Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Only Observe AuthenticationManager if it is not null 

Closes gh-13084
This commit is contained in:
Marcus Da Coregio 2023-05-02 10:12:46 -03:00
parent 8c5f13657e
commit 69338ecdfa
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
View File

@ -2998,7 +2998,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
else { else {
ObservationRegistry registry = getObservationRegistry(); ObservationRegistry registry = getObservationRegistry();
AuthenticationManager manager = getAuthenticationRegistry().build(); AuthenticationManager manager = getAuthenticationRegistry().build();
if (!registry.isNoop()) { if (!registry.isNoop() && manager != null) {
setSharedObject(AuthenticationManager.class, new ObservationAuthenticationManager(registry, manager)); setSharedObject(AuthenticationManager.class, new ObservationAuthenticationManager(registry, manager));
} }
else { else {

43
config/src/test/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfigurationTests.java
View File

@ -22,6 +22,7 @@ import java.util.List;
import java.util.concurrent.Callable; import java.util.concurrent.Callable;
import com.google.common.net.HttpHeaders; import com.google.common.net.HttpHeaders;
import io.micrometer.observation.ObservationRegistry;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
@ -39,6 +40,8 @@ import org.springframework.core.io.support.SpringFactoriesLoader;
import org.springframework.mock.web.MockHttpSession; import org.springframework.mock.web.MockHttpSession;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationEventPublisher; import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.TestingAuthenticationProvider;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent; import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
@ -46,6 +49,7 @@ import org.springframework.security.authentication.event.AuthenticationSuccessEv
import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig; import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.AnonymousConfigurer;
import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContext;
import org.springframework.security.config.test.SpringTestContextExtension; import org.springframework.security.config.test.SpringTestContextExtension;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
@ -325,6 +329,13 @@ public class HttpSecurityConfigurationTests {
.resolveMediaTypes(any(NativeWebRequest.class)); .resolveMediaTypes(any(NativeWebRequest.class));
} }
// gh-13084
@Test
public void configureWhenNoAuthenticationManagerAndObservationRegistryNotNoOpThenConfigure() throws Exception {
this.spring.register(ObservationConfig.class, NoAuthenticationManagerConfig.class).autowire();
this.mockMvc.perform(get("/"));
}
@RestController @RestController
static class NameController { static class NameController {
@ -532,6 +543,38 @@ public class HttpSecurityConfigurationTests {
} }
@Configuration
@EnableWebSecurity
static class NoAuthenticationManagerConfig {
@Bean
SecurityFilterChain apiSecurity(HttpSecurity http) throws Exception {
http.anonymous(AnonymousConfigurer::disable);
return http.build();
}
@Bean
AuthenticationProvider authenticationProvider1() {
return new TestingAuthenticationProvider();
}
@Bean
AuthenticationProvider authenticationProvider2() {
return new TestingAuthenticationProvider();
}
}
@Configuration
static class ObservationConfig {
@Bean
ObservationRegistry observationRegistry() {
return ObservationRegistry.create();
}
}
static class DefaultConfigurer extends AbstractHttpConfigurer<DefaultConfigurer, HttpSecurity> { static class DefaultConfigurer extends AbstractHttpConfigurer<DefaultConfigurer, HttpSecurity> {
boolean init; boolean init;