Disable bean proxying in configuration classes
Fixes gh-6967
This commit is contained in:
committed by
Rob Winch
parent
371a3b9c7f
commit
1ec040e554
@@ -542,7 +542,7 @@ public class AuthenticationConfigurationTests {
|
||||
.isInstanceOf(AlreadyBuiltException.class);
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@Configuration
|
||||
static class AuthenticationConfigurationSubclass extends AuthenticationConfiguration {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -17,26 +17,30 @@ package org.springframework.security.config.annotation.authentication.configurat
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.security.config.test.SpringTestRule;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
public class EnableGlobalAuthenticationTests {
|
||||
@Autowired
|
||||
AuthenticationConfiguration auth;
|
||||
@Rule
|
||||
public final SpringTestRule spring = new SpringTestRule();
|
||||
|
||||
// gh-4086
|
||||
@Test
|
||||
public void authenticationConfigurationWhenGetAuthenticationManagerThenNotNull() throws Exception {
|
||||
this.spring.register(Config.class).autowire();
|
||||
|
||||
AuthenticationConfiguration auth = spring.getContext().getBean(AuthenticationConfiguration.class);
|
||||
|
||||
assertThat(auth.getAuthenticationManager()).isNotNull();
|
||||
}
|
||||
|
||||
@@ -50,4 +54,67 @@ public class EnableGlobalAuthenticationTests {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void enableGlobalAuthenticationWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
|
||||
this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
|
||||
|
||||
Child childBean = this.spring.getContext().getBean(Child.class);
|
||||
Parent parentBean = this.spring.getContext().getBean(Parent.class);
|
||||
|
||||
assertThat(parentBean.getChild()).isSameAs(childBean);
|
||||
}
|
||||
|
||||
@EnableGlobalAuthentication
|
||||
static class BeanProxyEnabledByDefaultConfig {
|
||||
@Bean
|
||||
public Child child() {
|
||||
return new Child();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public Parent parent() {
|
||||
return new Parent(child());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void enableGlobalAuthenticationWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
|
||||
this.spring.register(BeanProxyDisabledConfig.class).autowire();
|
||||
|
||||
Child childBean = this.spring.getContext().getBean(Child.class);
|
||||
Parent parentBean = this.spring.getContext().getBean(Parent.class);
|
||||
|
||||
assertThat(parentBean.getChild()).isNotSameAs(childBean);
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@EnableGlobalAuthentication
|
||||
static class BeanProxyDisabledConfig {
|
||||
@Bean
|
||||
public Child child() {
|
||||
return new Child();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public Parent parent() {
|
||||
return new Parent(child());
|
||||
}
|
||||
}
|
||||
|
||||
static class Parent {
|
||||
private Child child;
|
||||
|
||||
Parent(Child child) {
|
||||
this.child = child;
|
||||
}
|
||||
|
||||
public Child getChild() {
|
||||
return child;
|
||||
}
|
||||
}
|
||||
|
||||
static class Child {
|
||||
Child() {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -557,7 +557,7 @@ public class GlobalMethodSecurityConfigurationTests {
|
||||
|
||||
@Test
|
||||
public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() {
|
||||
this.spring.register(CustomMetadataSourceProxylessConfig.class).autowire();
|
||||
this.spring.register(CustomMetadataSourceBeanProxyEnabledConfig.class).autowire();
|
||||
MethodSecurityInterceptor methodInterceptor =
|
||||
(MethodSecurityInterceptor) this.spring.getContext().getBean(MethodInterceptor.class);
|
||||
MethodSecurityMetadataSource methodSecurityMetadataSource =
|
||||
@@ -567,7 +567,7 @@ public class GlobalMethodSecurityConfigurationTests {
|
||||
}
|
||||
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
public static class CustomMetadataSourceProxylessConfig extends GlobalMethodSecurityConfiguration {
|
||||
@Configuration
|
||||
public static class CustomMetadataSourceBeanProxyEnabledConfig extends GlobalMethodSecurityConfiguration {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -89,7 +89,7 @@ public class ReactiveMethodSecurityConfigurationTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingDisabled() {
|
||||
public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() {
|
||||
this.spring.register(SubclassConfig.class).autowire();
|
||||
|
||||
TestingAuthenticationToken authentication = new TestingAuthenticationToken(
|
||||
@@ -105,7 +105,7 @@ public class ReactiveMethodSecurityConfigurationTests {
|
||||
assertThat(root.hasRole("ABC")).isTrue();
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@Configuration
|
||||
static class SubclassConfig extends ReactiveMethodSecurityConfiguration {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -122,4 +122,68 @@ public class EnableWebSecurityTests {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void enableWebSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
|
||||
this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
|
||||
|
||||
Child childBean = this.spring.getContext().getBean(Child.class);
|
||||
Parent parentBean = this.spring.getContext().getBean(Parent.class);
|
||||
|
||||
assertThat(parentBean.getChild()).isSameAs(childBean);
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class BeanProxyEnabledByDefaultConfig extends WebSecurityConfigurerAdapter {
|
||||
@Bean
|
||||
public Child child() {
|
||||
return new Child();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public Parent parent() {
|
||||
return new Parent(child());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void enableWebSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
|
||||
this.spring.register(BeanProxyDisabledConfig.class).autowire();
|
||||
|
||||
Child childBean = this.spring.getContext().getBean(Child.class);
|
||||
Parent parentBean = this.spring.getContext().getBean(Parent.class);
|
||||
|
||||
assertThat(parentBean.getChild()).isNotSameAs(childBean);
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@EnableWebSecurity
|
||||
static class BeanProxyDisabledConfig extends WebSecurityConfigurerAdapter {
|
||||
@Bean
|
||||
public Child child() {
|
||||
return new Child();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public Parent parent() {
|
||||
return new Parent(child());
|
||||
}
|
||||
}
|
||||
|
||||
static class Parent {
|
||||
private Child child;
|
||||
|
||||
Parent(Child child) {
|
||||
this.child = child;
|
||||
}
|
||||
|
||||
public Child getChild() {
|
||||
return child;
|
||||
}
|
||||
}
|
||||
|
||||
static class Child {
|
||||
Child() {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -406,7 +406,7 @@ public class WebSecurityConfigurationTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadConfigWhenProxyingDisabledAndSubclassThenFilterChainsCreated() {
|
||||
public void loadConfigWhenBeanProxyingEnabledAndSubclassThenFilterChainsCreated() {
|
||||
this.spring.register(GlobalAuthenticationWebSecurityConfigurerAdaptersConfig.class, SubclassConfig.class).autowire();
|
||||
|
||||
FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
|
||||
@@ -415,7 +415,7 @@ public class WebSecurityConfigurationTests {
|
||||
assertThat(filterChains).hasSize(4);
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@Configuration
|
||||
static class SubclassConfig extends WebSecurityConfiguration {
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -22,6 +22,7 @@ import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
@@ -367,4 +368,70 @@ public class EnableWebFluxSecurityTests {
|
||||
buffer.write(body.getBytes(StandardCharsets.UTF_8));
|
||||
return buffer;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void enableWebFluxSecurityWhenNoConfigurationAnnotationThenBeanProxyingEnabled() {
|
||||
this.spring.register(BeanProxyEnabledByDefaultConfig.class).autowire();
|
||||
|
||||
Child childBean = this.spring.getContext().getBean(Child.class);
|
||||
Parent parentBean = this.spring.getContext().getBean(Parent.class);
|
||||
|
||||
assertThat(parentBean.getChild()).isSameAs(childBean);
|
||||
}
|
||||
|
||||
@EnableWebFluxSecurity
|
||||
@Import(ReactiveAuthenticationTestConfiguration.class)
|
||||
static class BeanProxyEnabledByDefaultConfig {
|
||||
@Bean
|
||||
public Child child() {
|
||||
return new Child();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public Parent parent() {
|
||||
return new Parent(child());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void enableWebFluxSecurityWhenProxyBeanMethodsFalseThenBeanProxyingDisabled() {
|
||||
this.spring.register(BeanProxyDisabledConfig.class).autowire();
|
||||
|
||||
Child childBean = this.spring.getContext().getBean(Child.class);
|
||||
Parent parentBean = this.spring.getContext().getBean(Parent.class);
|
||||
|
||||
assertThat(parentBean.getChild()).isNotSameAs(childBean);
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@EnableWebFluxSecurity
|
||||
@Import(ReactiveAuthenticationTestConfiguration.class)
|
||||
static class BeanProxyDisabledConfig {
|
||||
@Bean
|
||||
public Child child() {
|
||||
return new Child();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public Parent parent() {
|
||||
return new Parent(child());
|
||||
}
|
||||
}
|
||||
|
||||
static class Parent {
|
||||
private Child child;
|
||||
|
||||
Parent(Child child) {
|
||||
this.child = child;
|
||||
}
|
||||
|
||||
public Child getChild() {
|
||||
return child;
|
||||
}
|
||||
}
|
||||
|
||||
static class Child {
|
||||
Child() {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ public class ServerHttpSecurityConfigurationTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadConfigWhenProxyingDisabledAndSubclassThenServerHttpSecurityExists() {
|
||||
public void loadConfigWhenProxyingEnabledAndSubclassThenServerHttpSecurityExists() {
|
||||
this.spring.register(SubclassConfig.class, ReactiveAuthenticationTestConfiguration.class,
|
||||
WebFluxSecurityConfiguration.class).autowire();
|
||||
ServerHttpSecurity serverHttpSecurity = this.spring.getContext().getBean(ServerHttpSecurity.class);
|
||||
@@ -52,7 +52,7 @@ public class ServerHttpSecurityConfigurationTest {
|
||||
assertThat(serverHttpSecurity).isNotNull();
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@Configuration
|
||||
static class SubclassConfig extends ServerHttpSecurityConfiguration {
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ public class WebFluxSecurityConfigurationTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadConfigWhenProxyingDisabledAndSubclassThenWebFilterChainProxyExists() {
|
||||
public void loadConfigWhenBeanProxyingEnabledAndSubclassThenWebFilterChainProxyExists() {
|
||||
this.spring.register(ServerHttpSecurityConfiguration.class, ReactiveAuthenticationTestConfiguration.class,
|
||||
WebFluxSecurityConfigurationTests.SubclassConfig.class).autowire();
|
||||
WebFilterChainProxy webFilterChainProxy = this.spring.getContext().getBean(WebFilterChainProxy.class);
|
||||
@@ -52,7 +52,7 @@ public class WebFluxSecurityConfigurationTests {
|
||||
assertThat(webFilterChainProxy).isNotNull();
|
||||
}
|
||||
|
||||
@Configuration(proxyBeanMethods = false)
|
||||
@Configuration
|
||||
static class SubclassConfig extends WebFluxSecurityConfiguration {
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user