SEC-1471: Allow use of a RequestMatcher with HttpSessionRequestCache to configure which requests should be cached by calls to saveRequest.
Also removed the justUseSavedRequestOnGet property, as this behaviour can be controlled by the RequestMatcher.
This commit is contained in:
@@ -185,22 +185,6 @@ public class ExceptionTranslationFilterTests {
|
||||
assertEquals("http://www.example.com:8080/mycontext/secure/page.html", getSavedRequestUrl(request));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSavedRequestIsNotStoredForPostIfJustUseSaveRequestOnGetIsSet() throws Exception {
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
|
||||
requestCache.setPortResolver(new MockPortResolver(8080, 8443));
|
||||
requestCache.setJustUseSavedRequestOnGet(true);
|
||||
filter.setRequestCache(requestCache);
|
||||
filter.setAuthenticationEntryPoint(mockEntryPoint());
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
FilterChain fc = mock(FilterChain.class);
|
||||
doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
request.setMethod("POST");
|
||||
filter.doFilter(request, new MockHttpServletResponse(), fc);
|
||||
assertTrue(request.getSession().getAttribute(WebAttributes.SAVED_REQUEST) == null);
|
||||
}
|
||||
|
||||
@Test(expected=IllegalArgumentException.class)
|
||||
public void testStartupDetectsMissingAuthenticationEntryPoint() throws Exception {
|
||||
ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
|
||||
|
||||
@@ -2,10 +2,13 @@ package org.springframework.security.web.savedrequest;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
import org.springframework.security.web.util.RequestMatcher;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -30,4 +33,22 @@ public class HttpSessionRequestCacheTests {
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestMatcherDefinesCorrectSubsetOfCachedRequests() throws Exception {
|
||||
HttpSessionRequestCache cache = new HttpSessionRequestCache();
|
||||
cache.setRequestMatcher(new RequestMatcher() {
|
||||
public boolean matches(HttpServletRequest request) {
|
||||
return request.getMethod().equals("GET");
|
||||
}
|
||||
});
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
cache.saveRequest(request, response);
|
||||
assertNull(cache.getRequest(request, response));
|
||||
assertNull(cache.getRequest(new MockHttpServletRequest(), new MockHttpServletResponse()));
|
||||
assertNull(cache.getMatchingRequest(request, response));
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user