Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Mapping to Invalid Bearer Token 

Fixes gh-7793
This commit is contained in:
Josh Cummings 2020-01-13 16:16:13 -07:00
parent 25d029b092
commit fbdecdafb8
No known key found for this signature in database
GPG Key ID: 49EF60DD7FF83443
2 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/src/main/java/org/springframework/security/authentication/DefaultAuthenticationEventPublisher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2016 the original author or authors.
* Copyright 2002-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -92,6 +92,9 @@ public class DefaultAuthenticationEventPublisher implements AuthenticationEventP
addMapping(
"org.springframework.security.authentication.cas.ProxyUntrustedException",
AuthenticationFailureProxyUntrustedEvent.class);
addMapping(
"org.springframework.security.oauth2.server.resource.InvalidBearerTokenException",
AuthenticationFailureBadCredentialsEvent.class);
}
public void publishAuthenticationSuccess(Authentication authentication) {

52
oauth2/oauth2-resource-server/src/test/java/org/springframework/security/oauth2/server/resource/DefaultAuthenticationEventPublisherBearerTokenTests.java Normal file
View File

@ -0,0 +1,52 @@
/*
* Copyright 2002-2020 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.oauth2.server.resource;
import org.junit.Test;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import static org.mockito.ArgumentMatchers.isA;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
/**
* Tests for {@link DefaultAuthenticationEventPublisher}'s bearer token use cases
*
* {@see DefaultAuthenticationEventPublisher}
*/
public class DefaultAuthenticationEventPublisherBearerTokenTests {
DefaultAuthenticationEventPublisher publisher;
@Test
public void publishAuthenticationFailureWhenInvalidBearerTokenExceptionThenMaps() {
ApplicationEventPublisher appPublisher = mock(ApplicationEventPublisher.class);
Authentication authentication = new JwtAuthenticationToken(jwt().build());
Exception cause = new Exception();
this.publisher = new DefaultAuthenticationEventPublisher(appPublisher);
this.publisher.publishAuthenticationFailure(new InvalidBearerTokenException("invalid"), authentication);
this.publisher.publishAuthenticationFailure(new InvalidBearerTokenException("invalid", cause), authentication);
verify(appPublisher, times(2)).publishEvent(
isA(AuthenticationFailureBadCredentialsEvent.class));
}
}