From 7080ea652fe43d641754b5a5ac1960e22a857288 Mon Sep 17 00:00:00 2001 From: Marcus Da Coregio Date: Wed, 14 Dec 2022 10:15:24 -0300 Subject: [PATCH] Add hints for ProxyFactoryBean AuthenticationManager Closes gh-12367 --- config/spring-security-config.gradle | 1 + ...onManagerBeanRegistrationAotProcessor.java | 62 +++++++++++ .../resources/META-INF/spring/aot.factories | 2 + ...agerBeanRegistrationAotProcessorTests.java | 102 ++++++++++++++++++ 4 files changed, 167 insertions(+) create mode 100644 config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationManagerBeanRegistrationAotProcessor.java create mode 100644 config/src/main/resources/META-INF/spring/aot.factories create mode 100644 config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationManagerBeanRegistrationAotProcessorTests.java diff --git a/config/spring-security-config.gradle b/config/spring-security-config.gradle index 36109d574e..ac076ddd60 100644 --- a/config/spring-security-config.gradle +++ b/config/spring-security-config.gradle @@ -93,6 +93,7 @@ dependencies { testImplementation 'org.springframework:spring-jdbc' testImplementation 'org.springframework:spring-orm' testImplementation 'org.springframework:spring-tx' + testImplementation 'org.springframework:spring-core-test' testImplementation ('org.springframework.data:spring-data-jpa') { exclude group: 'org.aspectj', module: 'aspectjrt' } diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationManagerBeanRegistrationAotProcessor.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationManagerBeanRegistrationAotProcessor.java new file mode 100644 index 0000000000..b9e103f902 --- /dev/null +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationManagerBeanRegistrationAotProcessor.java @@ -0,0 +1,62 @@ +/* + * Copyright 2002-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.config.annotation.authentication.configuration; + +import java.util.Set; + +import org.springframework.aop.framework.AopProxyUtils; +import org.springframework.aot.generate.GenerationContext; +import org.springframework.aot.hint.ProxyHints; +import org.springframework.beans.factory.aot.BeanRegistrationAotContribution; +import org.springframework.beans.factory.aot.BeanRegistrationAotProcessor; +import org.springframework.beans.factory.aot.BeanRegistrationCode; +import org.springframework.beans.factory.support.RegisteredBean; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.util.ClassUtils; + +/** + * AOT {@code BeanRegistrationAotProcessor} that detects beans that implement + * {@link AuthenticationManager} creates the required proxy hints. + * + * @author Marcus da Coregio + * @since 6.0.1 + * @see AuthenticationConfiguration#getAuthenticationManager() + */ +class AuthenticationManagerBeanRegistrationAotProcessor implements BeanRegistrationAotProcessor { + + @Override + public BeanRegistrationAotContribution processAheadOfTime(RegisteredBean registeredBean) { + Class beanClass = registeredBean.getBeanClass(); + Set> allInterfacesForClass = ClassUtils.getAllInterfacesForClassAsSet(beanClass); + if (allInterfacesForClass.contains(AuthenticationManager.class)) { + return new AuthenticationManagerBeanRegistrationAotContribution(); + } + return null; + } + + private static class AuthenticationManagerBeanRegistrationAotContribution + implements BeanRegistrationAotContribution { + + @Override + public void applyTo(GenerationContext generationContext, BeanRegistrationCode beanRegistrationCode) { + ProxyHints proxyHints = generationContext.getRuntimeHints().proxies(); + proxyHints.registerJdkProxy(AopProxyUtils.completeJdkProxyInterfaces(AuthenticationManager.class)); + } + + } + +} diff --git a/config/src/main/resources/META-INF/spring/aot.factories b/config/src/main/resources/META-INF/spring/aot.factories new file mode 100644 index 0000000000..f7e2233e0f --- /dev/null +++ b/config/src/main/resources/META-INF/spring/aot.factories @@ -0,0 +1,2 @@ +org.springframework.beans.factory.aot.BeanRegistrationAotProcessor=\ +org.springframework.security.config.annotation.authentication.configuration.AuthenticationManagerBeanRegistrationAotProcessor diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationManagerBeanRegistrationAotProcessorTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationManagerBeanRegistrationAotProcessorTests.java new file mode 100644 index 0000000000..ef8a9a2a64 --- /dev/null +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationManagerBeanRegistrationAotProcessorTests.java @@ -0,0 +1,102 @@ +/* + * Copyright 2002-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.config.annotation.authentication.configuration; + +import org.junit.jupiter.api.Test; + +import org.springframework.aop.SpringProxy; +import org.springframework.aop.framework.Advised; +import org.springframework.aot.generate.GenerationContext; +import org.springframework.aot.hint.predicate.RuntimeHintsPredicates; +import org.springframework.aot.test.generate.TestGenerationContext; +import org.springframework.beans.factory.aot.BeanRegistrationAotContribution; +import org.springframework.beans.factory.aot.BeanRegistrationCode; +import org.springframework.beans.factory.support.DefaultListableBeanFactory; +import org.springframework.beans.factory.support.RegisteredBean; +import org.springframework.beans.factory.support.RootBeanDefinition; +import org.springframework.core.DecoratingProxy; +import org.springframework.lang.Nullable; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; + +/** + * Tests for {@link AuthenticationManagerBeanRegistrationAotProcessor} + * + * @author Marcus da Coregio + */ +class AuthenticationManagerBeanRegistrationAotProcessorTests { + + private final AuthenticationManagerBeanRegistrationAotProcessor processor = new AuthenticationManagerBeanRegistrationAotProcessor(); + + private final GenerationContext generationContext = new TestGenerationContext(); + + @Test + void shouldSkipWhenInterfaceNotImplemented() { + process(NoAuthenticationManager.class); + assertThat(this.generationContext.getRuntimeHints().proxies().jdkProxyHints()).isEmpty(); + } + + @Test + void shouldProcessWhenImplementsInterface() { + process(MyAuthenticationManager.class); + assertThat(RuntimeHintsPredicates.proxies().forInterfaces(AuthenticationManager.class, SpringProxy.class, + Advised.class, DecoratingProxy.class)).accepts(this.generationContext.getRuntimeHints()); + } + + @Test + void shouldProcessWhenSuperclassImplementsInterface() { + process(ChildAuthenticationManager.class); + assertThat(RuntimeHintsPredicates.proxies().forInterfaces(AuthenticationManager.class, SpringProxy.class, + Advised.class, DecoratingProxy.class)).accepts(this.generationContext.getRuntimeHints()); + } + + private void process(Class beanClass) { + BeanRegistrationAotContribution contribution = createContribution(beanClass); + if (contribution != null) { + contribution.applyTo(this.generationContext, mock(BeanRegistrationCode.class)); + } + } + + @Nullable + private BeanRegistrationAotContribution createContribution(Class beanClass) { + DefaultListableBeanFactory beanFactory = new DefaultListableBeanFactory(); + beanFactory.registerBeanDefinition(beanClass.getName(), new RootBeanDefinition(beanClass)); + return this.processor.processAheadOfTime(RegisteredBean.of(beanFactory, beanClass.getName())); + } + + static class NoAuthenticationManager { + + } + + static class MyAuthenticationManager implements AuthenticationManager { + + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + return null; + } + + } + + static class ChildAuthenticationManager extends MyAuthenticationManager { + + } + +}