diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy deleted file mode 100644 index 12f641ef1b..0000000000 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright 2002-2013 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.springframework.security.config.annotation.web.configuration - -import org.springframework.mock.web.MockServletContext -import org.springframework.security.authentication.TestingAuthenticationToken -import org.springframework.security.core.annotation.AuthenticationPrincipal -import org.springframework.security.core.context.SecurityContext -import org.springframework.security.core.context.SecurityContextImpl -import org.springframework.security.core.userdetails.PasswordEncodedUser -import org.springframework.security.core.userdetails.User -import org.springframework.security.web.context.HttpSessionSecurityContextRepository -import org.springframework.test.context.web.WebAppConfiguration -import org.springframework.web.bind.annotation.RequestMapping -import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; - -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; - -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.context.annotation.Bean -import org.springframework.context.annotation.Configuration -import org.springframework.mock.web.MockHttpServletRequest -import org.springframework.security.authentication.AnonymousAuthenticationToken -import org.springframework.security.authentication.AuthenticationManager -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken -import org.springframework.security.config.annotation.BaseSpringSpec -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder -import org.springframework.security.config.annotation.web.builders.HttpSecurity -import org.springframework.security.web.authentication.AnonymousAuthenticationFilter -import org.springframework.security.web.debug.DebugFilter -import org.springframework.test.web.servlet.MockMvc -import org.springframework.test.web.servlet.setup.MockMvcBuilders; -import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.servlet.config.annotation.EnableWebMvc; - -class EnableWebSecurityTests extends BaseSpringSpec { - - def "@Bean(BeanIds.AUTHENTICATION_MANAGER) includes HttpSecurity's AuthenticationManagerBuilder"() { - when: - loadConfig(SecurityConfig) - AuthenticationManager authenticationManager = context.getBean(AuthenticationManager) - AnonymousAuthenticationToken anonymousAuthToken = findFilter(AnonymousAuthenticationFilter).createAuthentication(new MockHttpServletRequest()) - then: - authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")) - authenticationManager.authenticate(anonymousAuthToken) - - } - - - @EnableWebSecurity - static class SecurityConfig extends WebSecurityConfigurerAdapter { - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth - .inMemoryAuthentication() - .withUser(PasswordEncodedUser.user()); - } - - @Bean - @Override - public AuthenticationManager authenticationManagerBean() - throws Exception { - return super.authenticationManagerBean(); - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - http - .authorizeRequests() - .antMatchers("/*").hasRole("USER") - .and() - .formLogin(); - } - } - - def "@EnableWebSecurity on superclass"() { - when: - loadConfig(ChildSecurityConfig) - then: - context.getBean("springSecurityFilterChain", DebugFilter) - } - - @Configuration - static class ChildSecurityConfig extends DebugSecurityConfig { - } - - @EnableWebSecurity(debug=true) - static class DebugSecurityConfig extends WebSecurityConfigurerAdapter { - - } - - def "SEC-2942: EnableWebSecurity adds AuthenticationPrincipalArgumentResolver"() { - setup: - def username = "test" - context = new AnnotationConfigWebApplicationContext() - context.servletContext = new MockServletContext() - context.register(AuthenticationPrincipalConfig) - context.refresh() - SecurityContext securityContext = new SecurityContextImpl(authentication: new TestingAuthenticationToken(username, "pass", "ROLE_USER")) - MockMvc mockMvc = MockMvcBuilders - .webAppContextSetup(context) - .addFilters(springSecurityFilterChain) - .build() - when: - String body = mockMvc - .perform(get("/").sessionAttr(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, securityContext)) - .andReturn().response.contentAsString - then: - body == username - - } - - @EnableWebSecurity - @EnableWebMvc - @Configuration - static class AuthenticationPrincipalConfig { - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) { - auth.inMemoryAuthentication() - } - - @RestController - static class AuthController { - - @RequestMapping("/") - String principal(@AuthenticationPrincipal String principal) { - principal - } - } - } -} diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java new file mode 100644 index 0000000000..75d36b12ac --- /dev/null +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.java @@ -0,0 +1,125 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.config.annotation.web.configuration; + +import org.junit.Rule; +import org.junit.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.TestingAuthenticationToken; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.test.SpringTestRule; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.core.userdetails.PasswordEncodedUser; +import org.springframework.security.web.debug.DebugFilter; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; + +/** + * @author Joe Grandja + */ +public class EnableWebSecurityTests { + @Rule + public final SpringTestRule spring = new SpringTestRule(); + + @Autowired + private MockMvc mockMvc; + + @Test + public void configureWhenOverrideAuthenticationManagerBeanThenAuthenticationManagerBeanRegistered() throws Exception { + this.spring.register(SecurityConfig.class).autowire(); + + AuthenticationManager authenticationManager = this.spring.getContext().getBean(AuthenticationManager.class); + Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user", "password")); + assertThat(authentication.isAuthenticated()).isTrue(); + } + + @EnableWebSecurity + static class SecurityConfig extends WebSecurityConfigurerAdapter { + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth + .inMemoryAuthentication() + .withUser(PasswordEncodedUser.user()); + } + + @Bean + @Override + public AuthenticationManager authenticationManagerBean() throws Exception { + return super.authenticationManagerBean(); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .antMatchers("/*").hasRole("USER") + .and() + .formLogin(); + } + } + + @Test + public void loadConfigWhenChildConfigExtendsSecurityConfigThenSecurityConfigInherited() throws Exception { + this.spring.register(ChildSecurityConfig.class).autowire(); + this.spring.getContext().getBean("springSecurityFilterChain", DebugFilter.class); + } + + @Configuration + static class ChildSecurityConfig extends DebugSecurityConfig { + } + + @EnableWebSecurity(debug=true) + static class DebugSecurityConfig extends WebSecurityConfigurerAdapter { + } + + @Test + public void configureWhenEnableWebMvcThenAuthenticationPrincipalResolvable() throws Exception { + this.spring.register(AuthenticationPrincipalConfig.class).autowire(); + + this.mockMvc.perform(get("/").with(authentication(new TestingAuthenticationToken("user1", "password")))) + .andExpect(content().string("user1")); + } + + @EnableWebSecurity + @EnableWebMvc + static class AuthenticationPrincipalConfig extends WebSecurityConfigurerAdapter { + @Override + protected void configure(HttpSecurity http) throws Exception { + } + + @RestController + static class AuthController { + + @GetMapping("/") + String principal(@AuthenticationPrincipal String principal) { + return principal; + } + } + } +}