Merge branch '5.8.x'

Closes gh-11971
This commit is contained in:
Marcus Da Coregio
2022-10-07 10:28:14 -03:00
8 changed files with 124 additions and 1 deletions

View File

@@ -19,6 +19,7 @@ package org.springframework.security.config.http;
import java.util.Collections;
import java.util.Map;
import jakarta.servlet.DispatcherType;
import jakarta.servlet.ServletRegistration;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -33,10 +34,12 @@ import org.springframework.security.config.test.SpringTestContext;
import org.springframework.security.config.test.SpringTestContextExtension;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.RequestPostProcessor;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.ConfigurableWebApplicationContext;
import org.springframework.web.util.WebUtils;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@@ -380,6 +383,29 @@ public class InterceptUrlConfigTests {
.configLocations(this.xml("DefaultMatcherServletPathAuthorizationManager")).autowire());
}
@Test
public void requestWhenUsingFilterAllDispatcherTypesAndAuthorizationManagerThenAuthorizesRequestsAccordingly()
throws Exception {
this.spring.configLocations(this.xml("AuthorizationManagerFilterAllDispatcherTypes")).autowire();
// @formatter:off
this.mvc.perform(get("/path").with(userCredentials()))
.andExpect(status().isOk());
this.mvc.perform(get("/path").with(adminCredentials()))
.andExpect(status().isForbidden());
this.mvc.perform(get("/error").with((request) -> {
request.setAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE, "/error");
request.setDispatcherType(DispatcherType.ERROR);
return request;
})).andExpect(status().isOk());
this.mvc.perform(get("/path").with((request) -> {
request.setAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE, "/path");
request.setDispatcherType(DispatcherType.ERROR);
return request;
})).andExpect(status().isUnauthorized());
// @formatter:on
assertThat(this.spring.getContext().getBean(AuthorizationManager.class)).isNotNull();
}
private static RequestPostProcessor adminCredentials() {
return httpBasic("admin", "password");
}
@@ -417,6 +443,16 @@ public class InterceptUrlConfigTests {
}
@RestController
static class ErrorController {
@GetMapping("/error")
String error() {
return "error";
}
}
public static class Id {
public boolean isOne(int i) {