SEC-2238: WebAsyncManagerIntegrationFilter Java Config
This commit is contained in:
parent
e242aeff3e
commit
2fef79f3d2
|
@ -36,6 +36,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageViewFi
|
||||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||||
import org.springframework.security.web.authentication.www.DigestAuthenticationFilter;
|
import org.springframework.security.web.authentication.www.DigestAuthenticationFilter;
|
||||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||||
|
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||||
import org.springframework.security.web.header.HeaderWriterFilter;
|
import org.springframework.security.web.header.HeaderWriterFilter;
|
||||||
import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter;
|
import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter;
|
||||||
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
|
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
|
||||||
|
@ -62,6 +63,8 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
|
||||||
order += STEP;
|
order += STEP;
|
||||||
put(ConcurrentSessionFilter.class, order);
|
put(ConcurrentSessionFilter.class, order);
|
||||||
order += STEP;
|
order += STEP;
|
||||||
|
put(WebAsyncManagerIntegrationFilter.class, order);
|
||||||
|
order += STEP;
|
||||||
put(SecurityContextPersistenceFilter.class, order);
|
put(SecurityContextPersistenceFilter.class, order);
|
||||||
order += STEP;
|
order += STEP;
|
||||||
put(HeaderWriterFilter.class, order);
|
put(HeaderWriterFilter.class, order);
|
||||||
|
|
|
@ -39,6 +39,7 @@ import org.springframework.security.core.userdetails.UserDetails;
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
||||||
|
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||||
import org.springframework.web.accept.ContentNegotiationStrategy;
|
import org.springframework.web.accept.ContentNegotiationStrategy;
|
||||||
import org.springframework.web.accept.HeaderContentNegotiationStrategy;
|
import org.springframework.web.accept.HeaderContentNegotiationStrategy;
|
||||||
|
|
||||||
|
@ -154,6 +155,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
|
||||||
http.setSharedObject(ContentNegotiationStrategy.class, contentNegotiationStrategy);
|
http.setSharedObject(ContentNegotiationStrategy.class, contentNegotiationStrategy);
|
||||||
if(!disableDefaults) {
|
if(!disableDefaults) {
|
||||||
http
|
http
|
||||||
|
.addFilter(new WebAsyncManagerIntegrationFilter())
|
||||||
.exceptionHandling().and()
|
.exceptionHandling().and()
|
||||||
.headers().and()
|
.headers().and()
|
||||||
.sessionManagement().and()
|
.sessionManagement().and()
|
||||||
|
|
|
@ -41,6 +41,7 @@ import org.springframework.security.core.Authentication
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService
|
import org.springframework.security.core.userdetails.UserDetailsService
|
||||||
import org.springframework.security.core.userdetails.UsernameNotFoundException
|
import org.springframework.security.core.userdetails.UsernameNotFoundException
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
|
||||||
|
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||||
import org.springframework.web.accept.ContentNegotiationStrategy
|
import org.springframework.web.accept.ContentNegotiationStrategy
|
||||||
import org.springframework.web.accept.HeaderContentNegotiationStrategy
|
import org.springframework.web.accept.HeaderContentNegotiationStrategy
|
||||||
import org.springframework.web.filter.OncePerRequestFilter
|
import org.springframework.web.filter.OncePerRequestFilter
|
||||||
|
@ -99,6 +100,31 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
def "webasync populated by default"() {
|
||||||
|
when: "load config that overrides http and accepts defaults"
|
||||||
|
loadConfig(WebAsyncPopulatedByDefaultConfig)
|
||||||
|
then: "WebAsyncManagerIntegrationFilter is populated"
|
||||||
|
findFilter(WebAsyncManagerIntegrationFilter)
|
||||||
|
}
|
||||||
|
|
||||||
|
@EnableWebSecurity
|
||||||
|
@Configuration
|
||||||
|
static class WebAsyncPopulatedByDefaultConfig extends WebSecurityConfigurerAdapter {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void registerAuthentication(AuthenticationManagerBuilder auth)
|
||||||
|
throws Exception {
|
||||||
|
auth
|
||||||
|
.inMemoryAuthentication()
|
||||||
|
.withUser("user").password("password").roles("USER")
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
def "AuthenticationEventPublisher is registered for Web registerAuthentication"() {
|
def "AuthenticationEventPublisher is registered for Web registerAuthentication"() {
|
||||||
when:
|
when:
|
||||||
loadConfig(InMemoryAuthWithWebSecurityConfigurerAdapter)
|
loadConfig(InMemoryAuthWithWebSecurityConfigurerAdapter)
|
||||||
|
|
Loading…
Reference in New Issue