From 1a4130528ad148931dc966257cb95a5d735d8c86 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Mon, 21 Apr 2008 16:51:06 +0000 Subject: [PATCH] SEC-782: Incorrect UrlMatcher initialization in FilterChainProxy results in wrong lowercase/uppercase matching http://jira.springframework.org/browse/SEC-782. I've updated FilterChainProxy to make sure the same UrlMatcher is used throughout when converting a legacy configuration. --- .../security/util/FilterChainProxy.java | 4 ++-- .../security/util/FilterChainProxyTests.java | 9 ++++++++- .../security/util/filtertest-valid.xml | 11 +++++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/core/src/main/java/org/springframework/security/util/FilterChainProxy.java b/core/src/main/java/org/springframework/security/util/FilterChainProxy.java index 68ca420a21..b1e864ac6b 100644 --- a/core/src/main/java/org/springframework/security/util/FilterChainProxy.java +++ b/core/src/main/java/org/springframework/security/util/FilterChainProxy.java @@ -116,8 +116,8 @@ public class FilterChainProxy implements Filter, InitializingBean, ApplicationCo if (fids != null) { Assert.isNull(uncompiledFilterChainMap, "Set the filterChainMap or FilterInvocationDefinitionSource but not both"); FIDSToFilterChainMapConverter converter = new FIDSToFilterChainMapConverter(fids, applicationContext); - setFilterChainMap(converter.getFilterChainMap()); - setMatcher(converter.getMatcher()); + setMatcher(converter.getMatcher()); + setFilterChainMap(converter.getFilterChainMap()); fids = null; } diff --git a/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java b/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java index 0dd2afd1e0..cf7aa708f4 100644 --- a/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java +++ b/core/src/test/java/org/springframework/security/util/FilterChainProxyTests.java @@ -137,6 +137,12 @@ public class FilterChainProxyTests { doNormalOperation(filterChainProxy); } + @Test + public void proxyPathWithoutLowerCaseConversionShouldntMatchDifferentCasePath() throws Exception { + FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("filterChainNonLowerCase", FilterChainProxy.class); + assertNull(filterChainProxy.getFilters("/some/other/path/blah")); + } + @Test public void normalOperationWithNewConfig() throws Exception { FilterChainProxy filterChainProxy = (FilterChainProxy) appCtx.getBean("newFilterChainProxy", FilterChainProxy.class); @@ -163,7 +169,8 @@ public class FilterChainProxyTests { assertEquals(1, filters.size()); assertTrue(filters.get(0) instanceof MockFilter); - filters = filterChainProxy.getFilters("/sOme/other/path/blah"); + filters = filterChainProxy.getFilters("/some/other/path/blah"); + assertNotNull(filters); assertEquals(3, filters.size()); assertTrue(filters.get(0) instanceof HttpSessionContextIntegrationFilter); assertTrue(filters.get(1) instanceof MockFilter); diff --git a/core/src/test/resources/org/springframework/security/util/filtertest-valid.xml b/core/src/test/resources/org/springframework/security/util/filtertest-valid.xml index 075089ccd4..12c9ff3f70 100644 --- a/core/src/test/resources/org/springframework/security/util/filtertest-valid.xml +++ b/core/src/test/resources/org/springframework/security/util/filtertest-valid.xml @@ -53,6 +53,17 @@ http://www.springframework.org/schema/security http://www.springframework.org/sc + + + + PATTERN_TYPE_APACHE_ANT + /foo/**=mockFilter + /SOME/other/path/**=sif,mockFilter,mockFilter2 + /do/not/filter=#NONE# + + + +