Improve request matching logic when using cookie
- Repair request cache deleted by mistake - Fix RequestCache throw exception and error redirect. Closes gh-8820 Closes gh-8817
This commit is contained in:
@@ -18,6 +18,7 @@ package org.springframework.security.web.savedrequest;
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@@ -50,7 +51,7 @@ public class CookieRequestCacheTests {
|
||||
assertThat(redirectUrl).isEqualTo("https://abc.com/destination?param1=a¶m2=b¶m3=1122");
|
||||
|
||||
assertThat(savedCookie.getMaxAge()).isEqualTo(-1);
|
||||
assertThat(savedCookie.getPath()).isEqualTo(request.getContextPath());
|
||||
assertThat(savedCookie.getPath()).isEqualTo(StringUtils.isEmpty(request.getContextPath()) ? "/" : request.getContextPath());
|
||||
assertThat(savedCookie.isHttpOnly()).isTrue();
|
||||
assertThat(savedCookie.getSecure()).isTrue();
|
||||
|
||||
@@ -123,7 +124,8 @@ public class CookieRequestCacheTests {
|
||||
@Test
|
||||
public void matchingRequestWhenRequestContainsSavedRequestCookieThenSetsAnExpiredCookieInResponse() {
|
||||
CookieRequestCache cookieRequestCache = new CookieRequestCache();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletRequest request = requestToSave();
|
||||
|
||||
String redirectUrl = "https://abc.com/destination?param1=a¶m2=b¶m3=1122";
|
||||
request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl)));
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
@@ -135,6 +137,22 @@ public class CookieRequestCacheTests {
|
||||
assertThat(expiredCookie.getMaxAge()).isZero();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void notMatchingRequestWhenRequestNotContainsSavedRequestCookie() {
|
||||
CookieRequestCache cookieRequestCache = new CookieRequestCache();
|
||||
MockHttpServletRequest request = requestToSave();
|
||||
|
||||
String redirectUrl = "https://abc.com/api";
|
||||
request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl)));
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
final HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response);
|
||||
assertThat(matchingRequest).isNull();
|
||||
Cookie expiredCookie = response.getCookie(DEFAULT_COOKIE_NAME);
|
||||
assertThat(expiredCookie).isNull();
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void removeRequestWhenInvokedThenSetsAnExpiredCookieOnResponse() {
|
||||
CookieRequestCache cookieRequestCache = new CookieRequestCache();
|
||||
|
||||
Reference in New Issue
Block a user