Use MvcRequestMatcher by default if Spring MVC is present
Closes gh-11899
This commit is contained in:
committed by
Marcus Hert Da Coregio
parent
353ca76973
commit
c4d23f2b49
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -36,8 +36,9 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.firewall.DefaultHttpFirewall;
|
||||
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.test.util.ReflectionTestUtils;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
@@ -113,12 +114,13 @@ public class FilterChainProxyConfigTests {
|
||||
List<SecurityFilterChain> chains = fcp.getFilterChains();
|
||||
assertThat(getPattern(chains.get(0))).isEqualTo("/login*");
|
||||
assertThat(getPattern(chains.get(1))).isEqualTo("/logout");
|
||||
assertThat(((DefaultSecurityFilterChain) chains.get(2)).getRequestMatcher() instanceof AnyRequestMatcher)
|
||||
.isTrue();
|
||||
assertThat(((DefaultSecurityFilterChain) chains.get(2)).getRequestMatcher())
|
||||
.isInstanceOf(AnyRequestMatcher.class);
|
||||
}
|
||||
|
||||
private String getPattern(SecurityFilterChain chain) {
|
||||
return ((AntPathRequestMatcher) ((DefaultSecurityFilterChain) chain).getRequestMatcher()).getPattern();
|
||||
RequestMatcher requestMatcher = ((DefaultSecurityFilterChain) chain).getRequestMatcher();
|
||||
return (String) ReflectionTestUtils.getField(requestMatcher, "pattern");
|
||||
}
|
||||
|
||||
private void checkPathAndFilterOrder(FilterChainProxy filterChainProxy) {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2017 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -92,10 +92,12 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
public void interceptUrlsSupportPropertyPlaceholders() {
|
||||
System.setProperty("secure.url", "/secure");
|
||||
System.setProperty("secure.role", "ROLE_A");
|
||||
setContext("<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>"
|
||||
+ "<filter-security-metadata-source id='fids' use-expressions='false'>"
|
||||
+ " <intercept-url pattern='${secure.url}' access='${secure.role}'/>"
|
||||
+ "</filter-security-metadata-source>");
|
||||
setContext(
|
||||
"<b:bean class=\"org.springframework.web.servlet.handler.HandlerMappingIntrospector\" name=\"mvcHandlerMappingIntrospector\"/>"
|
||||
+ "<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>"
|
||||
+ "<filter-security-metadata-source id='fids' use-expressions='false'>"
|
||||
+ " <intercept-url pattern='${secure.url}' access='${secure.role}'/>"
|
||||
+ "</filter-security-metadata-source>");
|
||||
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) this.appContext
|
||||
.getBean("fids");
|
||||
Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
|
||||
@@ -105,7 +107,8 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
@Test
|
||||
public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
|
||||
// @formatter:off
|
||||
setContext("<http auto-config='true' use-expressions='false'/>"
|
||||
setContext("<b:bean class=\"org.springframework.web.servlet.handler.HandlerMappingIntrospector\" name=\"mvcHandlerMappingIntrospector\"/>" +
|
||||
"<http auto-config='true' use-expressions='false'/>"
|
||||
+ "<b:bean id='fsi' class='org.springframework.security.web.access.intercept.FilterSecurityInterceptor' autowire='byType'>"
|
||||
+ " <b:property name='securityMetadataSource'>"
|
||||
+ " <filter-security-metadata-source use-expressions='false'>"
|
||||
@@ -130,9 +133,8 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
|
||||
|
||||
private FilterInvocation createFilterInvocation(String path, String method) {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
|
||||
request.setRequestURI(null);
|
||||
request.setRequestURI(path);
|
||||
request.setMethod(method);
|
||||
request.setServletPath(path);
|
||||
return new FilterInvocation(request, new MockHttpServletResponse(), new MockFilterChain());
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -24,6 +24,7 @@ import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.mockito.stubbing.Answer;
|
||||
|
||||
import org.springframework.beans.factory.BeanCreationException;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
|
||||
import org.springframework.mock.web.MockServletContext;
|
||||
@@ -39,6 +40,7 @@ import org.springframework.web.context.ConfigurableWebApplicationContext;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.assertj.core.api.Assertions.assertThatNoException;
|
||||
import static org.mockito.BDDMockito.given;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.spy;
|
||||
@@ -361,14 +363,20 @@ public class InterceptUrlConfigTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingDefaultMatcherAndServletPathThenThrowsException() {
|
||||
assertThatExceptionOfType(BeanDefinitionParsingException.class)
|
||||
public void configureWhenUsingDefaultMatcherAndServletPathThenNoException() {
|
||||
assertThatNoException()
|
||||
.isThrownBy(() -> this.spring.configLocations(this.xml("DefaultMatcherServletPath")).autowire());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingDefaultMatcherAndServletPathAndAuthorizationManagerThenThrowsException() {
|
||||
assertThatExceptionOfType(BeanDefinitionParsingException.class).isThrownBy(() -> this.spring
|
||||
public void configureWhenUsingDefaultMatcherAndNoIntrospectorBeanThenException() {
|
||||
assertThatExceptionOfType(BeanCreationException.class)
|
||||
.isThrownBy(() -> this.spring.configLocations(this.xml("DefaultMatcherNoIntrospectorBean")).autowire());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingDefaultMatcherAndServletPathAndAuthorizationManagerThenNoException() {
|
||||
assertThatNoException().isThrownBy(() -> this.spring
|
||||
.configLocations(this.xml("DefaultMatcherServletPathAuthorizationManager")).autowire());
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user