()
.split("Using default security password: ")[1].split("\n")[0].trim();
AuthenticationManager manager = this.context.getBean(AuthenticationManager.class);
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
"user", password);
assertThat(manager.authenticate(token)).isNotNull();
}
@Test
public void testCustomAuthenticationDoesNotCreateDefaultUser() throws Exception {
this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext());
this.context.register(AuthenticationManagerCustomizer.class,
SecurityAutoConfiguration.class);
this.context.refresh();
AuthenticationManager manager = this.context.getBean(AuthenticationManager.class);
assertThat(this.outputCapture.toString())
.doesNotContain("Using default security password: ");
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
"foo", "bar");
assertThat(manager.authenticate(token)).isNotNull();
}
@Test @Test
public void testSecurityEvaluationContextExtensionSupport() { public void testSecurityEvaluationContextExtensionSupport() {
this.context = new AnnotationConfigWebApplicationContext(); this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext()); this.context.setServletContext(new MockServletContext());
this.context.register(AuthenticationManagerCustomizer.class, this.context.register(SecurityAutoConfiguration.class);
SecurityAutoConfiguration.class);
this.context.refresh(); this.context.refresh();
assertThat(this.context.getBean(SecurityEvaluationContextExtension.class)) assertThat(this.context.getBean(SecurityEvaluationContextExtension.class))
.isNotNull(); .isNotNull();
@ -376,76 +304,35 @@ public class SecurityAutoConfigurationTests {
} }
@Configuration @Configuration
protected static class TestAuthenticationConfiguration { protected static class TestAuthenticationManagerConfiguration {
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
@Bean @Bean
public AuthenticationManager myAuthenticationManager() { public AuthenticationManager myAuthenticationManager() {
this.authenticationManager = ( AuthenticationProvider authenticationProvider = new TestingAuthenticationProvider();
authentication) -> new TestingAuthenticationToken("foo", "bar"); this.authenticationManager = new ProviderManager(Collections.singletonList(authenticationProvider));
return this.authenticationManager; return this.authenticationManager;
} }
} }
@Configuration @Configuration
protected static class SecurityCustomizer extends WebSecurityConfigurerAdapter { protected static class TestUserDetailsServiceConfiguration {
final AuthenticationManager authenticationManager;
protected SecurityCustomizer(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
}
@Configuration
protected static class WorkaroundSecurityCustomizer
extends WebSecurityConfigurerAdapter {
private final AuthenticationManagerBuilder builder;
@SuppressWarnings("unused")
private AuthenticationManager authenticationManager;
protected WorkaroundSecurityCustomizer(AuthenticationManagerBuilder builder) {
this.builder = builder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
this.authenticationManager = (authentication) -> this.builder.getOrBuild()
.authenticate(authentication);
}
}
@Configuration
@Order(-1)
protected static class AuthenticationManagerCustomizer
extends GlobalAuthenticationConfigurerAdapter {
@Override @Bean
public void init(AuthenticationManagerBuilder auth) throws Exception { public InMemoryUserDetailsManager myUserDetailsService() {
auth.inMemoryAuthentication().withUser("foo").password("bar").roles("USER"); return new InMemoryUserDetailsManager(User.withUsername("foo").password("bar").roles("USER").build());
} }
} }
@Configuration @Configuration
protected static class UserDetailsSecurityCustomizer protected static class TestAuthenticationProviderConfiguration {
extends WebSecurityConfigurerAdapter {
private UserDetailsService userDetails;
@Override
protected void configure(HttpSecurity http) throws Exception {
this.userDetails = http.getSharedObject(UserDetailsService.class);
}
public UserDetailsService getUserDetails() { @Bean
return this.userDetails; public AuthenticationProvider myauthenticationProvider() {
return new TestingAuthenticationProvider();
} }
} }

Loading…
Cancel
Save