GitHub-Spring/spring-boot
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-boot.git synced 2026-05-02 19:30:23 +01:00
Code Issues Projects Releases Wiki Activity

Don't log p/w when AuthenticationManagerBuilder configured

Browse Source 
Fixes gh-12872
This commit is contained in:
Madhura Bhave
2018-06-07 12:40:06 -07:00
parent f7ff8dd165
commit 4194baad91
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfiguration.java
+2
View File
@@ -30,6 +30,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.ObjectPostProcessor;
@@ -67,6 +68,7 @@ public class UserDetailsServiceAutoConfiguration {
@Bean
@ConditionalOnMissingBean(type = "org.springframework.security.oauth2.client.registration.ClientRegistrationRepository")
@Lazy
public InMemoryUserDetailsManager inMemoryUserDetailsManager(
SecurityProperties properties,
ObjectProvider<PasswordEncoder> passwordEncoder) {
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/servlet/UserDetailsServiceAutoConfigurationTests.java
+29
View File
@@ -34,7 +34,9 @@ import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.TestingAuthenticationProvider;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
@@ -149,6 +151,14 @@ public class UserDetailsServiceAutoConfigurationTests {
.doesNotHaveBean(InMemoryUserDetailsManager.class)));
}
@Test
public void generatedPasswordShouldNotBePrintedIfAuthenticationManagerBuilderIsUsed() {
this.contextRunner
.withUserConfiguration(TestConfigWithAuthenticationManagerBuilder.class)
.run(((context) -> assertThat(this.outputCapture.toString())
.doesNotContain("Using generated security password: ")));
}
private void testPasswordEncoding(Class<?> configClass, String providedPassword,
String expectedPassword) {
this.contextRunner.withUserConfiguration(configClass)
@@ -227,4 +237,23 @@ public class UserDetailsServiceAutoConfigurationTests {
}
@Configuration
@Import(TestSecurityConfiguration.class)
protected static class TestConfigWithAuthenticationManagerBuilder {
@Bean
public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter() {
return new WebSecurityConfigurerAdapter() {
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("hero").password("{noop}hero")
.roles("HERO", "USER").and().withUser("user")
.password("{noop}user").roles("USER");
}
};
}
}
}