Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Authentication Event Publisher Mappings 

Fixes gh-7824
This commit is contained in:
Attoumane AHAMADI 2020-02-04 23:56:04 +01:00 committed by Josh Cummings
parent 7eb8a3daf5
commit bfc2832c6c
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 66 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
View File

@ -149,7 +149,10 @@ public class DefaultAuthenticationEventPublisher implements AuthenticationEventP
* @param additionalExceptionMappings where keys are the fully-qualified string name * @param additionalExceptionMappings where keys are the fully-qualified string name
* of the exception class and the values are the fully-qualified string name of the * of the exception class and the values are the fully-qualified string name of the
* event class to fire. * event class to fire.
*
* @deprecated use {@link #setAdditionalExceptionMappings(Map)}
*/ */
@Deprecated
@SuppressWarnings({ "unchecked" }) @SuppressWarnings({ "unchecked" })
public void setAdditionalExceptionMappings(Properties additionalExceptionMappings) { public void setAdditionalExceptionMappings(Properties additionalExceptionMappings) {
Assert.notNull(additionalExceptionMappings, Assert.notNull(additionalExceptionMappings,
@ -169,6 +172,26 @@ public class DefaultAuthenticationEventPublisher implements AuthenticationEventP
} }
} }
/**
* Sets additional exception to event mappings. These are automatically merged with
* the default exception to event mappings that <code>ProviderManager</code> defines.
*
* @param mappings where keys are exception classes and values are event classes.
* @since 5.3
*/
public void setAdditionalExceptionMappings(Map<Class<? extends AuthenticationException>,
Class<? extends AbstractAuthenticationFailureEvent>> mappings){
Assert.notEmpty(mappings, "The mappings Map must not be empty nor null");
for (Map.Entry<Class<? extends AuthenticationException>, Class<? extends AbstractAuthenticationFailureEvent>> entry
: mappings.entrySet()) {
Class<?> exceptionClass = entry.getKey();
Class<?> eventClass = entry.getValue();
Assert.notNull(exceptionClass, "exceptionClass cannot be null");
Assert.notNull(eventClass, "eventClass cannot be null");
addMapping(exceptionClass.getName(), (Class<? extends AbstractAuthenticationFailureEvent>) eventClass);
}
}
/** /**
* Sets a default authentication failure event as a fallback event for any unmapped * Sets a default authentication failure event as a fallback event for any unmapped
* exceptions not mapped in the exception mappings. * exceptions not mapped in the exception mappings.

44
core/src/test/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisherTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2020 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -19,6 +19,7 @@ import static org.mockito.Mockito.*;
import org.junit.*; import org.junit.*;
import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent; import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
import org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent; import org.springframework.security.authentication.event.AuthenticationFailureCredentialsExpiredEvent;
import org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent; import org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent;
@ -138,6 +139,47 @@ public class DefaultAuthenticationEventPublisherTests {
verifyZeroInteractions(appPublisher); verifyZeroInteractions(appPublisher);
} }
@Test(expected = IllegalArgumentException.class)
public void emptyMapCausesException() {
Map<Class<? extends AuthenticationException>,
Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
publisher = new DefaultAuthenticationEventPublisher();
publisher.setAdditionalExceptionMappings(mappings);
}
@Test(expected = IllegalArgumentException.class)
public void missingExceptionClassCausesException() {
Map<Class<? extends AuthenticationException>,
Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
mappings.put(null, AuthenticationFailureLockedEvent.class);
publisher = new DefaultAuthenticationEventPublisher();
publisher.setAdditionalExceptionMappings(mappings);
}
@Test(expected = IllegalArgumentException.class)
public void missingEventClassAsMapValueCausesException() {
Map<Class<? extends AuthenticationException>,
Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
mappings.put(LockedException.class, null);
publisher = new DefaultAuthenticationEventPublisher();
publisher.setAdditionalExceptionMappings(mappings);
}
@Test
public void additionalExceptionMappingsUsingMapAreSupported() {
publisher = new DefaultAuthenticationEventPublisher();
Map<Class<? extends AuthenticationException>,
Class<? extends AbstractAuthenticationFailureEvent>> mappings = new HashMap<>();
mappings.put(MockAuthenticationException.class,AuthenticationFailureDisabledEvent.class);
publisher.setAdditionalExceptionMappings(mappings);
ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
publisher.setApplicationEventPublisher(appPublisher);
publisher.publishAuthenticationFailure(new MockAuthenticationException("test"),
mock(Authentication.class));
verify(appPublisher).publishEvent(isA(AuthenticationFailureDisabledEvent.class));
}
@Test(expected = IllegalArgumentException.class) @Test(expected = IllegalArgumentException.class)
public void defaultAuthenticationFailureEventClassSetNullThen() { public void defaultAuthenticationFailureEventClassSetNullThen() {
publisher = new DefaultAuthenticationEventPublisher(); publisher = new DefaultAuthenticationEventPublisher();