SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager.

This commit is contained in:
Luke Taylor 2009-11-17 12:55:53 +00:00
parent 1898b4df52
commit d4d5012035
3 changed files with 50 additions and 10 deletions

View File

@ -14,6 +14,7 @@ import org.springframework.beans.factory.xml.BeanDefinitionParser;
import org.springframework.beans.factory.xml.NamespaceHandlerResolver; import org.springframework.beans.factory.xml.NamespaceHandlerResolver;
import org.springframework.beans.factory.xml.ParserContext; import org.springframework.beans.factory.xml.ParserContext;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.BeanIds; import org.springframework.security.config.BeanIds;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
@ -72,6 +73,11 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
} }
providerManagerBldr.addPropertyValue("providers", providers); providerManagerBldr.addPropertyValue("providers", providers);
// Add the default event publisher
BeanDefinition publisher = new RootBeanDefinition(DefaultAuthenticationEventPublisher.class);
String id = pc.getReaderContext().registerWithGeneratedName(publisher);
pc.registerBeanComponent(new BeanComponentDefinition(publisher, id));
providerManagerBldr.addPropertyReference("authenticationEventPublisher", id);
BeanDefinition authManager = providerManagerBldr.getBeanDefinition(); BeanDefinition authManager = providerManagerBldr.getBeanDefinition();
pc.getRegistry().registerBeanDefinition(BeanIds.AUTHENTICATION_MANAGER, authManager); pc.getRegistry().registerBeanDefinition(BeanIds.AUTHENTICATION_MANAGER, authManager);

View File

@ -1,11 +1,20 @@
package org.springframework.security.config.authentication; package org.springframework.security.config.authentication;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.*;
import java.util.ArrayList;
import java.util.List;
import org.junit.Test; import org.junit.Test;
import org.springframework.context.ApplicationListener;
import org.springframework.context.support.AbstractXmlApplicationContext; import org.springframework.context.support.AbstractXmlApplicationContext;
import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.config.util.InMemoryXmlApplicationContext; import org.springframework.security.config.util.InMemoryXmlApplicationContext;
import org.springframework.security.util.FieldUtils;
/** /**
* *
@ -13,23 +22,48 @@ import org.springframework.security.config.util.InMemoryXmlApplicationContext;
* @version $Id$ * @version $Id$
*/ */
public class AuthenticationManagerBeanDefinitionParserTests { public class AuthenticationManagerBeanDefinitionParserTests {
private AbstractXmlApplicationContext appContext; private static final String CONTEXT =
@Test
// SEC-1225
public void providersAreRegisteredAsTopLevelBeans() throws Exception {
setContext(
"<authentication-manager>" + "<authentication-manager>" +
" <authentication-provider>" + " <authentication-provider>" +
" <user-service>" + " <user-service>" +
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" + " <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
" </user-service>" + " </user-service>" +
" </authentication-provider>" + " </authentication-provider>" +
"</authentication-manager>", "3.0"); "</authentication-manager>";
private AbstractXmlApplicationContext appContext;
@Test
// SEC-1225
public void providersAreRegisteredAsTopLevelBeans() throws Exception {
setContext(CONTEXT, "3.0");
assertEquals(1, appContext.getBeansOfType(AuthenticationProvider.class).size()); assertEquals(1, appContext.getBeansOfType(AuthenticationProvider.class).size());
} }
@Test
public void eventsArePublishedByDefault() throws Exception {
setContext(CONTEXT, "3.0");
AuthListener listener = new AuthListener();
appContext.addApplicationListener(listener);
appContext.refresh();
ProviderManager pm = (ProviderManager) appContext.getBeansOfType(ProviderManager.class).values().toArray()[0];
Object eventPublisher = FieldUtils.getFieldValue(pm, "eventPublisher");
assertNotNull(eventPublisher);
assertTrue(eventPublisher instanceof DefaultAuthenticationEventPublisher);
pm.authenticate(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
assertEquals(1, listener.events.size());
}
private void setContext(String context, String version) { private void setContext(String context, String version) {
appContext = new InMemoryXmlApplicationContext(context, version, null); appContext = new InMemoryXmlApplicationContext(context, version, null);
} }
private static class AuthListener implements ApplicationListener<AbstractAuthenticationEvent> {
List<AbstractAuthenticationEvent> events = new ArrayList<AbstractAuthenticationEvent>();
public void onApplicationEvent(AbstractAuthenticationEvent event) {
events.add(event);
}
}
} }

View File

@ -24,7 +24,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert; import org.springframework.util.Assert;
/** /**
* The default strategy used by <tt>ProviderManager</tt> for publishing authentication events. * The default strategy for publishing authentication events.
* <p> * <p>
* Maps well-known <tt>AuthenticationException</tt> types to events and publishes them via the * Maps well-known <tt>AuthenticationException</tt> types to events and publishes them via the
* application context. If configured as a bean, it will pick up the <tt>ApplicationEventPublisher</tt> automatically. * application context. If configured as a bean, it will pick up the <tt>ApplicationEventPublisher</tt> automatically.