Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

AuthenticationConfiguration.getAuthenticationManager() supports recursion

AuthenticationConfiguration.getAuthenticationManager() now supports
recursion. This is necessary in instances where something using
@EnableGlobalAuthentication requires an object using method level security.

Fixes gh-3935
Rob Winch 9 years ago
parent
9e3d2e2d99
commit
fa1c484587
2 changed files with 173 additions and 3 deletions
Unified View Show Diff Stats
  1. 54 3
      config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
  2. 119 0
      config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java

+ 54 - 3
config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfiguration.java
View File 

@@ -19,9 +19,11 @@ import java.util.Arrays;
 
 import java.util.Collections;
 
 import java.util.Collections;
 
 import java.util.List;
 
 import java.util.List;
 
 import java.util.Map;
 
 import java.util.Map;
 
+import java.util.concurrent.atomic.AtomicBoolean;
 
 
 
 import org.apache.commons.logging.Log;
 
 import org.apache.commons.logging.Log;
 
 import org.apache.commons.logging.LogFactory;
 
 import org.apache.commons.logging.LogFactory;
 
+
 
 import org.springframework.aop.framework.ProxyFactoryBean;
 
 import org.springframework.aop.framework.ProxyFactoryBean;
 
 import org.springframework.aop.target.LazyInitTargetSource;
 
 import org.springframework.aop.target.LazyInitTargetSource;
 
 import org.springframework.beans.factory.BeanFactoryUtils;
 
 import org.springframework.beans.factory.BeanFactoryUtils;
 
@@ -34,6 +36,8 @@ import org.springframework.security.authentication.AuthenticationManager;
 
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 
 import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
 
 import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
 
+import org.springframework.security.core.Authentication;
 
+import org.springframework.security.core.AuthenticationException;
 
 import org.springframework.util.Assert;
 
 import org.springframework.util.Assert;
 
 
 
 /**
 
 /**
 
@@ -45,6 +49,9 @@ import org.springframework.util.Assert;
 
  */
 
  */
 
 @Configuration
 
 @Configuration
 
 public class AuthenticationConfiguration {
 
 public class AuthenticationConfiguration {
 
+
 
+	private AtomicBoolean buildingAuthenticationManager = new AtomicBoolean();
 
+
 
 	private ApplicationContext applicationContext;
 
 	private ApplicationContext applicationContext;
 
 
 
 	private AuthenticationManager authenticationManager;
 
 	private AuthenticationManager authenticationManager;
 
@@ -79,11 +86,15 @@ public class AuthenticationConfiguration {
 
 	}
 
 	}
 
 
 
 	public AuthenticationManager getAuthenticationManager() throws Exception {
 
 	public AuthenticationManager getAuthenticationManager() throws Exception {
 
-		if (authenticationManagerInitialized) {
 
-			return authenticationManager;
 
+		if (this.authenticationManagerInitialized) {
 
+			return this.authenticationManager;
 
+		}
 
+		AuthenticationManagerBuilder authBuilder = authenticationManagerBuilder(
 
+				this.objectPostProcessor);
 
+		if (this.buildingAuthenticationManager.getAndSet(true)) {
 
+			return new AuthenticationManagerDelegator(authBuilder);
 
 		}
 
 		}
 
 
 
-		AuthenticationManagerBuilder authBuilder = authenticationManagerBuilder(objectPostProcessor);
 
 		for (GlobalAuthenticationConfigurerAdapter config : globalAuthConfigurers) {
 
 		for (GlobalAuthenticationConfigurerAdapter config : globalAuthConfigurers) {
 
 			authBuilder.apply(config);
 
 			authBuilder.apply(config);
 
 		}
 
 		}
 
@@ -157,4 +168,44 @@ public class AuthenticationConfiguration {
 
 			}
 
 			}
 
 		}
 
 		}
 
 	}
 
 	}
 
+
 
+	/**
 
+	 * Prevents infinite recursion in the event that initializing the
 
+	 * AuthenticationManager.
 
+	 *
 
+	 * @author Rob Winch
 
+	 * @since 4.1.1
 
+	 */
 
+	static final class AuthenticationManagerDelegator implements AuthenticationManager {
 
+		private AuthenticationManagerBuilder delegateBuilder;
 
+		private AuthenticationManager delegate;
 
+		private final Object delegateMonitor = new Object();
 
+
 
+		AuthenticationManagerDelegator(AuthenticationManagerBuilder delegateBuilder) {
 
+			Assert.notNull(delegateBuilder, "delegateBuilder cannot be null");
 
+			this.delegateBuilder = delegateBuilder;
 
+		}
 
+
 
+		@Override
 
+		public Authentication authenticate(Authentication authentication)
 
+				throws AuthenticationException {
 
+			if (this.delegate != null) {
 
+				return this.delegate.authenticate(authentication);
 
+			}
 
+
 
+			synchronized (this.delegateMonitor) {
 
+				if (this.delegate == null) {
 
+					this.delegate = this.delegateBuilder.getObject();
 
+					this.delegateBuilder = null;
 
+				}
 
+			}
 
+
 
+			return this.delegate.authenticate(authentication);
 
+		}
 
+
 
+		@Override
 
+		public String toString() {
 
+			return "AuthenticationManagerDelegator [delegate=" + this.delegate + "]";
 
+		}
 
+	}
 
 }
 
 }

+ 119 - 0
config/src/test/java/org/springframework/security/config/authentication/AuthenticationConfigurationGh3935Tests.java
View File 

@@ -0,0 +1,119 @@
 
+/*
 
+ * Copyright 2012-2016 the original author or authors.
 
+ *
 
+ * Licensed under the Apache License, Version 2.0 (the "License");
 
+ * you may not use this file except in compliance with the License.
 
+ * You may obtain a copy of the License at
 
+ *
 
+ *      http://www.apache.org/licenses/LICENSE-2.0
 
+ *
 
+ * Unless required by applicable law or agreed to in writing, software
 
+ * distributed under the License is distributed on an "AS IS" BASIS,
 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ * See the License for the specific language governing permissions and
 
+ * limitations under the License.
 
+ */
 
+
 
+package org.springframework.security.config.authentication;
 
+
 
+import org.junit.Test;
 
+import org.junit.runner.RunWith;
 
+
 
+import org.springframework.beans.factory.annotation.Autowired;
 
+import org.springframework.context.ApplicationContext;
 
+import org.springframework.context.annotation.Bean;
 
+import org.springframework.context.annotation.Configuration;
 
+import org.springframework.security.authentication.AuthenticationManager;
 
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 
+import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
 
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
+import org.springframework.security.core.Authentication;
 
+import org.springframework.security.core.authority.AuthorityUtils;
 
+import org.springframework.security.core.userdetails.User;
 
+import org.springframework.security.core.userdetails.UserDetailsService;
 
+import org.springframework.security.web.FilterChainProxy;
 
+import org.springframework.test.context.ContextConfiguration;
 
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+
 
+import static org.assertj.core.api.Assertions.assertThat;
 
+import static org.mockito.Mockito.mock;
 
+import static org.mockito.Mockito.verify;
 
+import static org.mockito.Mockito.when;
 
+
 
+/**
 
+ * @author Rob Winch
 
+ */
 
+@RunWith(SpringJUnit4ClassRunner.class)
 
+@ContextConfiguration
 
+public class AuthenticationConfigurationGh3935Tests {
 
+	@Autowired
 
+	FilterChainProxy springSecurityFilterChain;
 
+	@Autowired
 
+	UserDetailsService uds;
 
+	@Autowired
 
+	BootGlobalAuthenticationConfigurationAdapter adapter;
 
+
 
+	// gh-3935
 
+	@Test
 
+	public void loads() {
 
+		assertThat(this.springSecurityFilterChain).isNotNull();
 
+	}
 
+
 
+	@Test
 
+	public void delegateUsesExisitingAuthentication() {
 
+		String username = "user";
 
+		String password = "password";
 
+		User user = new User(username, password,
 
+				AuthorityUtils.createAuthorityList("ROLE_USER"));
 
+		when(this.uds.loadUserByUsername(username)).thenReturn(user);
 
+
 
+		AuthenticationManager authenticationManager = this.adapter.authenticationManager;
 
+		assertThat(authenticationManager).isNotNull();
 
+
 
+		Authentication auth = authenticationManager.authenticate(
 
+				new UsernamePasswordAuthenticationToken(username, password));
 
+
 
+		verify(this.uds).loadUserByUsername(username);
 
+		assertThat(auth.getPrincipal()).isEqualTo(user);
 
+	}
 
+
 
+	@EnableWebSecurity
 
+	static class WebSecurity extends WebSecurityConfigurerAdapter {
 
+	}
 
+
 
+	static class BootGlobalAuthenticationConfigurationAdapter
 
+			extends GlobalAuthenticationConfigurerAdapter {
 
+		private final ApplicationContext context;
 
+
 
+		private AuthenticationManager authenticationManager;
 
+
 
+		@Autowired
 
+		BootGlobalAuthenticationConfigurationAdapter(ApplicationContext context) {
 
+			this.context = context;
 
+		}
 
+
 
+		@Override
 
+		public void init(AuthenticationManagerBuilder auth) throws Exception {
 
+			AuthenticationConfiguration configuration = this.context
 
+					.getBean(AuthenticationConfiguration.class);
 
+			this.authenticationManager = configuration.getAuthenticationManager();
 
+		}
 
+	}
 
+
 
+	@Configuration
 
+	static class AutoConfig {
 
+		@Bean
 
+		static BootGlobalAuthenticationConfigurationAdapter adapter(
 
+				ApplicationContext context) {
 
+			return new BootGlobalAuthenticationConfigurationAdapter(context);
 
+		}
 
+
 
+		@Bean
 
+		public UserDetailsService userDetailsService() {
 
+			return mock(UserDetailsService.class);
 
+		}
 
+	}
 
+}