Ensure authentication events get published

When the user provides their own AuthenticationManager we do a lazy initialization and didn't (till now) inject the AuthenticationEventPublisher Fixes gh-2033
10 years ago · 911d39f937
parent 843e6d7cfa
commit 911d39f937
2 changed files with 41 additions and 12 deletions
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java
@ -128,6 +128,10 @@ public class AuthenticationManagerConfiguration extends
 				((ProviderManager) manager)
 						.setAuthenticationEventPublisher(this.authenticationEventPublisher);
 			}
 			else if (manager instanceof LazyAuthenticationManager) {
 				((LazyAuthenticationManager) manager)
 						.setAuthenticationEventPublisher(this.authenticationEventPublisher);
 			}
 		}
 	}
@ -201,15 +205,29 @@ public class AuthenticationManagerConfiguration extends
 	private static class LazyAuthenticationManager implements AuthenticationManager {
 		private AuthenticationManagerBuilder builder;
 		private AuthenticationManager authenticationManager;
 		private AuthenticationEventPublisher authenticationEventPublisher;
 		public LazyAuthenticationManager(AuthenticationManagerBuilder builder) {
 			this.builder = builder;
 		}
 		public void setAuthenticationEventPublisher(
 				AuthenticationEventPublisher authenticationEventPublisher) {
 			this.authenticationEventPublisher = authenticationEventPublisher;
 		}
 		@Override
 		public Authentication authenticate(Authentication authentication)
 				throws AuthenticationException {
-			return this.builder.getOrBuild().authenticate(authentication);
+			if (this.authenticationManager == null) {
 				this.authenticationManager = this.builder.getOrBuild();
 				if (this.authenticationManager instanceof ProviderManager) {
 					((ProviderManager) this.authenticationManager)
 							.setAuthenticationEventPublisher(this.authenticationEventPublisher);
 				}
 			}
 			return this.authenticationManager.authenticate(authentication);
 		}
 	}
--- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java
+++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java
@ -17,7 +17,6 @@
 package org.springframework.boot.autoconfigure.security;
 import java.util.List;
 import java.util.concurrent.atomic.AtomicReference;
 import org.junit.After;
 import org.junit.Test;
@ -41,6 +40,7 @@ import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
 import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.authentication.configurers.GlobalAuthenticationConfigurerAdapter;
@ -159,23 +159,22 @@ public class SecurityAutoConfigurationTests {
 	@Test
 	public void testEventPublisherInjected() throws Exception {
 		testAuthenticationManagerCreated();
-		final AtomicReference<ApplicationEvent> wrapper = new AtomicReference<ApplicationEvent>();
+		pingAuthenticationListener();
-		this.context.addApplicationListener(new ApplicationListener<ApplicationEvent>() {
+	}
-			@Override
+
-			public void onApplicationEvent(ApplicationEvent event) {
+	private void pingAuthenticationListener() {
-				wrapper.set(event);
+		AuthenticationListener listener = new AuthenticationListener();
-			};
+		this.context.addApplicationListener(listener);
 		});
 		AuthenticationManager manager = this.context.getBean(AuthenticationManager.class);
 		try {
-			manager.authenticate(new UsernamePasswordAuthenticationToken("foo", "bar"));
+			manager.authenticate(new UsernamePasswordAuthenticationToken("foo", "wrong"));
 			fail("Expected BadCredentialsException");
 		}
 		catch (BadCredentialsException e) {
 			// expected
 		}
-		assertTrue("Wrong event type: " + wrapper.get(),
+		assertTrue("Wrong event type: " + listener.event,
-				wrapper.get() instanceof AuthenticationFailureBadCredentialsEvent);
+				listener.event instanceof AuthenticationFailureBadCredentialsEvent);
 	}
 	@Test
@ -221,6 +220,7 @@ public class SecurityAutoConfigurationTests {
 				AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
 		assertNotNull(this.context.getBean(AuthenticationManager.class)
 				.authenticate(user));
 		pingAuthenticationListener();
 	}
 	@Test
@ -256,6 +256,17 @@ public class SecurityAutoConfigurationTests {
 		assertNotNull(this.context.getBean(JpaTransactionManager.class));
 	}
 	private static final class AuthenticationListener implements
 			ApplicationListener<AbstractAuthenticationEvent> {
 		private ApplicationEvent event;
 		@Override
 		public void onApplicationEvent(AbstractAuthenticationEvent event) {
 			this.event = event;
 		}
 	}
 	@Configuration
 	@TestAutoConfigurationPackage(City.class)
 	protected static class EntityConfiguration {