SEC-1225: Use bean references for authentication providers. Updated AuthenticationManagerBDP to regsiter the providers as top level beans.

2009-08-22 12:37:14 +00:00 · 2009-08-22 12:37:14 +00:00 · 579644fa95
parent 24911eb606
commit 579644fa95
2 changed files with 20 additions and 1 deletions
--- a/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParser.java
@ -60,7 +60,9 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
                } else {
                    BeanDefinition provider = resolver.resolve(providerElt.getNamespaceURI()).parse(providerElt, pc);
                    Assert.notNull(provider, "Parser for " + providerElt.getNodeName() + " returned a null bean definition");
-                    providers.add(provider);
+                    String id = pc.getReaderContext().registerWithGeneratedName(provider);
+                    pc.registerBeanComponent(new BeanComponentDefinition(provider, id));
+                    providers.add(new RuntimeBeanReference(id));
                }
            }
        }
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
@ -1,8 +1,11 @@
 package org.springframework.security.config.authentication;

+import static org.junit.Assert.*;
+
 import org.junit.Test;
 import org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException;
 import org.springframework.context.support.AbstractXmlApplicationContext;
+import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.concurrent.ConcurrentSessionControllerImpl;
 import org.springframework.security.authentication.concurrent.SessionRegistryImpl;
 import org.springframework.security.config.BeanIds;
@ -23,6 +26,20 @@ public class AuthenticationManagerBeanDefinitionParserTests {
        "  </b:property>" +
        "</b:bean>";

+    @Test
+    // SEC-1225
+    public void providersAreRegisteredAsTopLevelBeans() throws Exception {
+        setContext(
+          "<authentication-manager>" +
+          "    <authentication-provider>" +
+          "        <user-service>" +
+          "            <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
+          "        </user-service>" +
+          "    </authentication-provider>" +
+          "</authentication-manager>" + SESSION_CONTROLLER, "3.0");
+        assertEquals(1, appContext.getBeansOfType(AuthenticationProvider.class).size());
+    }
+
    @Test(expected=XmlBeanDefinitionStoreException.class)
    public void sessionControllerRefAttributeIsRejectedFor30Context() throws Exception {
        setContext(