diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java index cc489df3757..02465ce67d7 100644 --- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java +++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfiguration.java @@ -33,6 +33,7 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; +import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.boot.autoconfigure.security.AuthenticationManagerConfiguration; import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration; import org.springframework.boot.autoconfigure.security.SecurityPrequisite; @@ -43,12 +44,12 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; -import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.WebSecurityConfigurer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; @@ -145,10 +146,17 @@ public class ManagementSecurityAutoConfiguration { } + @Configuration + @ConditionalOnExpression("${management.security.enabled:true} && !${security.basic.enabled:true}") + @ConditionalOnMissingBean(WebSecurityConfiguration.class) + @EnableWebSecurity + protected static class WebSecurityEnabler extends AuthenticationManagerConfiguration { + } + @Configuration @ConditionalOnMissingBean({ ManagementWebSecurityConfigurerAdapter.class }) @ConditionalOnExpression("${management.security.enabled:true}") - @EnableWebSecurity + @ConditionalOnWebApplication // Give user-supplied filters a chance to be last in line @Order(Ordered.LOWEST_PRECEDENCE - 10) protected static class ManagementWebSecurityConfigurerAdapter extends @@ -198,13 +206,6 @@ public class ManagementSecurityAutoConfiguration { return entryPoint; } - @Configuration - @ConditionalOnMissingBean(AuthenticationManager.class) - @Order(Ordered.LOWEST_PRECEDENCE - 4) - protected static class ManagementAuthenticationManagerConfiguration extends - AuthenticationManagerConfiguration { - } - } private static String[] getEndpointPaths( diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfigurationTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfigurationTests.java index 74c67a1065e..e2fa9e9071e 100644 --- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfigurationTests.java +++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/ManagementSecurityAutoConfigurationTests.java @@ -98,8 +98,8 @@ public class ManagementSecurityAutoConfigurationTests { private UserDetails getUser() { ProviderManager manager = this.context.getBean(ProviderManager.class); - ProviderManager parent = (ProviderManager) ReflectionTestUtils.getField( - manager, "parent"); + ProviderManager parent = (ProviderManager) ReflectionTestUtils.getField(manager, + "parent"); DaoAuthenticationProvider provider = (DaoAuthenticationProvider) parent .getProviders().get(0); UserDetailsService service = (UserDetailsService) ReflectionTestUtils.getField( @@ -159,7 +159,7 @@ public class ManagementSecurityAutoConfigurationTests { public void testSecurityPropertiesNotAvailable() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); - this.context.register(TestConfiguration.class, + this.context.register(TestConfiguration.class, SecurityAutoConfiguration.class, ManagementSecurityAutoConfiguration.class, EndpointAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, diff --git a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/SpringApplicationHierarchyTests.java b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/SpringApplicationHierarchyTests.java index 12be07da7a6..128e24940ca 100644 --- a/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/SpringApplicationHierarchyTests.java +++ b/spring-boot-actuator/src/test/java/org/springframework/boot/actuate/autoconfigure/SpringApplicationHierarchyTests.java @@ -19,8 +19,6 @@ package org.springframework.boot.actuate.autoconfigure; import org.junit.After; import org.junit.Test; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; -import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration; -import org.springframework.boot.autoconfigure.web.ServerPropertiesAutoConfiguration; import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.context.ApplicationContext; import org.springframework.context.ConfigurableApplicationContext; @@ -61,9 +59,8 @@ public class SpringApplicationHierarchyTests { public static class Child { } - @EnableAutoConfiguration(exclude = { ServerPropertiesAutoConfiguration.class, - JolokiaAutoConfiguration.class, EndpointMBeanExportAutoConfiguration.class, - SecurityAutoConfiguration.class }) + @EnableAutoConfiguration(exclude = { JolokiaAutoConfiguration.class, + EndpointMBeanExportAutoConfiguration.class }) public static class Parent { } diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java index b09cdd82534..2e6a5d45e59 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java @@ -25,7 +25,6 @@ import org.apache.commons.logging.LogFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; -import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; import org.springframework.boot.autoconfigure.security.SecurityProperties.User; import org.springframework.context.annotation.Configuration; import org.springframework.core.Ordered; @@ -45,11 +44,12 @@ import org.springframework.security.config.annotation.authentication.configurers @Configuration @ConditionalOnBean(ObjectPostProcessor.class) @ConditionalOnMissingBean(AuthenticationManager.class) -@ConditionalOnWebApplication @Order(Ordered.LOWEST_PRECEDENCE - 3) -public class AuthenticationManagerConfiguration extends GlobalAuthenticationConfigurerAdapter { +public class AuthenticationManagerConfiguration extends + GlobalAuthenticationConfigurerAdapter { - private static Log logger = LogFactory.getLog(AuthenticationManagerConfiguration.class); + private static Log logger = LogFactory + .getLog(AuthenticationManagerConfiguration.class); @Autowired private List dependencies; @@ -60,41 +60,41 @@ public class AuthenticationManagerConfiguration extends GlobalAuthenticationConf @Autowired private SecurityProperties security; + @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth.apply(new BootDefaultingAuthenticationConfigurerAdapter()); } /** - * We must add {@link BootDefaultingAuthenticationConfigurerAdapter} in the - * init phase of the last {@link GlobalAuthenticationConfigurerAdapter}. The - * reason is that the typical flow is something like: - * + * We must add {@link BootDefaultingAuthenticationConfigurerAdapter} in the init phase + * of the last {@link GlobalAuthenticationConfigurerAdapter}. The reason is that the + * typical flow is something like: + * * - * + * * @author Rob Winch */ - private class BootDefaultingAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter { + private class BootDefaultingAuthenticationConfigurerAdapter extends + GlobalAuthenticationConfigurerAdapter { @Override - public void configure(AuthenticationManagerBuilder auth) - throws Exception { - if(auth.isConfigured()) { + public void configure(AuthenticationManagerBuilder auth) throws Exception { + if (auth.isConfigured()) { return; } @@ -104,18 +104,14 @@ public class AuthenticationManagerConfiguration extends GlobalAuthenticationConf + user.getPassword() + "\n\n"); } - AuthenticationManagerBuilder defaultAuth = new AuthenticationManagerBuilder(objectPostProcessor); + AuthenticationManagerBuilder defaultAuth = new AuthenticationManagerBuilder( + AuthenticationManagerConfiguration.this.objectPostProcessor); Set roles = new LinkedHashSet(user.getRole()); - AuthenticationManager parent = defaultAuth. - inMemoryAuthentication() - .withUser(user.getName()) - .password(user.getPassword()) - .roles(roles.toArray(new String[roles.size()])) - .and() - .and() - .build(); + AuthenticationManager parent = defaultAuth.inMemoryAuthentication() + .withUser(user.getName()).password(user.getPassword()) + .roles(roles.toArray(new String[roles.size()])).and().and().build(); auth.parentAuthenticationManager(parent); } diff --git a/spring-boot-samples/spring-boot-sample-secure/src/test/java/sample/secure/SampleSecureApplicationTests.java b/spring-boot-samples/spring-boot-sample-secure/src/test/java/sample/secure/SampleSecureApplicationTests.java index 9e8335938d2..78d902eecfa 100644 --- a/spring-boot-samples/spring-boot-sample-secure/src/test/java/sample/secure/SampleSecureApplicationTests.java +++ b/spring-boot-samples/spring-boot-sample-secure/src/test/java/sample/secure/SampleSecureApplicationTests.java @@ -16,6 +16,8 @@ package sample.secure; +import static org.junit.Assert.assertEquals; + import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -28,6 +30,7 @@ import org.springframework.context.annotation.PropertySource; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; @@ -35,8 +38,6 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import sample.secure.SampleSecureApplicationTests.TestConfiguration; -import static org.junit.Assert.assertEquals; - /** * Basic integration tests for demo application. * @@ -58,7 +59,7 @@ public class SampleSecureApplicationTests { @Before public void init() { AuthenticationManager authenticationManager = context - .getBean(AuthenticationManager.class); + .getBean(AuthenticationManagerBuilder.class).getOrBuild(); authentication = authenticationManager .authenticate(new UsernamePasswordAuthenticationToken("user", "password")); } @@ -94,7 +95,6 @@ public class SampleSecureApplicationTests { @PropertySource("classpath:test.properties") @Configuration protected static class TestConfiguration { - } }