use-authorization-manager defaults to true

Closes gh-11929
This commit is contained in:
Josh Cummings
2022-10-05 19:49:53 -06:00
parent 1aa3f1414e
commit 12b9f2e196
162 changed files with 191 additions and 105 deletions

View File

@@ -108,7 +108,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
// @formatter:off
setContext("<b:bean class=\"org.springframework.web.servlet.handler.HandlerMappingIntrospector\" name=\"mvcHandlerMappingIntrospector\"/>" +
"<http auto-config='true' use-expressions='false'/>"
"<http auto-config='true' use-expressions='false' use-authorization-manager='false'/>"
+ "<b:bean id='fsi' class='org.springframework.security.web.access.intercept.FilterSecurityInterceptor' autowire='byType'>"
+ " <b:property name='securityMetadataSource'>"
+ " <filter-security-metadata-source use-expressions='false'>"

View File

@@ -84,6 +84,7 @@ import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.intercept.AuthorizationFilter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -849,8 +850,7 @@ public class MiscHttpConfigTests {
assertThat(filters.next()).isInstanceOf(SecurityContextHolderAwareRequestFilter.class);
assertThat(filters.next()).isInstanceOf(AnonymousAuthenticationFilter.class);
assertThat(filters.next()).isInstanceOf(ExceptionTranslationFilter.class);
assertThat(filters.next()).isInstanceOf(FilterSecurityInterceptor.class)
.hasFieldOrPropertyWithValue("observeOncePerRequest", false);
assertThat(filters.next()).isInstanceOf(AuthorizationFilter.class);
}
private <T extends Filter> T getFilter(Class<T> filterClass) {

View File

@@ -99,7 +99,7 @@ public class NamespaceHttpBasicTests {
@Test
public void httpBasicCustomSecurityContextHolderStrategy() throws Exception {
// @formatter:off
loadContext("<http auto-config=\"true\" use-expressions=\"false\" security-context-holder-strategy-ref=\"ref\"/>\n"
loadContext("<http auto-config=\"true\" use-expressions=\"false\" security-context-holder-strategy-ref=\"ref\" use-authorization-manager=\"false\"/>\n"
+ "<authentication-manager id=\"authenticationManager\">\n"
+ " <authentication-provider>\n"
+ " <user-service>\n"