Defer Anonymous Filter Construction

By delaying when the AnonymousAuthenticationFilter is constructed,
it's now possible to call the principal and filter methods inside
of a custom DSL implementation.

This does not extend to setting the key or the authentication provider
though, as these must be set during the init phase.

Closes gh-14941
This commit is contained in:
Josh Cummings
2024-04-24 16:34:08 -06:00
parent 82ea0850ff
commit 664dfd9b45
2 changed files with 50 additions and 10 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -94,6 +94,13 @@ public class AnonymousConfigurerTests {
this.mockMvc.perform(get("/")).andExpect(status().isOk());
}
// gh-14941
@Test
public void shouldReturnMyCustomAnonymousConfig() throws Exception {
this.spring.register(AnonymousInCustomConfigurer.class, PrincipalController.class).autowire();
this.mockMvc.perform(get("/")).andExpect(status().isOk()).andExpect(content().string("myAnonymousUser"));
}
@Configuration
@EnableWebSecurity
@EnableWebMvc
@@ -181,6 +188,32 @@ public class AnonymousConfigurerTests {
}
@Configuration
@EnableWebMvc
@EnableWebSecurity
static class AnonymousInCustomConfigurer {
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll())
.with(new CustomDsl(), withDefaults());
// @formatter:on
return http.build();
}
static class CustomDsl extends AbstractHttpConfigurer<CustomDsl, HttpSecurity> {
@Override
public void init(HttpSecurity http) throws Exception {
http.anonymous((anonymous) -> anonymous.principal("myAnonymousUser"));
}
}
}
@RestController
static class PrincipalController {