SEC-1937: Added test to demonstrate SEC-1937 was invalid

config/src/test/groovy/org/springframework/security/config/AbstractXmlConfigTests.groovy

@@ -42,6 +42,7 @@ abstract class AbstractXmlConfigTests extends Specification {
     def mockBean(Class clazz, String id = clazz.simpleName) {
         xml.'b:bean'(id: id, 'class': Mockito.class.name, 'factory-method':'mock') {
             'b:constructor-arg'(value : clazz.name)
+            'b:constructor-arg'(value : id)
         }
     }
 

config/src/test/groovy/org/springframework/security/config/http/MultiHttpBlockConfigTests.groovy

@@ -1,7 +1,17 @@
 package org.springframework.security.config.http
 
+import static org.mockito.Mockito.*
+
+import org.powermock.api.mockito.internal.verification.VerifyNoMoreInteractions;
 import org.springframework.beans.factory.parsing.BeanDefinitionParsingException
+import org.springframework.mock.web.MockFilterChain;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.config.BeanIds
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.FilterChainProxy
 import org.junit.Assert
 import org.springframework.beans.factory.BeanCreationException
@@ -60,9 +70,52 @@ class MultiHttpBlockConfigTests extends AbstractHttpConfigTests {
     }
 
 
+    def 'SEC-1937: http@authentication-manager-ref and multi authentication-mananager'() {
+        setup:
+            xml.http('authentication-manager-ref' : 'authManager', 'pattern' : '/first/**') {
+                'form-login'('login-processing-url': '/first/login')
+            }
+            xml.http('authentication-manager-ref' : 'authManager2') {
+                'form-login'()
+            }
+            mockBean(UserDetailsService,'uds')
+            mockBean(UserDetailsService,'uds2')
+            createAppContext("""
+<authentication-manager id="authManager">
+    <authentication-provider user-service-ref="uds" />
+</authentication-manager>
+<authentication-manager id="authManager2">
+    <authentication-provider user-service-ref="uds2" />
+</authentication-manager>
+""")
+            UserDetailsService uds = appContext.getBean('uds')
+            UserDetailsService uds2 = appContext.getBean('uds2')
+        when:
+            MockHttpServletRequest request = new MockHttpServletRequest()
+            MockHttpServletResponse response = new MockHttpServletResponse()
+            MockFilterChain chain = new MockFilterChain()
+            request.servletPath = "/first/login"
+            request.requestURI = "/first/login"
+            request.method = 'POST'
+            springSecurityFilterChain.doFilter(request,response,chain)
+        then:
+            verify(uds).loadUserByUsername(anyString()) || true
+            verifyZeroInteractions(uds2) || true
+        when:
+            MockHttpServletRequest request2 = new MockHttpServletRequest()
+            MockHttpServletResponse response2 = new MockHttpServletResponse()
+            MockFilterChain chain2 = new MockFilterChain()
+            request2.servletPath = "/j_spring_security_check"
+            request2.requestURI = "/j_spring_security_check"
+            request2.method = 'POST'
+            springSecurityFilterChain.doFilter(request2,response2,chain2)
+        then:
+            verify(uds2).loadUserByUsername(anyString()) || true
+            verifyNoMoreInteractions(uds) || true
+    }
 
-    def namedFilterChainIsExposedAsABean () {
-        xml.http(name: 'basic', pattern: '/basic/**', 'create-session': 'stateless') {
+    def multipleAuthenticationManagersWorks () {
+        xml.http(name: 'basic', pattern: '/basic/**', ) {
             'http-basic'()
         }
         xml.http(pattern: '/form/**') {
@@ -75,5 +128,4 @@ class MultiHttpBlockConfigTests extends AbstractHttpConfigTests {
         expect:
         Assert.assertSame (basicChain, appContext.getBean('basic'))
     }
-
 }