Support for AuthenticationManagerBuilder injection into user code
Spring Boot provides a default AuthenticatiomManager for getting started quickly with security and never exposing insecure endpoints. To override that feature as users move to the next stage in their project, they may have to do something slightly different depending on whether it is a webapp or not. In any app (web or not), providing a @Bean of type AuthenticationManager always works, but you don't get the benefit of the builder features. In a webapp the user can also extend WebSecurityConfigurerAdapter to provides a custom AuthenticationManager, and the preferred way of doing that is via a void method that is autowired with an AuthenticationManagerBuilder. The default AuthenticationManager is built in a configurer with @Order(LOWEST_PRECEDENCE - 3) so to override it the user's confugrer must have higher precedence (lower @Order). @EnableGlobalMethodSecurity can also be used in a non-webapp, and Spring Boot will still provide a default AuthenticationManager. To override it the user has to either extend GlobalMethodSecurityConfiguration or provide a @Bean of type AuthenticationManager (there's no other way to capture the AuthenticationManagerBuilder that doesn't happen too late in the beans lifecyle). Fixes gh-244
This commit is contained in:
@@ -16,12 +16,15 @@
|
||||
|
||||
package sample.secure;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.SpringApplicationConfiguration;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
@@ -34,8 +37,6 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
||||
import sample.secure.SampleSecureApplicationTests.TestConfiguration;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
/**
|
||||
* Basic integration tests for demo application.
|
||||
*
|
||||
@@ -50,8 +51,17 @@ public class SampleSecureApplicationTests {
|
||||
private SampleService service;
|
||||
|
||||
@Autowired
|
||||
private ApplicationContext context;
|
||||
|
||||
private Authentication authentication;
|
||||
|
||||
@Before
|
||||
public void init() {
|
||||
AuthenticationManager authenticationManager = context.getBean(AuthenticationManager.class);
|
||||
authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(
|
||||
"user", "password"));
|
||||
}
|
||||
|
||||
@After
|
||||
public void close() {
|
||||
SecurityContextHolder.clearContext();
|
||||
@@ -84,16 +94,6 @@ public class SampleSecureApplicationTests {
|
||||
@Configuration
|
||||
protected static class TestConfiguration {
|
||||
|
||||
@Autowired
|
||||
private AuthenticationManager authenticationManager;
|
||||
|
||||
@Bean
|
||||
public Authentication user() {
|
||||
return authenticationManager
|
||||
.authenticate(new UsernamePasswordAuthenticationToken("user",
|
||||
"password"));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user