Skip to content

S
spring-boot
Commit f888567c authored by Dave Syer's avatar Dave Syer
Browse files
Options

Be defensive about Spring Security dependencies 

In particular don't assume that Spring Security Web is on the
classpath, just because Spring Security Core is.

Fixes gh-363
parent 5d591edb
Show whitespace changes
Inline Side-by-side
Showing with 41 additions and 14 deletions
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java
View file @ f888567c
......@@ -119,8 +119,9 @@ public class ManagementServerProperties implements SecurityPrequisite {
}
private static Security maybeCreateSecurity() {
return (ClassUtils.isPresent("org.springframework.security.core.Authentication",
null) ? new Security() : null);
return (ClassUtils.isPresent(
"org.springframework.security.config.http.SessionCreationPolicy", null) ? new Security()
: null);
}
}
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/security/AuthenticationAuditListener.java
View file @ f888567c
......@@ -27,6 +27,7 @@ import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent;
import org.springframework.util.ClassUtils;
/**
* {@link ApplicationListener} expose Spring Security {@link AbstractAuthenticationEvent
......@@ -39,18 +40,30 @@ public class AuthenticationAuditListener implements
private ApplicationEventPublisher publisher;
private WebAuditListener webListener = maybeCreateWebListener();
@Override
public void setApplicationEventPublisher(ApplicationEventPublisher publisher) {
this.publisher = publisher;
}
private static WebAuditListener maybeCreateWebListener() {
if (ClassUtils
.isPresent(
"org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent",
null)) {
return new WebAuditListener();
}
return null;
}
@Override
public void onApplicationEvent(AbstractAuthenticationEvent event) {
if (event instanceof AbstractAuthenticationFailureEvent) {
onAuthenticationFailureEvent((AbstractAuthenticationFailureEvent) event);
}
else if (event instanceof AuthenticationSwitchUserEvent) {
onAuthenticationSwitchUserEvent((AuthenticationSwitchUserEvent) event);
else if (this.webListener != null && this.webListener.accepts(event)) {
this.webListener.process(this, event);
}
else {
onAuthenticationEvent(event);
......@@ -65,29 +78,42 @@ public class AuthenticationAuditListener implements
"AUTHENTICATION_FAILURE", data));
}
private void onAuthenticationSwitchUserEvent(AuthenticationSwitchUserEvent event) {
private void onAuthenticationEvent(AbstractAuthenticationEvent event) {
Map<String, Object> data = new HashMap<String, Object>();
if (event.getAuthentication().getDetails() != null) {
data.put("details", event.getAuthentication().getDetails());
}
data.put("target", event.getTargetUser().getUsername());
publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_SWITCH", data));
"AUTHENTICATION_SUCCESS", data));
}
private void onAuthenticationEvent(AbstractAuthenticationEvent event) {
private void publish(AuditEvent event) {
if (this.publisher != null) {
this.publisher.publishEvent(new AuditApplicationEvent(event));
}
}
private static class WebAuditListener {
public void process(AuthenticationAuditListener listener,
AbstractAuthenticationEvent input) {
if (listener != null) {
AuthenticationSwitchUserEvent event = (AuthenticationSwitchUserEvent) input;
Map<String, Object> data = new HashMap<String, Object>();
if (event.getAuthentication().getDetails() != null) {
data.put("details", event.getAuthentication().getDetails());
}
publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_SUCCESS", data));
data.put("target", event.getTargetUser().getUsername());
listener.publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_SWITCH", data));
}
private void publish(AuditEvent event) {
if (this.publisher != null) {
this.publisher.publishEvent(new AuditApplicationEvent(event));
}
public boolean accepts(AbstractAuthenticationEvent event) {
return event instanceof AuthenticationSwitchUserEvent;
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment