SEC-2783: XML Configuration Defaults Should Match JavaConfig

* j_username -> username
* j_password -> password
* j_spring_security_check -> login
* j_spring_cas_security_check -> login/cas
* j_spring_cas_security_proxyreceptor -> login/cas/proxyreceptor
* j_spring_openid_security_login -> login/openid
* j_spring_security_switch_user -> login/impersonate
* j_spring_security_exit_user -> logout/impersonate
* login_error -> error
* use-expressions=true by default
This commit is contained in:
Rob Winch
2014-12-05 09:52:29 -06:00
parent b56e5edbbd
commit c67ff42b8a
125 changed files with 8122 additions and 395 deletions

View File

@@ -1,6 +1,8 @@
package org.springframework.security.config.http;
import static org.junit.Assert.*;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import java.util.Collection;
@@ -42,7 +44,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
@Test
public void parsingMinimalConfigurationIsSuccessful() {
setContext(
"<filter-security-metadata-source id='fids'>" +
"<filter-security-metadata-source id='fids' use-expressions='false'>" +
" <intercept-url pattern='/**' access='ROLE_A'/>" +
"</filter-security-metadata-source>");
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
@@ -54,7 +56,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
@Test
public void expressionsAreSupported() {
setContext(
"<filter-security-metadata-source id='fids' use-expressions='true'>" +
"<filter-security-metadata-source id='fids'>" +
" <intercept-url pattern='/**' access=\"hasRole('ROLE_A')\" />" +
"</filter-security-metadata-source>");
@@ -72,7 +74,7 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
System.setProperty("secure.role", "ROLE_A");
setContext(
"<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" +
"<filter-security-metadata-source id='fids'>" +
"<filter-security-metadata-source id='fids' use-expressions='false'>" +
" <intercept-url pattern='${secure.url}' access='${secure.role}'/>" +
"</filter-security-metadata-source>");
DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) appContext.getBean("fids");
@@ -85,10 +87,10 @@ public class FilterSecurityMetadataSourceBeanDefinitionParserTests {
@Test
public void parsingWithinFilterSecurityInterceptorIsSuccessful() {
setContext(
"<http auto-config='true'/>" +
"<http auto-config='true' use-expressions='false'/>" +
"<b:bean id='fsi' class='org.springframework.security.web.access.intercept.FilterSecurityInterceptor' autowire='byType'>" +
" <b:property name='securityMetadataSource'>" +
" <filter-security-metadata-source>" +
" <filter-security-metadata-source use-expressions='false'>" +
" <intercept-url pattern='/secure/extreme/**' access='ROLE_SUPERVISOR'/>" +
" <intercept-url pattern='/secure/**' access='ROLE_USER'/>" +
" <intercept-url pattern='/**' access='ROLE_USER'/>" +

View File

@@ -98,10 +98,10 @@ public class SessionManagementConfigServlet31Tests {
Method method = mock(Method.class);
MockHttpServletRequest request = new MockHttpServletRequest();
request.getSession();
request.setServletPath("/j_spring_security_check");
request.setServletPath("/login");
request.setMethod("POST");
request.setParameter("j_username", "user");
request.setParameter("j_password", "password");
request.setParameter("username", "user");
request.setParameter("password", "password");
when(ReflectionUtils.findMethod(HttpServletRequest.class, "changeSessionId")).thenReturn(method);
loadContext("<http>\n" +
@@ -124,10 +124,10 @@ public class SessionManagementConfigServlet31Tests {
Method method = mock(Method.class);
MockHttpServletRequest request = new MockHttpServletRequest();
request.getSession();
request.setServletPath("/j_spring_security_check");
request.setServletPath("/login");
request.setMethod("POST");
request.setParameter("j_username", "user");
request.setParameter("j_password", "password");
request.setParameter("username", "user");
request.setParameter("password", "password");
when(ReflectionUtils.findMethod(HttpServletRequest.class, "changeSessionId")).thenReturn(method);
loadContext("<http>\n" +