Added check for "path parameters" to ensure the filterProcessesUrl matches rewritten URLs with a jsessionid included. Refactored property checking to use Spring Assert class.
This commit is contained in:
Luke Taylor
parent
eaa5feb5f8
commit
021abb7369
|
|
@ -249,27 +249,10 @@ public abstract class AbstractProcessingFilter implements Filter,
|
||||||
}
|
}
|
||||||
|
|
||||||
public void afterPropertiesSet() throws Exception {
|
public void afterPropertiesSet() throws Exception {
|
||||||
if ((filterProcessesUrl == null) || "".equals(filterProcessesUrl)) {
|
Assert.hasLength(filterProcessesUrl, "filterProcessesUrl must be specified");
|
||||||
throw new IllegalArgumentException(
|
Assert.hasLength(defaultTargetUrl, "defaultTargetUrl must be specified");
|
||||||
"filterProcessesUrl must be specified");
|
Assert.hasLength(authenticationFailureUrl, "authenticationFailureUrl must be specified");
|
||||||
}
|
Assert.notNull(authenticationManager, "authenticationManager must be specified");
|
||||||
|
|
||||||
if ((defaultTargetUrl == null) || "".equals(defaultTargetUrl)) {
|
|
||||||
throw new IllegalArgumentException(
|
|
||||||
"defaultTargetUrl must be specified");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((authenticationFailureUrl == null)
|
|
||||||
|| "".equals(authenticationFailureUrl)) {
|
|
||||||
throw new IllegalArgumentException(
|
|
||||||
"authenticationFailureUrl must be specified");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (authenticationManager == null) {
|
|
||||||
throw new IllegalArgumentException(
|
|
||||||
"authenticationManager must be specified");
|
|
||||||
}
|
|
||||||
|
|
||||||
Assert.notNull(this.rememberMeServices);
|
Assert.notNull(this.rememberMeServices);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -346,6 +329,10 @@ public abstract class AbstractProcessingFilter implements Filter,
|
||||||
* Indicates whether this filter should attempt to process a login request
|
* Indicates whether this filter should attempt to process a login request
|
||||||
* for the current invocation.
|
* for the current invocation.
|
||||||
* </p>
|
* </p>
|
||||||
|
* <p>
|
||||||
|
* It strips any parameters from the "path" section of the request URL (such as the
|
||||||
|
* jsessionid parameter in <em>http://host/myapp/index.html;jsessionid=blah</em>)
|
||||||
|
* before matching against the <code>filterProcessesUrl</code> property.
|
||||||
*
|
*
|
||||||
* <p>
|
* <p>
|
||||||
* Subclasses may override for special requirements, such as Tapestry
|
* Subclasses may override for special requirements, such as Tapestry
|
||||||
|
|
@ -360,8 +347,15 @@ public abstract class AbstractProcessingFilter implements Filter,
|
||||||
*/
|
*/
|
||||||
protected boolean requiresAuthentication(HttpServletRequest request,
|
protected boolean requiresAuthentication(HttpServletRequest request,
|
||||||
HttpServletResponse response) {
|
HttpServletResponse response) {
|
||||||
return request.getRequestURL().toString().endsWith(request
|
String uri = request.getRequestURI();
|
||||||
.getContextPath() + filterProcessesUrl);
|
int pathParamIndex = uri.indexOf(';');
|
||||||
|
|
||||||
|
if(pathParamIndex > 0) {
|
||||||
|
// strip everything after the first semi-colon
|
||||||
|
uri = uri.substring(0, pathParamIndex);
|
||||||
|
}
|
||||||
|
|
||||||
|
return uri.endsWith(request.getContextPath() + filterProcessesUrl);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void successfulAuthentication(HttpServletRequest request,
|
protected void successfulAuthentication(HttpServletRequest request,
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,7 @@ import javax.servlet.ServletException;
|
||||||
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletRequest;
|
||||||
import javax.servlet.ServletResponse;
|
import javax.servlet.ServletResponse;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
|
|
||||||
|
|
@ -242,6 +243,16 @@ public class AbstractProcessingFilterTests extends TestCase {
|
||||||
.getPrincipal().toString());
|
.getPrincipal().toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testDefaultProcessesFilterUrlWithPathParameter() {
|
||||||
|
MockHttpServletRequest request = createMockRequest();
|
||||||
|
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||||
|
MockAbstractProcessingFilter filter = new MockAbstractProcessingFilter();
|
||||||
|
filter.setFilterProcessesUrl("/j_acegi_security_check");
|
||||||
|
|
||||||
|
request.setRequestURI("/mycontext/j_acegi_security_check;jsessionid=I8MIONOSTHOR");
|
||||||
|
assertTrue(filter.requiresAuthentication(request, response));
|
||||||
|
}
|
||||||
|
|
||||||
public void testStartupDetectsInvalidAuthenticationFailureUrl()
|
public void testStartupDetectsInvalidAuthenticationFailureUrl()
|
||||||
throws Exception {
|
throws Exception {
|
||||||
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
|
AbstractProcessingFilter filter = new MockAbstractProcessingFilter();
|
||||||
|
|
@ -307,7 +318,7 @@ public class AbstractProcessingFilterTests extends TestCase {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testSuccessLoginThenFailureLoginResultsInSessionLoosingToken()
|
public void testSuccessLoginThenFailureLoginResultsInSessionLosingToken()
|
||||||
throws Exception {
|
throws Exception {
|
||||||
// Setup our HTTP request
|
// Setup our HTTP request
|
||||||
MockHttpServletRequest request = createMockRequest();
|
MockHttpServletRequest request = createMockRequest();
|
||||||
|
|
@ -451,6 +462,10 @@ public class AbstractProcessingFilterTests extends TestCase {
|
||||||
this.exceptionToThrow = exceptionToThrow;
|
this.exceptionToThrow = exceptionToThrow;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) {
|
||||||
|
return super.requiresAuthentication(request, response);
|
||||||
|
}
|
||||||
|
|
||||||
private MockAbstractProcessingFilter() {
|
private MockAbstractProcessingFilter() {
|
||||||
super();
|
super();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue