Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1412: DefaultSavedRequest should ignore "If-Modified-Since" headers to prevent re-displaying the login form (the cached result of the original request).

This commit is contained in:
Luke Taylor 2010-11-15 16:14:24 +00:00
parent fc00d7ef1d
commit 2d9f98d535
1 changed files with 9 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
View File

@ -15,28 +15,19 @@
package org.springframework.security.web.savedrequest; package org.springframework.security.web.savedrequest;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TreeMap;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.security.web.PortResolver; import org.springframework.security.web.PortResolver;
import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.util.UrlUtils; import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import java.util.*;
/** /**
* Represents central information from a <code>HttpServletRequest</code>. * Represents central information from a {@code HttpServletRequest}.
* <p> * <p>
* This class is used by {@link org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter} * This class is used by {@link org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter}
* and {@link org.springframework.security.web.savedrequest.SavedRequestAwareWrapper} to * and {@link org.springframework.security.web.savedrequest.SavedRequestAwareWrapper} to
@ -51,6 +42,7 @@ import org.springframework.util.Assert;
* @author Craig McClanahan * @author Craig McClanahan
* @author Andrey Grebnev * @author Andrey Grebnev
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor
*/ */
public class DefaultSavedRequest implements SavedRequest { public class DefaultSavedRequest implements SavedRequest {
//~ Static fields/initializers ===================================================================================== //~ Static fields/initializers =====================================================================================
@ -58,6 +50,7 @@ public class DefaultSavedRequest implements SavedRequest {
protected static final Log logger = LogFactory.getLog(DefaultSavedRequest.class); protected static final Log logger = LogFactory.getLog(DefaultSavedRequest.class);
private static final String HEADER_IF_NONE_MATCH = "If-None-Match"; private static final String HEADER_IF_NONE_MATCH = "If-None-Match";
private static final String HEADER_IF_MODIFIED_SINCE = "If-Modified-Since";
//~ Instance fields ================================================================================================ //~ Instance fields ================================================================================================
@ -97,8 +90,8 @@ public class DefaultSavedRequest implements SavedRequest {
while (names.hasMoreElements()) { while (names.hasMoreElements()) {
String name = names.nextElement(); String name = names.nextElement();
// Skip If-None-Match header. SEC-1412. // Skip If-Modified-Since and If-None-Match header. SEC-1412, SEC-1624.
if (HEADER_IF_NONE_MATCH.equalsIgnoreCase(name)) { if (HEADER_IF_MODIFIED_SINCE.equalsIgnoreCase(name) || HEADER_IF_NONE_MATCH.equalsIgnoreCase(name)) {
continue; continue;
} }
Enumeration<String> values = request.getHeaders(name); Enumeration<String> values = request.getHeaders(name);