Use ApplicationEvent to ensure that authentication event publisher is registered

Dave Syer · Dave Syer · commit 38f8d65756a0 · 2014-08-06T19:30:27.000-07:00
There was a reference to an old (fixed) issue in Spring which led to some simplification of the AuthenticationManager layering as well. Fixes gh-1335
diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java
@@ -26,12 +26,14 @@
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.security.SecurityProperties.User;
+import org.springframework.context.ApplicationListener;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.context.annotation.Primary;
 import org.springframework.context.annotation.Scope;
 import org.springframework.context.annotation.ScopedProxyMode;
+import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.authentication.AuthenticationEventPublisher;
@@ -54,7 +56,8 @@
 @ConditionalOnMissingBean(AuthenticationManager.class)
 @Order(Ordered.LOWEST_PRECEDENCE - 3)
 public class AuthenticationManagerConfiguration extends
-		GlobalAuthenticationConfigurerAdapter {
+		GlobalAuthenticationConfigurerAdapter implements
+		ApplicationListener<ContextRefreshedEvent> {
 
 	private static Log logger = LogFactory
 			.getLog(AuthenticationManagerConfiguration.class);
@@ -79,23 +82,23 @@ public void init(AuthenticationManagerBuilder auth) throws Exception {
 	}
 
 	@Bean
-	// avoid issues with scopedTarget (SPR-11548)
 	@Primary
+	@Lazy
+	@Scope(proxyMode = ScopedProxyMode.INTERFACES)
 	public AuthenticationManager authenticationManager() {
-		return lazyAuthenticationManager();
+		AuthenticationManager manager = this.configurer.getAuthenticationManagerBuilder()
+				.getOrBuild();
+		return manager;
 	}
 
-	@Bean
-	@Lazy
-	@Scope(proxyMode = ScopedProxyMode.INTERFACES)
-	protected AuthenticationManager lazyAuthenticationManager() {
+	@Override
+	public void onApplicationEvent(ContextRefreshedEvent event) {
 		AuthenticationManager manager = this.configurer.getAuthenticationManagerBuilder()
 				.getOrBuild();
 		if (manager instanceof ProviderManager) {
 			((ProviderManager) manager)
 					.setAuthenticationEventPublisher(this.authenticationEventPublisher);
 		}
-		return manager;
 	}
 
 	/**
diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/SecurityAutoConfigurationTests.java
@@ -17,6 +17,7 @@
 package org.springframework.boot.autoconfigure.security;
 
 import java.util.List;
+import java.util.concurrent.atomic.AtomicReference;
 
 import org.junit.Test;
 import org.springframework.boot.autoconfigure.PropertyPlaceholderAutoConfiguration;
@@ -26,12 +27,17 @@
 import org.springframework.boot.autoconfigure.orm.jpa.test.City;
 import org.springframework.boot.autoconfigure.web.ServerPropertiesAutoConfiguration;
 import org.springframework.boot.test.EnvironmentTestUtils;
+import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationListener;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.mock.web.MockServletContext;
 import org.springframework.orm.jpa.JpaTransactionManager;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -41,6 +47,8 @@
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 /**
  * Tests for {@link SecurityAutoConfiguration}.
@@ -104,6 +112,27 @@ public void testAuthenticationManagerCreated() throws Exception {
 		assertNotNull(this.context.getBean(AuthenticationManager.class));
 	}
 
+	@Test
+	public void testEventPublisherInjected() throws Exception {
+		testAuthenticationManagerCreated();
+		final AtomicReference<ApplicationEvent> wrapper = new AtomicReference<ApplicationEvent>();
+		this.context.addApplicationListener(new ApplicationListener<ApplicationEvent>() {
+			@Override
+			public void onApplicationEvent(ApplicationEvent event) {
+				wrapper.set(event);
+			};
+		});
+		AuthenticationManager manager = this.context.getBean(AuthenticationManager.class);
+		try {
+			manager.authenticate(new UsernamePasswordAuthenticationToken("foo", "bar"));
+			fail("Expected BadCredentialsException");
+		}
+		catch (BadCredentialsException e) {
+			// expected
+		}
+		assertTrue(wrapper.get() instanceof AuthenticationFailureBadCredentialsEvent);
+	}
+
 	@Test
 	public void testOverrideAuthenticationManager() throws Exception {
 		this.context = new AnnotationConfigWebApplicationContext();
diff --git a/spring-boot-samples/spring-boot-sample-parent-context/pom.xml b/spring-boot-samples/spring-boot-sample-parent-context/pom.xml
@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<!-- Your own application should inherit from spring-boot-starter-parent -->
@@ -16,6 +17,7 @@
 		<url>http://www.spring.io</url>
 	</organization>
 	<properties>
+		<start-class>sample.parent.SampleParentContextApplication</start-class>
 		<main.basedir>${basedir}/../..</main.basedir>
 	</properties>
 	<dependencies>
