Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Validate @EnableGlobalMethodSecurity usage

Browse Source 
Fixes: gh-5341
This commit is contained in:
artsiom 2018-07-24 13:56:06 +03:00 committed by Josh Cummings
parent d4c50a8fb8
commit 1e864ad764
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
View File

@ -358,13 +358,23 @@ public class GlobalMethodSecurityConfiguration
if (customMethodSecurityMetadataSource != null) {
sources.add(customMethodSecurityMetadataSource);
}
if (prePostEnabled()) {
boolean isPrePostEnabled = prePostEnabled();
boolean isSecureEnabled = securedEnabled();
boolean isJsr250Enabled = jsr250Enabled();
if (!isPrePostEnabled && !isSecureEnabled && !isJsr250Enabled) {
throw new IllegalStateException("In the composition of all global method configuration, " +
"no annotation support was actually activated");
}
if (isPrePostEnabled) {
sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
}
if (securedEnabled()) {
if (isSecureEnabled) {
sources.add(new SecuredAnnotationSecurityMetadataSource());
}
if (jsr250Enabled()) {
if (isJsr250Enabled) {
GrantedAuthorityDefaults grantedAuthorityDefaults =
getSingleBeanOrNull(GrantedAuthorityDefaults.class);
Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource = this.context.getBean(Jsr250MethodSecurityMetadataSource.class);

17
config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java
View File

@ -17,8 +17,10 @@ package org.springframework.security.config.annotation.method.configuration;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.UnsatisfiedDependencyException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.context.annotation.AdviceMode;
@ -64,6 +66,7 @@ import static org.mockito.Mockito.when;
/**
*
* @author Rob Winch
* @author Artsiom Yudovin
*/
@RunWith(SpringJUnit4ClassRunner.class)
@SecurityTestExecutionListeners
@ -71,6 +74,9 @@ public class GlobalMethodSecurityConfigurationTests {
@Rule
public final SpringTestRule spring = new SpringTestRule();
@Rule
public ExpectedException thrown = ExpectedException.none();
@Autowired(required = false)
private MethodSecurityService service;
@ -84,6 +90,17 @@ public class GlobalMethodSecurityConfigurationTests {
@Autowired(required = false)
MockEventListener<AbstractAuthenticationEvent> events;
@Test
public void illegalStateGlobalMethodSecurity() {
this.thrown.expect(UnsatisfiedDependencyException.class);
this.spring.register(IllegalStateGlobalMethodSecurityConfig.class).autowire();
}
@EnableGlobalMethodSecurity
public static class IllegalStateGlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
}
@Test
public void methodSecurityAuthenticationManagerPublishesEvent() {
this.spring.register(InMemoryAuthWithGlobalMethodSecurityConfig.class).autowire();