Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add disable to FormLoginDsl

Browse Source 
Closes gh-12552
This commit is contained in:
Clayton Walker 2023-01-17 18:46:31 -07:00 committed by Josh Cummings
parent fd4541be0c
commit e2332d9620
2 changed files with 46 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
config/src/main/kotlin/org/springframework/security/config/annotation/web/FormLoginDsl.kt
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2020 the original author or authors. * Copyright 2002-2023 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -51,6 +51,17 @@ class FormLoginDsl {
private var defaultSuccessUrlOption: Pair<String, Boolean>? = null private var defaultSuccessUrlOption: Pair<String, Boolean>? = null
private var disabled = false
/**
* Disable FormLogin.
*
* @since 6.1
*/
fun disable() {
disabled = true
}
/** /**
* Grants access to the urls for [failureUrl] as well as for the [HttpSecurityBuilder], the * Grants access to the urls for [failureUrl] as well as for the [HttpSecurityBuilder], the
* [loginPage] and [loginProcessingUrl] for every user. * [loginPage] and [loginProcessingUrl] for every user.
@ -84,6 +95,9 @@ class FormLoginDsl {
authenticationSuccessHandler?.also { login.successHandler(authenticationSuccessHandler) } authenticationSuccessHandler?.also { login.successHandler(authenticationSuccessHandler) }
authenticationFailureHandler?.also { login.failureHandler(authenticationFailureHandler) } authenticationFailureHandler?.also { login.failureHandler(authenticationFailureHandler) }
authenticationDetailsSource?.also { login.authenticationDetailsSource(authenticationDetailsSource) } authenticationDetailsSource?.also { login.authenticationDetailsSource(authenticationDetailsSource) }
if (disabled) {
login.disable()
}
} }
} }
} }

37
config/src/test/kotlin/org/springframework/security/config/annotation/web/FormLoginDslTests.kt
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2022 the original author or authors. * Copyright 2002-2023 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -23,6 +23,7 @@ import io.mockk.verify
import org.junit.jupiter.api.Test import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.ExtendWith import org.junit.jupiter.api.extension.ExtendWith
import org.springframework.beans.factory.annotation.Autowired import org.springframework.beans.factory.annotation.Autowired
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.builders.HttpSecurity
@ -31,19 +32,17 @@ import org.springframework.security.config.test.SpringTestContext
import org.springframework.security.config.test.SpringTestContextExtension import org.springframework.security.config.test.SpringTestContextExtension
import org.springframework.security.core.userdetails.User import org.springframework.security.core.userdetails.User
import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
import org.springframework.stereotype.Controller import org.springframework.stereotype.Controller
import org.springframework.test.web.servlet.MockMvc import org.springframework.test.web.servlet.MockMvc
import org.springframework.test.web.servlet.get import org.springframework.test.web.servlet.get
import org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl import org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl
import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
import org.springframework.web.bind.annotation.GetMapping import org.springframework.web.bind.annotation.GetMapping
import jakarta.servlet.http.HttpServletRequest import org.springframework.web.servlet.config.annotation.EnableWebMvc
import org.springframework.context.annotation.Bean
import org.springframework.security.web.SecurityFilterChain
import org.springframework.security.web.authentication.WebAuthenticationDetails
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
/** /**
* Tests for [FormLoginDsl] * Tests for [FormLoginDsl]
@ -90,6 +89,32 @@ class FormLoginDslTests {
} }
} }
@Configuration
@EnableWebMvc
@EnableWebSecurity
open class DisabledConfig {
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http.formLogin()
http {
formLogin {
disable()
}
}
return http.build()
}
}
@Test
fun `request when formLogin disabled does not provide login page`() {
this.spring.register(DisabledConfig::class.java, UserConfig::class.java).autowire()
this.mockMvc.get("/login")
.andExpect {
status { isNotFound() }
}
}
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
open class FormLoginConfig { open class FormLoginConfig {