Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-04 12:29:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add HttpSessionRequestCache sessionAttrName property

Browse Source 
This commit allows to customize the session attribute name. Default is
SPRING_SECURITY_SAVED_REQUEST.

Fixes gh-4130
This commit is contained in:
Eddú Meléndez 2016-11-14 20:38:43 -05:00 committed by Rob Winch
parent aa5df61eff
commit 028854b936
2 changed files with 32 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
View File

@ -32,6 +32,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
* The {@link DefaultSavedRequest} class is used as the implementation. * The {@link DefaultSavedRequest} class is used as the implementation.
* *
* @author Luke Taylor * @author Luke Taylor
* @author Eddú Meléndez
* @since 3.0 * @since 3.0
*/ */
public class HttpSessionRequestCache implements RequestCache { public class HttpSessionRequestCache implements RequestCache {
@ -41,6 +42,7 @@ public class HttpSessionRequestCache implements RequestCache {
private PortResolver portResolver = new PortResolverImpl(); private PortResolver portResolver = new PortResolverImpl();
private boolean createSessionAllowed = true; private boolean createSessionAllowed = true;
private RequestMatcher requestMatcher = AnyRequestMatcher.INSTANCE; private RequestMatcher requestMatcher = AnyRequestMatcher.INSTANCE;
private String sessionAttrName = SAVED_REQUEST;
/** /**
* Stores the current request, provided the configuration properties allow it. * Stores the current request, provided the configuration properties allow it.
@ -54,7 +56,7 @@ public class HttpSessionRequestCache implements RequestCache {
// Store the HTTP request itself. Used by // Store the HTTP request itself. Used by
// AbstractAuthenticationProcessingFilter // AbstractAuthenticationProcessingFilter
// for redirection after successful authentication (SEC-29) // for redirection after successful authentication (SEC-29)
request.getSession().setAttribute(SAVED_REQUEST, savedRequest); request.getSession().setAttribute(this.sessionAttrName, savedRequest);
logger.debug("DefaultSavedRequest added to Session: " + savedRequest); logger.debug("DefaultSavedRequest added to Session: " + savedRequest);
} }
} }
@ -68,7 +70,7 @@ public class HttpSessionRequestCache implements RequestCache {
HttpSession session = currentRequest.getSession(false); HttpSession session = currentRequest.getSession(false);
if (session != null) { if (session != null) {
return (SavedRequest) session.getAttribute(SAVED_REQUEST); return (SavedRequest) session.getAttribute(this.sessionAttrName);
} }
return null; return null;
@ -80,7 +82,7 @@ public class HttpSessionRequestCache implements RequestCache {
if (session != null) { if (session != null) {
logger.debug("Removing DefaultSavedRequest from session if present"); logger.debug("Removing DefaultSavedRequest from session if present");
session.removeAttribute(SAVED_REQUEST); session.removeAttribute(this.sessionAttrName);
} }
} }
@ -129,4 +131,15 @@ public class HttpSessionRequestCache implements RequestCache {
public void setPortResolver(PortResolver portResolver) { public void setPortResolver(PortResolver portResolver) {
this.portResolver = portResolver; this.portResolver = portResolver;
} }
/**
* If the {@code sessionAttrName} property is set, the request is stored in
* the session using this attribute name. Default is
* "SPRING_SECURITY_SAVED_REQUEST".
*
* @param sessionAttrName a new session attribute name.
*/
public void setSessionAttrName(String sessionAttrName) {
this.sessionAttrName = sessionAttrName;
}
} }

16
web/src/test/java/org/springframework/security/web/savedrequest/HttpSessionRequestCacheTests.java
View File

@ -35,6 +35,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
/** /**
* *
* @author Luke Taylor * @author Luke Taylor
* @author Eddú Meléndez
* @since 3.0 * @since 3.0
*/ */
public class HttpSessionRequestCacheTests { public class HttpSessionRequestCacheTests {
@ -101,6 +102,21 @@ public class HttpSessionRequestCacheTests {
CustomSavedRequest.class); CustomSavedRequest.class);
} }
@Test
public void testCustomSessionAttrName() {
HttpSessionRequestCache cache = new HttpSessionRequestCache();
cache.setSessionAttrName("CUSTOM_SAVED_REQUEST");
MockHttpServletRequest request = new MockHttpServletRequest("GET",
"/destination");
MockHttpServletResponse response = new MockHttpServletResponse();
cache.saveRequest(request, response);
assertThat(request.getSession().getAttribute(HttpSessionRequestCache.SAVED_REQUEST)).isNull();
assertThat(request.getSession().getAttribute("CUSTOM_SAVED_REQUEST")).isNotNull();
}
private static final class CustomSavedRequest implements SavedRequest { private static final class CustomSavedRequest implements SavedRequest {
private final SavedRequest delegate; private final SavedRequest delegate;