@Test public void testSpringAuthenticationProviderAsDefaultConfiguration() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(ManagementServerPropertiesAutoConfiguration.class); this.context.register(SecurityAutoConfiguration.class); this.context.register(SecurityConfiguration.class); this.context.register(CrshAutoConfiguration.class); this.context.refresh(); PluginLifeCycle lifeCycle = this.context.getBean(PluginLifeCycle.class); AuthenticationPlugin<String> authenticationPlugin = null; String authentication = lifeCycle.getConfig().getProperty("crash.auth"); assertThat(authentication).isNotNull(); for (AuthenticationPlugin plugin : lifeCycle.getContext() .getPlugins(AuthenticationPlugin.class)) { if (authentication.equals(plugin.getName())) { authenticationPlugin = plugin; break; } } assertThat(authenticationPlugin.authenticate(SecurityConfiguration.USERNAME, SecurityConfiguration.PASSWORD)).isTrue(); assertThat(authenticationPlugin.authenticate(UUID.randomUUID().toString(), SecurityConfiguration.PASSWORD)).isFalse(); }
@Test public void testWebConfiguration() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(SecurityAutoConfiguration.class, WebMvcAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, JacksonAutoConfiguration.class, HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false"); this.context.refresh(); assertThat(this.context.getBean(AuthenticationManagerBuilder.class)).isNotNull(); FilterChainProxy filterChainProxy = this.context.getBean(FilterChainProxy.class); // 1 for static resources, one for management endpoints and one for the rest assertThat(filterChainProxy.getFilterChains()).hasSize(3); assertThat(filterChainProxy.getFilters("/beans")).isNotEmpty(); assertThat(filterChainProxy.getFilters("/beans/")).isNotEmpty(); assertThat(filterChainProxy.getFilters("/beans.foo")).isNotEmpty(); assertThat(filterChainProxy.getFilters("/beans/foo/bar")).isNotEmpty(); }
@Test public void testWebConfiguration() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(SecurityAutoConfiguration.class, WebMvcAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, JacksonAutoConfiguration.class, HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false"); this.context.refresh(); assertNotNull(this.context.getBean(AuthenticationManagerBuilder.class)); FilterChainProxy filterChainProxy = this.context.getBean(FilterChainProxy.class); // 4 for static resources, one for management endpoints and one for the rest assertThat(filterChainProxy.getFilterChains(), hasSize(6)); assertThat(filterChainProxy.getFilters("/beans"), hasSize(greaterThan(0))); assertThat(filterChainProxy.getFilters("/beans/"), hasSize(greaterThan(0))); assertThat(filterChainProxy.getFilters("/beans.foo"), hasSize(greaterThan(0))); assertThat(filterChainProxy.getFilters("/beans/foo/bar"), hasSize(greaterThan(0))); }
@Test public void configuresADefaultUser() { contextRunner .withPropertyValues("singleuser.name=michael") .withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class, SingleUserAutoConfiguration.class)) .run(context -> { assertThat(context.getBean(UserDetailsService.class).loadUserByUsername("michael")).isNotNull(); assertThat(context).getBean(ReactiveUserDetailsService.class).isNull(); }); }
@Test public void configuresNoDefaultUserWhenAuthenticationManagerPresent() { contextRunner .withUserConfiguration(AuthenticationManagerIsPresent.class) .withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class, SingleUserAutoConfiguration.class)) .run(context -> { assertThat(context).getBean("singleUserDetailsMananger").isNull(); }); }
@Test public void configuresNoDefaultUserWhenAuthenticationProviderPresent() { contextRunner .withUserConfiguration(AuthenticationProviderIsPresent.class) .withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class, SingleUserAutoConfiguration.class)) .run(context -> { assertThat(context).getBean("singleUserDetailsMananger").isNull(); }); }
@Test public void configuresNoDefaultUserWhenUserDetailsServicePresent() { contextRunner .withUserConfiguration(UserDetailsServiceIsPresent.class) .withConfiguration(AutoConfigurations.of(SecurityAutoConfiguration.class, SingleUserAutoConfiguration.class)) .run(context -> { assertThat(context).getBean("singleUserDetailsMananger").isNull(); }); }
@Test public void testDisableIgnoredStaticApplicationPaths() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, EndpointAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); EnvironmentTestUtils.addEnvironment(this.context, "security.ignored:none"); this.context.refresh(); // Just the application and management endpoints now assertThat(this.context.getBean(FilterChainProxy.class).getFilterChains()) .hasSize(2); }
@Test public void testOverrideAuthenticationManager() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(TestConfiguration.class, SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, EndpointAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); this.context.refresh(); assertThat(this.context.getBean(AuthenticationManager.class)).isEqualTo( this.context.getBean(TestConfiguration.class).authenticationManager); }
@Test public void testSecurityPropertiesNotAvailable() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(TestConfiguration.class, SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, EndpointAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); this.context.refresh(); assertThat(this.context.getBean(AuthenticationManager.class)).isEqualTo( this.context.getBean(TestConfiguration.class).authenticationManager); }
@Test public void realmSameForManagement() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(AuthenticationConfig.class, SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, JacksonAutoConfiguration.class, HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, WebMvcAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); this.context.refresh(); Filter filter = this.context.getBean("springSecurityFilterChain", Filter.class); MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.context) .addFilters(filter).build(); // no user (Main) mockMvc.perform(MockMvcRequestBuilders.get("/home")) .andExpect(MockMvcResultMatchers.status().isUnauthorized()) .andExpect(springAuthenticateRealmHeader()); // invalid user (Main) mockMvc.perform( MockMvcRequestBuilders.get("/home").header("authorization", "Basic xxx")) .andExpect(MockMvcResultMatchers.status().isUnauthorized()) .andExpect(springAuthenticateRealmHeader()); // no user (Management) mockMvc.perform(MockMvcRequestBuilders.get("/beans")) .andExpect(MockMvcResultMatchers.status().isUnauthorized()) .andExpect(springAuthenticateRealmHeader()); // invalid user (Management) mockMvc.perform( MockMvcRequestBuilders.get("/beans").header("authorization", "Basic xxx")) .andExpect(MockMvcResultMatchers.status().isUnauthorized()) .andExpect(springAuthenticateRealmHeader()); }
private void load() { this.context = new AnnotationConfigEmbeddedWebApplicationContext(); EnvironmentTestUtils.addEnvironment(this.context, "spring.session.store-type=hash-map"); this.context.register(MockEmbeddedServletContainerConfiguration.class, TestRedisConfiguration.class, WebMvcAutoConfiguration.class, ServerPropertiesAutoConfiguration.class, SecurityAutoConfiguration.class, SessionAutoConfiguration.class, HttpMessageConvertersAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class, HttpEncodingAutoConfiguration.class); this.context.refresh(); }
@Before public void setup() { context = new AnnotationConfigApplicationContext(); context.setId("testDataFlowConfig"); context.register(DataFlowServerConfigurationTests.TestConfiguration.class, RedisAutoConfiguration.class, SecurityAutoConfiguration.class, DataFlowServerAutoConfiguration.class, DataFlowControllerAutoConfiguration.class, DataSourceAutoConfiguration.class, DataFlowServerConfiguration.class, PropertyPlaceholderAutoConfiguration.class, WebClientAutoConfiguration.class, HibernateJpaAutoConfiguration.class, WebConfiguration.class); environment = new StandardEnvironment(); propertySources = environment.getPropertySources(); }
@Test public void testSpringAuthenticationProviderAsDefaultConfiguration() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(ManagementServerPropertiesAutoConfiguration.class); this.context.register(SecurityAutoConfiguration.class); this.context.register(SecurityConfiguration.class); this.context.register(CrshAutoConfiguration.class); this.context.refresh(); PluginLifeCycle lifeCycle = this.context.getBean(PluginLifeCycle.class); AuthenticationPlugin<String> authenticationPlugin = null; String authentication = lifeCycle.getConfig().getProperty("crash.auth"); assertNotNull(authentication); for (AuthenticationPlugin plugin : lifeCycle.getContext() .getPlugins(AuthenticationPlugin.class)) { if (authentication.equals(plugin.getName())) { authenticationPlugin = plugin; break; } } assertTrue(authenticationPlugin.authenticate(SecurityConfiguration.USERNAME, SecurityConfiguration.PASSWORD)); assertFalse(authenticationPlugin.authenticate(UUID.randomUUID().toString(), SecurityConfiguration.PASSWORD)); }
@Test public void testDisableIgnoredStaticApplicationPaths() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, EndpointAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); EnvironmentTestUtils.addEnvironment(this.context, "security.ignored:none"); this.context.refresh(); // Just the application and management endpoints now assertEquals(2, this.context.getBean(FilterChainProxy.class).getFilterChains().size()); }
@Test public void testOverrideAuthenticationManager() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(TestConfiguration.class, SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, EndpointAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); this.context.refresh(); assertEquals(this.context.getBean(TestConfiguration.class).authenticationManager, this.context.getBean(AuthenticationManager.class)); }
@Test public void testSecurityPropertiesNotAvailable() throws Exception { this.context = new AnnotationConfigWebApplicationContext(); this.context.setServletContext(new MockServletContext()); this.context.register(TestConfiguration.class, SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, EndpointAutoConfiguration.class, ManagementServerPropertiesAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class); this.context.refresh(); assertEquals(this.context.getBean(TestConfiguration.class).authenticationManager, this.context.getBean(AuthenticationManager.class)); }
