SEC-1167: Introduce more flexible SavedRequest handling. Introduced interface for SavedRequest.

This commit is contained in:
Luke Taylor
2009-09-13 15:03:14 +00:00
parent 71ab83255d
commit 4064b7b4f6
15 changed files with 442 additions and 394 deletions

View File

@@ -42,7 +42,7 @@ import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.util.ThrowableAnalyzer;
/**
@@ -66,9 +66,9 @@ public class ExceptionTranslationFilterTests {
return null;
}
SavedRequest savedRequest = (SavedRequest) session.getAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
DefaultSavedRequest savedRequest = (DefaultSavedRequest) session.getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY);
return savedRequest.getFullRequestUrl();
return savedRequest.getRedirectUrl();
}
@Test
@@ -199,7 +199,7 @@ public class ExceptionTranslationFilterTests {
doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
request.setMethod("POST");
filter.doFilter(request, new MockHttpServletResponse(), fc);
assertTrue(request.getSession().getAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY) == null);
assertTrue(request.getSession().getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY) == null);
}
@Test(expected=IllegalArgumentException.class)

View File

@@ -49,7 +49,7 @@ import org.springframework.security.web.authentication.ExceptionMappingAuthentic
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.session.SessionAuthenticationStrategy;
@@ -83,7 +83,7 @@ public class AbstractProcessingFilterTests extends TestCase {
filter.destroy();
}
private SavedRequest makeSavedRequestForUrl() {
private DefaultSavedRequest makeSavedRequestForUrl() {
MockHttpServletRequest request = createMockRequest();
request.setMethod("GET");
request.setServletPath("/some_protected_file.html");
@@ -91,10 +91,10 @@ public class AbstractProcessingFilterTests extends TestCase {
request.setServerName("www.example.com");
request.setRequestURI("/mycontext/some_protected_file.html");
return new SavedRequest(request, new PortResolverImpl());
return new DefaultSavedRequest(request, new PortResolverImpl());
}
// private SavedRequest makePostSavedRequestForUrl() {
// private DefaultSavedRequest makePostSavedRequestForUrl() {
// MockHttpServletRequest request = createMockRequest();
// request.setServletPath("/some_protected_file.html");
// request.setScheme("http");
@@ -102,7 +102,7 @@ public class AbstractProcessingFilterTests extends TestCase {
// request.setRequestURI("/mycontext/post/some_protected_file.html");
// request.setMethod("POST");
//
// return new SavedRequest(request, new PortResolverImpl());
// return new DefaultSavedRequest(request, new PortResolverImpl());
// }
protected void setUp() throws Exception {
@@ -327,7 +327,7 @@ public class AbstractProcessingFilterTests extends TestCase {
throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = createMockRequest();
request.getSession().setAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
request.getSession().setAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(null, null);
@@ -352,7 +352,7 @@ public class AbstractProcessingFilterTests extends TestCase {
public void testSuccessfulAuthenticationCausesRedirectToSessionSpecifiedUrl() throws Exception {
// Setup our HTTP request
MockHttpServletRequest request = createMockRequest();
request.getSession().setAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
request.getSession().setAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, makeSavedRequestForUrl());
// Setup our filter configuration
MockFilterConfig config = new MockFilterConfig(null, null);
@@ -367,7 +367,7 @@ public class AbstractProcessingFilterTests extends TestCase {
// Test
executeFilterInContainerSimulator(config, filter, request, response, chain);
assertEquals(makeSavedRequestForUrl().getFullRequestUrl(), response.getRedirectedUrl());
assertEquals(makeSavedRequestForUrl().getRedirectUrl(), response.getRedirectedUrl());
assertNotNull(SecurityContextHolder.getContext().getAuthentication());
}

View File

@@ -0,0 +1,33 @@
package org.springframework.security.web.savedrequest;
import static org.junit.Assert.*;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
/**
*
* @author Luke Taylor
* @version $Id$
* @since 3.0
*/
public class HttpSessionRequestCacheTests {
@Test
public void originalGetRequestDoesntMatchIncomingPost() {
HttpSessionRequestCache cache = new HttpSessionRequestCache();
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/destination");
MockHttpServletResponse response = new MockHttpServletResponse();
cache.saveRequest(request, response);
assertNotNull(request.getSession().getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
assertNotNull(cache.getRequest(request, response));
MockHttpServletRequest newRequest = new MockHttpServletRequest("POST", "/destination");
newRequest.setSession(request.getSession());
assertNull(cache.getMatchingRequest(newRequest, response));
}
}

View File

@@ -9,7 +9,6 @@ import org.springframework.mock.web.MockHttpServletResponse;
public class RequestCacheAwareFilterTests {
@Test
public void savedRequestIsRemovedAfterMatch() throws Exception {
RequestCacheAwareFilter filter = new RequestCacheAwareFilter();
@@ -18,10 +17,9 @@ public class RequestCacheAwareFilterTests {
MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
MockHttpServletResponse response = new MockHttpServletResponse();
cache.saveRequest(request, response);
assertNotNull(request.getSession().getAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
assertNotNull(request.getSession().getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
filter.doFilter(request, response, new MockFilterChain());
assertNull(request.getSession().getAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
assertNull(request.getSession().getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
}
}

View File

@@ -13,13 +13,13 @@ import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.savedrequest.FastHttpDateFormat;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.savedrequest.SavedRequestAwareWrapper;
public class SavedRequestAwareWrapperTests {
private SavedRequestAwareWrapper createWrapper(MockHttpServletRequest requestToSave, MockHttpServletRequest requestToWrap) {
SavedRequest saved = requestToSave == null ? null : new SavedRequest(requestToSave, new PortResolverImpl());
DefaultSavedRequest saved = requestToSave == null ? null : new DefaultSavedRequest(requestToSave, new PortResolverImpl());
return new SavedRequestAwareWrapper(saved, requestToWrap);
}

View File

@@ -4,7 +4,7 @@ import static org.junit.Assert.*;
import org.junit.Test;
import org.springframework.security.MockPortResolver;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.mock.web.MockHttpServletRequest;
/**
@@ -16,7 +16,7 @@ public class SavedRequestTests {
public void headersAreCaseInsensitive() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("USER-aGenT", "Mozilla");
SavedRequest saved = new SavedRequest(request, new MockPortResolver(8080, 8443));
DefaultSavedRequest saved = new DefaultSavedRequest(request, new MockPortResolver(8080, 8443));
assertEquals("Mozilla", saved.getHeaderValues("user-agent").next());
}
@@ -25,7 +25,7 @@ public class SavedRequestTests {
public void parametersAreCaseInsensitive() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter("ThisIsATest", "Hi mom");
SavedRequest saved = new SavedRequest(request, new MockPortResolver(8080, 8443));
DefaultSavedRequest saved = new DefaultSavedRequest(request, new MockPortResolver(8080, 8443));
assertEquals("Hi mom", saved.getParameterValues("thisisatest")[0]);
}
}

View File

@@ -10,7 +10,7 @@ import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
/**
*
@@ -48,12 +48,12 @@ public class DefaultSessionAuthenticationStrategyTests {
HttpServletRequest request = new MockHttpServletRequest();
HttpSession session = request.getSession();
session.setAttribute("blah", "blah");
session.setAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, "SavedRequest");
session.setAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY, "DefaultSavedRequest");
strategy.onAuthentication(mock(Authentication.class), request, new MockHttpServletResponse());
assertNull(request.getSession().getAttribute("blah"));
assertNotNull(request.getSession().getAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
assertNotNull(request.getSession().getAttribute(DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY));
}
@Test