AuthenticationEventPublisher DSL Lookup

Fixes gh-4400

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java

@@ -201,7 +201,6 @@ public abstract class WebSecurityConfigurerAdapter implements
 
 		AuthenticationManager authenticationManager = authenticationManager();
 		authenticationBuilder.parentAuthenticationManager(authenticationManager);
-		authenticationBuilder.authenticationEventPublisher(eventPublisher);
 		Map<Class<?>, Object> sharedObjects = createSharedObjects();
 
 		http = new HttpSecurity(objectPostProcessor, authenticationBuilder,
@@ -383,6 +382,11 @@ public abstract class WebSecurityConfigurerAdapter implements
 				return super.eraseCredentials(eraseCredentials);
 			}
 
+			@Override
+			public AuthenticationManagerBuilder authenticationEventPublisher(AuthenticationEventPublisher eventPublisher) {
+				authenticationBuilder.authenticationEventPublisher(eventPublisher);
+				return super.authenticationEventPublisher(eventPublisher);
+			}
 		};
 	}
 

config/src/test/java/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.java

@@ -42,6 +42,7 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.test.SpringTestRule;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.PasswordEncodedUser;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -398,4 +399,30 @@ public class WebSecurityConfigurerAdapterTests {
 			return mock(AuthenticationEventPublisher.class);
 		}
 	}
+
+	// gh-4400
+	@Test
+	public void performWhenUsingAuthenticationEventPublisherInDslThenUses() throws Exception {
+		this.spring.register(CustomAuthenticationEventPublisherDsl.class).autowire();
+
+		AuthenticationEventPublisher authenticationEventPublisher =
+				CustomAuthenticationEventPublisherDsl.EVENT_PUBLISHER;
+
+		this.mockMvc.perform(get("/")
+				.with(httpBasic("user", "password"))); // fails since no providers configured
+
+		verify(authenticationEventPublisher).publishAuthenticationFailure(
+				any(AuthenticationException.class),
+				any(Authentication.class));
+	}
+
+	@EnableWebSecurity
+	static class CustomAuthenticationEventPublisherDsl extends WebSecurityConfigurerAdapter {
+		static AuthenticationEventPublisher EVENT_PUBLISHER = mock(AuthenticationEventPublisher.class);
+
+		@Override
+		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+			auth.authenticationEventPublisher(EVENT_PUBLISHER);
+		}
+	}
 }