DaoAuthenticationProvider uses DelegatingPasswordEncoder

This means that passwords will be encoded with BCrypt by default

Fixes: gh-2775
This commit is contained in:
Rob Winch
2017-10-23 13:35:42 -05:00
parent d19b222b55
commit 8291f20796
40 changed files with 197 additions and 150 deletions

View File

@@ -19,10 +19,10 @@ public abstract class ConfigTestUtils {
public static final String AUTH_PROVIDER_XML = "<authentication-manager alias='authManager'>"
+ " <authentication-provider>"
+ " <user-service id='us'>"
+ " <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />"
+ " <user name='bill' password='billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />"
+ " <user name='admin' password='password' authorities='ROLE_ADMIN,ROLE_USER' />"
+ " <user name='user' password='password' authorities='ROLE_USER' />"
+ " <user name='bob' password='{noop}bobspassword' authorities='ROLE_A,ROLE_B' />"
+ " <user name='bill' password='{noop}billspassword' authorities='ROLE_A,ROLE_B,AUTH_OTHER' />"
+ " <user name='admin' password='{noop}password' authorities='ROLE_ADMIN,ROLE_USER' />"
+ " <user name='user' password='{noop}password' authorities='ROLE_USER' />"
+ " </user-service>"
+ " </authentication-provider>"
+ "</authentication-manager>";

View File

@@ -46,13 +46,13 @@ public class DataSourcePopulator implements InitializingBean {
* is disabled) Encoded password for bill is "wombat" Encoded password for bob is
* "wombat" Encoded password for jane is "wombat"
*/
template.execute("INSERT INTO USERS VALUES('rod','koala',TRUE);");
template.execute("INSERT INTO USERS VALUES('dianne','65d15fe9156f9c4bbffd98085992a44e',TRUE);");
template.execute("INSERT INTO USERS VALUES('scott','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('peter','22b5c9accc6e1ba628cedc63a72d57f8',FALSE);");
template.execute("INSERT INTO USERS VALUES('bill','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('bob','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('jane','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('rod','{noop}koala',TRUE);");
template.execute("INSERT INTO USERS VALUES('dianne','{MD5}65d15fe9156f9c4bbffd98085992a44e',TRUE);");
template.execute("INSERT INTO USERS VALUES('scott','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('peter','{MD5}22b5c9accc6e1ba628cedc63a72d57f8',FALSE);");
template.execute("INSERT INTO USERS VALUES('bill','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('bob','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO USERS VALUES('jane','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);");
template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');");
template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');");
template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');");

View File

@@ -45,6 +45,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.core.userdetails.PasswordEncodedUser;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.csrf.CsrfToken;
@@ -126,7 +127,7 @@ public class SessionManagementConfigurerServlet31Tests {
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
.withUser(PasswordEncodedUser.user());
}
// @formatter:on
}

View File

@@ -32,6 +32,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.PasswordEncodedUser;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.FilterChainProxy;
@@ -66,9 +67,7 @@ public class AuthenticationConfigurationGh3935Tests {
public void delegateUsesExisitingAuthentication() {
String username = "user";
String password = "password";
User user = new User(username, password,
AuthorityUtils.createAuthorityList("ROLE_USER"));
when(this.uds.loadUserByUsername(username)).thenReturn(user);
when(this.uds.loadUserByUsername(username)).thenReturn(PasswordEncodedUser.user());
AuthenticationManager authenticationManager = this.adapter.authenticationManager;
assertThat(authenticationManager).isNotNull();
@@ -77,7 +76,7 @@ public class AuthenticationConfigurationGh3935Tests {
new UsernamePasswordAuthenticationToken(username, password));
verify(this.uds).loadUserByUsername(username);
assertThat(auth.getPrincipal()).isEqualTo(user);
assertThat(auth.getPrincipal()).isEqualTo(PasswordEncodedUser.user());
}
@EnableWebSecurity

View File

@@ -39,7 +39,7 @@ public class AuthenticationManagerBeanDefinitionParserTests {
private static final String CONTEXT = "<authentication-manager id='am'>"
+ " <authentication-provider>"
+ " <user-service>"
+ " <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />"
+ " <user name='bob' password='{noop}bobspassword' authorities='ROLE_A,ROLE_B' />"
+ " </user-service>" + " </authentication-provider>"
+ "</authentication-manager>";
private AbstractXmlApplicationContext appContext;

View File

@@ -51,7 +51,7 @@ public class AuthenticationProviderBeanDefinitionParserTests {
public void worksWithEmbeddedUserService() {
setContext(" <authentication-provider>"
+ " <user-service>"
+ " <user name='bob' password='bobspassword' authorities='ROLE_A' />"
+ " <user name='bob' password='{noop}bobspassword' authorities='ROLE_A' />"
+ " </user-service>" + " </authentication-provider>");
getProvider().authenticate(bob);
}
@@ -63,7 +63,7 @@ public class AuthenticationProviderBeanDefinitionParserTests {
+ " <authentication-provider user-service-ref='myUserService' />"
+ " </authentication-manager>"
+ " <user-service id='myUserService'>"
+ " <user name='bob' password='bobspassword' authorities='ROLE_A' />"
+ " <user name='bob' password='{noop}bobspassword' authorities='ROLE_A' />"
+ " </user-service>");
getProvider().authenticate(bob);
}

View File

@@ -56,7 +56,7 @@ import org.springframework.util.ReflectionUtils;
public class SessionManagementConfigServlet31Tests {
private static final String XML_AUTHENTICATION_MANAGER = "<authentication-manager>"
+ " <authentication-provider>" + " <user-service>"
+ " <user name='user' password='password' authorities='ROLE_USER' />"
+ " <user name='user' password='{noop}password' authorities='ROLE_USER' />"
+ " </user-service>" + " </authentication-provider>"
+ "</authentication-manager>";