GitHub-Spring
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Be defensive about Spring Security dependencies 

In particular don't assume that Spring Security Web is on the
classpath, just because Spring Security Core is.

Fixes gh-363
pull/371/head
Dave Syer 12 years ago
parent
5d591edbf8
commit
f888567c1d
2 changed files with 41 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java
  2. 50
      spring-boot-actuator/src/main/java/org/springframework/boot/actuate/security/AuthenticationAuditListener.java

5
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/ManagementServerProperties.java
Unescape View File

@ -119,8 +119,9 @@ public class ManagementServerProperties implements SecurityPrequisite { @@ -119,8 +119,9 @@ public class ManagementServerProperties implements SecurityPrequisite {
}
private static Security maybeCreateSecurity() {
return (ClassUtils.isPresent("org.springframework.security.core.Authentication",
null) ? new Security() : null);
return (ClassUtils.isPresent(
"org.springframework.security.config.http.SessionCreationPolicy", null) ? new Security()
: null);
}
}

50
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/security/AuthenticationAuditListener.java
Unescape View File

@ -27,6 +27,7 @@ import org.springframework.context.ApplicationListener; @@ -27,6 +27,7 @@ import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent;
import org.springframework.util.ClassUtils;
/**
* {@link ApplicationListener} expose Spring Security {@link AbstractAuthenticationEvent
@ -39,18 +40,30 @@ public class AuthenticationAuditListener implements @@ -39,18 +40,30 @@ public class AuthenticationAuditListener implements
private ApplicationEventPublisher publisher;
private WebAuditListener webListener = maybeCreateWebListener();
@Override
public void setApplicationEventPublisher(ApplicationEventPublisher publisher) {
this.publisher = publisher;
}
private static WebAuditListener maybeCreateWebListener() {
if (ClassUtils
.isPresent(
"org.springframework.security.web.authentication.switchuser.AuthenticationSwitchUserEvent",
null)) {
return new WebAuditListener();
}
return null;
}
@Override
public void onApplicationEvent(AbstractAuthenticationEvent event) {
if (event instanceof AbstractAuthenticationFailureEvent) {
onAuthenticationFailureEvent((AbstractAuthenticationFailureEvent) event);
}
else if (event instanceof AuthenticationSwitchUserEvent) {
onAuthenticationSwitchUserEvent((AuthenticationSwitchUserEvent) event);
else if (this.webListener != null && this.webListener.accepts(event)) {
this.webListener.process(this, event);
}
else {
onAuthenticationEvent(event);
@ -65,16 +78,6 @@ public class AuthenticationAuditListener implements @@ -65,16 +78,6 @@ public class AuthenticationAuditListener implements
"AUTHENTICATION_FAILURE", data));
}
private void onAuthenticationSwitchUserEvent(AuthenticationSwitchUserEvent event) {
Map<String, Object> data = new HashMap<String, Object>();
if (event.getAuthentication().getDetails() != null) {
data.put("details", event.getAuthentication().getDetails());
}
data.put("target", event.getTargetUser().getUsername());
publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_SWITCH", data));
}
private void onAuthenticationEvent(AbstractAuthenticationEvent event) {
Map<String, Object> data = new HashMap<String, Object>();
if (event.getAuthentication().getDetails() != null) {
@ -90,4 +93,27 @@ public class AuthenticationAuditListener implements @@ -90,4 +93,27 @@ public class AuthenticationAuditListener implements
}
}
private static class WebAuditListener {
public void process(AuthenticationAuditListener listener,
AbstractAuthenticationEvent input) {
if (listener != null) {
AuthenticationSwitchUserEvent event = (AuthenticationSwitchUserEvent) input;
Map<String, Object> data = new HashMap<String, Object>();
if (event.getAuthentication().getDetails() != null) {
data.put("details", event.getAuthentication().getDetails());
}
data.put("target", event.getTargetUser().getUsername());
listener.publish(new AuditEvent(event.getAuthentication().getName(),
"AUTHENTICATION_SWITCH", data));
}
}
public boolean accepts(AbstractAuthenticationEvent event) {
return event instanceof AuthenticationSwitchUserEvent;
}
}
}

Write Preview
Loading…
Cancel
Save