Add spring-security-config-6.0 java agent tests

Switch HttpSecurity instrumentation to performBuild(), since build() is on a superclass
open-telemetry · Oct 30, 2023 · d0245b5 · d0245b5
1 parent fc91d93
commit d0245b5
Show file tree

Hide file tree

Showing 4 changed files with 113 additions and 4 deletions.
diff --git a/instrumentation/spring/spring-security-config-6.0/javaagent/build.gradle.kts b/instrumentation/spring/spring-security-config-6.0/javaagent/build.gradle.kts
@@ -19,8 +19,17 @@ dependencies {
   library("org.springframework.security:spring-security-config:6.0.0")
   library("org.springframework.security:spring-security-web:6.0.0")
   library("io.projectreactor:reactor-core:3.5.0")
+
+  testImplementation("org.springframework:spring-test:6.0.0")
+  testImplementation("jakarta.servlet:jakarta.servlet-api:6.0.0")
 }
 
 otelJava {
   minJavaVersionSupported.set(JavaVersion.VERSION_17)
 }
+
+tasks {
+  test {
+    systemProperty("otel.instrumentation.common.enduser.enabled", "true")
+  }
+}
diff --git a/...gent/instrumentation/spring/security/config/v6_0/servlet/HttpSecurityInstrumentation.java b/...gent/instrumentation/spring/security/config/v6_0/servlet/HttpSecurityInstrumentation.java
@@ -7,7 +7,7 @@
 
 import static io.opentelemetry.javaagent.instrumentation.spring.security.config.v6_0.EnduserAttributesCapturerSingletons.enduserAttributesCapturer;
 import static net.bytebuddy.matcher.ElementMatchers.isMethod;
-import static net.bytebuddy.matcher.ElementMatchers.isPublic;
+import static net.bytebuddy.matcher.ElementMatchers.isProtected;
 import static net.bytebuddy.matcher.ElementMatchers.named;
 import static net.bytebuddy.matcher.ElementMatchers.takesArguments;
 
@@ -30,12 +30,12 @@ public ElementMatcher<TypeDescription> typeMatcher() {
   @Override
   public void transform(TypeTransformer transformer) {
     transformer.applyAdviceToMethod(
-        isMethod().and(isPublic()).and(named("build")).and(takesArguments(0)),
-        getClass().getName() + "$BuildAdvice");
+        isMethod().and(isProtected()).and(named("performBuild")).and(takesArguments(0)),
+        getClass().getName() + "$PerformBuildAdvice");
   }
 
   @SuppressWarnings("unused")
-  public static class BuildAdvice {
+  public static class PerformBuildAdvice {
 
     @Advice.OnMethodEnter(suppress = Throwable.class)
     public static void onEnter(@Advice.This HttpSecurity httpSecurity) {

diff --git a/.../instrumentation/spring/security/config/v6_0/servlet/HttpSecurityInstrumentationTest.java b/.../instrumentation/spring/security/config/v6_0/servlet/HttpSecurityInstrumentationTest.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.javaagent.instrumentation.spring.security.config.v6_0.servlet;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import io.opentelemetry.instrumentation.spring.security.config.v6_0.servlet.EnduserAttributesCapturingServletFilter;
+import java.util.Collections;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.DefaultSecurityFilterChain;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+@ExtendWith(MockitoExtension.class)
+@ExtendWith(SpringExtension.class)
+class HttpSecurityInstrumentationTest {
+
+  @Configuration
+  static class TestConfiguration {}
+
+  @Mock ObjectPostProcessor<Object> objectPostProcessor;
+
+  /**
+   * Ensures that {@link HttpSecurityInstrumentation} registers a {@link
+   * EnduserAttributesCapturingServletFilter} in the filter chain.
+   *
+   * <p>Usage of the filter is covered in other unit tests.
+   */
+  @Test
+  void ensureFilterRegistered(@Autowired ApplicationContext applicationContext) throws Exception {
+
+    AuthenticationManagerBuilder authenticationBuilder =
+        new AuthenticationManagerBuilder(objectPostProcessor);
+
+    HttpSecurity httpSecurity =
+        new HttpSecurity(
+            objectPostProcessor,
+            authenticationBuilder,
+            Collections.singletonMap(ApplicationContext.class, applicationContext));
+
+    DefaultSecurityFilterChain filterChain = httpSecurity.build();
+
+    assertThat(filterChain.getFilters())
+        .filteredOn(
+            item ->
+                item.getClass()
+                    .getName()
+                    .endsWith(EnduserAttributesCapturingServletFilter.class.getSimpleName()))
+        .hasSize(1);
+  }
+}
diff --git a/...umentation/spring/security/config/v6_0/webflux/ServerHttpSecurityInstrumentationTest.java b/...umentation/spring/security/config/v6_0/webflux/ServerHttpSecurityInstrumentationTest.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.javaagent.instrumentation.spring.security.config.v6_0.webflux;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import io.opentelemetry.instrumentation.spring.security.config.v6_0.webflux.EnduserAttributesCapturingWebFilter;
+import org.junit.jupiter.api.Test;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+class ServerHttpSecurityInstrumentationTest {
+
+  /**
+   * Ensures that {@link ServerHttpSecurityInstrumentation} registers a {@link
+   * EnduserAttributesCapturingWebFilter} in the filter chain.
+   *
+   * <p>Usage of the filter is covered in other unit tests.
+   */
+  @Test
+  void ensureFilterRegistered() {
+
+    ServerHttpSecurity serverHttpSecurity = ServerHttpSecurity.http();
+
+    SecurityWebFilterChain securityWebFilterChain = serverHttpSecurity.build();
+
+    assertThat(securityWebFilterChain.getWebFilters().collectList().block())
+        .filteredOn(
+            item ->
+                item.getClass()
+                    .getName()
+                    .endsWith(EnduserAttributesCapturingWebFilter.class.getSimpleName()))
+        .hasSize(1);
+  }
+}