Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Register Authentication Provider in Init Phase 

Fixes gh-8031
This commit is contained in:
Josh Cummings 2020-02-28 15:29:21 -07:00
parent bc16f1a526
commit 19584884b3
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 66 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2019 the original author or authors. * Copyright 2002-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -222,9 +222,16 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
@Override @Override
public void init(H http) { public void init(H http) {
validateConfiguration();
registerDefaultAccessDeniedHandler(http); registerDefaultAccessDeniedHandler(http);
registerDefaultEntryPoint(http); registerDefaultEntryPoint(http);
registerDefaultCsrfOverride(http); registerDefaultCsrfOverride(http);
AuthenticationProvider authenticationProvider = getAuthenticationProvider();
if (authenticationProvider != null) {
http.authenticationProvider(authenticationProvider);
}
} }
@Override @Override
@ -232,8 +239,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
BearerTokenResolver bearerTokenResolver = getBearerTokenResolver(); BearerTokenResolver bearerTokenResolver = getBearerTokenResolver();
this.requestMatcher.setBearerTokenResolver(bearerTokenResolver); this.requestMatcher.setBearerTokenResolver(bearerTokenResolver);
validateConfiguration();
AuthenticationManagerResolver resolver = this.authenticationManagerResolver; AuthenticationManagerResolver resolver = this.authenticationManagerResolver;
if (resolver == null) { if (resolver == null) {
AuthenticationManager authenticationManager = getAuthenticationManager(http); AuthenticationManager authenticationManager = getAuthenticationManager(http);
@ -321,9 +326,9 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
return this.decoder; return this.decoder;
} }
AuthenticationManager getAuthenticationManager(H http) { AuthenticationProvider getAuthenticationProvider() {
if (this.authenticationManager != null) { if (this.authenticationManager != null) {
return this.authenticationManager; return null;
} }
JwtDecoder decoder = getJwtDecoder(); JwtDecoder decoder = getJwtDecoder();
@ -333,9 +338,13 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
JwtAuthenticationProvider provider = JwtAuthenticationProvider provider =
new JwtAuthenticationProvider(decoder); new JwtAuthenticationProvider(decoder);
provider.setJwtAuthenticationConverter(jwtAuthenticationConverter); provider.setJwtAuthenticationConverter(jwtAuthenticationConverter);
AuthenticationProvider authenticationProvider = postProcess(provider); return postProcess(provider);
}
http.authenticationProvider(authenticationProvider); AuthenticationManager getAuthenticationManager(H http) {
if (this.authenticationManager != null) {
return this.authenticationManager;
}
return http.getSharedObject(AuthenticationManager.class); return http.getSharedObject(AuthenticationManager.class);
} }
@ -391,16 +400,19 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
return this.context.getBean(OpaqueTokenIntrospector.class); return this.context.getBean(OpaqueTokenIntrospector.class);
} }
AuthenticationProvider getAuthenticationProvider() {
if (this.authenticationManager != null) {
return null;
}
OpaqueTokenIntrospector introspector = getIntrospector();
return new OpaqueTokenAuthenticationProvider(introspector);
}
AuthenticationManager getAuthenticationManager(H http) { AuthenticationManager getAuthenticationManager(H http) {
if (this.authenticationManager != null) { if (this.authenticationManager != null) {
return this.authenticationManager; return this.authenticationManager;
} }
OpaqueTokenIntrospector introspector = getIntrospector();
OpaqueTokenAuthenticationProvider provider =
new OpaqueTokenAuthenticationProvider(introspector);
http.authenticationProvider(provider);
return http.getSharedObject(AuthenticationManager.class); return http.getSharedObject(AuthenticationManager.class);
} }
} }
@ -439,6 +451,18 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
csrf.ignoringRequestMatchers(this.requestMatcher); csrf.ignoringRequestMatchers(this.requestMatcher);
} }
AuthenticationProvider getAuthenticationProvider() {
if (this.jwtConfigurer != null) {
return this.jwtConfigurer.getAuthenticationProvider();
}
if (this.opaqueTokenConfigurer != null) {
return this.opaqueTokenConfigurer.getAuthenticationProvider();
}
return null;
}
AuthenticationManager getAuthenticationManager(H http) { AuthenticationManager getAuthenticationManager(H http) {
if (this.jwtConfigurer != null) { if (this.jwtConfigurer != null) {
return this.jwtConfigurer.getAuthenticationManager(http); return this.jwtConfigurer.getAuthenticationManager(http);

31
config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
View File

@ -375,6 +375,18 @@ public class OAuth2ResourceServerConfigurerTests {
.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer")); .andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, "Bearer"));
} }
// gh-8031
@Test
public void getWhenAnonymousDisabledThenAllows() throws Exception {
this.spring.register(RestOperationsConfig.class, AnonymousDisabledConfig.class).autowire();
mockRestOperations(jwks("Default"));
String token = token("ValidNoScopes");
this.mvc.perform(get("/authenticated")
.with(bearerToken(token)))
.andExpect(status().isNotFound());
}
@Test @Test
public void getWhenUsingDefaultsWithNoBearerTokenThenUnauthorized() public void getWhenUsingDefaultsWithNoBearerTokenThenUnauthorized()
throws Exception { throws Exception {
@ -745,7 +757,8 @@ public class OAuth2ResourceServerConfigurerTests {
@Test @Test
public void getBearerTokenResolverWhenDuplicateResolverBeansThenWiringException() { public void getBearerTokenResolverWhenDuplicateResolverBeansThenWiringException() {
assertThatCode(() -> this.spring.register(MultipleBearerTokenResolverBeansConfig.class).autowire()) assertThatCode(() -> this.spring
.register(MultipleBearerTokenResolverBeansConfig.class, JwtDecoderConfig.class).autowire())
.isInstanceOf(BeanCreationException.class) .isInstanceOf(BeanCreationException.class)
.hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class); .hasRootCauseInstanceOf(NoUniqueBeanDefinitionException.class);
} }
@ -1544,6 +1557,22 @@ public class OAuth2ResourceServerConfigurerTests {
} }
} }
@EnableWebSecurity
static class AnonymousDisabledConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.anonymous().disable()
.oauth2ResourceServer()
.jwt();
// @formatter:on
}
}
@EnableWebSecurity @EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) @EnableGlobalMethodSecurity(prePostEnabled = true)
static class MethodSecurityConfig extends WebSecurityConfigurerAdapter { static class MethodSecurityConfig extends WebSecurityConfigurerAdapter {