Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression with unsuccessful authentication event publishing #6362

Closed
bjoernhaeuser opened this issue Jan 7, 2019 · 2 comments
Closed

Regression with unsuccessful authentication event publishing #6362

bjoernhaeuser opened this issue Jan 7, 2019 · 2 comments
Assignees
@jgrandja
Labels
status: duplicate A duplicate of another issue

Comments

@bjoernhaeuser
Copy link

Thank you very much for all the work you have put into this project!

Summary

Regression from 5.1.1.RELEASE and 5.1.2.RELEASE for event publishing for unsuccessful events.

I think this could changes the behavior:

8ef65ce

I am not certain if this is the intended behavior and if this is the case what I need to configure differently.

Actual Behavior

As far as I can see this is that happens:

  • Authentication Manager gets instantiated with having a parent Authentication Manager
  • Both Authentication Managers have a event publisher set
  • Unsuccessful events get published twice, once on the authentication manager and once on the parent authentication manager

Expected Behavior

  • Event gets only published once

Configuration

I hope this enough - otherwise it would get a bit complicated :)

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter
{
    private final List<AuthenticationProvider> authenticationProviders;

    @Autowired
    public WebSecurityConfiguration(List<AuthenticationProvider> authenticationProviders)
    {
        this.authenticationProviders = authenticationProviders;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
            .authorizeRequests()
                .antMatchers("/actuator/**").permitAll()
                .anyRequest().authenticated()
            .and()
                .csrf().disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception
    {
        authenticationProviders.forEach(auth::authenticationProvider);
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception
    {
        return super.authenticationManagerBean();
    }
}

Version

  • Spring Boot 2.1.1
  • Spring Security 5.1.2 (not working)
  • Spring Security 5.1.1 (working)

Sample
@jgrandja
Copy link
Contributor

jgrandja commented Jan 7, 2019

Thanks for the report @bjoernhaeuser. This is related to #6281 which has been resolved.

See #6316 for the backport patch scheduled for 5.1.3.

I'm going to close this issue as the upcoming 5.1.3 release will resolve this issue.

@jgrandja jgrandja closed this as completed Jan 7, 2019
@jgrandja jgrandja added the status: duplicate A duplicate of another issue label Jan 7, 2019
@bjoernhaeuser
Copy link
Author

Thank you very much for the swift response. Sorry that I was not able to find the referenced issue :(

@jgrandja jgrandja changed the title Regression from 5.1.1.RELEASE and 5.1.2.RELEASE for event publishing for unsuccessful events. Regression with unsuccessful authentication event publishing Jan 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bjoernhaeuser @jgrandja