From 4597e7cc82c6f03a3a3b7e7593bb67db9edda0de Mon Sep 17 00:00:00 2001 From: Stephen Doxsee Date: Fri, 14 Dec 2018 10:55:42 -0500 Subject: [PATCH] Order actuator security config after resource-server config See gh-15472 --- .../spring-boot-actuator-autoconfigure/pom.xml | 10 ++++++++++ ...iveManagementWebSecurityAutoConfiguration.java | 4 +++- .../ManagementWebSecurityAutoConfiguration.java | 4 +++- ...nagementWebSecurityAutoConfigurationTests.java | 15 +++++++++++++++ ...nagementWebSecurityAutoConfigurationTests.java | 14 ++++++++++++++ 5 files changed, 45 insertions(+), 2 deletions(-) diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/pom.xml b/spring-boot-project/spring-boot-actuator-autoconfigure/pom.xml index 5bb22665d79..fb45dc40866 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/pom.xml +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/pom.xml @@ -556,6 +556,16 @@ spring-security-test test + + org.springframework.security + spring-security-oauth2-resource-server + test + + + org.springframework.security + spring-security-oauth2-jose + test + org.yaml snakeyaml diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.java index bb096d2c321..ff8ed2e9457 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfiguration.java @@ -28,6 +28,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.boot.autoconfigure.security.oauth2.client.reactive.ReactiveOAuth2ClientAutoConfiguration; +import org.springframework.boot.autoconfigure.security.oauth2.resource.reactive.ReactiveOAuth2ResourceServerAutoConfiguration; import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -51,7 +52,8 @@ import org.springframework.security.web.server.WebFilterChainProxy; @AutoConfigureBefore(ReactiveSecurityAutoConfiguration.class) @AutoConfigureAfter({ HealthEndpointAutoConfiguration.class, InfoEndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class, - ReactiveOAuth2ClientAutoConfiguration.class }) + ReactiveOAuth2ClientAutoConfiguration.class, + ReactiveOAuth2ResourceServerAutoConfiguration.class }) public class ReactiveManagementWebSecurityAutoConfiguration { @Bean diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java index b953f572a0a..ebcc1bc6e9e 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java @@ -26,6 +26,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.boot.autoconfigure.security.oauth2.client.servlet.OAuth2ClientAutoConfiguration; +import org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration; import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; import org.springframework.boot.autoconfigure.security.servlet.WebSecurityEnablerConfiguration; import org.springframework.context.annotation.Configuration; @@ -47,7 +48,8 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur @AutoConfigureBefore(SecurityAutoConfiguration.class) @AutoConfigureAfter({ HealthEndpointAutoConfiguration.class, InfoEndpointAutoConfiguration.class, WebEndpointAutoConfiguration.class, - OAuth2ClientAutoConfiguration.class }) + OAuth2ClientAutoConfiguration.class, + OAuth2ResourceServerAutoConfiguration.class }) @Import({ ManagementWebSecurityConfigurerAdapter.class, WebSecurityEnablerConfiguration.class }) public class ManagementWebSecurityAutoConfiguration { diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java index f059e169729..46d009af404 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/reactive/ReactiveManagementWebSecurityAutoConfigurationTests.java @@ -32,6 +32,7 @@ import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoC import org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAutoConfiguration; import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration; import org.springframework.boot.autoconfigure.AutoConfigurations; +import org.springframework.boot.autoconfigure.security.oauth2.resource.reactive.ReactiveOAuth2ResourceServerAutoConfiguration; import org.springframework.boot.autoconfigure.security.reactive.ReactiveSecurityAutoConfiguration; import org.springframework.boot.autoconfigure.security.reactive.ReactiveUserDetailsServiceAutoConfiguration; import org.springframework.boot.test.context.assertj.AssertableReactiveWebApplicationContext; @@ -118,6 +119,20 @@ public class ReactiveManagementWebSecurityAutoConfigurationTests { }); } + @Test + public void backsOffIfReactiveOAuth2ResourceServerAutoConfigurationSecurityIsAdded() { + this.contextRunner + .withConfiguration(AutoConfigurations + .of(ReactiveOAuth2ResourceServerAutoConfiguration.class)) + .withPropertyValues( + "spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://authserver") + .run((context) -> { + assertThat(context.getBeanNamesForType( + ReactiveManagementWebSecurityAutoConfiguration.class)) + .isEmpty(); + }); + } + @Test public void backsOffWhenWebFilterChainProxyBeanPresent() { this.contextRunner.withUserConfiguration(WebFilterChainProxyConfiguration.class) diff --git a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java index 4d132639710..c785a08a542 100644 --- a/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java +++ b/spring-boot-project/spring-boot-actuator-autoconfigure/src/test/java/org/springframework/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java @@ -27,6 +27,7 @@ import org.springframework.boot.actuate.autoconfigure.health.HealthEndpointAutoC import org.springframework.boot.actuate.autoconfigure.health.HealthIndicatorAutoConfiguration; import org.springframework.boot.actuate.autoconfigure.info.InfoEndpointAutoConfiguration; import org.springframework.boot.autoconfigure.AutoConfigurations; +import org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration; import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; import org.springframework.boot.test.context.assertj.AssertableWebApplicationContext; import org.springframework.boot.test.context.runner.WebApplicationContextRunner; @@ -106,6 +107,19 @@ public class ManagementWebSecurityAutoConfigurationTests { }); } + @Test + public void backOffIfOAuth2ResourceServerAutoConfigurationSecurityIsAdded() { + this.contextRunner + .withConfiguration(AutoConfigurations + .of(OAuth2ResourceServerAutoConfiguration.class)) + .withPropertyValues( + "spring.security.oauth2.resourceserver.jwt.jwk-set-uri=http://authserver") + .run((context) -> { + assertThat(context.getBeanNamesForType( + ManagementWebSecurityConfigurerAdapter.class)).isEmpty(); + }); + } + private HttpStatus getResponseStatus(AssertableWebApplicationContext context, String path) throws IOException, javax.servlet.ServletException { FilterChainProxy filterChainProxy = context.getBean(FilterChainProxy.class);