diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java index 787a7bc16a..11bd9026b1 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java @@ -36,6 +36,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageViewFi import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import org.springframework.security.web.authentication.www.DigestAuthenticationFilter; import org.springframework.security.web.context.SecurityContextPersistenceFilter; +import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter; import org.springframework.security.web.header.HeaderWriterFilter; import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter; import org.springframework.security.web.savedrequest.RequestCacheAwareFilter; @@ -62,6 +63,8 @@ final class FilterComparator implements Comparator, Serializable { order += STEP; put(ConcurrentSessionFilter.class, order); order += STEP; + put(WebAsyncManagerIntegrationFilter.class, order); + order += STEP; put(SecurityContextPersistenceFilter.class, order); order += STEP; put(HeaderWriterFilter.class, order); diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java index 67f6997b12..2af2ab5c22 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java @@ -39,6 +39,7 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; +import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter; import org.springframework.web.accept.ContentNegotiationStrategy; import org.springframework.web.accept.HeaderContentNegotiationStrategy; @@ -154,6 +155,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer http.setSharedObject(ContentNegotiationStrategy.class, contentNegotiationStrategy); if(!disableDefaults) { http + .addFilter(new WebAsyncManagerIntegrationFilter()) .exceptionHandling().and() .headers().and() .sessionManagement().and() diff --git a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy index 348c8dc6ff..333e2bad81 100644 --- a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy @@ -41,6 +41,7 @@ import org.springframework.security.core.Authentication import org.springframework.security.core.userdetails.UserDetailsService import org.springframework.security.core.userdetails.UsernameNotFoundException import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter +import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter; import org.springframework.web.accept.ContentNegotiationStrategy import org.springframework.web.accept.HeaderContentNegotiationStrategy import org.springframework.web.filter.OncePerRequestFilter @@ -99,6 +100,31 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec { } } + def "webasync populated by default"() { + when: "load config that overrides http and accepts defaults" + loadConfig(WebAsyncPopulatedByDefaultConfig) + then: "WebAsyncManagerIntegrationFilter is populated" + findFilter(WebAsyncManagerIntegrationFilter) + } + + @EnableWebSecurity + @Configuration + static class WebAsyncPopulatedByDefaultConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void registerAuthentication(AuthenticationManagerBuilder auth) + throws Exception { + auth + .inMemoryAuthentication() + .withUser("user").password("password").roles("USER") + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + + } + } + def "AuthenticationEventPublisher is registered for Web registerAuthentication"() { when: loadConfig(InMemoryAuthWithWebSecurityConfigurerAdapter)