mirror of
https://github.com/spring-projects/spring-boot.git
synced 2024-07-05 00:56:58 +08:00
[bs-129] Split up SecurityConfiguration and makes bits of it optional
* Added security.basic.* and security.sessions * Also security.enabled (so you can switch it off on command line) [Fixes #50181269]
This commit is contained in:
parent
e649ef44cc
commit
514cf3dcc1
@ -17,7 +17,7 @@
|
||||
package org.springframework.bootstrap.actuate.autoconfigure;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.bootstrap.actuate.properties.EndpointsProperties;
|
||||
import org.springframework.bootstrap.actuate.properties.SecurityProperties;
|
||||
import org.springframework.bootstrap.context.annotation.ConditionalOnClass;
|
||||
import org.springframework.bootstrap.context.annotation.ConditionalOnMissingBean;
|
||||
@ -33,6 +33,8 @@ import org.springframework.security.config.annotation.web.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.HttpConfiguration;
|
||||
import org.springframework.security.config.annotation.web.WebSecurityConfiguration;
|
||||
import org.springframework.security.config.annotation.web.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
|
||||
|
||||
/**
|
||||
* @author Dave Syer
|
||||
@ -57,30 +59,43 @@ public class SecurityConfiguration {
|
||||
private static class BoostrapWebSecurityConfigurerAdapter extends
|
||||
WebSecurityConfigurerAdapter {
|
||||
|
||||
@Value("${endpoints.health.path:/health}")
|
||||
private String healthPath = "/health";
|
||||
|
||||
@Value("${endpoints.info.path:/info}")
|
||||
private String infoPath = "/info";
|
||||
|
||||
@Autowired
|
||||
private SecurityProperties security;
|
||||
|
||||
@Autowired
|
||||
private EndpointsProperties endpoints;
|
||||
|
||||
@Autowired
|
||||
private AuthenticationEventPublisher authenticationEventPublisher;
|
||||
|
||||
@Override
|
||||
protected void configure(HttpConfiguration http) throws Exception {
|
||||
http.antMatcher("/**").httpBasic().and().anonymous().disable();
|
||||
if (this.security.isRequireSsl()) {
|
||||
http.requiresChannel().antMatchers("/**").requiresSecure();
|
||||
}
|
||||
http.authorizeUrls().antMatchers("/**").hasRole("USER");
|
||||
if (this.security.getBasic().isEnabled()) {
|
||||
http.authenticationEntryPoint(entryPoint())
|
||||
.antMatcher(this.security.getBasic().getPath()).httpBasic()
|
||||
.authenticationEntryPoint(entryPoint()).and().anonymous()
|
||||
.disable();
|
||||
http.authorizeUrls().antMatchers("/**")
|
||||
.hasRole(this.security.getBasic().getRole());
|
||||
}
|
||||
// No cookies for service endpoints by default
|
||||
http.sessionManagement().sessionCreationPolicy(this.security.getSessions());
|
||||
}
|
||||
|
||||
private AuthenticationEntryPoint entryPoint() {
|
||||
BasicAuthenticationEntryPoint entryPoint = new BasicAuthenticationEntryPoint();
|
||||
entryPoint.setRealmName(this.security.getBasic().getRealm());
|
||||
return entryPoint;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configure(WebSecurityConfiguration builder) throws Exception {
|
||||
builder.ignoring().antMatchers(this.healthPath, this.infoPath);
|
||||
builder.ignoring().antMatchers(this.endpoints.getHealth().getPath(),
|
||||
this.endpoints.getInfo().getPath(),
|
||||
this.endpoints.getError().getPath());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -17,9 +17,10 @@
|
||||
package org.springframework.bootstrap.actuate.properties;
|
||||
|
||||
import org.springframework.bootstrap.context.annotation.ConfigurationProperties;
|
||||
import org.springframework.security.config.annotation.web.SessionCreationPolicy;
|
||||
|
||||
/**
|
||||
* Properties for the security aspects of the service.
|
||||
* Properties for the security aspects of an application.
|
||||
*
|
||||
* @author Dave Syer
|
||||
*/
|
||||
@ -28,11 +29,76 @@ public class SecurityProperties {
|
||||
|
||||
private boolean requireSsl;
|
||||
|
||||
private Basic basic = new Basic();
|
||||
|
||||
private SessionCreationPolicy sessions = SessionCreationPolicy.stateless;
|
||||
|
||||
public SessionCreationPolicy getSessions() {
|
||||
return this.sessions;
|
||||
}
|
||||
|
||||
public void setSessions(SessionCreationPolicy sessions) {
|
||||
this.sessions = sessions;
|
||||
}
|
||||
|
||||
public Basic getBasic() {
|
||||
return this.basic;
|
||||
}
|
||||
|
||||
public void setBasic(Basic basic) {
|
||||
this.basic = basic;
|
||||
}
|
||||
|
||||
public boolean isRequireSsl() {
|
||||
return requireSsl;
|
||||
return this.requireSsl;
|
||||
}
|
||||
|
||||
public void setRequireSsl(boolean requireSsl) {
|
||||
this.requireSsl = requireSsl;
|
||||
}
|
||||
|
||||
public static class Basic {
|
||||
|
||||
private boolean enabled = true;
|
||||
|
||||
private String realm = "Spring";
|
||||
|
||||
private String path = "/**";
|
||||
|
||||
private String role = "USER";
|
||||
|
||||
public boolean isEnabled() {
|
||||
return this.enabled;
|
||||
}
|
||||
|
||||
public void setEnabled(boolean enabled) {
|
||||
this.enabled = enabled;
|
||||
}
|
||||
|
||||
public String getRealm() {
|
||||
return this.realm;
|
||||
}
|
||||
|
||||
public void setRealm(String realm) {
|
||||
this.realm = realm;
|
||||
}
|
||||
|
||||
public String getPath() {
|
||||
return this.path;
|
||||
}
|
||||
|
||||
public void setPath(String path) {
|
||||
this.path = path;
|
||||
}
|
||||
|
||||
public String getRole() {
|
||||
return this.role;
|
||||
}
|
||||
|
||||
public void setRole(String role) {
|
||||
this.role = role;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -4,3 +4,4 @@ handlers = java.util.logging.ConsoleHandler
|
||||
java.util.logging.ConsoleHandler.level = FINE
|
||||
sun.net.www.protocol.http.HttpURLConnection.level = ALL
|
||||
org.springframework.bootstrap.level = ALL
|
||||
org.springframework.security.level = ALL
|
||||
|
@ -1,4 +1,4 @@
|
||||
package org.springframework.bootstrap.sample.service;
|
||||
package org.springframework.bootstrap.sample.test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
@ -13,6 +13,7 @@ import org.junit.After;
|
||||
import org.junit.Test;
|
||||
import org.springframework.bootstrap.SpringApplication;
|
||||
import org.springframework.bootstrap.actuate.properties.EndpointsProperties;
|
||||
import org.springframework.bootstrap.sample.service.ServiceBootstrapApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
@ -1,4 +1,4 @@
|
||||
package org.springframework.bootstrap.sample.service;
|
||||
package org.springframework.bootstrap.sample.test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
@ -13,6 +13,7 @@ import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.bootstrap.SpringApplication;
|
||||
import org.springframework.bootstrap.sample.service.ServiceBootstrapApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpRequest;
|
||||
import org.springframework.http.HttpStatus;
|
@ -1,4 +1,4 @@
|
||||
package org.springframework.bootstrap.sample.service;
|
||||
package org.springframework.bootstrap.sample.test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
@ -11,6 +11,7 @@ import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.bootstrap.SpringApplication;
|
||||
import org.springframework.bootstrap.sample.service.ServiceBootstrapApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
@ -61,7 +62,7 @@ public class ManagementServiceBootstrapApplicationTests {
|
||||
@SuppressWarnings("rawtypes")
|
||||
ResponseEntity<Map> entity = getRestTemplate().getForEntity(
|
||||
"http://localhost:" + port, Map.class);
|
||||
assertEquals(HttpStatus.FORBIDDEN, entity.getStatusCode());
|
||||
assertEquals(HttpStatus.UNAUTHORIZED, entity.getStatusCode());
|
||||
}
|
||||
|
||||
@Test
|
@ -1,4 +1,4 @@
|
||||
package org.springframework.bootstrap.sample.service;
|
||||
package org.springframework.bootstrap.sample.test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
@ -13,6 +13,7 @@ import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.bootstrap.SpringApplication;
|
||||
import org.springframework.bootstrap.sample.service.ServiceBootstrapApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpRequest;
|
||||
import org.springframework.http.HttpStatus;
|
@ -1,4 +1,4 @@
|
||||
package org.springframework.bootstrap.sample.service;
|
||||
package org.springframework.bootstrap.sample.test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
@ -13,6 +13,7 @@ import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.bootstrap.SpringApplication;
|
||||
import org.springframework.bootstrap.sample.service.ServiceBootstrapApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpRequest;
|
||||
import org.springframework.http.HttpStatus;
|
||||
@ -27,6 +28,7 @@ import org.springframework.web.client.DefaultResponseErrorHandler;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
/**
|
||||
@ -65,11 +67,11 @@ public class ServiceBootstrapApplicationTests {
|
||||
@SuppressWarnings("rawtypes")
|
||||
ResponseEntity<Map> entity = getRestTemplate().getForEntity(
|
||||
"http://localhost:8080", Map.class);
|
||||
// FIXME: should be UNAUTHORIZED?
|
||||
assertEquals(HttpStatus.FORBIDDEN, entity.getStatusCode());
|
||||
assertEquals(HttpStatus.UNAUTHORIZED, entity.getStatusCode());
|
||||
@SuppressWarnings("unchecked")
|
||||
Map<String, Object> body = entity.getBody();
|
||||
assertEquals("Wrong body: " + body, "Forbidden", body.get("error"));
|
||||
assertEquals("Wrong body: " + body, "Unauthorized", body.get("error"));
|
||||
assertFalse(entity.getHeaders().containsKey("Set-Cookie"));
|
||||
}
|
||||
|
||||
@Test
|
||||
@ -117,7 +119,7 @@ public class ServiceBootstrapApplicationTests {
|
||||
@Test
|
||||
public void testErrorPageDirectAccess() throws Exception {
|
||||
@SuppressWarnings("rawtypes")
|
||||
ResponseEntity<Map> entity = getRestTemplate("user", "password").getForEntity(
|
||||
ResponseEntity<Map> entity = getRestTemplate().getForEntity(
|
||||
"http://localhost:8080/error", Map.class);
|
||||
assertEquals(HttpStatus.OK, entity.getStatusCode());
|
||||
@SuppressWarnings("unchecked")
|
@ -1,4 +1,4 @@
|
||||
package org.springframework.bootstrap.sample.service;
|
||||
package org.springframework.bootstrap.sample.test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
@ -13,6 +13,7 @@ import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.bootstrap.SpringApplication;
|
||||
import org.springframework.bootstrap.sample.service.ServiceBootstrapApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpRequest;
|
||||
import org.springframework.http.HttpStatus;
|
@ -0,0 +1,81 @@
|
||||
package org.springframework.bootstrap.sample.test;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.Callable;
|
||||
import java.util.concurrent.Executors;
|
||||
import java.util.concurrent.Future;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
import org.junit.Test;
|
||||
import org.springframework.bootstrap.SpringApplication;
|
||||
import org.springframework.bootstrap.sample.service.ServiceBootstrapApplication;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.http.client.ClientHttpResponse;
|
||||
import org.springframework.web.client.DefaultResponseErrorHandler;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
|
||||
/**
|
||||
* Integration tests for unsecured service endpoints (even with Spring Security on
|
||||
* classpath).
|
||||
*
|
||||
* @author Dave Syer
|
||||
*
|
||||
*/
|
||||
public class UnsecureServiceBootstrapApplicationTests {
|
||||
|
||||
private static ConfigurableApplicationContext context;
|
||||
|
||||
@BeforeClass
|
||||
public static void start() throws Exception {
|
||||
Future<ConfigurableApplicationContext> future = Executors
|
||||
.newSingleThreadExecutor().submit(
|
||||
new Callable<ConfigurableApplicationContext>() {
|
||||
@Override
|
||||
public ConfigurableApplicationContext call() throws Exception {
|
||||
return (ConfigurableApplicationContext) SpringApplication
|
||||
.run(ServiceBootstrapApplication.class,
|
||||
"--security.basic.enabled=false");
|
||||
}
|
||||
});
|
||||
context = future.get(10, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
public static void stop() {
|
||||
if (context != null) {
|
||||
context.close();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHome() throws Exception {
|
||||
@SuppressWarnings("rawtypes")
|
||||
ResponseEntity<Map> entity = getRestTemplate().getForEntity(
|
||||
"http://localhost:8080", Map.class);
|
||||
assertEquals(HttpStatus.OK, entity.getStatusCode());
|
||||
@SuppressWarnings("unchecked")
|
||||
Map<String, Object> body = entity.getBody();
|
||||
assertEquals("Hello Phil", body.get("message"));
|
||||
assertFalse(entity.getHeaders().containsKey("Set-Cookie"));
|
||||
}
|
||||
|
||||
private RestTemplate getRestTemplate() {
|
||||
RestTemplate restTemplate = new RestTemplate();
|
||||
restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {
|
||||
@Override
|
||||
public void handleError(ClientHttpResponse response) throws IOException {
|
||||
}
|
||||
});
|
||||
return restTemplate;
|
||||
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user