Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 14:52:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix @EnableGlobalAuthentication & method seucrity on @Configuration class

Browse Source 
Fixes gh-3934
This commit is contained in:
Rob Winch 2016-06-17 10:21:46 -05:00
parent fa1c484587
commit 477573b3bc
2 changed files with 62 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
View File

@ -22,6 +22,8 @@ import java.util.Map;
import org.aopalliance.intercept.MethodInterceptor; import org.aopalliance.intercept.MethodInterceptor;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.SmartInitializingSingleton;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.AdviceMode; import org.springframework.context.annotation.AdviceMode;
@ -76,7 +78,8 @@ import org.springframework.util.Assert;
* @see EnableGlobalMethodSecurity * @see EnableGlobalMethodSecurity
*/ */
@Configuration @Configuration
public class GlobalMethodSecurityConfiguration implements ImportAware { public class GlobalMethodSecurityConfiguration
implements ImportAware, SmartInitializingSingleton {
private static final Log logger = LogFactory private static final Log logger = LogFactory
.getLog(GlobalMethodSecurityConfiguration.class); .getLog(GlobalMethodSecurityConfiguration.class);
private ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() { private ObjectPostProcessor<Object> objectPostProcessor = new ObjectPostProcessor<Object>() {
@ -94,6 +97,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware {
private ApplicationContext context; private ApplicationContext context;
private MethodSecurityExpressionHandler expressionHandler; private MethodSecurityExpressionHandler expressionHandler;
private Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource; private Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource;
private MethodSecurityInterceptor methodSecurityInterceptor;
/** /**
* Creates the default MethodInterceptor which is a MethodSecurityInterceptor using * Creates the default MethodInterceptor which is a MethodSecurityInterceptor using
@ -117,18 +121,42 @@ public class GlobalMethodSecurityConfiguration implements ImportAware {
*/ */
@Bean @Bean
public MethodInterceptor methodSecurityInterceptor() throws Exception { public MethodInterceptor methodSecurityInterceptor() throws Exception {
MethodSecurityInterceptor methodSecurityInterceptor = isAspectJ() ? new AspectJMethodSecurityInterceptor() this.methodSecurityInterceptor = isAspectJ()
? new AspectJMethodSecurityInterceptor()
: new MethodSecurityInterceptor(); : new MethodSecurityInterceptor();
methodSecurityInterceptor.setAccessDecisionManager(accessDecisionManager()); methodSecurityInterceptor.setAccessDecisionManager(accessDecisionManager());
methodSecurityInterceptor.setAfterInvocationManager(afterInvocationManager()); methodSecurityInterceptor.setAfterInvocationManager(afterInvocationManager());
methodSecurityInterceptor.setAuthenticationManager(authenticationManager());
methodSecurityInterceptor methodSecurityInterceptor
.setSecurityMetadataSource(methodSecurityMetadataSource()); .setSecurityMetadataSource(methodSecurityMetadataSource());
RunAsManager runAsManager = runAsManager(); RunAsManager runAsManager = runAsManager();
if (runAsManager != null) { if (runAsManager != null) {
methodSecurityInterceptor.setRunAsManager(runAsManager); methodSecurityInterceptor.setRunAsManager(runAsManager);
} }
return methodSecurityInterceptor;
return this.methodSecurityInterceptor;
}
/*
* (non-Javadoc)
*
* @see org.springframework.beans.factory.SmartInitializingSingleton#
* afterSingletonsInstantiated()
*/
@Override
public void afterSingletonsInstantiated() {
try {
initializeMethodSecurityInterceptor();
}
catch (Exception e) {
throw new RuntimeException(e);
}
}
private void initializeMethodSecurityInterceptor() throws Exception {
if(this.methodSecurityInterceptor == null) {
return;
}
this.methodSecurityInterceptor.setAuthenticationManager(authenticationManager());
} }
/** /**

30
config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy
View File

@ -23,6 +23,7 @@ import org.springframework.context.annotation.Import
import org.springframework.core.Ordered import org.springframework.core.Ordered
import org.springframework.core.annotation.Order import org.springframework.core.annotation.Order
import org.springframework.security.access.annotation.Secured import org.springframework.security.access.annotation.Secured
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.AuthenticationManager import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.authentication.AuthenticationProvider import org.springframework.security.authentication.AuthenticationProvider
import org.springframework.security.authentication.TestingAuthenticationToken import org.springframework.security.authentication.TestingAuthenticationToken
@ -485,4 +486,33 @@ class AuthenticationConfigurationTests extends BaseSpringSpec {
UDS UDS
} }
} }
def 'EnableGlobalMethodSecurity configuration uses PreAuthorize does not cause BeanCurrentlyInCreationException'() {
when:
loadConfig(UsesPreAuthorizeMethodSecurityConfig,AuthenticationManagerBeanConfig)
then:
noExceptionThrown()
}
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
static class UsesPreAuthorizeMethodSecurityConfig {
@PreAuthorize("denyAll")
void run() {}
}
def 'EnableGlobalMethodSecurity uses method security service'() {
when:
loadConfig(ServicesConfig,UsesPreAuthorizeMethodSecurityConfig,AuthenticationManagerBeanConfig)
then:
noExceptionThrown()
}
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
static class UsesServiceMethodSecurityConfig {
@Autowired
Service service
}
} }