Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 13:32:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change a default realm name

Browse Source 
Change a default realm name of Basic Authentication for XML namespace to 'Realm'.

Fixes gh-4220
This commit is contained in:
Kazuki Shimizu 2017-02-18 12:31:47 +09:00 committed by Rob Winch
parent 35706ad60a
commit 3d5989dea4
6 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
View File

@ -1096,7 +1096,7 @@ public final class HttpSecurity extends
* <h2>Example Configuration</h2> * <h2>Example Configuration</h2>
* *
* The example below demonstrates how to configure HTTP Basic authentication for an * The example below demonstrates how to configure HTTP Basic authentication for an
* application. The default realm is "Spring Security Application", but can be * application. The default realm is "Realm", but can be
* customized using {@link HttpBasicConfigurer#realmName(String)}. * customized using {@link HttpBasicConfigurer#realmName(String)}.
* *
* <pre> * <pre>

2
config/src/main/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurer.java
View File

@ -125,7 +125,7 @@ public final class HttpBasicConfigurer<B extends HttpSecurityBuilder<B>> extends
* The {@link AuthenticationEntryPoint} to be populated on * The {@link AuthenticationEntryPoint} to be populated on
* {@link BasicAuthenticationFilter} in the event that authentication fails. The * {@link BasicAuthenticationFilter} in the event that authentication fails. The
* default to use {@link BasicAuthenticationEntryPoint} with the realm * default to use {@link BasicAuthenticationEntryPoint} with the realm
* "Spring Security Application". * "Realm".
* *
* @param authenticationEntryPoint the {@link AuthenticationEntryPoint} to use * @param authenticationEntryPoint the {@link AuthenticationEntryPoint} to use
* @return {@link HttpBasicConfigurer} for additional customization * @return {@link HttpBasicConfigurer} for additional customization

2
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
View File

@ -73,7 +73,7 @@ final class AuthenticationConfigBuilder {
private final Log logger = LogFactory.getLog(getClass()); private final Log logger = LogFactory.getLog(getClass());
private static final String ATT_REALM = "realm"; private static final String ATT_REALM = "realm";
private static final String DEF_REALM = "Spring Security Application"; private static final String DEF_REALM = "Realm";
static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationFilter"; static final String OPEN_ID_AUTHENTICATION_PROCESSING_FILTER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationFilter";
static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider"; static final String OPEN_ID_AUTHENTICATION_PROVIDER_CLASS = "org.springframework.security.openid.OpenIDAuthenticationProvider";

2
config/src/main/resources/org/springframework/security/config/spring-security-4.2.rnc
View File

@ -336,7 +336,7 @@ http.attlist &=
## Optional attribute specifying the ID of the AccessDecisionManager implementation which should be used for authorizing HTTP requests. ## Optional attribute specifying the ID of the AccessDecisionManager implementation which should be used for authorizing HTTP requests.
attribute access-decision-manager-ref {xsd:token}? attribute access-decision-manager-ref {xsd:token}?
http.attlist &= http.attlist &=
## Optional attribute specifying the realm name that will be used for all authentication features that require a realm name (eg BASIC and Digest authentication). If unspecified, defaults to "Spring Security Application". ## Optional attribute specifying the realm name that will be used for all authentication features that require a realm name (eg BASIC and Digest authentication). If unspecified, defaults to "Realm".
attribute realm {xsd:token}? attribute realm {xsd:token}?
http.attlist &= http.attlist &=
## Allows a customized AuthenticationEntryPoint to be set on the ExceptionTranslationFilter. ## Allows a customized AuthenticationEntryPoint to be set on the ExceptionTranslationFilter.

2
config/src/main/resources/org/springframework/security/config/spring-security-4.2.xsd
View File

@ -1228,7 +1228,7 @@
<xs:annotation> <xs:annotation>
<xs:documentation>Optional attribute specifying the realm name that will be used for all authentication <xs:documentation>Optional attribute specifying the realm name that will be used for all authentication
features that require a realm name (eg BASIC and Digest authentication). If unspecified, features that require a realm name (eg BASIC and Digest authentication). If unspecified,
defaults to "Spring Security Application". defaults to "Realm".
</xs:documentation> </xs:documentation>
</xs:annotation> </xs:annotation>
</xs:attribute> </xs:attribute>

18
config/src/test/java/org/springframework/security/config/http/NamespaceHttpBasicTests.java
View File

@ -94,6 +94,24 @@ public class NamespaceHttpBasicTests {
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK); assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
} }
// gh-4220
@Test
public void httpBasicUnauthorizedOnDefault() throws Exception {
// @formatter:off
loadContext("<http>\n" +
" <intercept-url pattern=\"/**\" access=\"hasRole('USER')\" />\n" +
" <http-basic />\n" +
" </http>\n" +
"\n" +
" <authentication-manager />");
// @formatter:on
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
assertThat(this.response.getHeader("WWW-Authenticate")).isEqualTo("Basic realm=\"Realm\"");
}
private void loadContext(String context) { private void loadContext(String context) {
this.context = new InMemoryXmlApplicationContext(context); this.context = new InMemoryXmlApplicationContext(context);
this.springSecurityFilterChain = this.context.getBean("springSecurityFilterChain", this.springSecurityFilterChain = this.context.getBean("springSecurityFilterChain",