Set details on authentication token created by HttpServlet3RequestFactory
Currently the login mechanism when triggered by executing HttpServlet3RequestFactory#login does not set any details on the underlying authentication token that is authenticated. This change adds an AuthenticationDetailsSource on the HttpServlet3RequestFactory, which defaults to a WebAuthenticationDetailsSource. Closes gh-9579
This commit is contained in:
committed by
Steve Riesenberg
parent
be802f57ba
commit
c57fc309c2
@@ -30,6 +30,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.AuthenticationTrustResolver;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
@@ -149,6 +150,15 @@ public class ServletApiConfigurerTests {
|
||||
verify(SharedTrustResolverConfig.TR, atLeastOnce()).isAnonymous(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenSharedObjectAuthenticationDetailsSourceThenAuthenticationDetailsSourceUsed() {
|
||||
this.spring.register(SharedAuthenticationDetailsSourceConfig.class).autowire();
|
||||
SecurityContextHolderAwareRequestFilter scaFilter = getFilter(SecurityContextHolderAwareRequestFilter.class);
|
||||
AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = getFieldValue(scaFilter,
|
||||
"authenticationDetailsSource");
|
||||
assertThat(authenticationDetailsSource).isEqualTo(SharedAuthenticationDetailsSourceConfig.ADS);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenServletApiWithDefaultsInLambdaThenUsesDefaultRolePrefix() throws Exception {
|
||||
this.spring.register(ServletApiWithDefaultsInLambdaConfig.class, AdminController.class).autowire();
|
||||
@@ -321,6 +331,22 @@ public class ServletApiConfigurerTests {
|
||||
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class SharedAuthenticationDetailsSourceConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
static AuthenticationDetailsSource<HttpServletRequest, ?> ADS = spy(AuthenticationDetailsSource.class);
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) {
|
||||
// @formatter:off
|
||||
http
|
||||
.setSharedObject(AuthenticationDetailsSource.class, ADS);
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class ServletApiWithDefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user