@Test
public void testCustomAuthenticationDoesNotAuthenticateWithBootSecurityUser() throws Exception {
this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext());
this.context.register(
AuthenticationManagerCustomizer.class,
SecurityAutoConfiguration.class,
ServerPropertiesAutoConfiguration.class);
this.context.refresh();
SecurityProperties security = this.context.getBean(SecurityProperties.class);
AuthenticationManager manager = this.context.getBean(AuthenticationManager.class);
UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(
security.getUser().getName(), security.getUser().getPassword());
try {
manager.authenticate(token);
fail("Expected Exception");
} catch (AuthenticationException success) {
}
token = new UsernamePasswordAuthenticationToken("foo", "bar");
assertNotNull(manager.authenticate(token));
}
@Test
public void testDefaultUsernamePassword() throws Exception {
this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext());
this.context.register(SecurityAutoConfiguration.class, ServerPropertiesAutoConfiguration.class);
this.context.refresh();
SecurityProperties security = this.context.getBean(SecurityProperties.class);
AuthenticationManager manager = this.context.getBean(AuthenticationManager.class);
UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(
security.getUser().getName(), security.getUser().getPassword());
assertNotNull(manager.authenticate(token));
}
public static List<String> getIgnored(SecurityProperties security) {
List<String> ignored = new ArrayList<String>(security.getIgnored());
if (ignored.isEmpty()) {
ignored.addAll(DEFAULT_IGNORED);
} else if (ignored.contains("none")) {
ignored.remove("none");
}
return ignored;
}
@Bean
@ConditionalOnBean(name = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
public FilterRegistrationBean securityFilterChainRegistration(
@Qualifier(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)
Filter securityFilter,
SecurityProperties securityProperties) {
FilterRegistrationBean registration = new FilterRegistrationBean(securityFilter);
registration.setOrder(securityProperties.getFilterOrder());
registration.setName(AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME);
return registration;
}
private String getPassword() {
return security.getUser().getPassword();
}