Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 13:23:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish Authentication Factors

Browse Source 
Issue gh-17933
This commit is contained in:
Josh Cummings
2025-09-19 11:31:08 -06:00
parent 758b35df9c
commit 6e7a181eac
10 changed files with 63 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java
+2 -2
View File
@@ -16,8 +16,8 @@
package org.springframework.security.authentication.dao;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedHashSet;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -204,7 +204,7 @@ public abstract class AbstractUserDetailsAuthenticationProvider
// so subsequent attempts are successful even with encoded passwords.
// Also ensure we return the original getDetails(), so that future
// authentication events after cache expiry contain the details
Collection<GrantedAuthority> authorities = new ArrayList<>(
Collection<GrantedAuthority> authorities = new LinkedHashSet<>(
this.authoritiesMapper.mapAuthorities(user.getAuthorities()));
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
UsernamePasswordAuthenticationToken result = UsernamePasswordAuthenticationToken.authenticated(principal,
core/src/main/java/org/springframework/security/authentication/jaas/AbstractJaasAuthenticationProvider.java
+4
View File
@@ -45,6 +45,7 @@ import org.springframework.security.authentication.jaas.event.JaasAuthentication
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.session.SessionDestroyedEvent;
import org.springframework.util.Assert;
@@ -120,6 +121,8 @@ import org.springframework.util.ObjectUtils;
public abstract class AbstractJaasAuthenticationProvider implements AuthenticationProvider,
ApplicationEventPublisherAware, InitializingBean, ApplicationListener<SessionDestroyedEvent> {
private static final String AUTHORITY = "FACTOR_PASSWORD";
private ApplicationEventPublisher applicationEventPublisher = (event) -> {
};
@@ -210,6 +213,7 @@ public abstract class AbstractJaasAuthenticationProvider implements Authenticati
}
}
}
authorities.add(new SimpleGrantedAuthority(AUTHORITY));
return authorities;
}
core/src/test/java/org/springframework/security/authentication/SecurityAssertions.java
+4
View File
@@ -75,6 +75,10 @@ public final class SecurityAssertions {
return authorities().has(new Condition<>(test, "contains %s", Arrays.toString(authorities)));
}
public CollectionAssert<GrantedAuthority> roles() {
return authorities().filteredOn((authority) -> authority.getAuthority().startsWith("ROLE_"));
}
public CollectionAssert<GrantedAuthority> authorities() {
return new CollectionAssert<>(this.authentication.getAuthorities());
}
core/src/test/java/org/springframework/security/authentication/jaas/JaasAuthenticationProviderTests.java
+11 -1
View File
@@ -35,6 +35,7 @@ import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.core.io.FileSystemResource;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.SecurityAssertions;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
@@ -224,7 +225,9 @@ public class JaasAuthenticationProviderTests {
"password");
assertThat(this.jaasProvider.supports(UsernamePasswordAuthenticationToken.class)).isTrue();
Authentication auth = this.jaasProvider.authenticate(token);
assertThat(auth.getAuthorities()).withFailMessage("Only ROLE_TEST1 and ROLE_TEST2 should have been returned")
SecurityAssertions.assertThat(auth)
.roles()
.withFailMessage("Only ROLE_TEST1 and ROLE_TEST2 should have been returned")
.hasSize(2);
}
@@ -234,6 +237,13 @@ public class JaasAuthenticationProviderTests {
.authenticate(new TestingAuthenticationToken("foo", "bar", AuthorityUtils.NO_AUTHORITIES))).isNull();
}
@Test
public void authenticateWhenSuccessThenIssuesFactor() {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken("user", "password");
Authentication result = this.jaasProvider.authenticate(token);
SecurityAssertions.assertThat(result).hasAuthority("FACTOR_PASSWORD");
}
private static class MockLoginContext extends LoginContext {
boolean loggedOut = false;