diff --git a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java index 4502a27ff1..ac22faf03b 100644 --- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java +++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java @@ -131,6 +131,10 @@ final class AuthenticationConfigBuilder { private String loginProcessingUrl; private String openidLoginProcessingUrl; + private String formLoginPage; + + private String openIDLoginPage; + public AuthenticationConfigBuilder(Element element, boolean forceAutoConfig, ParserContext pc, SessionCreationPolicy sessionPolicy, BeanReference requestCache, BeanReference authenticationManager, @@ -212,6 +216,7 @@ final class AuthenticationConfigBuilder { formFilter = parser.getFilterBean(); formEntryPoint = parser.getEntryPointBean(); loginProcessingUrl = parser.getLoginProcessingUrl(); + formLoginPage = parser.getLoginPage(); } if (formFilter != null) { @@ -242,6 +247,7 @@ final class AuthenticationConfigBuilder { openIDFilter = parser.getFilterBean(); openIDEntryPoint = parser.getEntryPointBean(); openidLoginProcessingUrl = parser.getLoginProcessingUrl(); + openIDLoginPage = parser.getLoginPage(); List attrExElts = DomUtils.getChildElementsByTagName(openIDLoginElt, Elements.OPENID_ATTRIBUTE_EXCHANGE); @@ -527,8 +533,6 @@ final class AuthenticationConfigBuilder { void createLoginPageFilterIfNeeded() { boolean needLoginPage = formFilterId != null || openIDFilterId != null; - String formLoginPage = getLoginFormUrl(formEntryPoint); - String openIDLoginPage = getLoginFormUrl(openIDEntryPoint); // If no login page has been defined, add in the default page generator. if (needLoginPage && formLoginPage == null && openIDLoginPage == null) { diff --git a/config/src/test/groovy/org/springframework/security/config/http/FormLoginConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/FormLoginConfigTests.groovy index 0f93981d90..6c26cc76e4 100644 --- a/config/src/test/groovy/org/springframework/security/config/http/FormLoginConfigTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/http/FormLoginConfigTests.groovy @@ -6,6 +6,7 @@ import org.springframework.security.web.access.ExceptionTranslationFilter import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter +import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; import org.springframework.test.util.ReflectionTestUtils; import org.springframework.util.ReflectionUtils; @@ -104,4 +105,15 @@ class FormLoginConfigTests extends AbstractHttpConfigTests { apf.usernameParameter == 'xname'; apf.passwordParameter == 'xpass' } + + def 'SEC-2919: DefaultLoginGeneratingFilter should not be present if login-page="/login"'() { + when: + xml.http() { + 'form-login'('login-page':'/login') + } + createAppContext() + + then: + getFilter(DefaultLoginPageGeneratingFilter) == null + } } diff --git a/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy index e9ecbb209e..1f4c03b8ac 100644 --- a/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy +++ b/config/src/test/groovy/org/springframework/security/config/http/HttpOpenIDConfigTests.groovy @@ -151,4 +151,16 @@ class OpenIDConfigTests extends AbstractHttpConfigTests { attributes[1].required attributes[1].getCount() == 2 } + + def 'SEC-2919: DefaultLoginGeneratingFilter should not be present if login-page="/login"'() { + when: + xml.http() { + 'openid-login'('login-page':'/login') + } + createAppContext() + + then: + getFilter(DefaultLoginPageGeneratingFilter) == null + } + }