mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-09-03 04:26:12 +08:00
Complete restructure of security packages
Complete the restructuring of the security auto-configuration packages by removing the direct import of web configuration from the main security auto-configuration. Closes gh-14412
This commit is contained in:
Phillip Webb
parent
f835f82582
commit
29707bf75a
@ -49,7 +49,7 @@ import org.springframework.web.server.ServerWebExchange;
|
||||
* endpoint locations.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @since 2.0.0
|
||||
* @since 2.1.0
|
||||
*/
|
||||
public final class EndpointRequest {
|
||||
|
||||
|
||||
@ -28,7 +28,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
||||
import org.springframework.boot.autoconfigure.security.oauth2.client.ReactiveOAuth2ClientAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
@ -48,7 +48,7 @@ import org.springframework.security.web.server.WebFilterChainProxy;
|
||||
@ConditionalOnClass({ EnableWebFluxSecurity.class, WebFilterChainProxy.class })
|
||||
@ConditionalOnMissingBean({ SecurityWebFilterChain.class, WebFilterChainProxy.class })
|
||||
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
|
||||
@AutoConfigureBefore(ReactiveSecurityAutoConfiguration.class)
|
||||
@AutoConfigureBefore(ReactiveWebSecurityAutoConfiguration.class)
|
||||
@AutoConfigureAfter({ HealthEndpointAutoConfiguration.class,
|
||||
InfoEndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
|
||||
ReactiveOAuth2ClientAutoConfiguration.class })
|
||||
|
||||
@ -51,7 +51,7 @@ import org.springframework.web.context.WebApplicationContext;
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @author Phillip Webb
|
||||
* @since 2.0.0
|
||||
* @since 2.1.0
|
||||
*/
|
||||
public final class EndpointRequest {
|
||||
|
||||
|
||||
@ -25,9 +25,9 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.oauth2.client.web.OAuth2ClientAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.WebSecurityEnablerConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.EnableWebSecurityConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
@ -44,12 +44,12 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
||||
@ConditionalOnClass(WebSecurityConfigurerAdapter.class)
|
||||
@ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)
|
||||
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
|
||||
@AutoConfigureBefore(SecurityAutoConfiguration.class)
|
||||
@AutoConfigureBefore(ServletWebSecurityAutoConfiguration.class)
|
||||
@AutoConfigureAfter({ HealthEndpointAutoConfiguration.class,
|
||||
InfoEndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
|
||||
OAuth2ClientAutoConfiguration.class })
|
||||
@Import({ ManagementWebSecurityConfigurerAdapter.class,
|
||||
WebSecurityEnablerConfiguration.class })
|
||||
EnableWebSecurityConfiguration.class })
|
||||
public class ManagementWebSecurityAutoConfiguration {
|
||||
|
||||
}
|
||||
|
||||
@ -27,8 +27,8 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||
import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveUserDetailsServiceAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.reactive.WebFluxAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.reactive.function.client.WebClientAutoConfiguration;
|
||||
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
|
||||
@ -45,7 +45,7 @@ public class CloudFoundryReactiveHealthEndpointWebExtensionTests {
|
||||
private ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
|
||||
.withPropertyValues("VCAP_APPLICATION={}")
|
||||
.withConfiguration(AutoConfigurations.of(
|
||||
ReactiveSecurityAutoConfiguration.class,
|
||||
ReactiveWebSecurityAutoConfiguration.class,
|
||||
ReactiveUserDetailsServiceAutoConfiguration.class,
|
||||
WebFluxAutoConfiguration.class, JacksonAutoConfiguration.class,
|
||||
HttpMessageConvertersAutoConfiguration.class,
|
||||
|
||||
@ -44,8 +44,8 @@ import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||
import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveUserDetailsServiceAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.reactive.WebFluxAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.reactive.function.client.WebClientAutoConfiguration;
|
||||
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
|
||||
@ -76,7 +76,7 @@ public class ReactiveCloudFoundryActuatorAutoConfigurationTests {
|
||||
|
||||
private final ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner()
|
||||
.withConfiguration(AutoConfigurations.of(
|
||||
ReactiveSecurityAutoConfiguration.class,
|
||||
ReactiveWebSecurityAutoConfiguration.class,
|
||||
ReactiveUserDetailsServiceAutoConfiguration.class,
|
||||
WebFluxAutoConfiguration.class, JacksonAutoConfiguration.class,
|
||||
HttpMessageConvertersAutoConfiguration.class,
|
||||
|
||||
@ -39,6 +39,7 @@ import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoCon
|
||||
import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.client.RestTemplateAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
|
||||
@ -70,6 +71,7 @@ public class CloudFoundryActuatorAutoConfigurationTests {
|
||||
|
||||
private final WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
|
||||
.withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class,
|
||||
ServletWebSecurityAutoConfiguration.class,
|
||||
WebMvcAutoConfiguration.class, JacksonAutoConfiguration.class,
|
||||
DispatcherServletAutoConfiguration.class,
|
||||
HttpMessageConvertersAutoConfiguration.class,
|
||||
|
||||
@ -32,6 +32,7 @@ import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoCon
|
||||
import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
|
||||
import org.springframework.boot.test.util.TestPropertyValues;
|
||||
@ -118,7 +119,8 @@ public class ControllerEndpointWebMvcIntegrationTests {
|
||||
}
|
||||
|
||||
@Import(DefaultConfiguration.class)
|
||||
@ImportAutoConfiguration({ SecurityAutoConfiguration.class })
|
||||
@ImportAutoConfiguration({ SecurityAutoConfiguration.class,
|
||||
ServletWebSecurityAutoConfiguration.class })
|
||||
static class SecureConfiguration {
|
||||
|
||||
}
|
||||
|
||||
@ -40,6 +40,7 @@ import org.springframework.boot.autoconfigure.hateoas.HypermediaAutoConfiguratio
|
||||
import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.jackson.JacksonAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
|
||||
import org.springframework.boot.test.util.TestPropertyValues;
|
||||
@ -164,7 +165,8 @@ public class WebMvcEndpointIntegrationTests {
|
||||
}
|
||||
|
||||
@Import(DefaultConfiguration.class)
|
||||
@ImportAutoConfiguration({ SecurityAutoConfiguration.class })
|
||||
@ImportAutoConfiguration({ SecurityAutoConfiguration.class,
|
||||
ServletWebSecurityAutoConfiguration.class })
|
||||
static class SecureConfiguration {
|
||||
|
||||
}
|
||||
|
||||
@ -32,8 +32,8 @@ import org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAuto
|
||||
import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration;
|
||||
import org.springframework.boot.actuate.autoconfigure.security.web.reactive.ReactiveManagementWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveUserDetailsServiceAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext;
|
||||
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
@ -70,7 +70,7 @@ public class ReactiveManagementWebSecurityAutoConfigurationTests {
|
||||
InfoEndpointAutoConfiguration.class,
|
||||
EnvironmentEndpointAutoConfiguration.class,
|
||||
EndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
|
||||
ReactiveSecurityAutoConfiguration.class,
|
||||
ReactiveWebSecurityAutoConfiguration.class,
|
||||
ReactiveUserDetailsServiceAutoConfiguration.class,
|
||||
ReactiveManagementWebSecurityAutoConfiguration.class));
|
||||
|
||||
|
||||
@ -30,6 +30,7 @@ import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfi
|
||||
import org.springframework.boot.actuate.autoconfigure.security.web.servlet.ManagementWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext;
|
||||
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
@ -59,6 +60,7 @@ public class ManagementWebSecurityAutoConfigurationTests {
|
||||
EnvironmentEndpointAutoConfiguration.class,
|
||||
EndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class,
|
||||
SecurityAutoConfiguration.class,
|
||||
ServletWebSecurityAutoConfiguration.class,
|
||||
ManagementWebSecurityAutoConfiguration.class));
|
||||
|
||||
@Test
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.boot.autoconfigure.security.web.reactive;
|
||||
package org.springframework.boot.autoconfigure.security;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.regex.Pattern;
|
||||
@ -26,7 +26,6 @@ import org.springframework.beans.factory.ObjectProvider;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authentication.ReactiveAuthenticationManager;
|
||||
@ -38,12 +37,17 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
/**
|
||||
* Default user {@link Configuration} for a reactive web application. Configures a
|
||||
* Default user {@link Configuration} for a reactive application. Configures a
|
||||
* {@link ReactiveUserDetailsService} with a default user and generated password. This
|
||||
* backs-off completely if there is a bean of type {@link ReactiveUserDetailsService} or
|
||||
* {@link ReactiveAuthenticationManager}.
|
||||
* <p>
|
||||
* Note that the current reactive application detection mechanism is limited to web
|
||||
* applications only. If you're writing a non-web application you will currently need to
|
||||
* configure reactive security yourself.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnClass({ ReactiveAuthenticationManager.class })
|
||||
@ -19,15 +19,13 @@ package org.springframework.boot.autoconfigure.security;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.SpringBootWebSecurityConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.WebSecurityEnablerConfiguration;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.security.authentication.AuthenticationEventPublisher;
|
||||
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
|
||||
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
|
||||
|
||||
/**
|
||||
* {@link EnableAutoConfiguration Auto-configuration} for Spring Security.
|
||||
@ -35,12 +33,12 @@ import org.springframework.security.authentication.DefaultAuthenticationEventPub
|
||||
* @author Dave Syer
|
||||
* @author Andy Wilkinson
|
||||
* @author Madhura Bhave
|
||||
* @author Rob Winch
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnClass(DefaultAuthenticationEventPublisher.class)
|
||||
@EnableConfigurationProperties(SecurityProperties.class)
|
||||
@Import({ SpringBootWebSecurityConfiguration.class, WebSecurityEnablerConfiguration.class,
|
||||
SecurityDataConfiguration.class })
|
||||
public class SecurityAutoConfiguration {
|
||||
|
||||
@Bean
|
||||
@ -50,4 +48,16 @@ public class SecurityAutoConfiguration {
|
||||
return new DefaultAuthenticationEventPublisher(publisher);
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@ConditionalOnClass(SecurityEvaluationContextExtension.class)
|
||||
static class SecurityDataConfiguration {
|
||||
|
||||
@Bean
|
||||
@ConditionalOnMissingBean
|
||||
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
|
||||
return new SecurityEvaluationContextExtension();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,41 +0,0 @@
|
||||
/*
|
||||
* Copyright 2012-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.boot.autoconfigure.security;
|
||||
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
|
||||
|
||||
/**
|
||||
* Automatically adds Spring Security's integration with Spring Data.
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 1.3
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnClass(SecurityEvaluationContextExtension.class)
|
||||
public class SecurityDataConfiguration {
|
||||
|
||||
@Bean
|
||||
@ConditionalOnMissingBean
|
||||
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
|
||||
return new SecurityEvaluationContextExtension();
|
||||
}
|
||||
|
||||
}
|
||||
@ -49,6 +49,7 @@ import org.springframework.util.StringUtils;
|
||||
* @author Dave Syer
|
||||
* @author Rob Winch
|
||||
* @author Madhura Bhave
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnClass(AuthenticationManager.class)
|
||||
|
||||
@ -27,7 +27,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
||||
import org.springframework.boot.autoconfigure.condition.NoneNestedConditions;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Conditional;
|
||||
@ -49,7 +49,7 @@ import org.springframework.security.oauth2.client.web.server.ServerOAuth2Authori
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@AutoConfigureBefore(ReactiveSecurityAutoConfiguration.class)
|
||||
@AutoConfigureBefore(ReactiveWebSecurityAutoConfiguration.class)
|
||||
@EnableConfigurationProperties(OAuth2ClientProperties.class)
|
||||
@Conditional(ReactiveOAuth2ClientAutoConfiguration.NonServletApplicationCondition.class)
|
||||
@ConditionalOnClass({ Flux.class, EnableWebFluxSecurity.class, ClientRegistration.class })
|
||||
|
||||
@ -31,7 +31,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @author Phillip Webb
|
||||
* @since 2.0.0
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@AutoConfigureBefore(SecurityAutoConfiguration.class)
|
||||
|
||||
@ -33,7 +33,7 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepo
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @author Phillip Webb
|
||||
* @since 2.0.0
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnBean(ClientRegistrationRepository.class)
|
||||
|
||||
@ -19,7 +19,7 @@ import org.springframework.boot.autoconfigure.AutoConfigureBefore;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Import;
|
||||
@ -34,7 +34,7 @@ import org.springframework.security.oauth2.server.resource.BearerTokenAuthentica
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@AutoConfigureBefore(ReactiveSecurityAutoConfiguration.class)
|
||||
@AutoConfigureBefore(ReactiveWebSecurityAutoConfiguration.class)
|
||||
@EnableConfigurationProperties(OAuth2ResourceServerProperties.class)
|
||||
@ConditionalOnClass({ EnableWebFluxSecurity.class, BearerTokenAuthenticationToken.class })
|
||||
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
|
||||
|
||||
@ -18,10 +18,12 @@ package org.springframework.boot.autoconfigure.security.web.reactive;
|
||||
|
||||
import reactor.core.publisher.Flux;
|
||||
|
||||
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
@ -42,7 +44,8 @@ import org.springframework.security.web.server.WebFilterChainProxy;
|
||||
@EnableConfigurationProperties(SecurityProperties.class)
|
||||
@ConditionalOnClass({ Flux.class, EnableWebFluxSecurity.class,
|
||||
WebFilterChainProxy.class })
|
||||
public class ReactiveSecurityAutoConfiguration {
|
||||
@AutoConfigureAfter(SecurityAutoConfiguration.class)
|
||||
public class ReactiveWebSecurityAutoConfiguration {
|
||||
|
||||
@Configuration
|
||||
@ConditionalOnMissingBean(WebFilterChainProxy.class)
|
||||
@ -33,13 +33,13 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
||||
* been configured by the user, this will back-off.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @since 2.0.0
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnBean(WebSecurityConfigurerAdapter.class)
|
||||
@ConditionalOnMissingBean(name = BeanIds.SPRING_SECURITY_FILTER_CHAIN)
|
||||
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
|
||||
@EnableWebSecurity
|
||||
public class WebSecurityEnablerConfiguration {
|
||||
public class EnableWebSecurityConfiguration {
|
||||
|
||||
}
|
||||
@ -24,7 +24,7 @@ import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
|
||||
* used for Spring MVC applications.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @since 2.0.5
|
||||
* @since 2.1.0
|
||||
*/
|
||||
public class MvcRequestMatcherProvider implements RequestMatcherProvider {
|
||||
|
||||
|
||||
@ -31,7 +31,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @author Phillip Webb
|
||||
* @since 2.0.0
|
||||
* @since 2.1.0
|
||||
*/
|
||||
public final class PathRequest {
|
||||
|
||||
|
||||
@ -22,7 +22,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
* Spring Security.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @since 2.0.5
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@FunctionalInterface
|
||||
public interface RequestMatcherProvider {
|
||||
|
||||
@ -22,13 +22,14 @@ import java.util.stream.Collectors;
|
||||
import javax.servlet.DispatcherType;
|
||||
|
||||
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
|
||||
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
||||
import org.springframework.boot.autoconfigure.security.UserDetailsServiceAutoConfiguration;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
@ -46,14 +47,15 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn
|
||||
* @author Rob Winch
|
||||
* @author Phillip Webb
|
||||
* @author Andy Wilkinson
|
||||
* @since 1.3
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnWebApplication(type = Type.SERVLET)
|
||||
@EnableConfigurationProperties(SecurityProperties.class)
|
||||
@ConditionalOnClass({ AbstractSecurityWebApplicationInitializer.class,
|
||||
SessionCreationPolicy.class })
|
||||
@AutoConfigureAfter(SecurityAutoConfiguration.class)
|
||||
@AutoConfigureAfter(ServletWebSecurityAutoConfiguration.class)
|
||||
@AutoConfigureBefore(UserDetailsServiceAutoConfiguration.class)
|
||||
public class SecurityFilterAutoConfiguration {
|
||||
|
||||
private static final String DEFAULT_FILTER_NAME = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME;
|
||||
|
||||
@ -28,7 +28,7 @@ import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
|
||||
* Auto-configuration for {@link RequestMatcherProvider}.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @since 2.0.5
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnClass({ RequestMatcher.class, DispatcherServlet.class })
|
||||
|
||||
@ -0,0 +1,44 @@
|
||||
/*
|
||||
* Copyright 2012-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.boot.autoconfigure.security.web.servlet;
|
||||
|
||||
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
|
||||
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Import;
|
||||
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
|
||||
|
||||
/**
|
||||
* {@link EnableAutoConfiguration Auto-configuration} for Spring Security in a servlet web
|
||||
* application.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@EnableConfigurationProperties(SecurityProperties.class)
|
||||
@ConditionalOnClass(DefaultAuthenticationEventPublisher.class)
|
||||
@AutoConfigureAfter(SecurityAutoConfiguration.class)
|
||||
@Import({ SpringBootWebSecurityConfiguration.class,
|
||||
EnableWebSecurityConfiguration.class })
|
||||
public class ServletWebSecurityAutoConfiguration {
|
||||
|
||||
}
|
||||
@ -33,7 +33,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
|
||||
* part of the custom security configuration.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @since 2.0.0
|
||||
* @since 2.1.0
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnClass(WebSecurityConfigurerAdapter.class)
|
||||
|
||||
@ -40,7 +40,7 @@ import org.springframework.util.Assert;
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
* @author Phillip Webb
|
||||
* @since 2.0.0
|
||||
* @since 2.1.0
|
||||
* @see PathRequest
|
||||
*/
|
||||
public final class StaticResourceRequest {
|
||||
|
||||
@ -99,12 +99,13 @@ org.springframework.boot.autoconfigure.mustache.MustacheAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.quartz.QuartzAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.reactor.core.ReactorCoreAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.web.servlet.SecurityRequestMatcherProviderAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.UserDetailsServiceAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.web.servlet.SecurityRequestMatcherProviderAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.web.servlet.SecurityFilterAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.web.reactive.ReactiveSecurityAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.web.reactive.ReactiveUserDetailsServiceAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.sendgrid.SendGridAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.session.SessionAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.oauth2.client.web.OAuth2ClientAutoConfiguration,\
|
||||
|
||||
@ -14,13 +14,12 @@
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.boot.autoconfigure.security.web.reactive;
|
||||
package org.springframework.boot.autoconfigure.security;
|
||||
|
||||
import org.junit.Test;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityProperties;
|
||||
import org.springframework.boot.context.properties.EnableConfigurationProperties;
|
||||
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
@ -81,8 +80,6 @@ public class ReactiveUserDetailsServiceAutoConfigurationTests {
|
||||
this.contextRunner
|
||||
.withUserConfiguration(AuthenticationManagerConfig.class,
|
||||
TestSecurityConfiguration.class)
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
|
||||
.run((context) -> assertThat(context)
|
||||
.getBean(ReactiveUserDetailsService.class).isNull());
|
||||
}
|
||||
@ -16,10 +16,6 @@
|
||||
|
||||
package org.springframework.boot.autoconfigure.security;
|
||||
|
||||
import java.util.EnumSet;
|
||||
|
||||
import javax.servlet.DispatcherType;
|
||||
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
|
||||
@ -32,22 +28,17 @@ import org.springframework.boot.autoconfigure.orm.jpa.test.City;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.SecurityFilterAutoConfiguration;
|
||||
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
|
||||
import org.springframework.boot.test.rule.OutputCapture;
|
||||
import org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean;
|
||||
import org.springframework.boot.web.servlet.filter.OrderedFilter;
|
||||
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.orm.jpa.JpaTransactionManager;
|
||||
import org.springframework.security.authentication.AuthenticationEventPublisher;
|
||||
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.test.util.ReflectionTestUtils;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
@ -68,27 +59,6 @@ public class SecurityAutoConfigurationTests {
|
||||
@Rule
|
||||
public OutputCapture outputCapture = new OutputCapture();
|
||||
|
||||
@Test
|
||||
public void testWebConfiguration() {
|
||||
this.contextRunner.run((context) -> {
|
||||
assertThat(context.getBean(AuthenticationManagerBuilder.class)).isNotNull();
|
||||
assertThat(context.getBean(FilterChainProxy.class).getFilterChains())
|
||||
.hasSize(1);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultFilterOrderWithSecurityAdapter() {
|
||||
this.contextRunner
|
||||
.withConfiguration(AutoConfigurations.of(WebSecurity.class,
|
||||
SecurityFilterAutoConfiguration.class))
|
||||
.run((context) -> assertThat(context
|
||||
.getBean("securityFilterChainRegistration",
|
||||
DelegatingFilterProxyRegistrationBean.class)
|
||||
.getOrder()).isEqualTo(
|
||||
OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFilterIsNotRegisteredInNonWeb() {
|
||||
try (AnnotationConfigApplicationContext customContext = new AnnotationConfigApplicationContext()) {
|
||||
@ -117,30 +87,6 @@ public class SecurityAutoConfigurationTests {
|
||||
AuthenticationEventPublisherConfiguration.TestAuthenticationEventPublisher.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultFilterOrder() {
|
||||
this.contextRunner
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
|
||||
.run((context) -> assertThat(context
|
||||
.getBean("securityFilterChainRegistration",
|
||||
DelegatingFilterProxyRegistrationBean.class)
|
||||
.getOrder()).isEqualTo(
|
||||
OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCustomFilterOrder() {
|
||||
this.contextRunner
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
|
||||
.withPropertyValues("spring.security.filter.order:12345").run(
|
||||
(context) -> assertThat(context
|
||||
.getBean("securityFilterChainRegistration",
|
||||
DelegatingFilterProxyRegistrationBean.class)
|
||||
.getOrder()).isEqualTo(12345));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testJpaCoexistsHappily() {
|
||||
this.contextRunner
|
||||
@ -162,42 +108,6 @@ public class SecurityAutoConfigurationTests {
|
||||
.getBean(SecurityEvaluationContextExtension.class).isNotNull());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void defaultFilterDispatcherTypes() {
|
||||
this.contextRunner
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
|
||||
.run((context) -> {
|
||||
DelegatingFilterProxyRegistrationBean bean = context.getBean(
|
||||
"securityFilterChainRegistration",
|
||||
DelegatingFilterProxyRegistrationBean.class);
|
||||
@SuppressWarnings("unchecked")
|
||||
EnumSet<DispatcherType> dispatcherTypes = (EnumSet<DispatcherType>) ReflectionTestUtils
|
||||
.getField(bean, "dispatcherTypes");
|
||||
assertThat(dispatcherTypes).containsOnly(DispatcherType.ASYNC,
|
||||
DispatcherType.ERROR, DispatcherType.REQUEST);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void customFilterDispatcherTypes() {
|
||||
this.contextRunner
|
||||
.withPropertyValues(
|
||||
"spring.security.filter.dispatcher-types:INCLUDE,ERROR")
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
|
||||
.run((context) -> {
|
||||
DelegatingFilterProxyRegistrationBean bean = context.getBean(
|
||||
"securityFilterChainRegistration",
|
||||
DelegatingFilterProxyRegistrationBean.class);
|
||||
@SuppressWarnings("unchecked")
|
||||
EnumSet<DispatcherType> dispatcherTypes = (EnumSet<DispatcherType>) ReflectionTestUtils
|
||||
.getField(bean, "dispatcherTypes");
|
||||
assertThat(dispatcherTypes).containsOnly(DispatcherType.INCLUDE,
|
||||
DispatcherType.ERROR);
|
||||
});
|
||||
}
|
||||
|
||||
@Configuration
|
||||
@TestAutoConfigurationPackage(City.class)
|
||||
protected static class EntityConfiguration {
|
||||
|
||||
@ -19,6 +19,7 @@ package org.springframework.boot.autoconfigure.security.web.reactive;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||
import org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration;
|
||||
import org.springframework.boot.test.context.runner.ReactiveWebApplicationContextRunner;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
@ -28,11 +29,11 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.mock;
|
||||
|
||||
/**
|
||||
* Tests for {@link ReactiveSecurityAutoConfiguration}.
|
||||
* Tests for {@link ReactiveWebSecurityAutoConfiguration}.
|
||||
*
|
||||
* @author Madhura Bhave
|
||||
*/
|
||||
public class ReactiveSecurityAutoConfigurationTests {
|
||||
public class ReactiveWebSecurityAutoConfigurationTests {
|
||||
|
||||
private ReactiveWebApplicationContextRunner contextRunner = new ReactiveWebApplicationContextRunner();
|
||||
|
||||
@ -40,7 +41,7 @@ public class ReactiveSecurityAutoConfigurationTests {
|
||||
public void backsOffWhenWebFilterChainProxyBeanPresent() {
|
||||
this.contextRunner
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class))
|
||||
AutoConfigurations.of(ReactiveWebSecurityAutoConfiguration.class))
|
||||
.withUserConfiguration(WebFilterChainProxyConfiguration.class)
|
||||
.run((context) -> assertThat(context)
|
||||
.hasSingleBean(WebFilterChainProxy.class));
|
||||
@ -50,7 +51,7 @@ public class ReactiveSecurityAutoConfigurationTests {
|
||||
public void enablesWebFluxSecurity() {
|
||||
this.contextRunner
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(ReactiveSecurityAutoConfiguration.class,
|
||||
AutoConfigurations.of(ReactiveWebSecurityAutoConfiguration.class,
|
||||
ReactiveUserDetailsServiceAutoConfiguration.class))
|
||||
.run((context) -> assertThat(context).getBean(WebFilterChainProxy.class)
|
||||
.isNotNull());
|
||||
@ -82,6 +82,7 @@ public class SecurityFilterAutoConfigurationEarlyInitializationTests {
|
||||
DispatcherServletAutoConfiguration.class, SecurityAutoConfiguration.class,
|
||||
UserDetailsServiceAutoConfiguration.class,
|
||||
SecurityFilterAutoConfiguration.class,
|
||||
ServletWebSecurityAutoConfiguration.class,
|
||||
PropertyPlaceholderAutoConfiguration.class })
|
||||
static class Config {
|
||||
|
||||
|
||||
@ -56,6 +56,7 @@ public class SecurityFilterAutoConfigurationTests {
|
||||
@ImportAutoConfiguration({ WebMvcAutoConfiguration.class,
|
||||
JacksonAutoConfiguration.class, HttpMessageConvertersAutoConfiguration.class,
|
||||
DispatcherServletAutoConfiguration.class, WebSecurity.class,
|
||||
ServletWebSecurityAutoConfiguration.class,
|
||||
SecurityFilterAutoConfiguration.class,
|
||||
PropertyPlaceholderAutoConfiguration.class })
|
||||
static class Config {
|
||||
|
||||
@ -0,0 +1,131 @@
|
||||
/*
|
||||
* Copyright 2012-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.boot.autoconfigure.security.web.servlet;
|
||||
|
||||
import java.util.EnumSet;
|
||||
|
||||
import javax.servlet.DispatcherType;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import org.springframework.boot.autoconfigure.AutoConfigurations;
|
||||
import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.test.context.runner.WebApplicationContextRunner;
|
||||
import org.springframework.boot.web.servlet.DelegatingFilterProxyRegistrationBean;
|
||||
import org.springframework.boot.web.servlet.filter.OrderedFilter;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.test.util.ReflectionTestUtils;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
/**
|
||||
* Tests for {@link ServletWebSecurityAutoConfiguration}.
|
||||
*
|
||||
* @author Phillip Webb
|
||||
*/
|
||||
public class ServletWebSecurityAutoConfigurationTests {
|
||||
|
||||
private WebApplicationContextRunner contextRunner = new WebApplicationContextRunner()
|
||||
.withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class,
|
||||
ServletWebSecurityAutoConfiguration.class,
|
||||
PropertyPlaceholderAutoConfiguration.class));
|
||||
|
||||
@Test
|
||||
public void testWebConfiguration() {
|
||||
this.contextRunner.run((context) -> {
|
||||
assertThat(context.getBean(AuthenticationManagerBuilder.class)).isNotNull();
|
||||
assertThat(context.getBean(FilterChainProxy.class).getFilterChains())
|
||||
.hasSize(1);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultFilterOrderWithSecurityAdapter() {
|
||||
this.contextRunner
|
||||
.withConfiguration(AutoConfigurations.of(WebSecurity.class,
|
||||
SecurityFilterAutoConfiguration.class))
|
||||
.run((context) -> assertThat(context
|
||||
.getBean("securityFilterChainRegistration",
|
||||
DelegatingFilterProxyRegistrationBean.class)
|
||||
.getOrder()).isEqualTo(
|
||||
OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultFilterOrder() {
|
||||
this.contextRunner
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
|
||||
.run((context) -> assertThat(context
|
||||
.getBean("securityFilterChainRegistration",
|
||||
DelegatingFilterProxyRegistrationBean.class)
|
||||
.getOrder()).isEqualTo(
|
||||
OrderedFilter.REQUEST_WRAPPER_FILTER_MAX_ORDER - 100));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCustomFilterOrder() {
|
||||
this.contextRunner
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
|
||||
.withPropertyValues("spring.security.filter.order:12345").run(
|
||||
(context) -> assertThat(context
|
||||
.getBean("securityFilterChainRegistration",
|
||||
DelegatingFilterProxyRegistrationBean.class)
|
||||
.getOrder()).isEqualTo(12345));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void defaultFilterDispatcherTypes() {
|
||||
this.contextRunner
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
|
||||
.run((context) -> {
|
||||
DelegatingFilterProxyRegistrationBean bean = context.getBean(
|
||||
"securityFilterChainRegistration",
|
||||
DelegatingFilterProxyRegistrationBean.class);
|
||||
@SuppressWarnings("unchecked")
|
||||
EnumSet<DispatcherType> dispatcherTypes = (EnumSet<DispatcherType>) ReflectionTestUtils
|
||||
.getField(bean, "dispatcherTypes");
|
||||
assertThat(dispatcherTypes).containsOnly(DispatcherType.ASYNC,
|
||||
DispatcherType.ERROR, DispatcherType.REQUEST);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void customFilterDispatcherTypes() {
|
||||
this.contextRunner
|
||||
.withPropertyValues(
|
||||
"spring.security.filter.dispatcher-types:INCLUDE,ERROR")
|
||||
.withConfiguration(
|
||||
AutoConfigurations.of(SecurityFilterAutoConfiguration.class))
|
||||
.run((context) -> {
|
||||
DelegatingFilterProxyRegistrationBean bean = context.getBean(
|
||||
"securityFilterChainRegistration",
|
||||
DelegatingFilterProxyRegistrationBean.class);
|
||||
@SuppressWarnings("unchecked")
|
||||
EnumSet<DispatcherType> dispatcherTypes = (EnumSet<DispatcherType>) ReflectionTestUtils
|
||||
.getField(bean, "dispatcherTypes");
|
||||
assertThat(dispatcherTypes).containsOnly(DispatcherType.INCLUDE,
|
||||
DispatcherType.ERROR);
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
@ -29,6 +29,7 @@ import org.junit.Test;
|
||||
import org.springframework.boot.autoconfigure.context.PropertyPlaceholderAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.http.HttpMessageConvertersAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.session.SessionAutoConfiguration;
|
||||
import org.springframework.boot.testsupport.web.servlet.MockServletWebServer.RegisteredFilter;
|
||||
import org.springframework.boot.web.server.WebServerFactoryCustomizerBeanPostProcessor;
|
||||
@ -89,7 +90,7 @@ public class FilterOrderingIntegrationTests {
|
||||
this.context.register(MockWebServerConfiguration.class,
|
||||
TestSessionConfiguration.class, TestRedisConfiguration.class,
|
||||
WebMvcAutoConfiguration.class, SecurityAutoConfiguration.class,
|
||||
SessionAutoConfiguration.class,
|
||||
ServletWebSecurityAutoConfiguration.class, SessionAutoConfiguration.class,
|
||||
HttpMessageConvertersAutoConfiguration.class,
|
||||
PropertyPlaceholderAutoConfiguration.class,
|
||||
HttpEncodingAutoConfiguration.class);
|
||||
|
||||
@ -19,6 +19,7 @@ package org.springframework.boot.test.autoconfigure.web.servlet;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.UserDetailsServiceAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Import;
|
||||
|
||||
@ -30,8 +31,8 @@ import org.springframework.context.annotation.Import;
|
||||
*/
|
||||
@Configuration
|
||||
@ConditionalOnProperty(prefix = "spring.test.mockmvc", name = "secure", havingValue = "true", matchIfMissing = true)
|
||||
@Import({ SecurityAutoConfiguration.class, UserDetailsServiceAutoConfiguration.class,
|
||||
MockMvcSecurityConfiguration.class })
|
||||
@Import({ SecurityAutoConfiguration.class, ServletWebSecurityAutoConfiguration.class,
|
||||
UserDetailsServiceAutoConfiguration.class, MockMvcSecurityConfiguration.class })
|
||||
public class MockMvcSecurityAutoConfiguration {
|
||||
|
||||
}
|
||||
|
||||
@ -88,8 +88,8 @@ org.springframework.boot.autoconfigure.jsonb.JsonbAutoConfiguration
|
||||
|
||||
# AutoConfigureWebClient auto-configuration imports
|
||||
org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient=\
|
||||
org.springframework.boot.autoconfigure.security.web.reactive.ReactiveSecurityAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.web.reactive.ReactiveUserDetailsServiceAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.ReactiveUserDetailsServiceAutoConfiguration,\
|
||||
org.springframework.boot.autoconfigure.security.web.reactive.ReactiveWebSecurityAutoConfiguration,\
|
||||
org.springframework.boot.test.autoconfigure.web.reactive.WebTestClientAutoConfiguration
|
||||
|
||||
# AutoConfigureWebFlux auto-configuration imports
|
||||
|
||||
@ -18,13 +18,15 @@ package org.springframework.boot.test.autoconfigure.restdocs;
|
||||
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration;
|
||||
import org.springframework.boot.autoconfigure.security.web.servlet.ServletWebSecurityAutoConfiguration;
|
||||
|
||||
/**
|
||||
* Test application used with {@link AutoConfigureRestDocs} tests.
|
||||
*
|
||||
* @author Andy Wilkinson
|
||||
*/
|
||||
@SpringBootApplication(exclude = SecurityAutoConfiguration.class)
|
||||
@SpringBootApplication(exclude = { SecurityAutoConfiguration.class,
|
||||
ServletWebSecurityAutoConfiguration.class })
|
||||
public class RestDocsTestApplication {
|
||||
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user