SEC-2238: WebAsyncManagerIntegrationFilter Java Config
This commit is contained in:
Rob Winch
parent
e242aeff3e
commit
2fef79f3d2
|
|
@ -36,6 +36,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageViewFi
|
|||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||
import org.springframework.security.web.authentication.www.DigestAuthenticationFilter;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||
import org.springframework.security.web.header.HeaderWriterFilter;
|
||||
import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter;
|
||||
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
|
||||
|
|
@ -62,6 +63,8 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
|
|||
order += STEP;
|
||||
put(ConcurrentSessionFilter.class, order);
|
||||
order += STEP;
|
||||
put(WebAsyncManagerIntegrationFilter.class, order);
|
||||
order += STEP;
|
||||
put(SecurityContextPersistenceFilter.class, order);
|
||||
order += STEP;
|
||||
put(HeaderWriterFilter.class, order);
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ import org.springframework.security.core.userdetails.UserDetails;
|
|||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||
import org.springframework.web.accept.ContentNegotiationStrategy;
|
||||
import org.springframework.web.accept.HeaderContentNegotiationStrategy;
|
||||
|
||||
|
|
@ -154,6 +155,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
|
|||
http.setSharedObject(ContentNegotiationStrategy.class, contentNegotiationStrategy);
|
||||
if(!disableDefaults) {
|
||||
http
|
||||
.addFilter(new WebAsyncManagerIntegrationFilter())
|
||||
.exceptionHandling().and()
|
||||
.headers().and()
|
||||
.sessionManagement().and()
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ import org.springframework.security.core.Authentication
|
|||
import org.springframework.security.core.userdetails.UserDetailsService
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
|
||||
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||
import org.springframework.web.accept.ContentNegotiationStrategy
|
||||
import org.springframework.web.accept.HeaderContentNegotiationStrategy
|
||||
import org.springframework.web.filter.OncePerRequestFilter
|
||||
|
|
@ -99,6 +100,31 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
|
|||
}
|
||||
}
|
||||
|
||||
def "webasync populated by default"() {
|
||||
when: "load config that overrides http and accepts defaults"
|
||||
loadConfig(WebAsyncPopulatedByDefaultConfig)
|
||||
then: "WebAsyncManagerIntegrationFilter is populated"
|
||||
findFilter(WebAsyncManagerIntegrationFilter)
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
static class WebAsyncPopulatedByDefaultConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Override
|
||||
protected void registerAuthentication(AuthenticationManagerBuilder auth)
|
||||
throws Exception {
|
||||
auth
|
||||
.inMemoryAuthentication()
|
||||
.withUser("user").password("password").roles("USER")
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
def "AuthenticationEventPublisher is registered for Web registerAuthentication"() {
|
||||
when:
|
||||
loadConfig(InMemoryAuthWithWebSecurityConfigurerAdapter)
|
||||
|
|
|
|||
Loading…
Reference in New Issue