SEC-1196: Change use of <authentication-manager> to actually register the global ProviderManager instance. This element now registers the global ProviderManager instance and must contain any authentication-provider elements (or ldap-authentication-provider elements).
This commit is contained in:
@@ -2,6 +2,7 @@ package org.springframework.security.config;
|
||||
|
||||
public abstract class ConfigTestUtils {
|
||||
public static final String AUTH_PROVIDER_XML =
|
||||
"<authentication-manager alias='authManager'>" +
|
||||
" <authentication-provider>" +
|
||||
" <user-service id='us'>" +
|
||||
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
|
||||
@@ -9,5 +10,6 @@ public abstract class ConfigTestUtils {
|
||||
" <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />" +
|
||||
" <user name='user' password='password' authorities='ROLE_USER' />" +
|
||||
" </user-service>" +
|
||||
" </authentication-provider>";
|
||||
" </authentication-provider>" +
|
||||
"</authentication-manager>";
|
||||
}
|
||||
|
||||
@@ -1,17 +1,12 @@
|
||||
package org.springframework.security.config.authentication;
|
||||
|
||||
import static org.junit.Assert.assertFalse;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException;
|
||||
import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||
import org.springframework.security.authentication.ProviderManager;
|
||||
import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
|
||||
import org.springframework.security.authentication.concurrent.SessionRegistryImpl;
|
||||
import org.springframework.security.config.BeanIds;
|
||||
import org.springframework.security.config.ConfigTestUtils;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -28,24 +23,16 @@ public class AuthenticationManagerBeanDefinitionParserTests {
|
||||
" </b:property>" +
|
||||
"</b:bean>";
|
||||
|
||||
@Test
|
||||
public void sessionControllerRefAttributeIsSupportedFor204ContextButHasNoEffect() throws Exception {
|
||||
setContext(
|
||||
"<http auto-config='true'/>" +
|
||||
SESSION_CONTROLLER +
|
||||
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
|
||||
ConfigTestUtils.AUTH_PROVIDER_XML, "2.0.4");
|
||||
ProviderManager pm = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
|
||||
assertFalse(FieldUtils.getFieldValue(pm, "sessionController") instanceof ConcurrentSessionControllerImpl);
|
||||
}
|
||||
|
||||
@Test(expected=XmlBeanDefinitionStoreException.class)
|
||||
public void sessionControllerRefAttributeIsRejectedFor30Context() throws Exception {
|
||||
setContext(
|
||||
"<http auto-config='true'/>" +
|
||||
SESSION_CONTROLLER +
|
||||
"<authentication-manager alias='authManager' session-controller-ref='sc'/>" +
|
||||
ConfigTestUtils.AUTH_PROVIDER_XML, "3.0");
|
||||
"<authentication-manager session-controller-ref='sc'>" +
|
||||
" <authentication-provider>" +
|
||||
" <user-service>" +
|
||||
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
|
||||
" </user-service>" +
|
||||
" </authentication-provider>" +
|
||||
"</authentication-manager>" + SESSION_CONTROLLER, "3.0");
|
||||
appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
|
||||
}
|
||||
|
||||
|
||||
@@ -47,7 +47,10 @@ public class AuthenticationProviderBeanDefinitionParserTests {
|
||||
|
||||
@Test
|
||||
public void externalUserServiceRefWorks() throws Exception {
|
||||
setContext(" <authentication-provider user-service-ref='myUserService' />" +
|
||||
appContext = new InMemoryXmlApplicationContext(
|
||||
" <authentication-manager>" +
|
||||
" <authentication-provider user-service-ref='myUserService' />" +
|
||||
" </authentication-manager>" +
|
||||
" <user-service id='myUserService'>" +
|
||||
" <user name='bob' password='bobspassword' authorities='ROLE_A' />" +
|
||||
" </user-service>");
|
||||
@@ -105,11 +108,14 @@ public class AuthenticationProviderBeanDefinitionParserTests {
|
||||
|
||||
@Test
|
||||
public void externalUserServicePasswordEncoderAndSaltSourceWork() throws Exception {
|
||||
setContext(" <authentication-provider user-service-ref='customUserService'>" +
|
||||
appContext = new InMemoryXmlApplicationContext(
|
||||
" <authentication-manager>" +
|
||||
" <authentication-provider user-service-ref='customUserService'>" +
|
||||
" <password-encoder ref='customPasswordEncoder'>" +
|
||||
" <salt-source ref='saltSource'/>" +
|
||||
" </password-encoder>" +
|
||||
" </authentication-provider>" +
|
||||
" </authentication-provider>" +
|
||||
" </authentication-manager>" +
|
||||
|
||||
" <b:bean id='customPasswordEncoder' " +
|
||||
"class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>" +
|
||||
@@ -132,6 +138,6 @@ public class AuthenticationProviderBeanDefinitionParserTests {
|
||||
}
|
||||
|
||||
private void setContext(String context) {
|
||||
appContext = new InMemoryXmlApplicationContext(context);
|
||||
appContext = new InMemoryXmlApplicationContext("<authentication-manager>" + context + "</authentication-manager>");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,45 +1,20 @@
|
||||
package org.springframework.security.config.authentication;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.security.authentication.ProviderManager;
|
||||
import org.springframework.security.config.BeanIds;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
|
||||
|
||||
public class CustomAuthenticationProviderBeanDefinitionDecoratorTests {
|
||||
|
||||
@Test
|
||||
public void decoratedProviderParsesSuccessfully() {
|
||||
InMemoryXmlApplicationContext ctx = new InMemoryXmlApplicationContext(
|
||||
public void decoratedProviderParsesSuccessfullyWith20Namespace() {
|
||||
new InMemoryXmlApplicationContext(
|
||||
"<b:bean class='org.springframework.security.authentication.dao.DaoAuthenticationProvider'>" +
|
||||
" <custom-authentication-provider />" +
|
||||
" <b:property name='userDetailsService' ref='us'/>" +
|
||||
"</b:bean>" +
|
||||
"</b:bean>" +
|
||||
"<user-service id='us'>" +
|
||||
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
|
||||
"</user-service>"
|
||||
);
|
||||
ProviderManager authMgr = (ProviderManager) ctx.getBean(BeanIds.AUTHENTICATION_MANAGER);
|
||||
assertEquals(1, authMgr.getProviders().size());
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void decoratedBeanAndRegisteredProviderAreTheSameObject() {
|
||||
InMemoryXmlApplicationContext ctx = new InMemoryXmlApplicationContext(
|
||||
"<b:bean id='myProvider' class='org.springframework.security.authentication.dao.DaoAuthenticationProvider'>" +
|
||||
" <custom-authentication-provider />" +
|
||||
" <b:property name='userDetailsService' ref='us'/>" +
|
||||
"</b:bean>" +
|
||||
"<user-service id='us'>" +
|
||||
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
|
||||
"</user-service>"
|
||||
);
|
||||
|
||||
ProviderManager authMgr = (ProviderManager) ctx.getBean(BeanIds.AUTHENTICATION_MANAGER);
|
||||
assertEquals(1, authMgr.getProviders().size());
|
||||
assertSame(ctx.getBean("myProvider"), authMgr.getProviders().get(0));
|
||||
"</user-service>", "2.0.4", null);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -102,9 +102,11 @@ public class JdbcUserServiceBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void isSupportedByAuthenticationProviderElement() {
|
||||
setContext(
|
||||
"<authentication-provider>" +
|
||||
"<authentication-manager>" +
|
||||
" <authentication-provider>" +
|
||||
" <jdbc-user-service data-source-ref='dataSource'/>" +
|
||||
"</authentication-provider>" + DATA_SOURCE);
|
||||
" </authentication-provider>" +
|
||||
"</authentication-manager>" + DATA_SOURCE);
|
||||
AuthenticationManager mgr = (AuthenticationManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
|
||||
mgr.authenticate(new UsernamePasswordAuthenticationToken("rod", "koala"));
|
||||
}
|
||||
@@ -112,9 +114,11 @@ public class JdbcUserServiceBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void cacheIsInjectedIntoAuthenticationProvider() {
|
||||
setContext(
|
||||
"<authentication-provider>" +
|
||||
"<authentication-manager>" +
|
||||
" <authentication-provider>" +
|
||||
" <jdbc-user-service cache-ref='userCache' data-source-ref='dataSource'/>" +
|
||||
"</authentication-provider>" + DATA_SOURCE + USER_CACHE_XML);
|
||||
" </authentication-provider>" +
|
||||
"</authentication-manager>" + DATA_SOURCE + USER_CACHE_XML);
|
||||
ProviderManager mgr = (ProviderManager) appContext.getBean(BeanIds.AUTHENTICATION_MANAGER);
|
||||
DaoAuthenticationProvider provider = (DaoAuthenticationProvider) mgr.getProviders().get(0);
|
||||
assertSame(provider.getUserCache(), appContext.getBean("userCache"));
|
||||
|
||||
@@ -605,7 +605,6 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
@Test(expected=BeanDefinitionParsingException.class)
|
||||
public void useOfExternalConcurrentSessionControllerRequiresSessionRegistryToBeSet() throws Exception {
|
||||
setContext(
|
||||
"<authentication-manager alias='authManager' />" +
|
||||
"<http auto-config='true'>" +
|
||||
" <concurrent-session-control session-controller-ref='sc' expired-url='/expired'/>" +
|
||||
"</http>" +
|
||||
@@ -619,7 +618,6 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void useOfExternalSessionControllerAndRegistryIsWiredCorrectly() throws Exception {
|
||||
setContext(
|
||||
"<authentication-manager alias='authManager' />" +
|
||||
"<http auto-config='true'>" +
|
||||
" <concurrent-session-control session-registry-ref='sr' session-controller-ref='sc' expired-url='/expired'/>" +
|
||||
"</http>" +
|
||||
@@ -756,7 +754,9 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
public void httpElementDoesntInterfereWithBeanPostProcessing() {
|
||||
setContext(
|
||||
"<http auto-config='true'/>" +
|
||||
"<authentication-provider user-service-ref='myUserService'/>" +
|
||||
"<authentication-manager>" +
|
||||
" <authentication-provider user-service-ref='myUserService'/>" +
|
||||
"</authentication-manager>" +
|
||||
"<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" +
|
||||
"<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>"
|
||||
);
|
||||
|
||||
@@ -43,7 +43,10 @@ public class LdapProviderBeanDefinitionParserTests {
|
||||
|
||||
@Test
|
||||
public void simpleProviderAuthenticatesCorrectly() {
|
||||
setContext("<ldap-server /> <ldap-authentication-provider group-search-filter='member={0}' />");
|
||||
setContext("<ldap-server />" +
|
||||
"<authentication-manager>" +
|
||||
" <ldap-authentication-provider group-search-filter='member={0}' />" +
|
||||
"</authentication-manager>");
|
||||
|
||||
LdapAuthenticationProvider provider = getProvider();
|
||||
Authentication auth = provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
|
||||
@@ -61,9 +64,11 @@ public class LdapProviderBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void supportsPasswordComparisonAuthentication() {
|
||||
setContext("<ldap-server /> " +
|
||||
"<authentication-manager>" +
|
||||
"<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
|
||||
" <password-compare />" +
|
||||
"</ldap-authentication-provider>");
|
||||
"</ldap-authentication-provider>"+
|
||||
"</authentication-manager>");
|
||||
LdapAuthenticationProvider provider = getProvider();
|
||||
provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "benspassword"));
|
||||
}
|
||||
@@ -72,9 +77,11 @@ public class LdapProviderBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void supportsPasswordComparisonAuthenticationWithHashAttribute() {
|
||||
setContext("<ldap-server /> " +
|
||||
"<authentication-manager>" +
|
||||
"<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
|
||||
" <password-compare password-attribute='uid' hash='plaintext'/>" +
|
||||
"</ldap-authentication-provider>");
|
||||
"</ldap-authentication-provider>" +
|
||||
"</authentication-manager>");
|
||||
LdapAuthenticationProvider provider = getProvider();
|
||||
provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben"));
|
||||
}
|
||||
@@ -82,11 +89,13 @@ public class LdapProviderBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void supportsPasswordComparisonAuthenticationWithPasswordEncoder() {
|
||||
setContext("<ldap-server /> " +
|
||||
"<authentication-manager>" +
|
||||
"<ldap-authentication-provider user-dn-pattern='uid={0},ou=people'>" +
|
||||
" <password-compare password-attribute='uid'>" +
|
||||
" <password-encoder hash='plaintext'/>" +
|
||||
" </password-compare>" +
|
||||
"</ldap-authentication-provider>");
|
||||
"</ldap-authentication-provider>" +
|
||||
"</authentication-manager>");
|
||||
LdapAuthenticationProvider provider = getProvider();
|
||||
provider.authenticate(new UsernamePasswordAuthenticationToken("ben", "ben"));
|
||||
}
|
||||
@@ -94,14 +103,18 @@ public class LdapProviderBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void detectsNonStandardServerId() {
|
||||
setContext("<ldap-server id='myServer'/> " +
|
||||
"<ldap-authentication-provider />");
|
||||
"<authentication-manager>" +
|
||||
" <ldap-authentication-provider />" +
|
||||
"</authentication-manager>");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void inetOrgContextMapperIsSupported() throws Exception {
|
||||
setContext(
|
||||
"<ldap-server id='someServer' url='ldap://127.0.0.1:343/dc=springframework,dc=org'/>" +
|
||||
"<ldap-authentication-provider user-details-class='inetOrgPerson'/>");
|
||||
"<authentication-manager>" +
|
||||
" <ldap-authentication-provider user-details-class='inetOrgPerson'/>" +
|
||||
"</authentication-manager>");
|
||||
LdapAuthenticationProvider provider = getProvider();
|
||||
assertTrue(FieldUtils.getFieldValue(provider, "userDetailsContextMapper") instanceof InetOrgPersonContextMapper);
|
||||
}
|
||||
|
||||
@@ -95,7 +95,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
setContext(
|
||||
"<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" +
|
||||
"<global-method-security />" +
|
||||
"<authentication-provider user-service-ref='myUserService'/>" +
|
||||
"<authentication-manager>" +
|
||||
" <authentication-provider user-service-ref='myUserService'/>" +
|
||||
"</authentication-manager>" +
|
||||
"<b:bean id='beanPostProcessor' class='org.springframework.security.config.MockUserServiceBeanPostProcessor'/>"
|
||||
);
|
||||
|
||||
@@ -113,7 +115,9 @@ public class GlobalMethodSecurityBeanDefinitionParserTests {
|
||||
"</global-method-security>" +
|
||||
"<b:bean id='myUserService' class='org.springframework.security.config.PostProcessedMockUserDetailsService'/>" +
|
||||
"<aop:aspectj-autoproxy />" +
|
||||
"<authentication-provider user-service-ref='myUserService'/>"
|
||||
"<authentication-manager>" +
|
||||
" <authentication-provider user-service-ref='myUserService'/>" +
|
||||
"</authentication-manager>"
|
||||
);
|
||||
|
||||
UserDetailsService service = (UserDetailsService) appContext.getBean("myUserService");
|
||||
|
||||
@@ -22,7 +22,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
||||
*/
|
||||
public class InterceptMethodsBeanDefinitionDecoratorTests {
|
||||
private ClassPathXmlApplicationContext appContext;
|
||||
|
||||
private TestBusinessBean target;
|
||||
|
||||
@Before
|
||||
@@ -50,13 +49,9 @@ public class InterceptMethodsBeanDefinitionDecoratorTests {
|
||||
target.unprotected();
|
||||
}
|
||||
|
||||
@Test
|
||||
@Test(expected=AuthenticationCredentialsNotFoundException.class)
|
||||
public void targetShouldPreventProtectedMethodInvocationWithNoContext() {
|
||||
try {
|
||||
target.doSomething();
|
||||
fail("Expected AuthenticationCredentialsNotFoundException");
|
||||
} catch (AuthenticationCredentialsNotFoundException expected) {
|
||||
}
|
||||
target.doSomething();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -65,20 +60,16 @@ public class InterceptMethodsBeanDefinitionDecoratorTests {
|
||||
AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
|
||||
|
||||
target.doSomething();
|
||||
}
|
||||
|
||||
@Test
|
||||
@Test(expected=AccessDeniedException.class)
|
||||
public void targetShouldPreventProtectedMethodInvocationWithIncorrectRole() {
|
||||
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("Test", "Password",
|
||||
AuthorityUtils.createAuthorityList("ROLE_SOMEOTHERROLE"));
|
||||
SecurityContextHolder.getContext().setAuthentication(token);
|
||||
|
||||
try {
|
||||
target.doSomething();
|
||||
fail("Expected AccessDeniedException");
|
||||
} catch (AccessDeniedException expected) {
|
||||
}
|
||||
target.doSomething();
|
||||
fail("Expected AccessDeniedException");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,12 +19,14 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
||||
*/
|
||||
public class MethodSecurityInterceptorWithAopConfigTests {
|
||||
static final String AUTH_PROVIDER_XML =
|
||||
"<authentication-manager>" +
|
||||
" <authentication-provider>" +
|
||||
" <user-service>" +
|
||||
" <user name='bob' password='bobspassword' authorities='ROLE_USER,ROLE_ADMIN' />" +
|
||||
" <user name='bill' password='billspassword' authorities='ROLE_USER' />" +
|
||||
" </user-service>" +
|
||||
" </authentication-provider>";
|
||||
" </authentication-provider>" +
|
||||
"</authentication-manager>";
|
||||
|
||||
static final String ACCESS_MANAGER_XML =
|
||||
"<b:bean id='accessDecisionManager' class='org.springframework.security.access.vote.AffirmativeBased'>" +
|
||||
|
||||
Reference in New Issue
Block a user