diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java index d427e18c44..54133e6a30 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java @@ -18,7 +18,6 @@ package org.springframework.security.config.annotation.authentication.configurer import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.config.annotation.ObjectPostProcessor; import org.springframework.security.config.annotation.SecurityBuilder; -import org.springframework.security.config.annotation.SecurityConfigurer; import org.springframework.security.config.annotation.authentication.ProviderManagerBuilder; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.password.PasswordEncoder; diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.groovy index bd8a0b3ed3..b50774b10e 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.groovy @@ -35,6 +35,7 @@ import org.springframework.security.config.annotation.configuration.ObjectPostPr import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.Authentication +import org.springframework.security.core.userdetails.PasswordEncodedUser import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -90,10 +91,10 @@ class AuthenticationManagerBuilderTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER").and() + .withUser(PasswordEncodedUser.user()) .and() .inMemoryAuthentication() - .withUser("admin").password("password").roles("USER","ADMIN") + .withUser(PasswordEncodedUser.admin()) } } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.groovy index d60a75bd04..2f40aa6d6c 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.groovy @@ -25,6 +25,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.Authentication +import org.springframework.security.core.userdetails.PasswordEncodedUser /** * @@ -50,7 +51,7 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser(PasswordEncodedUser.user()) } // Only necessary to have access to verify the AuthenticationManager @@ -68,7 +69,7 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec { Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user","password")) then: auth.credentials == "password" - auth.principal.password == "password" + auth.principal.password } @EnableWebSecurity @@ -77,7 +78,7 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec { auth .eraseCredentials(false) .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser(PasswordEncodedUser.user()) } // Only necessary to have access to verify the AuthenticationManager @@ -95,7 +96,7 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec { Authentication auth = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user","password")) then: auth.credentials == "password" - auth.principal.password == "password" + auth.principal.password } @EnableWebSecurity @@ -105,7 +106,7 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec { auth .eraseCredentials(false) .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser(PasswordEncodedUser.user()) } } } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.groovy index d5936d100a..45666ed618 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.groovy @@ -15,6 +15,8 @@ */ package org.springframework.security.config.annotation.authentication +import org.springframework.security.core.userdetails.PasswordEncodedUser + import javax.sql.DataSource import org.springframework.beans.factory.annotation.Autowired @@ -89,9 +91,7 @@ class NamespaceJdbcUserServiceTests extends BaseSpringSpec { // imports the default schema (will fail if already exists) .withDefaultSchema() // adds this user automatically (will fail if already exists) - .withUser("user") - .password("password") - .roles("USER") + .withUser(PasswordEncodedUser.user()) } // Only necessary to have access to verify the AuthenticationManager diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy index a4dd82f7bd..6090e045fa 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy @@ -39,6 +39,7 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur import org.springframework.security.core.AuthenticationException import org.springframework.security.core.authority.AuthorityUtils import org.springframework.security.core.context.SecurityContextHolder +import org.springframework.security.core.userdetails.PasswordEncodedUser import org.springframework.security.core.userdetails.User import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder @@ -64,7 +65,7 @@ class AuthenticationConfigurationTests extends BaseSpringSpec { static class GlobalMethodSecurityAutowiredConfig { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { - auth.inMemoryAuthentication().withUser("user").password("password").roles("USER") + auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user()) } } @@ -88,7 +89,7 @@ class AuthenticationConfigurationTests extends BaseSpringSpec { static class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { - auth.inMemoryAuthentication().withUser("user").password("password").roles("USER") + auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user()) } } @@ -111,7 +112,7 @@ class AuthenticationConfigurationTests extends BaseSpringSpec { static class WebMvcSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { - auth.inMemoryAuthentication().withUser("user").password("password").roles("USER") + auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user()) } } @@ -148,7 +149,7 @@ class AuthenticationConfigurationTests extends BaseSpringSpec { @Configuration static class GlobalAuthenticationConfiguererAdapterImpl extends GlobalAuthenticationConfigurerAdapter { public void init(AuthenticationManagerBuilder auth) throws Exception { - auth.inMemoryAuthentication().withUser("user").password("password").roles("USER") + auth.inMemoryAuthentication().withUser(PasswordEncodedUser.user()) } } @@ -264,7 +265,7 @@ class AuthenticationConfigurationTests extends BaseSpringSpec { public void init(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser(PasswordEncodedUser.user()) } } @@ -282,7 +283,7 @@ class AuthenticationConfigurationTests extends BaseSpringSpec { return; } - User user = new User("boot","password", AuthorityUtils.createAuthorityList("ROLE_USER")) + User user = User.withUserDetails(PasswordEncodedUser.user()).username("boot").build() List users = Arrays.asList(user); InMemoryUserDetailsManager inMemory = new InMemoryUserDetailsManager(users); @@ -373,11 +374,11 @@ class AuthenticationConfigurationTests extends BaseSpringSpec { when: am.authenticate(new UsernamePasswordAuthenticationToken("user", "password")) then: - 1 * uds.loadUserByUsername("user") >> new User("user","password",AuthorityUtils.createAuthorityList("ROLE_USER")) + 1 * uds.loadUserByUsername("user") >> PasswordEncodedUser.user() when: am.authenticate(new UsernamePasswordAuthenticationToken("user", "invalid")) then: - 1 * uds.loadUserByUsername("user") >> new User("user","password",AuthorityUtils.createAuthorityList("ROLE_USER")) + 1 * uds.loadUserByUsername("user") >> PasswordEncodedUser.user() thrown(AuthenticationException.class) } @@ -514,4 +515,4 @@ class AuthenticationConfigurationTests extends BaseSpringSpec { @Autowired Service service } -} \ No newline at end of file +} diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy index c57f175630..900a94bbc7 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy @@ -15,6 +15,8 @@ */ package org.springframework.security.config.annotation.web +import org.springframework.security.core.userdetails.PasswordEncodedUser + import javax.servlet.http.HttpServletResponse import org.springframework.beans.factory.annotation.Autowired @@ -93,7 +95,7 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + .withUser(PasswordEncodedUser.user()); } } @@ -180,8 +182,8 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER").and() - .withUser("admin").password("password").roles("USER", "ADMIN"); + .withUser(PasswordEncodedUser.user()) + .withUser(PasswordEncodedUser.admin()); } } @@ -276,8 +278,8 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER").and() - .withUser("admin").password("password").roles("USER", "ADMIN"); + .withUser(PasswordEncodedUser.user()) + .withUser(PasswordEncodedUser.admin()); } @Configuration diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy index 9c39942e8a..d216242e64 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy @@ -13,7 +13,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.config.annotation.web; +package org.springframework.security.config.annotation.web + +import org.springframework.security.core.userdetails.PasswordEncodedUser; import static org.junit.Assert.* import static org.springframework.security.config.annotation.web.WebSecurityConfigurerAdapterTestsConfigs.* @@ -94,7 +96,7 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser(PasswordEncodedUser.user()) } @Override @@ -117,7 +119,7 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser(PasswordEncodedUser.user()) } @Override @@ -153,7 +155,7 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser("user").password("{noop}password").roles("USER") } @Override @@ -234,7 +236,7 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser(PasswordEncodedUser.user()) } } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/BaseWebConfig.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/BaseWebConfig.groovy index 7d0699590d..44557dfe13 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/BaseWebConfig.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/BaseWebConfig.groovy @@ -17,6 +17,7 @@ package org.springframework.security.config.annotation.web.configuration; import org.springframework.context.annotation.Configuration import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder +import org.springframework.security.core.userdetails.PasswordEncodedUser /** * @@ -34,7 +35,7 @@ public abstract class BaseWebConfig extends WebSecurityConfigurerAdapter { protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER").and() - .withUser("admin").password("password").roles("USER", "ADMIN"); + .withUser(PasswordEncodedUser.user()) + .withUser(PasswordEncodedUser.admin()); } -} \ No newline at end of file +} diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy index 3c271c17f6..12f641ef1b 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy @@ -20,6 +20,7 @@ import org.springframework.security.authentication.TestingAuthenticationToken import org.springframework.security.core.annotation.AuthenticationPrincipal import org.springframework.security.core.context.SecurityContext import org.springframework.security.core.context.SecurityContextImpl +import org.springframework.security.core.userdetails.PasswordEncodedUser import org.springframework.security.core.userdetails.User import org.springframework.security.web.context.HttpSessionSecurityContextRepository import org.springframework.test.context.web.WebAppConfiguration @@ -65,7 +66,7 @@ class EnableWebSecurityTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + .withUser(PasswordEncodedUser.user()); } @Bean diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy index 12e8448c0a..05ddb22564 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy @@ -15,6 +15,8 @@ */ package org.springframework.security.config.annotation.web.configurers +import org.springframework.security.core.userdetails.PasswordEncodedUser + import javax.servlet.http.HttpServletResponse import spock.lang.Unroll @@ -135,8 +137,8 @@ class CsrfConfigurerTests extends BaseSpringSpec { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth - .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .inMemoryAuthentication() + .withUser(PasswordEncodedUser.user()); } } @@ -257,8 +259,8 @@ class CsrfConfigurerTests extends BaseSpringSpec { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth - .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .inMemoryAuthentication() + .withUser(PasswordEncodedUser.user()); } } @@ -447,8 +449,8 @@ class CsrfConfigurerTests extends BaseSpringSpec { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth - .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .inMemoryAuthentication() + .withUser(PasswordEncodedUser.user()); } } @@ -487,8 +489,8 @@ class CsrfConfigurerTests extends BaseSpringSpec { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth - .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .inMemoryAuthentication() + .withUser(PasswordEncodedUser.user()); } } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy index 2c50d0dd75..1f2b8e78b3 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy @@ -15,6 +15,8 @@ */ package org.springframework.security.config.annotation.web.configurers +import org.springframework.security.core.userdetails.PasswordEncodedUser + import javax.servlet.http.Cookie import org.springframework.beans.factory.BeanCreationException @@ -75,7 +77,7 @@ public class RememberMeConfigurerTests extends BaseSpringSpec { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { - User user = new User("user", "password", AuthorityUtils.createAuthorityList("ROLE_USER")) + User user = PasswordEncodedUser.user(); DaoAuthenticationProvider provider = new DaoAuthenticationProvider() provider.userDetailsService = new InMemoryUserDetailsManager([user]) auth @@ -215,7 +217,7 @@ public class RememberMeConfigurerTests extends BaseSpringSpec { public void configureGlobal(AuthenticationManagerBuilder auth) { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + .withUser(PasswordEncodedUser.user()); } } @@ -235,8 +237,8 @@ public class RememberMeConfigurerTests extends BaseSpringSpec { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { auth - .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + .inMemoryAuthentication() + .withUser(PasswordEncodedUser.user()); } } @@ -261,8 +263,8 @@ public class RememberMeConfigurerTests extends BaseSpringSpec { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { auth - .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + .inMemoryAuthentication() + .withUser(PasswordEncodedUser.user()); } } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.groovy index aafa851c6a..3876325bd1 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.groovy @@ -15,6 +15,8 @@ */ package org.springframework.security.config.annotation.web.configurers +import org.springframework.security.core.userdetails.PasswordEncodedUser + import javax.servlet.http.HttpServletResponse import org.springframework.context.annotation.Configuration @@ -178,7 +180,7 @@ class RequestCacheConfigurerTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser(PasswordEncodedUser.user()); } } } diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.groovy index 58a91a6701..0939990eb2 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.groovy @@ -15,6 +15,8 @@ */ package org.springframework.security.config.annotation.web.configurers +import org.springframework.security.core.userdetails.PasswordEncodedUser + import javax.servlet.http.HttpServletResponse import org.springframework.mock.web.MockFilterChain @@ -144,7 +146,7 @@ class SessionManagementConfigurerTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser(PasswordEncodedUser.user()) } } @@ -200,7 +202,7 @@ class SessionManagementConfigurerTests extends BaseSpringSpec { protected void configure(AuthenticationManagerBuilder auth) { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER") + .withUser(PasswordEncodedUser.user()) } } diff --git a/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java b/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java index 5251aef423..bfff895b4b 100644 --- a/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java +++ b/config/src/test/java/org/springframework/security/config/ConfigTestUtils.java @@ -19,10 +19,10 @@ public abstract class ConfigTestUtils { public static final String AUTH_PROVIDER_XML = "" + " " + " " - + " " - + " " - + " " - + " " + + " " + + " " + + " " + + " " + " " + " " + ""; diff --git a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java index e6539e45ec..cf36842e90 100644 --- a/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java +++ b/config/src/test/java/org/springframework/security/config/DataSourcePopulator.java @@ -46,13 +46,13 @@ public class DataSourcePopulator implements InitializingBean { * is disabled) Encoded password for bill is "wombat" Encoded password for bob is * "wombat" Encoded password for jane is "wombat" */ - template.execute("INSERT INTO USERS VALUES('rod','koala',TRUE);"); - template.execute("INSERT INTO USERS VALUES('dianne','65d15fe9156f9c4bbffd98085992a44e',TRUE);"); - template.execute("INSERT INTO USERS VALUES('scott','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); - template.execute("INSERT INTO USERS VALUES('peter','22b5c9accc6e1ba628cedc63a72d57f8',FALSE);"); - template.execute("INSERT INTO USERS VALUES('bill','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); - template.execute("INSERT INTO USERS VALUES('bob','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); - template.execute("INSERT INTO USERS VALUES('jane','2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); + template.execute("INSERT INTO USERS VALUES('rod','{noop}koala',TRUE);"); + template.execute("INSERT INTO USERS VALUES('dianne','{MD5}65d15fe9156f9c4bbffd98085992a44e',TRUE);"); + template.execute("INSERT INTO USERS VALUES('scott','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); + template.execute("INSERT INTO USERS VALUES('peter','{MD5}22b5c9accc6e1ba628cedc63a72d57f8',FALSE);"); + template.execute("INSERT INTO USERS VALUES('bill','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); + template.execute("INSERT INTO USERS VALUES('bob','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); + template.execute("INSERT INTO USERS VALUES('jane','{MD5}2b58af6dddbd072ed27ffc86725d7d3a',TRUE);"); template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_USER');"); template.execute("INSERT INTO AUTHORITIES VALUES('rod','ROLE_SUPERVISOR');"); template.execute("INSERT INTO AUTHORITIES VALUES('dianne','ROLE_USER');"); diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java index f2779d4605..441a017546 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java @@ -45,6 +45,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextImpl; +import org.springframework.security.core.userdetails.PasswordEncodedUser; import org.springframework.security.web.context.HttpRequestResponseHolder; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.csrf.CsrfToken; @@ -126,7 +127,7 @@ public class SessionManagementConfigurerServlet31Tests { protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + .withUser(PasswordEncodedUser.user()); } // @formatter:on } diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java index 8e19cba16c..3d77931dc0 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java @@ -32,6 +32,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.userdetails.PasswordEncodedUser; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.FilterChainProxy; @@ -66,9 +67,7 @@ public class AuthenticationConfigurationGh3935Tests { public void delegateUsesExisitingAuthentication() { String username = "user"; String password = "password"; - User user = new User(username, password, - AuthorityUtils.createAuthorityList("ROLE_USER")); - when(this.uds.loadUserByUsername(username)).thenReturn(user); + when(this.uds.loadUserByUsername(username)).thenReturn(PasswordEncodedUser.user()); AuthenticationManager authenticationManager = this.adapter.authenticationManager; assertThat(authenticationManager).isNotNull(); @@ -77,7 +76,7 @@ public class AuthenticationConfigurationGh3935Tests { new UsernamePasswordAuthenticationToken(username, password)); verify(this.uds).loadUserByUsername(username); - assertThat(auth.getPrincipal()).isEqualTo(user); + assertThat(auth.getPrincipal()).isEqualTo(PasswordEncodedUser.user()); } @EnableWebSecurity diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java index 4bcde96a16..ff2667afc3 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java @@ -39,7 +39,7 @@ public class AuthenticationManagerBeanDefinitionParserTests { private static final String CONTEXT = "" + " " + " " - + " " + + " " + " " + " " + ""; private AbstractXmlApplicationContext appContext; diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java index 48bab47fc6..5700692317 100644 --- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParserTests.java @@ -51,7 +51,7 @@ public class AuthenticationProviderBeanDefinitionParserTests { public void worksWithEmbeddedUserService() { setContext(" " + " " - + " " + + " " + " " + " "); getProvider().authenticate(bob); } @@ -63,7 +63,7 @@ public class AuthenticationProviderBeanDefinitionParserTests { + " " + " " + " " - + " " + + " " + " "); getProvider().authenticate(bob); } diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java index 54301202da..19da353fbd 100644 --- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java +++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java @@ -56,7 +56,7 @@ import org.springframework.util.ReflectionUtils; public class SessionManagementConfigServlet31Tests { private static final String XML_AUTHENTICATION_MANAGER = "" + " " + " " - + " " + + " " + " " + " " + ""; diff --git a/config/src/test/resources/CustomJdbcUserServiceSampleConfig.sql b/config/src/test/resources/CustomJdbcUserServiceSampleConfig.sql index a63dc8afd6..7ca4c6e697 100644 --- a/config/src/test/resources/CustomJdbcUserServiceSampleConfig.sql +++ b/config/src/test/resources/CustomJdbcUserServiceSampleConfig.sql @@ -5,7 +5,7 @@ create table groups (id bigint generated by default as identity(start with 0) pr create table group_authorities (group_id bigint not null,authority varchar(50) not null,constraint fk_group_authorities_group foreign key(group_id) references groups(id)); create table group_members (id bigint generated by default as identity(start with 0) primary key,username varchar(50) not null,group_id bigint not null,constraint fk_group_members_group foreign key(group_id) references groups(id)); -insert into users values('user','password'); +insert into users values('user','{noop}password'); insert into roles values('user','USER'); insert into groups values(1,'OPERATIONS'); diff --git a/config/src/test/resources/org/springframework/security/config/users.properties b/config/src/test/resources/org/springframework/security/config/users.properties index d2369d9a08..c511f24b70 100644 --- a/config/src/test/resources/org/springframework/security/config/users.properties +++ b/config/src/test/resources/org/springframework/security/config/users.properties @@ -1,2 +1,2 @@ -joe=joespassword,ROLE_A -bob=bobspassword,ROLE_A,ROLE_B +joe={noop}joespassword,ROLE_A +bob={noop}bobspassword,ROLE_A,ROLE_B diff --git a/config/src/test/resources/users.properties b/config/src/test/resources/users.properties index f1ea5d2cbf..9b4f608b94 100644 --- a/config/src/test/resources/users.properties +++ b/config/src/test/resources/users.properties @@ -16,4 +16,4 @@ # */ # -user=password,ROLE_USER +user={noop}password,ROLE_USER diff --git a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java index b413b5d4a2..0dbd7d0959 100644 --- a/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java @@ -24,7 +24,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.crypto.password.NoOpPasswordEncoder; +import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.util.Assert; @@ -63,7 +63,7 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication private UserDetailsService userDetailsService; public DaoAuthenticationProvider() { - setPasswordEncoder(NoOpPasswordEncoder.getInstance()); + setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder()); } // ~ Methods diff --git a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java index 7a6dc2c875..68b254f036 100644 --- a/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java +++ b/core/src/test/java/org/springframework/security/authentication/dao/DaoAuthenticationProviderTests.java @@ -50,6 +50,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache; import org.springframework.security.core.userdetails.cache.NullUserCache; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.NoOpPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; /** @@ -70,7 +71,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "rod", "KOala"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); provider.setUserCache(new MockUserCache()); @@ -86,7 +87,7 @@ public class DaoAuthenticationProviderTests { @Test public void testReceivedBadCredentialsWhenCredentialsNotProvided() { // Test related to SEC-434 - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); provider.setUserCache(new MockUserCache()); @@ -106,7 +107,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "peter", "opal"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService( new MockAuthenticationDaoUserPeterAccountExpired()); provider.setUserCache(new MockUserCache()); @@ -125,7 +126,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "peter", "opal"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserPeterAccountLocked()); provider.setUserCache(new MockUserCache()); @@ -143,7 +144,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "peter", "opal"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService( new MockAuthenticationDaoUserPeterCredentialsExpired()); provider.setUserCache(new MockUserCache()); @@ -174,7 +175,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "peter", "opal"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserPeter()); provider.setUserCache(new MockUserCache()); @@ -192,7 +193,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "rod", "koala"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoSimulateBackendError()); provider.setUserCache(new MockUserCache()); @@ -209,7 +210,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( null, "koala"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); provider.setUserCache(new MockUserCache()); @@ -227,7 +228,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "rod", "INVALID_PASSWORD"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); provider.setUserCache(new MockUserCache()); @@ -245,7 +246,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "INVALID_USER", "koala"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setHideUserNotFoundExceptions(false); // we want // UsernameNotFoundExceptions provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); @@ -265,7 +266,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "INVALID_USER", "koala"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); assertThat(provider.isHideUserNotFoundExceptions()).isTrue(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); provider.setUserCache(new MockUserCache()); @@ -284,7 +285,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "RoD", "koala"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); provider.setUserCache(new MockUserCache()); @@ -303,7 +304,7 @@ public class DaoAuthenticationProviderTests { "rod", "koala"); token.setDetails("192.168.0.1"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); provider.setUserCache(new MockUserCache()); @@ -327,7 +328,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "rod", "koala"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); provider.setUserCache(new MockUserCache()); @@ -352,7 +353,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "rod", "koala"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); provider.setUserCache(new MockUserCache()); provider.setForcePrincipalAsString(true); @@ -373,7 +374,7 @@ public class DaoAuthenticationProviderTests { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "rod", "koala"); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoReturnsNull()); try { @@ -410,7 +411,7 @@ public class DaoAuthenticationProviderTests { MockAuthenticationDaoUserrod authenticationDao = new MockAuthenticationDaoUserrod(); MockUserCache cache = new MockUserCache(); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(authenticationDao); provider.setUserCache(cache); @@ -448,7 +449,7 @@ public class DaoAuthenticationProviderTests { @Test public void testStartupFailsIfNoUserCacheSet() throws Exception { - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); assertThat(provider.getUserCache().getClass()).isEqualTo(NullUserCache.class); provider.setUserCache(null); @@ -464,7 +465,7 @@ public class DaoAuthenticationProviderTests { @Test public void testStartupSuccess() throws Exception { - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); UserDetailsService userDetailsService = new MockAuthenticationDaoUserrod(); provider.setUserDetailsService(userDetailsService); provider.setUserCache(new MockUserCache()); @@ -475,7 +476,7 @@ public class DaoAuthenticationProviderTests { @Test public void testSupports() { - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); assertThat(provider.supports(UsernamePasswordAuthenticationToken.class)).isTrue(); assertThat(!provider.supports(TestingAuthenticationToken.class)).isTrue(); } @@ -527,7 +528,7 @@ public class DaoAuthenticationProviderTests { public void testUserNotFoundDefaultEncoder() { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( "missing", null); - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + DaoAuthenticationProvider provider = createProvider(); provider.setHideUserNotFoundExceptions(false); provider.setUserDetailsService(new MockAuthenticationDaoUserrod()); try { @@ -713,4 +714,10 @@ public class DaoAuthenticationProviderTests { } } } + + private DaoAuthenticationProvider createProvider() { + DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); + provider.setPasswordEncoder(NoOpPasswordEncoder.getInstance()); + return provider; + } } diff --git a/itest/context/src/integration-test/resources/python-method-access-app-context.xml b/itest/context/src/integration-test/resources/python-method-access-app-context.xml index dcacf74279..69f003cd50 100644 --- a/itest/context/src/integration-test/resources/python-method-access-app-context.xml +++ b/itest/context/src/integration-test/resources/python-method-access-app-context.xml @@ -26,7 +26,7 @@ - + diff --git a/itest/context/src/integration-test/resources/sec-936-app-context.xml b/itest/context/src/integration-test/resources/sec-936-app-context.xml index 3a2dc0c29a..ec3e933021 100755 --- a/itest/context/src/integration-test/resources/sec-936-app-context.xml +++ b/itest/context/src/integration-test/resources/sec-936-app-context.xml @@ -10,7 +10,7 @@ - + diff --git a/itest/web/src/integration-test/resources/spring/in-memory-provider.xml b/itest/web/src/integration-test/resources/spring/in-memory-provider.xml index b3dcd648a5..c5746a268a 100644 --- a/itest/web/src/integration-test/resources/spring/in-memory-provider.xml +++ b/itest/web/src/integration-test/resources/spring/in-memory-provider.xml @@ -9,11 +9,11 @@ - - - - - + + + + + diff --git a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index f26761fedf..d60463191e 100644 --- a/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -20,6 +20,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; /** * @author Joe Grandja @@ -44,7 +45,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + .withUser(User.withDefaultPasswordEncoder().username("user").password("password").roles("USER")); } // @formatter:on } diff --git a/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 4296338a86..a2a3c67c05 100644 --- a/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/form/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -20,6 +20,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @@ -47,7 +48,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + .withUser(User.withDefaultPasswordEncoder().username("user").password("password").roles("USER")); } // @formatter:on } diff --git a/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 68855b0d74..8b3d394dbb 100644 --- a/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/hellomvc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -18,6 +18,7 @@ package org.springframework.security.samples.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.userdetails.User; @EnableWebSecurity public class SecurityConfig { @@ -28,7 +29,7 @@ public class SecurityConfig { AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + .withUser(User.withDefaultPasswordEncoder().username("user").password("password").roles("USER")); } // @formatter:on } diff --git a/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index 34ec8888d6..c5dfc89a2a 100644 --- a/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -18,6 +18,7 @@ package org.springframework.security.samples.config; import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @@ -27,9 +28,8 @@ public class SecurityConfig { // @formatter:off @Bean public UserDetailsService userDetailsService() throws Exception { - InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); - manager.createUser(User.withUsername("user").password("password").roles("USER").build()); - return manager; + UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build(); + return new InMemoryUserDetailsManager(user); } // @formatter:on } diff --git a/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index faced1f4a8..e8d2ae560b 100644 --- a/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/inmemory/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -15,21 +15,23 @@ */ package org.springframework.security.samples.config; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; @EnableWebSecurity public class SecurityConfig { // @formatter:off - @Autowired - public void configureGlobal( - AuthenticationManagerBuilder auth) throws Exception { - auth - .inMemoryAuthentication() - .withUser("user").password("password").roles("USER").and() - .withUser("admin").password("password").roles("USER","ADMIN"); + @Bean + public UserDetailsService userDetailsService() throws Exception { + User.UserBuilder builder = User.withDefaultPasswordEncoder(); + UserDetails user = builder.username("user").password("password").roles("USER").build(); + UserDetails admin = builder.username("admin").password("password").roles("USER", "ADMIN").build(); + return new InMemoryUserDetailsManager(user, admin); } // @formatter:on } \ No newline at end of file diff --git a/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java b/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java index a33696912f..3132c3a305 100644 --- a/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java +++ b/samples/javaconfig/jdbc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java @@ -20,6 +20,7 @@ import javax.sql.DataSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.userdetails.User; @EnableWebSecurity public class SecurityConfig { @@ -33,7 +34,7 @@ public class SecurityConfig { .jdbcAuthentication() .dataSource(dataSource) .withDefaultSchema() - .withUser("user").password("password").roles("USER"); + .withUser(User.withDefaultPasswordEncoder().username("user").password("password").roles("USER")); } // @formatter:on -} \ No newline at end of file +} diff --git a/samples/xml/helloworld/src/main/webapp/WEB-INF/spring/security.xml b/samples/xml/helloworld/src/main/webapp/WEB-INF/spring/security.xml index d39e52a2f1..3ed7160a98 100644 --- a/samples/xml/helloworld/src/main/webapp/WEB-INF/spring/security.xml +++ b/samples/xml/helloworld/src/main/webapp/WEB-INF/spring/security.xml @@ -6,6 +6,6 @@ - + - \ No newline at end of file + diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java index 035742b9c5..bbda12cf65 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java @@ -20,9 +20,14 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; @@ -81,11 +86,10 @@ public class SecurityMockMvcResultMatchersTests { static class Config extends WebSecurityConfigurerAdapter { // @formatter:off - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { - auth - .inMemoryAuthentication() - .withUser("user").roles("USER","SELLER").password("password"); + @Bean + public UserDetailsService userDetailsService() { + UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER", "SELLER").build(); + return new InMemoryUserDetailsManager(user); } // @formatter:on diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java index 965a93cdb9..b66868adff 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockWithAuthoritiesMvcResultMatchersTests.java @@ -27,10 +27,15 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; @@ -77,11 +82,10 @@ public class SecurityMockWithAuthoritiesMvcResultMatchersTests { static class Config extends WebSecurityConfigurerAdapter { // @formatter:off - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { - auth - .inMemoryAuthentication() - .withUser("user").authorities("ROLE_ADMIN", "ROLE_SELLER").password("password"); + @Bean + public UserDetailsService userDetailsService() { + UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("ADMIN", "SELLER").build(); + return new InMemoryUserDetailsManager(user); } // @formatter:on diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java index 93ffb05652..6391571f4c 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java @@ -26,9 +26,14 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.context.web.WebAppConfiguration; @@ -83,11 +88,10 @@ public class AuthenticationTests { @EnableWebMvc static class Config extends WebSecurityConfigurerAdapter { // @formatter:off - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { - auth - .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + @Bean + public UserDetailsService userDetailsService() { + UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build(); + return new InMemoryUserDetailsManager(user); } // @formatter:on } diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java index 9775c6822b..476e365dfb 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java @@ -31,6 +31,10 @@ import org.springframework.security.config.annotation.authentication.builders.Au import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.context.SecurityContextRepository; import org.springframework.test.context.ContextConfiguration; @@ -106,11 +110,10 @@ public class CustomConfigAuthenticationTests { // @formatter:on // @formatter:off - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { - auth - .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + @Bean + public UserDetailsService userDetailsService() { + UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build(); + return new InMemoryUserDetailsManager(user); } // @formatter:on diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java index 70348b0891..f1a1c3fd21 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java @@ -23,10 +23,14 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.context.annotation.Bean; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders; import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.FormLoginRequestBuilder; import org.springframework.test.context.ContextConfiguration; @@ -92,11 +96,10 @@ public class CustomLoginRequestBuilderAuthenticationTests { // @formatter:on // @formatter:off - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { - auth - .inMemoryAuthentication() - .withUser("user").password("password").roles("USER"); + @Bean + public UserDetailsService userDetailsService() { + UserDetails user = User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build(); + return new InMemoryUserDetailsManager(user); } // @formatter:on }