Fix secure method configuration global authentication
This fixes a bug in the sample, where the AuthenticationManager it builds is a local one for the filter chain containing "/login", whereas it was expecting to override the Boot default, which is "global". The fix is to extract the authentication configuration out into a GlobalAuthenticationConfigurerAdapter. Fixes gh-699
This commit is contained in:
@@ -16,17 +16,19 @@
|
||||
|
||||
package sample.ui.method;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.test.IntegrationTest;
|
||||
import org.springframework.boot.test.TestRestTemplate;
|
||||
import org.springframework.boot.test.SpringApplicationConfiguration;
|
||||
import org.springframework.boot.test.TestRestTemplate;
|
||||
import org.springframework.http.HttpEntity;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.HttpMethod;
|
||||
@@ -39,9 +41,6 @@ import org.springframework.test.context.web.WebAppConfiguration;
|
||||
import org.springframework.util.LinkedMultiValueMap;
|
||||
import org.springframework.util.MultiValueMap;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
/**
|
||||
* Basic integration tests for demo application.
|
||||
*
|
||||
@@ -117,13 +116,19 @@ public class SampleMethodSecurityApplicationTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
@Ignore("https://github.com/spring-projects/spring-boot/issues/699")
|
||||
public void testManagementAuthorizedAccess() throws Exception {
|
||||
ResponseEntity<String> entity = new TestRestTemplate("user", "user")
|
||||
ResponseEntity<String> entity = new TestRestTemplate("admin", "admin")
|
||||
.getForEntity("http://localhost:" + port + "/beans", String.class);
|
||||
assertEquals(HttpStatus.OK, entity.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testManagementUnauthorizedAccess() throws Exception {
|
||||
ResponseEntity<String> entity = new TestRestTemplate("user", "user")
|
||||
.getForEntity("http://localhost:" + port + "/beans", String.class);
|
||||
assertEquals(HttpStatus.FORBIDDEN, entity.getStatusCode());
|
||||
}
|
||||
|
||||
private void getCsrf(MultiValueMap<String, String> form, HttpHeaders headers) {
|
||||
ResponseEntity<String> page = new TestRestTemplate().getForEntity(
|
||||
"http://localhost:" + port + "/login", String.class);
|
||||
|
||||
Reference in New Issue
Block a user