SEC-1466: Report error if authentication-provider element has child elements when used with "ref" attribute.

This commit is contained in:
Luke Taylor
2010-04-30 20:01:01 +01:00
parent 165cbb0d19
commit 863ccecf55
2 changed files with 21 additions and 0 deletions

View File

@@ -11,6 +11,7 @@ import org.springframework.security.config.BeanIds;
import org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser;
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.util.FieldUtils;
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
import org.springframework.context.support.AbstractXmlApplicationContext;
import org.junit.Test;
@@ -129,6 +130,20 @@ public class AuthenticationProviderBeanDefinitionParserTests {
getProvider().authenticate(bob);
}
// SEC-1466
@Test(expected=BeanDefinitionParsingException.class)
public void exernalProviderDoesNotSupportChildElements() throws Exception {
appContext = new InMemoryXmlApplicationContext(
" <authentication-manager>" +
" <authentication-provider ref='aProvider'>" +
" <password-encoder ref='customPasswordEncoder'/>" +
" </authentication-provider>" +
" </authentication-manager>" +
" <b:bean id='aProvider' class='org.springframework.security.authentication.TestingAuthenticationProvider'/>" +
" <b:bean id='customPasswordEncoder' " +
" class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>");
}
private AuthenticationProvider getProvider() {
List<AuthenticationProvider> providers =
((ProviderManager)appContext.getBean(BeanIds.AUTHENTICATION_MANAGER)).getProviders();