SEC-1272: <authentication-manager> does not register default event handler DefaultAuthenticationEventPublisher. Update AuthenticationManagerBeanDefinitionParser to register a DefaultAuthenticationeventPublisher and set it on the registered ProviderManager.
This commit is contained in:
parent
1898b4df52
commit
d4d5012035
|
@ -14,6 +14,7 @@ import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||||
import org.springframework.beans.factory.xml.NamespaceHandlerResolver;
|
import org.springframework.beans.factory.xml.NamespaceHandlerResolver;
|
||||||
import org.springframework.beans.factory.xml.ParserContext;
|
import org.springframework.beans.factory.xml.ParserContext;
|
||||||
import org.springframework.security.authentication.AuthenticationProvider;
|
import org.springframework.security.authentication.AuthenticationProvider;
|
||||||
|
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
|
||||||
import org.springframework.security.authentication.ProviderManager;
|
import org.springframework.security.authentication.ProviderManager;
|
||||||
import org.springframework.security.config.BeanIds;
|
import org.springframework.security.config.BeanIds;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
|
@ -72,6 +73,11 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
|
||||||
}
|
}
|
||||||
|
|
||||||
providerManagerBldr.addPropertyValue("providers", providers);
|
providerManagerBldr.addPropertyValue("providers", providers);
|
||||||
|
// Add the default event publisher
|
||||||
|
BeanDefinition publisher = new RootBeanDefinition(DefaultAuthenticationEventPublisher.class);
|
||||||
|
String id = pc.getReaderContext().registerWithGeneratedName(publisher);
|
||||||
|
pc.registerBeanComponent(new BeanComponentDefinition(publisher, id));
|
||||||
|
providerManagerBldr.addPropertyReference("authenticationEventPublisher", id);
|
||||||
|
|
||||||
BeanDefinition authManager = providerManagerBldr.getBeanDefinition();
|
BeanDefinition authManager = providerManagerBldr.getBeanDefinition();
|
||||||
pc.getRegistry().registerBeanDefinition(BeanIds.AUTHENTICATION_MANAGER, authManager);
|
pc.getRegistry().registerBeanDefinition(BeanIds.AUTHENTICATION_MANAGER, authManager);
|
||||||
|
|
|
@ -1,11 +1,20 @@
|
||||||
package org.springframework.security.config.authentication;
|
package org.springframework.security.config.authentication;
|
||||||
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.*;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
import org.springframework.context.ApplicationListener;
|
||||||
import org.springframework.context.support.AbstractXmlApplicationContext;
|
import org.springframework.context.support.AbstractXmlApplicationContext;
|
||||||
import org.springframework.security.authentication.AuthenticationProvider;
|
import org.springframework.security.authentication.AuthenticationProvider;
|
||||||
|
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
|
||||||
|
import org.springframework.security.authentication.ProviderManager;
|
||||||
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
|
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
|
||||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||||
|
import org.springframework.security.util.FieldUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
@ -13,23 +22,48 @@ import org.springframework.security.config.util.InMemoryXmlApplicationContext;
|
||||||
* @version $Id$
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
public class AuthenticationManagerBeanDefinitionParserTests {
|
public class AuthenticationManagerBeanDefinitionParserTests {
|
||||||
private AbstractXmlApplicationContext appContext;
|
private static final String CONTEXT =
|
||||||
|
|
||||||
@Test
|
|
||||||
// SEC-1225
|
|
||||||
public void providersAreRegisteredAsTopLevelBeans() throws Exception {
|
|
||||||
setContext(
|
|
||||||
"<authentication-manager>" +
|
"<authentication-manager>" +
|
||||||
" <authentication-provider>" +
|
" <authentication-provider>" +
|
||||||
" <user-service>" +
|
" <user-service>" +
|
||||||
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
|
" <user name='bob' password='bobspassword' authorities='ROLE_A,ROLE_B' />" +
|
||||||
" </user-service>" +
|
" </user-service>" +
|
||||||
" </authentication-provider>" +
|
" </authentication-provider>" +
|
||||||
"</authentication-manager>", "3.0");
|
"</authentication-manager>";
|
||||||
|
private AbstractXmlApplicationContext appContext;
|
||||||
|
|
||||||
|
@Test
|
||||||
|
// SEC-1225
|
||||||
|
public void providersAreRegisteredAsTopLevelBeans() throws Exception {
|
||||||
|
setContext(CONTEXT, "3.0");
|
||||||
assertEquals(1, appContext.getBeansOfType(AuthenticationProvider.class).size());
|
assertEquals(1, appContext.getBeansOfType(AuthenticationProvider.class).size());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void eventsArePublishedByDefault() throws Exception {
|
||||||
|
setContext(CONTEXT, "3.0");
|
||||||
|
AuthListener listener = new AuthListener();
|
||||||
|
appContext.addApplicationListener(listener);
|
||||||
|
appContext.refresh();
|
||||||
|
|
||||||
|
ProviderManager pm = (ProviderManager) appContext.getBeansOfType(ProviderManager.class).values().toArray()[0];
|
||||||
|
Object eventPublisher = FieldUtils.getFieldValue(pm, "eventPublisher");
|
||||||
|
assertNotNull(eventPublisher);
|
||||||
|
assertTrue(eventPublisher instanceof DefaultAuthenticationEventPublisher);
|
||||||
|
|
||||||
|
pm.authenticate(new UsernamePasswordAuthenticationToken("bob", "bobspassword"));
|
||||||
|
assertEquals(1, listener.events.size());
|
||||||
|
}
|
||||||
|
|
||||||
private void setContext(String context, String version) {
|
private void setContext(String context, String version) {
|
||||||
appContext = new InMemoryXmlApplicationContext(context, version, null);
|
appContext = new InMemoryXmlApplicationContext(context, version, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static class AuthListener implements ApplicationListener<AbstractAuthenticationEvent> {
|
||||||
|
List<AbstractAuthenticationEvent> events = new ArrayList<AbstractAuthenticationEvent>();
|
||||||
|
|
||||||
|
public void onApplicationEvent(AbstractAuthenticationEvent event) {
|
||||||
|
events.add(event);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,7 +24,7 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The default strategy used by <tt>ProviderManager</tt> for publishing authentication events.
|
* The default strategy for publishing authentication events.
|
||||||
* <p>
|
* <p>
|
||||||
* Maps well-known <tt>AuthenticationException</tt> types to events and publishes them via the
|
* Maps well-known <tt>AuthenticationException</tt> types to events and publishes them via the
|
||||||
* application context. If configured as a bean, it will pick up the <tt>ApplicationEventPublisher</tt> automatically.
|
* application context. If configured as a bean, it will pick up the <tt>ApplicationEventPublisher</tt> automatically.
|
||||||
|
|
Loading…
Reference in New Issue