Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2026-02-08 14:34:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ability to configure authenticationDetailsSource in AnonymousConfigurer

Browse Source 
Closes gh-17831

Signed-off-by: DingHao <dh.hiekn@gmail.com>
This commit is contained in:
DingHao 2025-09-12 17:06:25 +08:00 committed by Josh Cummings
parent 7903ad93c0
commit 199473fcb3
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/src/main/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurer.java
View File

@ -39,6 +39,7 @@ import org.springframework.security.web.authentication.AnonymousAuthenticationFi
* other than applying this {@link SecurityConfigurer}.
*
* @author Rob Winch
* @author DingHao
* @since 3.2
*/
public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>>
@ -158,7 +159,7 @@ public final class AnonymousConfigurer<H extends HttpSecurityBuilder<H>>
}
this.authenticationFilter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
this.authenticationFilter.afterPropertiesSet();
http.addFilter(this.authenticationFilter);
http.addFilter(postProcess(this.authenticationFilter));
}
private String getKey() {

45
config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java
View File

@ -16,6 +16,7 @@
package org.springframework.security.config.annotation.web.configurers;
import jakarta.servlet.http.HttpServletRequest;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@ -23,6 +24,8 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.config.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@ -34,11 +37,14 @@ import org.springframework.security.core.userdetails.PasswordEncodedUser;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.springframework.security.config.Customizer.withDefaults;
import static org.springframework.security.config.annotation.SecurityContextChangedListenerArgumentMatchers.setAuthentication;
@ -101,6 +107,45 @@ public class AnonymousConfigurerTests {
this.mockMvc.perform(get("/")).andExpect(status().isOk()).andExpect(content().string("myAnonymousUser"));
}
@Test
public void anonymousAuthenticationWhenUsingAuthenticationDetailsSourceRefThenMatchesNamespace() throws Exception {
this.spring.register(AuthenticationDetailsSourceAnonymousConfig.class).autowire();
AuthenticationDetailsSource<HttpServletRequest, ?> source = this.spring.getContext()
.getBean(AuthenticationDetailsSource.class);
this.mockMvc.perform(get("/"));
verify(source).buildDetails(any(HttpServletRequest.class));
}
@Configuration
@EnableWebSecurity
@EnableWebMvc
static class AuthenticationDetailsSourceAnonymousConfig {
AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = mock(
AuthenticationDetailsSource.class);
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http.anonymous((anonymous) -> anonymous
.withObjectPostProcessor(new ObjectPostProcessor<AnonymousAuthenticationFilter>() {
@Override
public <O extends AnonymousAuthenticationFilter> O postProcess(O object) {
object.setAuthenticationDetailsSource(
AuthenticationDetailsSourceAnonymousConfig.this.authenticationDetailsSource);
return object;
}
})).build();
}
@Bean
AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource() {
return this.authenticationDetailsSource;
}
}
@Configuration
@EnableWebSecurity
@EnableWebMvc