Split SecurityAutoConfiguration

Spring Security 3.2 has a new annotation @EnableWebMvcSecurity that we
should use if MVC is being used.
This commit is contained in:
Dave Syer
2013-12-17 17:15:05 +00:00
parent 72bfd4ce68
commit 997b015d10
5 changed files with 235 additions and 1 deletions

View File

@@ -0,0 +1,117 @@
package org.springframework.boot.sample.servlet;
import static org.junit.Assert.assertEquals;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.http.HttpRequest;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.http.client.InterceptingClientHttpRequestFactory;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.RestTemplate;
/**
* Basic integration tests for demo application.
*
* @author Dave Syer
*/
public class SampleServletApplicationTests {
private static ConfigurableApplicationContext context;
@BeforeClass
public static void start() throws Exception {
Future<ConfigurableApplicationContext> future = Executors
.newSingleThreadExecutor().submit(
new Callable<ConfigurableApplicationContext>() {
@Override
public ConfigurableApplicationContext call() throws Exception {
return SpringApplication
.run(SampleServletApplication.class);
}
});
context = future.get(60, TimeUnit.SECONDS);
}
@AfterClass
public static void stop() {
if (context != null) {
context.close();
}
}
@Test
public void testHomeIsSecure() throws Exception {
ResponseEntity<String> entity = getRestTemplate().getForEntity(
"http://localhost:8080", String.class);
assertEquals(HttpStatus.UNAUTHORIZED, entity.getStatusCode());
}
@Test
public void testHome() throws Exception {
ResponseEntity<String> entity = getRestTemplate("user", getPassword()).getForEntity(
"http://localhost:8080", String.class);
assertEquals(HttpStatus.OK, entity.getStatusCode());
assertEquals("Hello World", entity.getBody());
}
private String getPassword() {
return context.getBean(SecurityProperties.class).getUser().getPassword();
}
private RestTemplate getRestTemplate() {
return getRestTemplate(null, null);
}
private RestTemplate getRestTemplate(final String username, final String password) {
List<ClientHttpRequestInterceptor> interceptors = new ArrayList<ClientHttpRequestInterceptor>();
if (username != null) {
interceptors.add(new ClientHttpRequestInterceptor() {
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body,
ClientHttpRequestExecution execution) throws IOException {
request.getHeaders().add(
"Authorization",
"Basic "
+ new String(Base64
.encode((username + ":" + password)
.getBytes())));
return execution.execute(request, body);
}
});
}
RestTemplate restTemplate = new RestTemplate(
new InterceptingClientHttpRequestFactory(
new SimpleClientHttpRequestFactory(), interceptors));
restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {
@Override
public void handleError(ClientHttpResponse response) throws IOException {
}
});
return restTemplate;
}
}