SEC-1466: Report error if authentication-provider element has child elements when used with "ref" attribute.
This commit is contained in:
@@ -11,6 +11,7 @@ import org.springframework.security.config.BeanIds;
|
||||
import org.springframework.security.config.authentication.AuthenticationProviderBeanDefinitionParser;
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||
import org.springframework.security.util.FieldUtils;
|
||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
|
||||
import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||
|
||||
import org.junit.Test;
|
||||
@@ -129,6 +130,20 @@ public class AuthenticationProviderBeanDefinitionParserTests {
|
||||
getProvider().authenticate(bob);
|
||||
}
|
||||
|
||||
// SEC-1466
|
||||
@Test(expected=BeanDefinitionParsingException.class)
|
||||
public void exernalProviderDoesNotSupportChildElements() throws Exception {
|
||||
appContext = new InMemoryXmlApplicationContext(
|
||||
" <authentication-manager>" +
|
||||
" <authentication-provider ref='aProvider'>" +
|
||||
" <password-encoder ref='customPasswordEncoder'/>" +
|
||||
" </authentication-provider>" +
|
||||
" </authentication-manager>" +
|
||||
" <b:bean id='aProvider' class='org.springframework.security.authentication.TestingAuthenticationProvider'/>" +
|
||||
" <b:bean id='customPasswordEncoder' " +
|
||||
" class='org.springframework.security.authentication.encoding.Md5PasswordEncoder'/>");
|
||||
}
|
||||
|
||||
private AuthenticationProvider getProvider() {
|
||||
List<AuthenticationProvider> providers =
|
||||
((ProviderManager)appContext.getBean(BeanIds.AUTHENTICATION_MANAGER)).getProviders();
|
||||
|
||||
Reference in New Issue
Block a user