SEC-1167: Introduce more flexible SavedRequest handling. Separated the concept of SavedRequest from SecurityContextHolderAwareFilter since the two are orthogonal requirements. This no longer takes a wrapper class property or uses reflection. SavedRequest functionality is accessed through the RequestCache interface, with the default implementation being HttpSessionRequestCache. A separate filter RequestCacheAwareFilter is now responsible for reconstituting the SavedRequest if it matches the current request. The functionality for matching and returning the wrapper is contained in the RequestCache method though.

This commit is contained in:
Luke Taylor
2009-07-20 22:34:40 +00:00
parent efd1dbf54a
commit f404bb3d74
18 changed files with 452 additions and 394 deletions

View File

@@ -69,6 +69,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
import org.springframework.security.web.authentication.www.BasicProcessingFilter;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
import org.springframework.security.web.session.SessionFixationProtectionFilter;
import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
import org.springframework.util.ReflectionUtils;
@@ -78,7 +79,7 @@ import org.springframework.util.ReflectionUtils;
* @version $Id$
*/
public class HttpSecurityBeanDefinitionParserTests {
private static final int AUTO_CONFIG_FILTERS = 10;
private static final int AUTO_CONFIG_FILTERS = 11;
private AbstractXmlApplicationContext appContext;
@After
@@ -132,6 +133,7 @@ public class HttpSecurityBeanDefinitionParserTests {
assertTrue(authProcFilter instanceof UsernamePasswordAuthenticationProcessingFilter);
assertTrue(filters.next() instanceof DefaultLoginPageGeneratingFilter);
assertTrue(filters.next() instanceof BasicProcessingFilter);
assertTrue(filters.next() instanceof RequestCacheAwareFilter);
assertTrue(filters.next() instanceof SecurityContextHolderAwareRequestFilter);
assertTrue(filters.next() instanceof AnonymousProcessingFilter);
assertTrue(filters.next() instanceof ExceptionTranslationFilter);
@@ -209,7 +211,7 @@ public class HttpSecurityBeanDefinitionParserTests {
"<http>" +
" <form-login />" +
"</http>" + AUTH_PROVIDER_XML);
assertThat(getFilters("/anything").get(4), instanceOf(AnonymousProcessingFilter.class));
assertThat(getFilters("/anything").get(5), instanceOf(AnonymousProcessingFilter.class));
}
@Test
@@ -219,7 +221,7 @@ public class HttpSecurityBeanDefinitionParserTests {
" <form-login />" +
" <anonymous enabled='false'/>" +
"</http>" + AUTH_PROVIDER_XML);
assertThat(getFilters("/anything").get(4), not(instanceOf(AnonymousProcessingFilter.class)));
assertThat(getFilters("/anything").get(5), not(instanceOf(AnonymousProcessingFilter.class)));
}