Fix configureGlobal on SpringBootApplication

Fixes gh-2473

Fix configureGlobal on SpringBootApplication
Fixes gh-2473
f9816ead · Rob Winch · Dave Syer · e42fa79f · f9816ead · f9816ead
Commit f9816ead authored Feb 10, 2015 by Rob Winch Committed by Dave Syer Feb 18, 2015
7 changed files
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/BootGlobalAuthenticationConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/BootGlobalAuthenticationConfiguration.java
+/*
+ * Copyright 2012-2015 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.boot.autoconfigure.security;
+
+import java.util.Map;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
+
+/**
+ * This works with the {@link AuthenticationConfiguration} to ensure that users are able to use:
+ *
+ * <pre>
+ * public void configureGlobal(AuthenticationManagerBuilder auth) {
+ *     ...
+ * }
+ * </pre>
+ *
+ * within their classes annotated with {{@EnableAutoConfiguration}} or use {{@SpringBootApplication}}.
+ *
+ * @author Rob Winch
+ */
+@Configuration
+@ConditionalOnClass(GlobalAuthenticationConfigurerAdapter.class)
+public class BootGlobalAuthenticationConfiguration {
+
+	@Bean
+	public static BootGlobalAuthenticationConfigurationAdapter bootGlobalAuthenticationConfigurationAdapter(ApplicationContext context) {
+		return new BootGlobalAuthenticationConfigurationAdapter(context);
+	}
+
+	private static class BootGlobalAuthenticationConfigurationAdapter extends GlobalAuthenticationConfigurerAdapter {
+		private final ApplicationContext context;
+		private static final Log logger = LogFactory.getLog(BootGlobalAuthenticationConfiguration.class);
+
+		public BootGlobalAuthenticationConfigurationAdapter(ApplicationContext context) {
+			this.context = context;
+		}
+
+		@Override
+		public void init(AuthenticationManagerBuilder auth) {
+			Map<String, Object> beansWithAnnotation = context.getBeansWithAnnotation(EnableAutoConfiguration.class);
+			if(logger.isDebugEnabled()) {
+				logger.debug("Eagerly initializing " + beansWithAnnotation);
+			}
+		}
+	}
+}
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfiguration.java
 /*
- * Copyright 2012-2014 the original author or authors.
+ * Copyright 2012-2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -49,7 +49,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 		GlobalAuthenticationConfigurerAdapter.class })
 @EnableConfigurationProperties
 @Import({ SpringBootWebSecurityConfiguration.class,
-		AuthenticationManagerConfiguration.class })
+		AuthenticationManagerConfiguration.class,
+		BootGlobalAuthenticationConfiguration.class})
 public class SecurityAutoConfiguration {

 	@Bean

--- a/spring-boot-full-build/pom.xml
+++ b/spring-boot-full-build/pom.xml
@@ -57,6 +57,7 @@
 		<module>../spring-boot-samples</module>
 		<module>../spring-boot-deployment-tests</module>
 		<module>../spring-boot-integration-tests</module>
+		<module>../spring-boot-security-tests</module>
 		<module>../spring-boot-docs</module>
 	</modules>
 	<profiles>

--- a/spring-boot-security-tests/pom.xml
+++ b/spring-boot-security-tests/pom.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-parent</artifactId>
+		<version>1.2.2.BUILD-SNAPSHOT</version>
+		<relativePath>../spring-boot-parent</relativePath>
+	</parent>
+	<artifactId>spring-boot-security-tests</artifactId>
+	<packaging>pom</packaging>
+	<name>Spring Boot Security Tests</name>
+	<description>${project.name}</description>
+	<url>http://projects.spring.io/spring-boot/</url>
+	<organization>
+		<name>Pivotal Software, Inc.</name>
+		<url>http://www.spring.io</url>
+	</organization>
+	<modules>
+		<module>spring-boot-security-tests-web-helloworld</module>
+	</modules>
+</project>
--- a/spring-boot-security-tests/spring-boot-security-tests-web-helloworld/pom.xml
+++ b/spring-boot-security-tests/spring-boot-security-tests-web-helloworld/pom.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-security-tests</artifactId>
+		<version>1.2.2.BUILD-SNAPSHOT</version>
+		<relativePath>../</relativePath>
+	</parent>
+	<artifactId>spring-boot-security-tests-web-helloworld</artifactId>
+	<name>Spring Boot Security Tests - Web Basic</name>
+	<description>${project.name}</description>
+	<url>http://projects.spring.io/spring-boot/</url>
+	<organization>
+		<name>Pivotal Software, Inc.</name>
+		<url>http://www.spring.io</url>
+	</organization>
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+	</dependencies>
+</project>
--- a/spring-boot-security-tests/spring-boot-security-tests-web-helloworld/src/main/java/sample/HelloWebSecurityApplication.java
+++ b/spring-boot-security-tests/spring-boot-security-tests-web-helloworld/src/main/java/sample/HelloWebSecurityApplication.java
+/*
+ * Copyright 2012-2015 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package sample;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+
+@SpringBootApplication
+public class HelloWebSecurityApplication {
+
+	@Autowired
+	public void configureGlobal(AuthenticationManagerBuilder auth)
+			throws Exception {
+		// @formatter:off
+		auth
+			.inMemoryAuthentication()
+				.withUser("user").password("password").roles("USER");
+		// @formatter:on
+	}
+
+	public static void main(String[] args) {
+		SpringApplication.run(HelloWebSecurityApplication.class, args);
+	}
+}
\ No newline at end of file
--- a/spring-boot-security-tests/spring-boot-security-tests-web-helloworld/src/test/java/sample/HelloWebSecurityApplicationTests.java
+++ b/spring-boot-security-tests/spring-boot-security-tests-web-helloworld/src/test/java/sample/HelloWebSecurityApplicationTests.java
+/*
+ * Copyright 2012-2015 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package sample;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.SpringApplicationConfiguration;
+import org.springframework.boot.test.WebIntegrationTest;
+import org.springframework.mock.web.MockFilterChain;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.crypto.codec.Base64;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import static org.hamcrest.Matchers.*;
+import static org.junit.Assert.assertThat;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@SpringApplicationConfiguration(classes = HelloWebSecurityApplication.class)
+@WebIntegrationTest(randomPort = true)
+public class HelloWebSecurityApplicationTests {
+	@Autowired
+	FilterChainProxy springSecurityFilterChain;
+
+	MockHttpServletRequest request;
+
+	MockHttpServletResponse response;
+
+	MockFilterChain chain;
+
+	@Before
+	public void setup() {
+		request = new MockHttpServletRequest();
+		response = new MockHttpServletResponse();
+		chain = new MockFilterChain();
+	}
+
+	@Test
+	public void requiresAuthentication() throws Exception {
+		springSecurityFilterChain.doFilter(request, response, chain);
+
+		assertThat(response.getStatus(), equalTo(HttpServletResponse.SC_UNAUTHORIZED));
+	}
+
+
+	@Test
+	public void userAuthenticates() throws Exception {
+		request.addHeader("Authorization", "Basic " + new String(Base64.encode("user:password".getBytes("UTF-8"))));
+
+		springSecurityFilterChain.doFilter(request, response, chain);
+
+		assertThat(response.getStatus(), equalTo(HttpServletResponse.SC_OK));
+	}
+}