Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-26 22:02:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1412: Modify DefaultSavedRequest to ignore If-Not-Matched header.

Browse Source 
The browser (or at least Firefox) does not send it after a redirect, and it causes problems with Spring's ShallowEtagHeaderFilter if it is stored and returned by the saved request.
This commit is contained in:
Luke Taylor 2010-02-18 00:02:57 +00:00
parent 9bdc012c69
commit 14ae36ac3b
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
View File

@ -54,6 +54,8 @@ public class DefaultSavedRequest implements SavedRequest {
public static final String SPRING_SECURITY_SAVED_REQUEST_KEY = "SPRING_SECURITY_SAVED_REQUEST_KEY"; public static final String SPRING_SECURITY_SAVED_REQUEST_KEY = "SPRING_SECURITY_SAVED_REQUEST_KEY";
private static final String HEADER_IF_NONE_MATCH = "If-None-Match";
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
private ArrayList<SavedCookie> cookies = new ArrayList<SavedCookie>(); private ArrayList<SavedCookie> cookies = new ArrayList<SavedCookie>();
@ -92,6 +94,10 @@ public class DefaultSavedRequest implements SavedRequest {
while (names.hasMoreElements()) { while (names.hasMoreElements()) {
String name = names.nextElement(); String name = names.nextElement();
// Skip If-None-Match header. SEC-1412.
if (HEADER_IF_NONE_MATCH.equalsIgnoreCase(name)) {
continue;
}
Enumeration<String> values = request.getHeaders(name); Enumeration<String> values = request.getHeaders(name);
while (values.hasMoreElements()) { while (values.hasMoreElements()) {

9
web/src/test/java/org/springframework/security/web/savedrequest/DefaultSavedRequestTests.java
View File

@ -21,6 +21,15 @@ public class DefaultSavedRequestTests {
assertEquals("Mozilla", saved.getHeaderValues("user-agent").get(0)); assertEquals("Mozilla", saved.getHeaderValues("user-agent").get(0));
} }
// SEC-1412
@Test
public void discardsIfNoneMatchHeader() throws Exception {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("If-None-Match", "somehashvalue");
DefaultSavedRequest saved = new DefaultSavedRequest(request, new MockPortResolver(8080, 8443));
assertTrue(saved.getHeaderValues("if-none-match").isEmpty());
}
// TODO: Why are parameters case insensitive. I think this is a mistake // TODO: Why are parameters case insensitive. I think this is a mistake
@Test @Test
public void parametersAreCaseInsensitive() throws Exception { public void parametersAreCaseInsensitive() throws Exception {