root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Make reactive user details back off with Auth Manager Resolver bean 

Closes gh-31317
This commit is contained in:
Andy Wilkinson 2022-06-22 09:53:59 +01:00
parent 611b029a73
commit c9e0e8891f
2 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveUserDetailsServiceAutoConfiguration.java
View File

@ -37,6 +37,7 @@ import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.messaging.rsocket.annotation.support.RSocketMessageHandler; import org.springframework.messaging.rsocket.annotation.support.RSocketMessageHandler;
import org.springframework.security.authentication.ReactiveAuthenticationManager; import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService; import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.User;
@ -48,14 +49,17 @@ import org.springframework.util.StringUtils;
* Default user {@link Configuration @Configuration} for a reactive web application. * Default user {@link Configuration @Configuration} for a reactive web application.
* Configures a {@link ReactiveUserDetailsService} with a default user and generated * Configures a {@link ReactiveUserDetailsService} with a default user and generated
* password. This backs-off completely if there is a bean of type * password. This backs-off completely if there is a bean of type
* {@link ReactiveUserDetailsService} or {@link ReactiveAuthenticationManager}. * {@link ReactiveUserDetailsService}, {@link ReactiveAuthenticationManager}, or
* {@link ReactiveAuthenticationManagerResolver}.
* *
* @author Madhura Bhave * @author Madhura Bhave
* @since 2.0.0 * @since 2.0.0
*/ */
@AutoConfiguration(after = RSocketMessagingAutoConfiguration.class) @AutoConfiguration(after = RSocketMessagingAutoConfiguration.class)
@ConditionalOnClass({ ReactiveAuthenticationManager.class }) @ConditionalOnClass({ ReactiveAuthenticationManager.class })
@ConditionalOnMissingBean(value = { ReactiveAuthenticationManager.class, ReactiveUserDetailsService.class }, @ConditionalOnMissingBean(
value = { ReactiveAuthenticationManager.class, ReactiveUserDetailsService.class,
ReactiveAuthenticationManagerResolver.class },
type = { "org.springframework.security.oauth2.jwt.ReactiveJwtDecoder", type = { "org.springframework.security.oauth2.jwt.ReactiveJwtDecoder",
"org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector" }) "org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector" })
@Conditional(ReactiveUserDetailsServiceAutoConfiguration.ReactiveUserDetailsServiceCondition.class) @Conditional(ReactiveUserDetailsServiceAutoConfiguration.ReactiveUserDetailsServiceCondition.class)

20
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveUserDetailsServiceAutoConfigurationTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2012-2019 the original author or authors. * Copyright 2012-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -31,6 +31,7 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import; import org.springframework.context.annotation.Import;
import org.springframework.security.authentication.ReactiveAuthenticationManager; import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
import org.springframework.security.config.annotation.rsocket.EnableRSocketSecurity; import org.springframework.security.config.annotation.rsocket.EnableRSocketSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService; import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
@ -91,6 +92,13 @@ class ReactiveUserDetailsServiceAutoConfigurationTests {
.run((context) -> assertThat(context).getBean(ReactiveUserDetailsService.class).isNull()); .run((context) -> assertThat(context).getBean(ReactiveUserDetailsService.class).isNull());
} }
@Test
void doesNotConfigureDefaultUserIfAuthenticationManagerResolverAvailable() {
this.contextRunner.withUserConfiguration(AuthenticationManagerResolverConfig.class)
.run((context) -> assertThat(context).hasSingleBean(ReactiveAuthenticationManagerResolver.class)
.doesNotHaveBean(ReactiveUserDetailsService.class));
}
@Test @Test
void doesNotConfigureDefaultUserIfResourceServerWithJWTIsUsed() { void doesNotConfigureDefaultUserIfResourceServerWithJWTIsUsed() {
this.contextRunner.withUserConfiguration(JwtDecoderConfiguration.class).run((context) -> { this.contextRunner.withUserConfiguration(JwtDecoderConfiguration.class).run((context) -> {
@ -179,6 +187,16 @@ class ReactiveUserDetailsServiceAutoConfigurationTests {
} }
@Configuration(proxyBeanMethods = false)
static class AuthenticationManagerResolverConfig {
@Bean
ReactiveAuthenticationManagerResolver<?> reactiveAuthenticationManagerResolver() {
return mock(ReactiveAuthenticationManagerResolver.class);
}
}
@Configuration(proxyBeanMethods = false) @Configuration(proxyBeanMethods = false)
@Import(TestSecurityConfiguration.class) @Import(TestSecurityConfiguration.class)
static class TestConfigWithPasswordEncoder { static class TestConfigWithPasswordEncoder {