SEC-2238: WebAsyncManagerIntegrationFilter Java Config

13 years ago · 2fef79f3d2
3 changed files with 31 additions and 0 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java
@ -36,6 +36,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageViewFi
				@@ -36,6 +36,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageViewFi
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.authentication.www.DigestAuthenticationFilter;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
+import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
 import org.springframework.security.web.header.HeaderWriterFilter;
 import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter;
 import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
@ -62,6 +63,8 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
				@@ -62,6 +63,8 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
        order += STEP;
        put(ConcurrentSessionFilter.class, order);
        order += STEP;
+        put(WebAsyncManagerIntegrationFilter.class, order);
+        order += STEP;
        put(SecurityContextPersistenceFilter.class, order);
        order += STEP;
        put(HeaderWriterFilter.class, order);
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java
@ -39,6 +39,7 @@ import org.springframework.security.core.userdetails.UserDetails;
				@@ -39,6 +39,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
+import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
 import org.springframework.web.accept.ContentNegotiationStrategy;
 import org.springframework.web.accept.HeaderContentNegotiationStrategy;

@ -154,6 +155,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
				@@ -154,6 +155,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
        http.setSharedObject(ContentNegotiationStrategy.class, contentNegotiationStrategy);
        if(!disableDefaults) {
            http
+                .addFilter(new WebAsyncManagerIntegrationFilter())
                .exceptionHandling().and()
                .headers().and()
                .sessionManagement().and()
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy
@ -41,6 +41,7 @@ import org.springframework.security.core.Authentication
				@@ -41,6 +41,7 @@ import org.springframework.security.core.Authentication
 import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.core.userdetails.UsernameNotFoundException
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
+import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
 import org.springframework.web.accept.ContentNegotiationStrategy
 import org.springframework.web.accept.HeaderContentNegotiationStrategy
 import org.springframework.web.filter.OncePerRequestFilter
@ -99,6 +100,31 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
				@@ -99,6 +100,31 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
        }
    }

+    def "webasync populated by default"() {
+        when: "load config that overrides http and accepts defaults"
+            loadConfig(WebAsyncPopulatedByDefaultConfig)
+        then: "WebAsyncManagerIntegrationFilter is populated"
+            findFilter(WebAsyncManagerIntegrationFilter)
+    }
+
+    @EnableWebSecurity
+    @Configuration
+    static class WebAsyncPopulatedByDefaultConfig extends WebSecurityConfigurerAdapter {
+
+        @Override
+        protected void registerAuthentication(AuthenticationManagerBuilder auth)
+                throws Exception {
+            auth
+                .inMemoryAuthentication()
+                    .withUser("user").password("password").roles("USER")
+        }
+
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {
+
+        }
+    }
+
    def "AuthenticationEventPublisher is registered for Web registerAuthentication"() {
        when:
            loadConfig(InMemoryAuthWithWebSecurityConfigurerAdapter)