Allow redirect status code to be customized
Closes gh-12797
This commit is contained in:
committed by
Josh Cummings
parent
2638555e53
commit
d9399dfda0
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
* Copyright 2002-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -18,6 +18,7 @@ package org.springframework.security.web;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
|
||||
@@ -26,6 +27,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
* @author Mark Chesney
|
||||
* @since 3.0
|
||||
*/
|
||||
public class DefaultRedirectStrategyTests {
|
||||
@@ -64,4 +66,21 @@ public class DefaultRedirectStrategyTests {
|
||||
.isThrownBy(() -> rds.sendRedirect(request, response, "https://redirectme.somewhere.else"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void statusCodeIsHandledCorrectly() throws Exception {
|
||||
// given
|
||||
DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
|
||||
redirectStrategy.setStatusCode(HttpStatus.TEMPORARY_REDIRECT);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
// when
|
||||
redirectStrategy.sendRedirect(request, response, "/requested");
|
||||
|
||||
// then
|
||||
assertThat(response.isCommitted()).isTrue();
|
||||
assertThat(response.getRedirectedUrl()).isEqualTo("/requested");
|
||||
assertThat(response.getStatus()).isEqualTo(307);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -23,6 +23,7 @@ import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
@@ -210,6 +211,37 @@ public class SessionManagementFilterTests {
|
||||
assertThat(response.getStatus()).isEqualTo(302);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void responseIsRedirectedToRequestedUrlIfStatusCodeIsSetAndSessionIsInvalid() throws Exception {
|
||||
// given
|
||||
DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
|
||||
redirectStrategy.setStatusCode(HttpStatus.TEMPORARY_REDIRECT);
|
||||
RequestedUrlRedirectInvalidSessionStrategy invalidSessionStrategy = new RequestedUrlRedirectInvalidSessionStrategy();
|
||||
invalidSessionStrategy.setCreateNewSession(true);
|
||||
invalidSessionStrategy.setRedirectStrategy(redirectStrategy);
|
||||
SecurityContextRepository securityContextRepository = mock(SecurityContextRepository.class);
|
||||
SessionAuthenticationStrategy sessionAuthenticationStrategy = mock(SessionAuthenticationStrategy.class);
|
||||
SessionManagementFilter filter = new SessionManagementFilter(securityContextRepository,
|
||||
sessionAuthenticationStrategy);
|
||||
filter.setInvalidSessionStrategy(invalidSessionStrategy);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setRequestedSessionId("xxx");
|
||||
request.setRequestedSessionIdValid(false);
|
||||
request.setRequestURI("/requested");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
FilterChain chain = mock(FilterChain.class);
|
||||
|
||||
// when
|
||||
filter.doFilter(request, response, chain);
|
||||
|
||||
// then
|
||||
verify(securityContextRepository).containsContext(request);
|
||||
verifyNoMoreInteractions(securityContextRepository, sessionAuthenticationStrategy, chain);
|
||||
assertThat(response.isCommitted()).isTrue();
|
||||
assertThat(response.getRedirectedUrl()).isEqualTo("/requested");
|
||||
assertThat(response.getStatus()).isEqualTo(307);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void customAuthenticationTrustResolver() throws Exception {
|
||||
AuthenticationTrustResolver trustResolver = mock(AuthenticationTrustResolver.class);
|
||||
|
||||
Reference in New Issue
Block a user