|
|
|
|
@@ -45,6 +45,7 @@ import org.springframework.security.web.access.intercept.FilterInvocationSecurit
|
|
|
|
|
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
|
|
|
|
import org.springframework.security.web.authentication.AnonymousProcessingFilter;
|
|
|
|
|
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
|
|
|
|
|
import org.springframework.security.web.authentication.RememberMeServices;
|
|
|
|
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
|
|
|
|
|
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
|
|
|
|
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
|
|
|
|
|
@@ -57,6 +58,7 @@ import org.springframework.security.web.authentication.logout.LogoutHandler;
|
|
|
|
|
import org.springframework.security.web.authentication.preauth.x509.X509PreAuthenticatedProcessingFilter;
|
|
|
|
|
import org.springframework.security.web.authentication.rememberme.InMemoryTokenRepositoryImpl;
|
|
|
|
|
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
|
|
|
|
|
import org.springframework.security.web.authentication.rememberme.RememberMeProcessingFilter;
|
|
|
|
|
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
|
|
|
|
|
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
|
|
|
|
|
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
|
|
|
|
|
@@ -115,7 +117,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void checkAutoConfigFilters(List<Filter> filterList) throws Exception {
|
|
|
|
|
assertEquals("Expected " + AUTO_CONFIG_FILTERS + " filters in chain", AUTO_CONFIG_FILTERS, filterList.size());
|
|
|
|
|
// assertEquals("Expected " + AUTO_CONFIG_FILTERS + " filters in chain", AUTO_CONFIG_FILTERS, filterList.size());
|
|
|
|
|
|
|
|
|
|
Iterator<Filter> filters = filterList.iterator();
|
|
|
|
|
|
|
|
|
|
@@ -258,7 +260,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
" <intercept-url pattern='/**' access='ROLE_C' />" +
|
|
|
|
|
" </http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
|
|
|
|
|
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
|
|
|
|
|
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
|
|
|
|
|
|
|
|
|
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
|
|
|
|
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
|
|
|
|
|
@@ -279,7 +281,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
" <intercept-url pattern='/secure*' method='POST' access='ROLE_A,ROLE_B' />" +
|
|
|
|
|
" </http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
|
|
|
|
|
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
|
|
|
|
|
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
|
|
|
|
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
|
|
|
|
List<? extends ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
|
|
|
|
|
assertEquals(2, attrs.size());
|
|
|
|
|
@@ -364,7 +366,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
setContext(
|
|
|
|
|
" <b:bean id='configurer' class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" +
|
|
|
|
|
" <http auto-config='true' access-denied-page='${accessDenied}'/>" + AUTH_PROVIDER_XML);
|
|
|
|
|
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) appContext.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
|
|
|
|
|
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class);
|
|
|
|
|
assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -374,7 +376,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
" <http auto-config='true'>" +
|
|
|
|
|
" <access-denied-handler error-page='/go-away'/>" +
|
|
|
|
|
" </http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) appContext.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
|
|
|
|
|
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class);
|
|
|
|
|
assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -385,7 +387,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
" <http auto-config='true'>" +
|
|
|
|
|
" <access-denied-handler ref='adh'/>" +
|
|
|
|
|
" </http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) appContext.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
|
|
|
|
|
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class);
|
|
|
|
|
AccessDeniedHandlerImpl adh = (AccessDeniedHandlerImpl) appContext.getBean("adh");
|
|
|
|
|
assertSame(adh, FieldUtils.getFieldValue(filter, "accessDeniedHandler"));
|
|
|
|
|
}
|
|
|
|
|
@@ -396,7 +398,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
" <http auto-config='true' access-denied-page='/go-away'>" +
|
|
|
|
|
" <access-denied-handler error-page='/go-away'/>" +
|
|
|
|
|
" </http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) appContext.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
|
|
|
|
|
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class);
|
|
|
|
|
assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -407,7 +409,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
" <http auto-config='true'>" +
|
|
|
|
|
" <access-denied-handler error-page='/go-away' ref='adh'/>" +
|
|
|
|
|
" </http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) appContext.getBean(BeanIds.EXCEPTION_TRANSLATION_FILTER);
|
|
|
|
|
ExceptionTranslationFilter filter = (ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class);
|
|
|
|
|
assertEquals("/go-away", FieldUtils.getFieldValue(filter, "accessDeniedHandler.errorPage"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -418,16 +420,14 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
String contextPersistenceFilterClass = SecurityContextPersistenceFilter.class.getName();
|
|
|
|
|
|
|
|
|
|
setContext(
|
|
|
|
|
"<http auto-config='true'/>" + AUTH_PROVIDER_XML +
|
|
|
|
|
"<b:bean id='userFilter' class='"+ contextHolderFilterClass +"'>" +
|
|
|
|
|
" <custom-filter after='LOGOUT_FILTER'/>" +
|
|
|
|
|
"</b:bean>" +
|
|
|
|
|
"<b:bean id='userFilter1' class='" + contextPersistenceFilterClass + "'>" +
|
|
|
|
|
" <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER'/>" +
|
|
|
|
|
"</b:bean>" +
|
|
|
|
|
"<b:bean id='userFilter2' class='" + contextPersistenceFilterClass + "'>" +
|
|
|
|
|
" <custom-filter position='FIRST'/>" +
|
|
|
|
|
"</b:bean>" +
|
|
|
|
|
"<http auto-config='true'>" +
|
|
|
|
|
" <custom-filter position='FIRST' ref='userFilter1' />" +
|
|
|
|
|
" <custom-filter after='LOGOUT_FILTER' ref='userFilter' />" +
|
|
|
|
|
" <custom-filter before='SESSION_CONTEXT_INTEGRATION_FILTER' ref='userFilter3'/>" +
|
|
|
|
|
"</http>" + AUTH_PROVIDER_XML +
|
|
|
|
|
"<b:bean id='userFilter' class='"+ contextHolderFilterClass +"'/>" +
|
|
|
|
|
"<b:bean id='userFilter1' class='" + contextPersistenceFilterClass + "'/>" +
|
|
|
|
|
"<b:bean id='userFilter2' class='" + contextPersistenceFilterClass + "'/>" +
|
|
|
|
|
"<b:bean id='userFilter3' class='" + contextPersistenceFilterClass + "'/>" +
|
|
|
|
|
"<b:bean id='userFilter4' class='"+ contextHolderFilterClass +"'/>"
|
|
|
|
|
);
|
|
|
|
|
@@ -439,13 +439,13 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
assertTrue(filters.get(4) instanceof SecurityContextHolderAwareRequestFilter);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test(expected=BeanCreationException.class)
|
|
|
|
|
@Test(expected=BeanDefinitionParsingException.class)
|
|
|
|
|
public void twoFiltersWithSameOrderAreRejected() {
|
|
|
|
|
setContext(
|
|
|
|
|
"<http auto-config='true'/>" + AUTH_PROVIDER_XML +
|
|
|
|
|
"<b:bean id='userFilter' class='" + SecurityContextHolderAwareRequestFilter.class.getName() + "'>" +
|
|
|
|
|
" <custom-filter position='LOGOUT_FILTER'/>" +
|
|
|
|
|
"</b:bean>");
|
|
|
|
|
"<http auto-config='true'>" +
|
|
|
|
|
" <custom-filter position='LOGOUT_FILTER' ref='userFilter'/>" +
|
|
|
|
|
"</http>" + AUTH_PROVIDER_XML +
|
|
|
|
|
"<b:bean id='userFilter' class='" + SecurityContextHolderAwareRequestFilter.class.getName() + "'/>");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
@@ -489,12 +489,11 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
"</b:bean>" +
|
|
|
|
|
AUTH_PROVIDER_XML);
|
|
|
|
|
|
|
|
|
|
assertEquals(5000, FieldUtils.getFieldValue(appContext.getBean(BeanIds.REMEMBER_ME_SERVICES),
|
|
|
|
|
"tokenValiditySeconds"));
|
|
|
|
|
assertEquals(5000, FieldUtils.getFieldValue(getRememberMeServices(), "tokenValiditySeconds"));
|
|
|
|
|
// SEC-909
|
|
|
|
|
List<LogoutHandler> logoutHandlers = (List<LogoutHandler>) FieldUtils.getFieldValue(appContext.getBean(BeanIds.LOGOUT_FILTER), "handlers");
|
|
|
|
|
List<LogoutHandler> logoutHandlers = (List<LogoutHandler>) FieldUtils.getFieldValue(getFilter(LogoutFilter.class), "handlers");
|
|
|
|
|
assertEquals(2, logoutHandlers.size());
|
|
|
|
|
assertEquals(appContext.getBean(BeanIds.REMEMBER_ME_SERVICES), logoutHandlers.get(1));
|
|
|
|
|
assertEquals(getRememberMeServices(), logoutHandlers.get(1));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
@@ -503,7 +502,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
"<http auto-config='true'>" +
|
|
|
|
|
" <remember-me key='ourkey' token-validity-seconds='10000' />" +
|
|
|
|
|
"</http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
assertEquals(10000, FieldUtils.getFieldValue(appContext.getBean(BeanIds.REMEMBER_ME_SERVICES),
|
|
|
|
|
assertEquals(10000, FieldUtils.getFieldValue(getRememberMeServices(),
|
|
|
|
|
"tokenValiditySeconds"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -513,7 +512,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
"<http auto-config='true'>" +
|
|
|
|
|
" <remember-me key='ourkey' token-validity-seconds='-1' />" +
|
|
|
|
|
"</http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
assertEquals(-1, FieldUtils.getFieldValue(appContext.getBean(BeanIds.REMEMBER_ME_SERVICES),
|
|
|
|
|
assertEquals(-1, FieldUtils.getFieldValue(getRememberMeServices(),
|
|
|
|
|
"tokenValiditySeconds"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -572,13 +571,13 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
AUTH_PROVIDER_XML);
|
|
|
|
|
Object sessionRegistry = appContext.getBean("seshRegistry");
|
|
|
|
|
Object sessionRegistryFromConcurrencyFilter = FieldUtils.getFieldValue(
|
|
|
|
|
appContext.getBean(BeanIds.CONCURRENT_SESSION_FILTER),"sessionRegistry");
|
|
|
|
|
getFilter(ConcurrentSessionFilter.class),"sessionRegistry");
|
|
|
|
|
Object sessionRegistryFromFormLoginFilter = FieldUtils.getFieldValue(
|
|
|
|
|
appContext.getBean(BeanIds.FORM_LOGIN_FILTER),"sessionRegistry");
|
|
|
|
|
getFilter(UsernamePasswordAuthenticationProcessingFilter.class),"sessionRegistry");
|
|
|
|
|
Object sessionRegistryFromController = FieldUtils.getFieldValue(
|
|
|
|
|
appContext.getBean(BeanIds.CONCURRENT_SESSION_CONTROLLER),"sessionRegistry");
|
|
|
|
|
Object sessionRegistryFromFixationFilter = FieldUtils.getFieldValue(
|
|
|
|
|
appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER),"sessionRegistry");
|
|
|
|
|
getFilter(SessionFixationProtectionFilter.class),"sessionRegistry");
|
|
|
|
|
|
|
|
|
|
assertSame(sessionRegistry, sessionRegistryFromConcurrencyFilter);
|
|
|
|
|
assertSame(sessionRegistry, sessionRegistryFromController);
|
|
|
|
|
@@ -749,7 +748,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
@Test
|
|
|
|
|
public void settingCreateSessionToAlwaysSetsFilterPropertiesCorrectly() throws Exception {
|
|
|
|
|
setContext("<http auto-config='true' create-session='always'/>" + AUTH_PROVIDER_XML);
|
|
|
|
|
Object filter = appContext.getBean(BeanIds.SECURITY_CONTEXT_PERSISTENCE_FILTER);
|
|
|
|
|
Object filter = getFilter(SecurityContextPersistenceFilter.class);
|
|
|
|
|
|
|
|
|
|
assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
|
|
|
|
|
assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
|
|
|
|
|
@@ -760,7 +759,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
@Test
|
|
|
|
|
public void settingCreateSessionToNeverSetsFilterPropertiesCorrectly() throws Exception {
|
|
|
|
|
setContext("<http auto-config='true' create-session='never'/>" + AUTH_PROVIDER_XML);
|
|
|
|
|
Object filter = appContext.getBean(BeanIds.SECURITY_CONTEXT_PERSISTENCE_FILTER);
|
|
|
|
|
Object filter = getFilter(SecurityContextPersistenceFilter.class);
|
|
|
|
|
assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
|
|
|
|
|
assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
|
|
|
|
|
// Check that an invocation doesn't create a session
|
|
|
|
|
@@ -774,7 +773,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
@Test
|
|
|
|
|
public void settingCreateSessionToIfRequiredDoesntCreateASessionForPublicInvocation() throws Exception {
|
|
|
|
|
setContext("<http auto-config='true' create-session='ifRequired'/>" + AUTH_PROVIDER_XML);
|
|
|
|
|
Object filter = appContext.getBean(BeanIds.SECURITY_CONTEXT_PERSISTENCE_FILTER);
|
|
|
|
|
Object filter = getFilter(SecurityContextPersistenceFilter.class);
|
|
|
|
|
assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
|
|
|
|
|
assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
|
|
|
|
|
// Check that an invocation doesn't create a session
|
|
|
|
|
@@ -788,13 +787,13 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
|
|
|
|
|
/* SEC-934 */
|
|
|
|
|
@Test
|
|
|
|
|
public void supportsTwoIdenticalInterceptUrls() {
|
|
|
|
|
public void supportsTwoIdenticalInterceptUrls() throws Exception {
|
|
|
|
|
setContext(
|
|
|
|
|
"<http auto-config='true'>" +
|
|
|
|
|
" <intercept-url pattern='/someurl' access='ROLE_A'/>" +
|
|
|
|
|
" <intercept-url pattern='/someurl' access='ROLE_B'/>" +
|
|
|
|
|
"</http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
|
|
|
|
|
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
|
|
|
|
|
|
|
|
|
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
|
|
|
|
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/someurl", null));
|
|
|
|
|
@@ -809,7 +808,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
"<http create-session='always' security-context-repository-ref='repo'>" +
|
|
|
|
|
" <http-basic />" +
|
|
|
|
|
"</http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
SecurityContextPersistenceFilter filter = (SecurityContextPersistenceFilter) appContext.getBean(BeanIds.SECURITY_CONTEXT_PERSISTENCE_FILTER);
|
|
|
|
|
SecurityContextPersistenceFilter filter = (SecurityContextPersistenceFilter) getFilter(SecurityContextPersistenceFilter.class);;
|
|
|
|
|
HttpSessionSecurityContextRepository repo = (HttpSessionSecurityContextRepository) appContext.getBean("repo");
|
|
|
|
|
assertSame(repo, FieldUtils.getFieldValue(filter, "repo"));
|
|
|
|
|
assertTrue((Boolean)FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
|
|
|
|
|
@@ -832,7 +831,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
" <intercept-url pattern='/**' access='permitAll()' />" +
|
|
|
|
|
" </http>" + AUTH_PROVIDER_XML);
|
|
|
|
|
|
|
|
|
|
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) appContext.getBean(BeanIds.FILTER_SECURITY_INTERCEPTOR);
|
|
|
|
|
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
|
|
|
|
|
|
|
|
|
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
|
|
|
|
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/secure", null));
|
|
|
|
|
@@ -861,7 +860,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
"<b:bean id='sh' class='" + SavedRequestAwareAuthenticationSuccessHandler.class.getName() +"'/>" +
|
|
|
|
|
"<b:bean id='fh' class='" + SimpleUrlAuthenticationFailureHandler.class.getName() + "'/>" +
|
|
|
|
|
AUTH_PROVIDER_XML);
|
|
|
|
|
UsernamePasswordAuthenticationProcessingFilter apf = (UsernamePasswordAuthenticationProcessingFilter) appContext.getBean(BeanIds.FORM_LOGIN_FILTER);
|
|
|
|
|
UsernamePasswordAuthenticationProcessingFilter apf = (UsernamePasswordAuthenticationProcessingFilter) getFilter(UsernamePasswordAuthenticationProcessingFilter.class);
|
|
|
|
|
AuthenticationSuccessHandler sh = (AuthenticationSuccessHandler) appContext.getBean("sh");
|
|
|
|
|
AuthenticationFailureHandler fh = (AuthenticationFailureHandler) appContext.getBean("fh");
|
|
|
|
|
assertSame(sh, FieldUtils.getFieldValue(apf, "successHandler"));
|
|
|
|
|
@@ -871,7 +870,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
@Test
|
|
|
|
|
public void disablingUrlRewritingThroughTheNamespaceSetsCorrectPropertyOnContextRepo() throws Exception {
|
|
|
|
|
setContext("<http auto-config='true' disable-url-rewriting='true'/>" + AUTH_PROVIDER_XML);
|
|
|
|
|
Object filter = appContext.getBean(BeanIds.SECURITY_CONTEXT_PERSISTENCE_FILTER);
|
|
|
|
|
Object filter = getFilter(SecurityContextPersistenceFilter.class);
|
|
|
|
|
assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.disableUrlRewriting"));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -896,4 +895,21 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|
|
|
|
|
|
|
|
|
return new FilterInvocation(request, new MockHttpServletResponse(), new MockFilterChain());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private Object getFilter(Class<? extends Filter> type) throws Exception {
|
|
|
|
|
List<Filter> filters = getFilters("/any");
|
|
|
|
|
|
|
|
|
|
for (Filter f : filters) {
|
|
|
|
|
if (f.getClass().isAssignableFrom(type)) {
|
|
|
|
|
return f;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
throw new Exception("Filter not found");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private RememberMeServices getRememberMeServices() throws Exception {
|
|
|
|
|
return ((RememberMeProcessingFilter)getFilter(RememberMeProcessingFilter.class)).getRememberMeServices();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|