spring-projects#11754 - HttpSecurityDsl should support apply method

hanrw · Aug 31, 2022 · b5f1dd7 · b5f1dd7
1 parent f1b79e0
commit b5f1dd7
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 0 deletions.
diff --git a/config/src/main/kotlin/org/springframework/security/config/annotation/web/HttpSecurityDsl.kt b/config/src/main/kotlin/org/springframework/security/config/annotation/web/HttpSecurityDsl.kt
@@ -18,9 +18,11 @@ package org.springframework.security.config.annotation.web
 
 import org.springframework.context.ApplicationContext
 import org.springframework.security.authentication.AuthenticationManager
+import org.springframework.security.config.annotation.SecurityConfigurerAdapter
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository
+import org.springframework.security.web.DefaultSecurityFilterChain
 import org.springframework.security.web.util.matcher.RequestMatcher
 import org.springframework.util.ClassUtils
 import jakarta.servlet.Filter
@@ -76,6 +78,31 @@ class HttpSecurityDsl(private val http: HttpSecurity, private val init: HttpSecu
 
     var authenticationManager: AuthenticationManager? = null
 
+    /**
+     * Applies a [SecurityConfigurerAdapter] to this [HttpSecurity]
+     *
+     * Example:
+     *
+     * ```
+     * @Configuration
+     * @EnableWebSecurity
+     * class SecurityConfig : WebSecurityConfigurerAdapter() {
+     *
+     *  override fun configure(http: HttpSecurity) {
+     *      http {
+     *          apply(CustomSecurityConfigurer<HttpSecurity>())
+     *      }
+     *  }
+     * }
+     * ```
+     *
+     * @param configurer
+     * the [SecurityConfigurerAdapter] for further customizations
+     */
+    fun <C : SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity>> apply(configurer: C): C {
+        return this.http.apply(configurer)
+    }
+
     /**
      * Allows configuring the [HttpSecurity] to only be invoked when matching the
      * provided pattern.

diff --git a/...rc/test/kotlin/org/springframework/security/config/annotation/web/HttpSecurityDslTests.kt b/...rc/test/kotlin/org/springframework/security/config/annotation/web/HttpSecurityDslTests.kt
@@ -30,7 +30,9 @@ import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.authentication.ProviderManager
 import org.springframework.security.authentication.TestingAuthenticationProvider
 import org.springframework.security.authentication.TestingAuthenticationToken
+import org.springframework.security.config.Customizer
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
@@ -516,4 +518,40 @@ class HttpSecurityDslTests {
     }
 
     class CustomFilter : UsernamePasswordAuthenticationFilter()
+
+    @Test
+    fun `HTTP security when apply customer security configurer then custom filter added to filter chain`() {
+        this.spring.register(CustomSecurityConfigurerConfig::class.java).autowire()
+
+        val filterChain = spring.context.getBean(FilterChainProxy::class.java)
+        val filterClasses: List<Class<out Filter>> = filterChain.getFilters("/").map { it.javaClass }
+
+        assertThat(filterClasses).contains(
+            CustomFilter::class.java
+        )
+    }
+    @Configuration
+    @EnableWebSecurity
+    @EnableWebMvc
+    open class CustomSecurityConfigurerConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+            http {
+                apply(CustomSecurityConfigurer<HttpSecurity>()).custom {
+                }
+            }
+            return http.build()
+        }
+    }
+
+    class CustomSecurityConfigurer<H : HttpSecurityBuilder<H>> : AbstractHttpConfigurer<CustomSecurityConfigurer<H>, H>() {
+        override fun configure(builder: H) {
+            builder.addFilterBefore(CustomFilter(), UsernamePasswordAuthenticationFilter::class.java)
+        }
+
+        fun custom(configurer: Customizer<CustomSecurityConfigurer<H>>): CustomSecurityConfigurer<H> {
+            configurer.customize(CustomSecurityConfigurer())
+            return this
+        }
+    }
 }