1204 - Stormpath Enabled and Spring Security property switches

Author: Mario

extensions/spring/boot/stormpath-spring-security-spring-boot-starter/src/main/java/com/stormpath/spring/boot/autoconfigure/StormpathSpringSecurityAutoConfiguration.java

@@ -39,7 +39,7 @@
  */
 @SuppressWarnings("SpringFacetCodeInspection")
 @Configuration
-@ConditionalOnProperty(name = { "stormpath.enabled", "stormpath.spring.security.enabled" }, matchIfMissing = true)
+@ConditionalOnProperty(name = { "stormpath.enabled", "stormpath.spring.security.enabled",  "security.basic.enabled"}, matchIfMissing = true)
 @AutoConfigureAfter({ StormpathAutoConfiguration.class, SecurityAutoConfiguration.class })
 public class StormpathSpringSecurityAutoConfiguration extends AbstractStormpathSpringSecurityConfiguration {
 

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/main/java/com/stormpath/spring/boot/autoconfigure/StormpathWebSecurityAutoConfiguration.java

@@ -50,7 +50,7 @@
  */
 @SuppressWarnings("SpringFacetCodeInspection")
 @Configuration
-@ConditionalOnProperty(name = {"stormpath.enabled", "stormpath.web.enabled", "stormpath.spring.security.enabled"}, matchIfMissing = true)
+@ConditionalOnProperty(name = {"stormpath.enabled", "stormpath.web.enabled", "stormpath.spring.security.enabled", "security.basic.enabled"}, matchIfMissing = true)
 @ConditionalOnClass({Servlet.class, Filter.class, DispatcherServlet.class})
 @ConditionalOnWebApplication
 @AutoConfigureBefore(StormpathWebMvcAutoConfiguration.class)

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/main/java/com/stormpath/spring/boot/autoconfigure/StormpathWebSecurityDisabledAutoConfiguration.java

@@ -18,6 +18,7 @@
 import com.stormpath.spring.config.AbstractStormpathWebSecurityDisabledConfiguration;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
@@ -39,20 +40,22 @@
 @ConditionalOnClass({Servlet.class, Filter.class, DispatcherServlet.class})
 @ConditionalOnWebApplication
 @AutoConfigureAfter(StormpathWebSecurityAutoConfiguration.class)
+@ConditionalOnExpression("'${stormpath.spring.security.enabled}'=='false' || '${security.basic.enabled}'=='false'")
 public class StormpathWebSecurityDisabledAutoConfiguration extends AbstractStormpathWebSecurityDisabledConfiguration {
 
     @Bean
     @ConditionalOnMissingBean(name="stormpathSecurityConfigurerAdapter")
-    @ConditionalOnProperty(name = "stormpath.spring.security.enabled", havingValue = "false")
+    @ConditionalOnProperty(name = "security.basic.enabled", havingValue = "true") //we only need our Disabled Configurer Adapter if Spring Security is enabled
     public SecurityConfigurerAdapter stormpathSecurityConfigurerAdapter() {
-        //This bean will only be created if `stormpath.spring.security.enabled` is false
+        //This bean will only be created if our Spring Security integration is disabled but Spring Security is enabled
         return super.stormpathSecurityConfigurerAdapter();
     }
 
     @Bean
     @ConditionalOnMissingBean(name="stormpathLogoutHandler")
-    @ConditionalOnProperty(name = "stormpath.spring.security.enabled", havingValue = "false")
+    @ConditionalOnProperty(name = "security.basic.enabled", havingValue = "true") //we only need our logout handler if Spring Security is enabled
     public LogoutHandler stormpathLogoutHandler() {
+        //This bean will only be created if our Spring Security integration is disabled but Spring Security is enabled
         return super.stormpathLogoutHandler();
     }
 

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/test/groovy/com/stormpath/spring/boot/autoconfigure/DisabledSpringSecurityDisablesStormpathSSAutoConfigurationIT.groovy

@@ -0,0 +1,115 @@
+/*
+ * Copyright 2017 Stormpath, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.stormpath.spring.boot.autoconfigure
+
+import autoconfigure.DisabledSpringSecurityDisablesStormpathSSAutoConfigurationTestApplication
+import com.stormpath.sdk.api.ApiKey
+import com.stormpath.sdk.application.Application
+import com.stormpath.sdk.cache.CacheManager
+import com.stormpath.sdk.client.Client
+import com.stormpath.sdk.servlet.csrf.CsrfTokenManager
+import com.stormpath.sdk.servlet.csrf.DefaultCsrfTokenManager
+import com.stormpath.sdk.servlet.event.RequestEventListener
+import com.stormpath.sdk.servlet.http.authc.HeaderAuthenticator
+import com.stormpath.sdk.servlet.mvc.Controller
+import com.stormpath.spring.config.TwoAppTenantStormpathTestConfiguration
+import com.stormpath.spring.security.provider.GroupPermissionResolver
+import com.stormpath.spring.security.provider.StormpathAuthenticationProvider
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.boot.web.servlet.FilterRegistrationBean
+import org.springframework.security.config.annotation.SecurityConfigurerAdapter
+import org.springframework.security.web.FilterChainProxy
+import org.springframework.security.web.authentication.logout.LogoutHandler
+import org.springframework.test.context.testng.AbstractTestNGSpringContextTests
+import org.springframework.test.context.web.WebAppConfiguration
+import org.testng.annotations.Test
+
+import static org.testng.Assert.assertNotNull
+import static org.testng.Assert.assertNull
+import static org.testng.Assert.assertTrue
+
+/**
+ * Disabling Spring Security must also disable Stormpath's Spring Security integration
+ *
+ * @since 1.3.2
+ */
+@SpringBootTest(classes = [DisabledSpringSecurityDisablesStormpathSSAutoConfigurationTestApplication.class, TwoAppTenantStormpathTestConfiguration.class])
+@WebAppConfiguration
+class DisabledSpringSecurityDisablesStormpathSSAutoConfigurationIT extends AbstractTestNGSpringContextTests {
+
+    @Autowired
+    Client client
+
+    @Autowired
+    ApiKey apiKey;
+
+    @Autowired
+    CacheManager stormpathCacheManager;
+
+    @Autowired
+    Application application;
+
+    @Autowired
+    FilterRegistrationBean stormpathFilter
+
+    @Autowired(required = false)
+    SecurityConfigurerAdapter stormpathSecurityConfigurerAdapter
+
+    @Autowired
+    FilterChainProxy springSecurityFilterChain
+
+    @Autowired
+    HeaderAuthenticator stormpathAuthorizationHeaderAuthenticator
+
+    @Autowired(required = false)
+    Controller stormpathForgotPasswordController
+
+    //Spring Security Beans
+    @Autowired(required = false)
+    StormpathAuthenticationProvider stormpathAuthenticationProvider
+
+    @Autowired(required = false)
+    GroupPermissionResolver stormpathGroupPermissionResolver
+
+    @Autowired
+    RequestEventListener stormpathRequestEventListener
+
+    @Autowired
+    CsrfTokenManager stormpathCsrfTokenManager
+
+    @Autowired(required = false)
+    LogoutHandler stormpathLogoutHandler
+
+    @Test
+    void test() {
+        assertNotNull client
+        assertNotNull apiKey
+        assertNotNull stormpathCacheManager
+        assertNotNull stormpathFilter
+        assertNull stormpathSecurityConfigurerAdapter
+        assertNotNull application
+        assertNotNull springSecurityFilterChain
+        assertNull stormpathAuthenticationProvider
+        assertNull stormpathGroupPermissionResolver
+        assertNotNull stormpathRequestEventListener
+        assertTrue stormpathCsrfTokenManager instanceof DefaultCsrfTokenManager
+        assertNotNull stormpathAuthorizationHeaderAuthenticator
+        assertNotNull stormpathForgotPasswordController
+        assertNull stormpathLogoutHandler //when Spring Security is disabled we do not need our logout handler
+    }
+
+}

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/test/groovy/com/stormpath/spring/boot/autoconfigure/DisabledStormpathAutoConfigurationIT.groovy

@@ -0,0 +1,104 @@
+/*
+ * Copyright 2017 Stormpath, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.stormpath.spring.boot.autoconfigure
+
+import autoconfigure.DisabledStormpathAutoConfigurationTestApplication
+import com.stormpath.sdk.api.ApiKey
+import com.stormpath.sdk.application.Application
+import com.stormpath.sdk.cache.CacheManager
+import com.stormpath.sdk.client.Client
+import com.stormpath.sdk.servlet.csrf.CsrfTokenManager
+import com.stormpath.sdk.servlet.event.RequestEventListener
+import com.stormpath.sdk.servlet.filter.StormpathFilter
+import com.stormpath.sdk.servlet.http.authc.HeaderAuthenticator
+import com.stormpath.sdk.servlet.mvc.Controller
+import com.stormpath.spring.security.provider.*
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.security.config.annotation.SecurityConfigurerAdapter
+import org.springframework.security.web.FilterChainProxy
+import org.springframework.test.context.testng.AbstractTestNGSpringContextTests
+import org.springframework.test.context.web.WebAppConfiguration
+import org.testng.annotations.Test
+
+import static org.testng.Assert.assertNull
+import static org.testng.Assert.assertTrue
+
+/**
+ * @since 1.3.2
+ */
+@SpringBootTest(classes = [DisabledStormpathAutoConfigurationTestApplication.class])
+@WebAppConfiguration
+class DisabledStormpathAutoConfigurationIT extends AbstractTestNGSpringContextTests {
+
+    @Autowired(required = false)
+    Client client
+
+    @Autowired(required = false)
+    ApiKey apiKey;
+
+    @Autowired(required = false)
+    CacheManager stormpathCacheManager;
+
+    @Autowired(required = false)
+    Application application;
+
+    @Autowired(required = false)
+    StormpathFilter stormpathFilter
+
+    @Autowired(required = false)
+    SecurityConfigurerAdapter stormpathSecurityConfigurerAdapter;
+
+    @Autowired
+    FilterChainProxy springSecurityFilterChain;
+
+    @Autowired(required = false)
+    HeaderAuthenticator stormpathAuthorizationHeaderAuthenticator
+
+    @Autowired(required = false)
+    Controller stormpathForgotPasswordController
+
+    //Spring Security Beans
+    @Autowired(required = false)
+    StormpathAuthenticationProvider stormpathAuthenticationProvider
+
+    @Autowired(required = false)
+    GroupPermissionResolver stormpathGroupPermissionResolver
+
+    @Autowired(required = false)
+    RequestEventListener stormpathRequestEventListener
+
+    @Autowired(required = false)
+    CsrfTokenManager stormpathCsrfTokenManager
+
+    @Test
+    void test() {
+        assertNull client
+        assertNull apiKey
+        assertNull stormpathCacheManager
+        assertNull stormpathFilter
+        assertNull stormpathSecurityConfigurerAdapter
+        assertNull application;
+        assertTrue springSecurityFilterChain instanceof FilterChainProxy //let's assert Spring Security's Filter is present
+        assertNull stormpathAuthenticationProvider
+        assertNull stormpathGroupPermissionResolver
+        assertNull stormpathRequestEventListener
+        assertNull stormpathCsrfTokenManager
+        assertNull stormpathAuthorizationHeaderAuthenticator
+        assertNull stormpathForgotPasswordController
+    }
+
+}

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/test/java/autoconfigure/DisabledSpringSecurityDisablesStormpathSSAutoConfigurationTestApplication.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2017 Stormpath, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package autoconfigure;
+
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+
+/**
+ * Disabling Spring Security must also disable Stormpath's Spring Security integration
+ *
+ * @since 1.3.2
+ */
+@Configuration
+@PropertySource({"classpath:disabledspringsecuritydisablesstormpathss.application.properties"})
+@EnableAutoConfiguration
+public class DisabledSpringSecurityDisablesStormpathSSAutoConfigurationTestApplication {
+
+}
+

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/test/java/autoconfigure/DisabledStormpathAutoConfigurationTestApplication.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2017 Stormpath, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package autoconfigure;
+
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+/**
+ * @since 1.3.2
+ */
+@Configuration
+@EnableAutoConfiguration
+@PropertySource({"classpath:disabledstormpath.application.properties"})
+public class DisabledStormpathAutoConfigurationTestApplication extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+    }
+
+}
+

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/test/java/autoconfigure/StormpathWebSecurityAutoConfigurationTestApplication.java

@@ -18,7 +18,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Configuration;
 
@@ -28,7 +27,6 @@
  * @since 1.0.RC5
  */
 @Configuration
-@EnableAutoConfiguration
 public class StormpathWebSecurityAutoConfigurationTestApplication {
 
     private static final Logger log = LoggerFactory.getLogger(StormpathWebSecurityAutoConfigurationTestApplication.class);

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/test/resources/disabledspringsecuritydisablesstormpathss.application.properties

@@ -0,0 +1,16 @@
+#
+# Copyright 2017 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+security.basic.enabled = false

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/test/resources/disabledstormpath.application.properties

@@ -0,0 +1,16 @@
+#
+# Copyright 2017 Stormpath, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+stormpath.enabled = false