diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
index 917436c93e..2b186f8b6a 100644
--- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
@@ -564,10 +564,10 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
String regex = x509Elt.getAttribute("subject-principal-regex");
if (StringUtils.hasText(regex)) {
- SubjectDnX509PrincipalExtractor extractor = new SubjectDnX509PrincipalExtractor();
- extractor.setSubjectDnRegex(regex);
+ BeanDefinitionBuilder extractor = BeanDefinitionBuilder.rootBeanDefinition(SubjectDnX509PrincipalExtractor.class);
+ extractor.addPropertyValue("subjectDnRegex", regex);
- filterBuilder.addPropertyValue("principalExtractor", extractor);
+ filterBuilder.addPropertyValue("principalExtractor", extractor.getBeanDefinition());
}
filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
entryPoint = new RootBeanDefinition(Http403ForbiddenEntryPoint.class);
diff --git a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
index e516bc4d49..d08dbf9cb4 100644
--- a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
@@ -10,6 +10,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.ArrayList;
+import java.util.regex.Pattern;
import javax.servlet.Filter;
@@ -60,6 +61,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
+import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
@@ -560,6 +562,33 @@ public class HttpSecurityBeanDefinitionParserTests {
assertTrue(filters.get(2) instanceof X509PreAuthenticatedProcessingFilter);
}
+ @Test
+ public void x509SubjectPrincipalRegexCanBeSetUsingPropertyPlaceholder() throws Exception {
+ System.setProperty("subject-principal-regex", "uid=(.*),");
+ setContext(
+ "" +
+ "" +
+ " " +
+ "" + AUTH_PROVIDER_XML);
+ List filters = getFilters("/someurl");
+
+ X509PreAuthenticatedProcessingFilter filter = (X509PreAuthenticatedProcessingFilter) filters.get(2);
+ SubjectDnX509PrincipalExtractor pe = (SubjectDnX509PrincipalExtractor) FieldUtils.getFieldValue(filter, "principalExtractor");
+ Pattern p = (Pattern) FieldUtils.getFieldValue(pe, "subjectDnPattern");
+ assertEquals("uid=(.*),", p.pattern());
+ }
+
+ @Test
+ public void x() throws Exception {
+ setContext(
+ "" +
+ " " +
+ "" + AUTH_PROVIDER_XML);
+ List filters = getFilters("/someurl");
+
+ assertTrue(filters.get(2) instanceof X509PreAuthenticatedProcessingFilter);
+ }
+
@Test
public void concurrentSessionSupportAddsFilterAndExpectedBeans() throws Exception {
setContext(