use-authorization-manager defaults to true
Closes gh-11929
This commit is contained in:
@@ -108,7 +108,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
|
||||
// @formatter:off
|
||||
setContext("<b:bean class=\"org.springframework.web.servlet.handler.HandlerMappingIntrospector\" name=\"mvcHandlerMappingIntrospector\"/>" +
|
||||
"<http auto-config='true' use-expressions='false'/>"
|
||||
"<http auto-config='true' use-expressions='false' use-authorization-manager='false'/>"
|
||||
+ "<b:bean id='fsi' class='org.springframework.security.web.access.intercept.FilterSecurityInterceptor' autowire='byType'>"
|
||||
+ " <b:property name='securityMetadataSource'>"
|
||||
+ " <filter-security-metadata-source use-expressions='false'>"
|
||||
|
||||
@@ -84,6 +84,7 @@ import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.access.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
|
||||
import org.springframework.security.web.access.intercept.AuthorizationFilter;
|
||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
@@ -849,8 +850,7 @@ public class MiscHttpConfigTests {
|
||||
assertThat(filters.next()).isInstanceOf(SecurityContextHolderAwareRequestFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(AnonymousAuthenticationFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(ExceptionTranslationFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(FilterSecurityInterceptor.class)
|
||||
.hasFieldOrPropertyWithValue("observeOncePerRequest", false);
|
||||
assertThat(filters.next()).isInstanceOf(AuthorizationFilter.class);
|
||||
}
|
||||
|
||||
private <T extends Filter> T getFilter(Class<T> filterClass) {
|
||||
|
||||
@@ -99,7 +99,7 @@ public class NamespaceHttpBasicTests {
|
||||
@Test
|
||||
public void httpBasicCustomSecurityContextHolderStrategy() throws Exception {
|
||||
// @formatter:off
|
||||
loadContext("<http auto-config=\"true\" use-expressions=\"false\" security-context-holder-strategy-ref=\"ref\"/>\n"
|
||||
loadContext("<http auto-config=\"true\" use-expressions=\"false\" security-context-holder-strategy-ref=\"ref\" use-authorization-manager=\"false\"/>\n"
|
||||
+ "<authentication-manager id=\"authenticationManager\">\n"
|
||||
+ " <authentication-provider>\n"
|
||||
+ " <user-service>\n"
|
||||
|
||||
Reference in New Issue
Block a user