Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix bug with multiple AuthenticationManager beans

Closes gh-9256
Eleftheria Stein 4 years ago
parent
8c93d95818
commit
429caeacc9
2 changed files with 86 additions and 2 deletions
Unified View Show Diff Stats
  1. 0 1
      config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
  2. 86 1
      config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java

+ 0 - 1
config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
View File 

@@ -60,7 +60,6 @@ class HttpSecurityConfiguration {
 
 		this.objectPostProcessor = objectPostProcessor;
 
 		this.objectPostProcessor = objectPostProcessor;
 
 	}
 
 	}
 
 
 
-	@Autowired(required = false)
 
 	void setAuthenticationManager(AuthenticationManager authenticationManager) {
 
 	void setAuthenticationManager(AuthenticationManager authenticationManager) {
 
 		this.authenticationManager = authenticationManager;
 
 		this.authenticationManager = authenticationManager;
 
 	}
 
 	}

+ 86 - 1
config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java
View File 

@@ -41,7 +41,11 @@ import org.springframework.security.access.expression.AbstractSecurityExpression
 
 import org.springframework.security.access.expression.SecurityExpressionHandler;
 
 import org.springframework.security.access.expression.SecurityExpressionHandler;
 
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
 
 import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
 
 import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
 
 import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl;
 
+import org.springframework.security.authentication.AuthenticationManager;
 
+import org.springframework.security.authentication.AuthenticationProvider;
 
+import org.springframework.security.authentication.ProviderManager;
 
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
 import org.springframework.security.authentication.TestingAuthenticationToken;
 
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 
 import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
 
 import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
@@ -49,6 +53,7 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
 
 import org.springframework.security.config.test.SpringTestRule;
 
 import org.springframework.security.config.test.SpringTestRule;
 
 import org.springframework.security.config.users.AuthenticationTestConfiguration;
 
 import org.springframework.security.config.users.AuthenticationTestConfiguration;
 
 import org.springframework.security.core.Authentication;
 
 import org.springframework.security.core.Authentication;
 
+import org.springframework.security.core.AuthenticationException;
 
 import org.springframework.security.web.FilterChainProxy;
 
 import org.springframework.security.web.FilterChainProxy;
 
 import org.springframework.security.web.FilterInvocation;
 
 import org.springframework.security.web.FilterInvocation;
 
 import org.springframework.security.web.SecurityFilterChain;
 
 import org.springframework.security.web.SecurityFilterChain;
 
@@ -253,7 +258,6 @@ public class WebSecurityConfigurationTests {
 
 				.isThrownBy(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire())
 
 				.isThrownBy(() -> this.spring.register(AdapterAndFilterChainConfig.class).autowire())
 
 				.withRootCauseExactlyInstanceOf(IllegalStateException.class)
 
 				.withRootCauseExactlyInstanceOf(IllegalStateException.class)
 
 				.withMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain.");
 
 				.withMessageContaining("Found WebSecurityConfigurerAdapter as well as SecurityFilterChain.");
 
-
 
 	}
 
 	}
 
 
 
 	@Test
 
 	@Test
 
@@ -326,6 +330,19 @@ public class WebSecurityConfigurationTests {
 
 		assertThat(filterChains.get(1).getFilters()).isEmpty();
 
 		assertThat(filterChains.get(1).getFilters()).isEmpty();
 
 	}
 
 	}
 
 
 
+	@Test
 
+	public void loadConfigWhenMultipleAuthenticationManagersAndWebSecurityConfigurerAdapterThenConfigurationApplied() {
 
+		this.spring.register(MultipleAuthenticationManagersConfig.class).autowire();
 
+		FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
 
+		List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
 
+		assertThat(filterChains).hasSize(2);
 
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
 
+		request.setServletPath("/role1");
 
+		assertThat(filterChains.get(0).matches(request)).isTrue();
 
+		request.setServletPath("/role2");
 
+		assertThat(filterChains.get(1).matches(request)).isTrue();
 
+	}
 
+
 
 	@EnableWebSecurity
 
 	@EnableWebSecurity
 
 	@Import(AuthenticationTestConfiguration.class)
 
 	@Import(AuthenticationTestConfiguration.class)
 
 	static class SortedWebSecurityConfigurerAdaptersConfig {
 
 	static class SortedWebSecurityConfigurerAdaptersConfig {
 
@@ -834,4 +851,72 @@ public class WebSecurityConfigurationTests {
 
 
 
 	}
 
 	}
 
 
 
+	@EnableWebSecurity
 
+	static class MultipleAuthenticationManagersConfig {
 
+
 
+		@Bean("authManager1")
 
+		static AuthenticationManager authenticationManager1() {
 
+			return new ProviderManager(new AuthenticationProvider() {
 
+				@Override
 
+				public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 
+					return new UsernamePasswordAuthenticationToken("user", "credentials");
 
+				}
 
+
 
+				@Override
 
+				public boolean supports(Class<?> authentication) {
 
+					return false;
 
+				}
 
+			});
 
+		}
 
+
 
+		@Bean("authManager2")
 
+		static AuthenticationManager authenticationManager2() {
 
+			return new ProviderManager(new AuthenticationProvider() {
 
+				@Override
 
+				public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 
+					return new UsernamePasswordAuthenticationToken("subuser", "credentials");
 
+				}
 
+
 
+				@Override
 
+				public boolean supports(Class<?> authentication) {
 
+					return false;
 
+				}
 
+			});
 
+		}
 
+
 
+		@Configuration
 
+		@Order(1)
 
+		public static class SecurityConfig1 extends WebSecurityConfigurerAdapter {
 
+
 
+			@Override
 
+			protected AuthenticationManager authenticationManager() {
 
+				return authenticationManager1();
 
+			}
 
+
 
+			@Override
 
+			protected void configure(HttpSecurity http) throws Exception {
 
+				// @formatter:off
 
+				http
 
+						.antMatcher("/role1/**")
 
+						.authorizeRequests((authorize) -> authorize
 
+								.anyRequest().hasRole("1")
 
+						);
 
+				// @formatter:on
 
+			}
 
+
 
+		}
 
+
 
+		@Configuration
 
+		@Order(2)
 
+		public static class SecurityConfig2 extends WebSecurityConfigurerAdapter {
 
+
 
+			@Override
 
+			protected AuthenticationManager authenticationManager() {
 
+				return authenticationManager2();
 
+			}
 
+
 
+		}
 
+
 
+	}
 
+
 
 }
 
 }