SEC-2257: Remove HttpSecurityBuilder#getAuthenticationManager()
Removed in favor of using shared object.
This commit is contained in:
Rob Winch
parent
8b1ab4e85f
commit
110e769bd4
|
|
@ -171,7 +171,4 @@ public interface HttpSecurityBuilder<H extends HttpSecurityBuilder<H>> extends S
|
|||
* @return the {@link HttpSecurity} for further customizations
|
||||
*/
|
||||
H addFilter(Filter filter);
|
||||
|
||||
// FIXME shared object or explicit?
|
||||
AuthenticationManager getAuthenticationManager();
|
||||
}
|
||||
|
|
@ -112,8 +112,6 @@ import org.springframework.util.Assert;
|
|||
* @see EnableWebSecurity
|
||||
*/
|
||||
public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<DefaultSecurityFilterChain,HttpSecurity> implements SecurityBuilder<DefaultSecurityFilterChain>, HttpSecurityBuilder<HttpSecurity> {
|
||||
private AuthenticationManager authenticationManager;
|
||||
|
||||
private final RequestMatcherConfigurer requestMatcherConfigurer = new RequestMatcherConfigurer();
|
||||
private List<Filter> filters = new ArrayList<Filter>();
|
||||
private RequestMatcher requestMatcher = new AnyRequestMatcher();
|
||||
|
|
@ -984,7 +982,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
|||
|
||||
@Override
|
||||
protected void beforeConfigure() throws Exception {
|
||||
this.authenticationManager = getAuthenticationRegistry().build();
|
||||
setSharedObject(AuthenticationManager.class,getAuthenticationRegistry().build());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -1222,14 +1220,6 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
|||
return requestMatcher(new RegexRequestMatcher(pattern, null));
|
||||
}
|
||||
|
||||
/*
|
||||
* (non-Javadoc)
|
||||
* @see org.springframework.security.config.annotation.web.HttpBuilder#getAuthenticationManager()
|
||||
*/
|
||||
public AuthenticationManager getAuthenticationManager() {
|
||||
return authenticationManager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Allows mapping HTTP requests that this {@link HttpSecurity} will be used for
|
||||
*
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer;
|
||||
|
|
@ -245,7 +246,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecu
|
|||
authenticationEntryPoint.setPortMapper(portMapper);
|
||||
}
|
||||
|
||||
authFilter.setAuthenticationManager(http.getAuthenticationManager());
|
||||
authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
|
||||
authFilter.setAuthenticationSuccessHandler(successHandler);
|
||||
authFilter.setAuthenticationFailureHandler(failureHandler);
|
||||
if(authenticationDetailsSource != null) {
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ abstract class AbstractInterceptUrlConfigurer<H extends HttpSecurityBuilder<H>,C
|
|||
if(metadataSource == null) {
|
||||
return;
|
||||
}
|
||||
FilterSecurityInterceptor securityInterceptor = createFilterSecurityInterceptor(metadataSource, http.getAuthenticationManager());
|
||||
FilterSecurityInterceptor securityInterceptor = createFilterSecurityInterceptor(metadataSource, http.getSharedObject(AuthenticationManager.class));
|
||||
if(filterSecurityInterceptorOncePerRequest != null) {
|
||||
securityInterceptor.setObserveOncePerRequest(filterSecurityInterceptorOncePerRequest);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,11 +56,7 @@ import org.springframework.util.StringUtils;
|
|||
*
|
||||
* <h2>Shared Objects Used</h2>
|
||||
*
|
||||
* The following shared objects are used:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link org.springframework.security.config.annotation.web.builders.HttpSecurity#getAuthenticationManager()}</li>
|
||||
* </ul>
|
||||
* No shared objects are used.
|
||||
*
|
||||
* @param <H> the type of {@link HttpSecurityBuilder} that is being configured
|
||||
*
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ import org.springframework.security.web.util.RequestMatcher;
|
|||
* The following shared objects are used:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link HttpSecurity#getAuthenticationManager()}</li>
|
||||
* <li>{@link AuthenticationManager}</li>
|
||||
* <li>{@link RememberMeServices} - is optionally used. See {@link RememberMeConfigurer}</li>
|
||||
* <li>{@link SessionAuthenticationStrategy} - is optionally used. See {@link SessionManagementConfigurer}</li>
|
||||
* <li>{@link DefaultLoginPageViewFilter} - if present will be populated with information from the configuration</li>
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ import org.springframework.web.accept.HeaderContentNegotiationStrategy;
|
|||
* The following shared objects are used:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link HttpSecurity#getAuthenticationManager()}</li>
|
||||
* <li>{@link AuthenticationManager}</li>
|
||||
* </ul>
|
||||
*
|
||||
* @author Rob Winch
|
||||
|
|
@ -145,7 +145,7 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
|
|||
|
||||
@Override
|
||||
public void configure(B http) throws Exception {
|
||||
AuthenticationManager authenticationManager = http.getAuthenticationManager();
|
||||
AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
|
||||
BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(authenticationManager, authenticationEntryPoint);
|
||||
if(authenticationDetailsSource != null) {
|
||||
basicAuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthe
|
|||
* The following shared objects are used:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link HttpSecurity#getAuthenticationManager()}</li>
|
||||
* <li>{@link AuthenticationManager}</li>
|
||||
* </ul>
|
||||
*
|
||||
* @author Rob Winch
|
||||
|
|
@ -204,8 +204,7 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
|
|||
|
||||
@Override
|
||||
public void configure(H http) throws Exception {
|
||||
J2eePreAuthenticatedProcessingFilter filter = getFilter(http
|
||||
.getAuthenticationManager());
|
||||
J2eePreAuthenticatedProcessingFilter filter = getFilter(http.getSharedObject(AuthenticationManager.class));
|
||||
http.addFilter(filter);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package org.springframework.security.config.annotation.web.configurers;
|
|||
|
||||
import java.util.UUID;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.RememberMeAuthenticationProvider;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
|
|
@ -64,7 +65,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageViewFi
|
|||
* The following shared objects are used:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link HttpSecurity#getAuthenticationManager()}</li>
|
||||
* <li>{@link AuthenticationManager}</li>
|
||||
* <li>{@link UserDetailsService} if no {@link #userDetailsService(UserDetailsService)} was specified.</li>
|
||||
* <li> {@link DefaultLoginPageViewFilter} - if present will be populated with information from the configuration</li>
|
||||
* </ul>
|
||||
|
|
@ -210,7 +211,7 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||
@Override
|
||||
public void configure(H http) throws Exception {
|
||||
RememberMeAuthenticationFilter rememberMeFilter = new RememberMeAuthenticationFilter(
|
||||
http.getAuthenticationManager(), rememberMeServices);
|
||||
http.getSharedObject(AuthenticationManager.class), rememberMeServices);
|
||||
if (authenticationSuccessHandler != null) {
|
||||
rememberMeFilter
|
||||
.setAuthenticationSuccessHandler(authenticationSuccessHandler);
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ import java.util.List;
|
|||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
|
|
@ -67,7 +68,7 @@ public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>> extend
|
|||
@Override
|
||||
@SuppressWarnings("unchecked")
|
||||
public void configure(H http) throws Exception {
|
||||
securityContextRequestFilter.setAuthenticationManager(http.getAuthenticationManager());
|
||||
securityContextRequestFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
|
||||
ExceptionHandlingConfigurer<H> exceptionConf = http.getConfigurer(ExceptionHandlingConfigurer.class);
|
||||
AuthenticationEntryPoint authenticationEntryPoint = exceptionConf == null ? null : exceptionConf.getAuthenticationEntryPoint(http);
|
||||
securityContextRequestFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
|
||||
|
|
|
|||
|
|
@ -163,7 +163,7 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>> extends Abst
|
|||
|
||||
@Override
|
||||
public void configure(H http) throws Exception {
|
||||
X509AuthenticationFilter filter = getFilter(http.getAuthenticationManager());
|
||||
X509AuthenticationFilter filter = getFilter(http.getSharedObject(AuthenticationManager.class));
|
||||
http.addFilter(filter);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import org.openid4java.consumer.ConsumerException;
|
||||
import org.openid4java.consumer.ConsumerManager;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
|
|
@ -110,7 +111,7 @@ import org.springframework.security.web.util.RequestMatcher;
|
|||
* The following shared objects are used:
|
||||
*
|
||||
* <ul>
|
||||
* <li>{@link HttpSecurity#getAuthenticationManager()}</li>
|
||||
* <li>{@link AuthenticationManager}</li>
|
||||
* <li>{@link RememberMeServices} - is optionally used. See
|
||||
* {@link RememberMeConfigurer}</li>
|
||||
* <li>{@link SessionAuthenticationStrategy} - is optionally used. See
|
||||
|
|
|
|||
Loading…
Reference in New Issue