Add authenticationManagerResolver to Kotlin DSL

Closes gh-8981
This commit is contained in:
Eleftheria Stein 2020-08-28 11:48:55 +02:00
parent 7a5d9ce287
commit 902fca65a4
2 changed files with 73 additions and 5 deletions

View File

@ -16,6 +16,7 @@
package org.springframework.security.config.web.servlet
import org.springframework.security.authentication.AuthenticationManagerResolver
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.web.servlet.oauth2.resourceserver.JwtDsl
import org.springframework.security.config.web.servlet.oauth2.resourceserver.OpaqueTokenDsl
@ -23,6 +24,7 @@ import org.springframework.security.config.annotation.web.configurers.oauth2.ser
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
import org.springframework.security.web.AuthenticationEntryPoint
import org.springframework.security.web.access.AccessDeniedHandler
import javax.servlet.http.HttpServletRequest
/**
* A Kotlin DSL to configure [HttpSecurity] OAuth 2.0 resource server support using
@ -42,6 +44,7 @@ class OAuth2ResourceServerDsl {
var accessDeniedHandler: AccessDeniedHandler? = null
var authenticationEntryPoint: AuthenticationEntryPoint? = null
var bearerTokenResolver: BearerTokenResolver? = null
var authenticationManagerResolver: AuthenticationManagerResolver<HttpServletRequest>? = null
private var jwt: ((OAuth2ResourceServerConfigurer<HttpSecurity>.JwtConfigurer) -> Unit)? = null
private var opaqueToken: ((OAuth2ResourceServerConfigurer<HttpSecurity>.OpaqueTokenConfigurer) -> Unit)? = null
@ -105,6 +108,7 @@ class OAuth2ResourceServerDsl {
accessDeniedHandler?.also { oauth2ResourceServer.accessDeniedHandler(accessDeniedHandler) }
authenticationEntryPoint?.also { oauth2ResourceServer.authenticationEntryPoint(authenticationEntryPoint) }
bearerTokenResolver?.also { oauth2ResourceServer.bearerTokenResolver(bearerTokenResolver) }
authenticationManagerResolver?.also { oauth2ResourceServer.authenticationManagerResolver(authenticationManagerResolver) }
jwt?.also { oauth2ResourceServer.jwt(jwt) }
opaqueToken?.also { oauth2ResourceServer.opaqueToken(opaqueToken) }
}

View File

@ -16,11 +16,15 @@
package org.springframework.security.config.web.servlet
import org.assertj.core.api.Assertions
import org.junit.Rule
import org.junit.Test
import org.mockito.Mockito.*
import org.springframework.beans.factory.BeanCreationException
import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.authentication.AuthenticationManagerResolver
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
@ -28,11 +32,13 @@ import org.springframework.security.config.test.SpringTestRule
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB
import org.springframework.security.oauth2.jwt.Jwt
import org.springframework.security.oauth2.jwt.JwtDecoder
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
import org.springframework.security.web.AuthenticationEntryPoint
import org.springframework.security.web.access.AccessDeniedHandler
import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get
import javax.servlet.http.HttpServletRequest
/**
* Tests for [OAuth2ResourceServerDsl]
@ -47,6 +53,11 @@ class OAuth2ResourceServerDslTests {
@Autowired
lateinit var mockMvc: MockMvc
private val JWT: Jwt = Jwt.withTokenValue("token")
.header("alg", "none")
.claim(SUB, "user")
.build()
@Test
fun `oauth2Resource server when custom entry point then entry point used`() {
this.spring.register(EntryPointConfig::class.java).autowire()
@ -116,11 +127,7 @@ class OAuth2ResourceServerDslTests {
@Test
fun `oauth2Resource server when custom access denied handler then handler used`() {
this.spring.register(AccessDeniedHandlerConfig::class.java).autowire()
`when`(AccessDeniedHandlerConfig.DECODER.decode(anyString())).thenReturn(
Jwt.withTokenValue("token")
.header("alg", "none")
.claim(SUB, "user")
.build())
`when`(AccessDeniedHandlerConfig.DECODER.decode(anyString())).thenReturn(JWT)
this.mockMvc.get("/") {
header("Authorization", "Bearer token")
@ -153,4 +160,61 @@ class OAuth2ResourceServerDslTests {
return DECODER
}
}
@Test
fun `oauth2Resource server when custom authentication manager resolver then resolver used`() {
this.spring.register(AuthenticationManagerResolverConfig::class.java).autowire()
`when`(AuthenticationManagerResolverConfig.RESOLVER.resolve(any())).thenReturn(
AuthenticationManager {
JwtAuthenticationToken(JWT)
}
)
this.mockMvc.get("/") {
header("Authorization", "Bearer token")
}
verify(AuthenticationManagerResolverConfig.RESOLVER).resolve(any())
}
@EnableWebSecurity
open class AuthenticationManagerResolverConfig : WebSecurityConfigurerAdapter() {
companion object {
var RESOLVER: AuthenticationManagerResolver<*> = mock(AuthenticationManagerResolver::class.java)
}
override fun configure(http: HttpSecurity) {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
}
oauth2ResourceServer {
authenticationManagerResolver = RESOLVER as AuthenticationManagerResolver<HttpServletRequest>
}
}
}
}
@Test
fun `oauth2Resource server when custom authentication manager resolver and opaque then exception`() {
Assertions.assertThatExceptionOfType(BeanCreationException::class.java)
.isThrownBy { spring.register(AuthenticationManagerResolverAndOpaqueConfig::class.java).autowire() }
.withMessageContaining("authenticationManagerResolver")
}
@EnableWebSecurity
open class AuthenticationManagerResolverAndOpaqueConfig : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http {
authorizeRequests {
authorize(anyRequest, authenticated)
}
oauth2ResourceServer {
authenticationManagerResolver = mock(AuthenticationManagerResolver::class.java)
as AuthenticationManagerResolver<HttpServletRequest>
opaqueToken { }
}
}
}
}
}