SEC-1201: PropertyPlaceholderConfigurer does not work for intercept-url attributes. Added use of ManagedMaps and BeanDefinitions to support placeholders in the pattern and access attributes.
This commit is contained in:
@@ -58,6 +58,23 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
assertTrue(cad.contains(new SecurityConfig("ROLE_A")));
|
||||
}
|
||||
|
||||
// SEC-1201
|
||||
@Test
|
||||
public void interceptUrlsSupportPropertyPlaceholders() {
|
||||
System.setProperty("secure.url", "/secure");
|
||||
System.setProperty("secure.role", "ROLE_A");
|
||||
setContext(
|
||||
"<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" +
|
||||
"<filter-security-metadata-source id='fids'>" +
|
||||
" <intercept-url pattern='${secure.url}' access='${secure.role}'/>" +
|
||||
"</filter-security-metadata-source>");
|
||||
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
|
||||
List<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
|
||||
assertNotNull(cad);
|
||||
assertEquals(1, cad.size());
|
||||
assertEquals("ROLE_A", cad.get(0).getAttribute());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
|
||||
setContext(
|
||||
@@ -72,11 +89,8 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
" </b:property>" +
|
||||
" <b:property name='authenticationManager' ref='" + BeanIds.AUTHENTICATION_MANAGER +"'/>"+
|
||||
"</b:bean>" + ConfigTestUtils.AUTH_PROVIDER_XML);
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
private FilterInvocation createFilterInvocation(String path, String method) {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRequestURI(null);
|
||||
|
||||
@@ -149,7 +149,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filterListShouldBeEmptyForUnprotectedUrl() throws Exception {
|
||||
public void filterListShouldBeEmptyForPatternWithNoFilters() throws Exception {
|
||||
setContext(
|
||||
" <http auto-config='true'>" +
|
||||
" <intercept-url pattern='/unprotected' filters='none' />" +
|
||||
@@ -160,6 +160,22 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
assertTrue(filters.size() == 0);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void filtersEqualsNoneSupportsPlaceholderForPattern() throws Exception {
|
||||
System.setProperty("pattern.nofilters", "/unprotected");
|
||||
setContext(
|
||||
" <b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" +
|
||||
" <http auto-config='true'>" +
|
||||
" <intercept-url pattern='${pattern.nofilters}' filters='none' />" +
|
||||
" <intercept-url pattern='/**' access='ROLE_A' />" +
|
||||
" </http>" + AUTH_PROVIDER_XML);
|
||||
|
||||
List<Filter> filters = getFilters("/unprotected");
|
||||
|
||||
assertTrue(filters.size() == 0);
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void regexPathsWorkCorrectly() throws Exception {
|
||||
setContext(
|
||||
@@ -274,7 +290,7 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<? extends ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
|
||||
List<ConfigAttribute> attrDef = fids.getAttributes(createFilterinvocation("/Secure", null));
|
||||
assertEquals(2, attrDef.size());
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_A")));
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_B")));
|
||||
@@ -283,6 +299,40 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
assertTrue(attrDef.contains(new SecurityConfig("ROLE_C")));
|
||||
}
|
||||
|
||||
// SEC-1201
|
||||
@Test
|
||||
public void interceptUrlsAndFormLoginSupportPropertyPlaceholders() throws Exception {
|
||||
System.setProperty("secure.url", "/secure");
|
||||
System.setProperty("secure.role", "ROLE_A");
|
||||
System.setProperty("login.page", "/loginPage");
|
||||
System.setProperty("default.target", "/defaultTarget");
|
||||
System.setProperty("auth.failure", "/authFailure");
|
||||
setContext(
|
||||
"<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" +
|
||||
"<http>" +
|
||||
" <intercept-url pattern='${secure.url}' access='${secure.role}' />" +
|
||||
" <form-login login-page='${login.page}' default-target-url='${default.target}' " +
|
||||
" authentication-failure-url='${auth.failure}' />" +
|
||||
"</http>" + AUTH_PROVIDER_XML);
|
||||
|
||||
// Check the security attribute
|
||||
FilterSecurityInterceptor fis = (FilterSecurityInterceptor) getFilter(FilterSecurityInterceptor.class);
|
||||
FilterInvocationSecurityMetadataSource fids = fis.getSecurityMetadataSource();
|
||||
List<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
assertNotNull(attrs);
|
||||
assertEquals(1, attrs.size());
|
||||
assertEquals("ROLE_A",attrs.get(0).getAttribute());
|
||||
|
||||
// Check the form login properties are set
|
||||
UsernamePasswordAuthenticationProcessingFilter apf = (UsernamePasswordAuthenticationProcessingFilter)
|
||||
getFilter(UsernamePasswordAuthenticationProcessingFilter.class);
|
||||
assertEquals("/defaultTarget", FieldUtils.getFieldValue(apf, "successHandler.defaultTargetUrl"));
|
||||
assertEquals("/authFailure", FieldUtils.getFieldValue(apf, "failureHandler.defaultFailureUrl"));
|
||||
|
||||
ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class);
|
||||
assertEquals("/loginPage", FieldUtils.getFieldValue(etf, "authenticationEntryPoint.loginFormUrl"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void httpMethodMatchIsSupported() throws Exception {
|
||||
setContext(
|
||||
@@ -338,6 +388,19 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
assertTrue(filters.get(0) instanceof ChannelProcessingFilter);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requiresChannelSupportsPlaceholder() throws Exception {
|
||||
setContext(
|
||||
" <http auto-config='true'>" +
|
||||
" <intercept-url pattern='/**' requires-channel='https' />" +
|
||||
" </http>" + AUTH_PROVIDER_XML);
|
||||
List<Filter> filters = getFilters("/someurl");
|
||||
|
||||
assertEquals("Expected " + (AUTO_CONFIG_FILTERS + 1) +" filters in chain", AUTO_CONFIG_FILTERS + 1, filters.size());
|
||||
|
||||
assertTrue(filters.get(0) instanceof ChannelProcessingFilter);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void portMappingsAreParsedCorrectly() throws Exception {
|
||||
setContext(
|
||||
|
||||
Reference in New Issue
Block a user