Add RequestMatcher to AbstractPreAuthenticatedProcessingFilter

Moved the existing auth check logic to the matcher.

Issue: gh-5928
This commit is contained in:
Tadaya Tsuyukubo
2018-10-08 14:46:00 -07:00
committed by Eleftheria Stein-Kousathana
parent 63607ee213
commit 62c7de03c3
2 changed files with 93 additions and 34 deletions

View File

@@ -45,10 +45,12 @@ import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.authentication.ForwardAuthenticationFailureHandler;
import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
/**
*
* @author Rob Winch
* @author Tadaya Tsuyukubo
*
*/
public class AbstractPreAuthenticatedProcessingFilterTests {
@@ -376,6 +378,43 @@ public class AbstractPreAuthenticatedProcessingFilterTests {
verifyZeroInteractions(am);
}
@Test
public void requestNotMatchRequestMatcher() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/no-matching"));
AuthenticationManager am = mock(AuthenticationManager.class);
filter.setAuthenticationManager(am);
filter.afterPropertiesSet();
filter.doFilter(request, response, chain);
verifyZeroInteractions(am);
}
@Test
public void requestMatchesRequestMatcher() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain chain = new MockFilterChain();
ConcretePreAuthenticatedProcessingFilter filter = new ConcretePreAuthenticatedProcessingFilter();
filter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/**"));
AuthenticationManager am = mock(AuthenticationManager.class);
filter.setAuthenticationManager(am);
filter.afterPropertiesSet();
filter.doFilter(request, response, chain);
verify(am).authenticate(any(PreAuthenticatedAuthenticationToken.class));
}
private void testDoFilter(boolean grantAccess) throws Exception {
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse res = new MockHttpServletResponse();