diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy index 3d63684243..3c271c17f6 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy @@ -13,8 +13,22 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.springframework.security.config.annotation.web.configuration; +package org.springframework.security.config.annotation.web.configuration +import org.springframework.mock.web.MockServletContext +import org.springframework.security.authentication.TestingAuthenticationToken +import org.springframework.security.core.annotation.AuthenticationPrincipal +import org.springframework.security.core.context.SecurityContext +import org.springframework.security.core.context.SecurityContextImpl +import org.springframework.security.core.userdetails.User +import org.springframework.security.web.context.HttpSessionSecurityContextRepository +import org.springframework.test.context.web.WebAppConfiguration +import org.springframework.web.bind.annotation.RequestMapping +import org.springframework.web.context.support.AnnotationConfigWebApplicationContext; + +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; + +import org.springframework.beans.factory.annotation.Autowired import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.mock.web.MockHttpServletRequest @@ -25,7 +39,11 @@ import org.springframework.security.config.annotation.BaseSpringSpec import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.web.authentication.AnonymousAuthenticationFilter -import org.springframework.security.web.debug.DebugFilter; +import org.springframework.security.web.debug.DebugFilter +import org.springframework.test.web.servlet.MockMvc +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; class EnableWebSecurityTests extends BaseSpringSpec { @@ -82,4 +100,44 @@ class EnableWebSecurityTests extends BaseSpringSpec { static class DebugSecurityConfig extends WebSecurityConfigurerAdapter { } + + def "SEC-2942: EnableWebSecurity adds AuthenticationPrincipalArgumentResolver"() { + setup: + def username = "test" + context = new AnnotationConfigWebApplicationContext() + context.servletContext = new MockServletContext() + context.register(AuthenticationPrincipalConfig) + context.refresh() + SecurityContext securityContext = new SecurityContextImpl(authentication: new TestingAuthenticationToken(username, "pass", "ROLE_USER")) + MockMvc mockMvc = MockMvcBuilders + .webAppContextSetup(context) + .addFilters(springSecurityFilterChain) + .build() + when: + String body = mockMvc + .perform(get("/").sessionAttr(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, securityContext)) + .andReturn().response.contentAsString + then: + body == username + + } + + @EnableWebSecurity + @EnableWebMvc + @Configuration + static class AuthenticationPrincipalConfig { + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) { + auth.inMemoryAuthentication() + } + + @RestController + static class AuthController { + + @RequestMapping("/") + String principal(@AuthenticationPrincipal String principal) { + principal + } + } + } }