diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java index eeee8efdaf..e242cc89b0 100644 --- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java +++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java @@ -14,7 +14,7 @@ import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.ExceptionTranslationFilter; -import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource; +import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; @@ -142,8 +142,8 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain } FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters); - DefaultFilterInvocationSecurityMetadataSource fids = - (DefaultFilterInvocationSecurityMetadataSource) fsi.getSecurityMetadataSource(); + FilterInvocationSecurityMetadataSource fids = + fsi.getSecurityMetadataSource(); Collection attributes = fids.getAttributes(loginRequest); diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java index 1a05ad22e8..4eb705abac 100644 --- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java +++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java @@ -15,6 +15,7 @@ package org.springframework.security.config.http; import static org.mockito.Matchers.any; import static org.mockito.Matchers.anyObject; import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import java.util.Collection; @@ -33,6 +34,7 @@ import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.access.ExceptionTranslationFilter; import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource; +import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint; @@ -53,15 +55,17 @@ public class DefaultFilterChainValidatorTests { @Mock private AccessDecisionManager accessDecisionManager; + private FilterSecurityInterceptor fsi; + @Before public void setUp() throws Exception { AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous"); - FilterSecurityInterceptor fsi = new FilterSecurityInterceptor(); + fsi = new FilterSecurityInterceptor(); fsi.setAccessDecisionManager(accessDecisionManager); fsi.setSecurityMetadataSource(metadataSource); AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login"); ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint); - DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(new AnyRequestMatcher(),aaf,etf,fsi); + DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(new AnyRequestMatcher(), aaf, etf, fsi); fcp = new FilterChainProxy(securityChain); validator = new DefaultFilterChainValidator(); Whitebox.setInternalState(validator, "logger", logger); @@ -77,4 +81,14 @@ public class DefaultFilterChainValidatorTests { verify(logger).info("Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.", toBeThrown); } + // SEC-1957 + @Test + public void validateCustomMetadataSource() { + FilterInvocationSecurityMetadataSource customMetaDataSource = mock(FilterInvocationSecurityMetadataSource.class); + fsi.setSecurityMetadataSource(customMetaDataSource); + + validator.validate(fcp); + + verify(customMetaDataSource).getAttributes(any()); + } }