SEC-1608: Make sure FirewalledRequest.reset() is called when filter="none"

This commit is contained in:
Luke Taylor 2010-11-02 12:08:39 +00:00
parent deef2706ef
commit 0696bed78e
2 changed files with 15 additions and 0 deletions

View File

@ -153,6 +153,8 @@ public class FilterChainProxy extends GenericFilterBean {
(filters == null ? " has no matching filters" : " has an empty filter list"));
}
fwRequest.reset();
chain.doFilter(fwRequest, fwResponse);
return;

View File

@ -10,6 +10,7 @@ import org.mockito.stubbing.Answer;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.web.firewall.FirewalledRequest;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.util.RequestMatcher;
import javax.servlet.Filter;
@ -113,4 +114,16 @@ public class FilterChainProxyTests {
verify(chain).doFilter(any(FirewalledRequest.class), any(HttpServletResponse.class));
}
@Test
public void wrapperIsResetWhenNoMatchingFilters() throws Exception {
HttpFirewall fw = mock(HttpFirewall.class);
FirewalledRequest fwr = mock (FirewalledRequest.class);
when(fwr.getRequestURI()).thenReturn("/");
when(fwr.getContextPath()).thenReturn("");
fcp.setFirewall(fw);
when(fw.getFirewalledRequest(request)).thenReturn(fwr);
when(matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
fcp.doFilter(request, response, chain);
verify(fwr).reset();
}
}