From 2e70d660635faeec305a2eda053abb9e740add73 Mon Sep 17 00:00:00 2001 From: Ankur Pathak Date: Thu, 17 Jan 2019 15:54:23 +0530 Subject: [PATCH] Improve CsrfBeanDefinitionParser xml parsing 1. CsrfBeanDefinitionParser registers requestDataValueProcessor if not already registered 2. Created Tests in CsrfBeanDefinitionParserTests Fixes: gh-6423 --- .../config/http/CsrfBeanDefinitionParser.java | 13 +++--- .../http/CsrfBeanDefinitionParserTests.java | 41 +++++++++++++++++++ ...erDataValueProcessorOnyIfNotRegistered.xml | 31 ++++++++++++++ 3 files changed, 80 insertions(+), 5 deletions(-) create mode 100644 config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java create mode 100644 config/src/test/resources/org/springframework/security/config/http/CsrfBeanDefinitionParserTests-RegisterDataValueProcessorOnyIfNotRegistered.xml diff --git a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java index ed2095e258..82c29844cf 100644 --- a/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java @@ -45,6 +45,7 @@ import org.springframework.util.StringUtils; * Parser for the {@code CsrfFilter}. * * @author Rob Winch + * @author Ankur Pathak * @since 3.2 */ public class CsrfBeanDefinitionParser implements BeanDefinitionParser { @@ -67,11 +68,13 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser { boolean webmvcPresent = ClassUtils.isPresent(DISPATCHER_SERVLET_CLASS_NAME, getClass().getClassLoader()); if (webmvcPresent) { - RootBeanDefinition beanDefinition = new RootBeanDefinition( - CsrfRequestDataValueProcessor.class); - BeanComponentDefinition componentDefinition = new BeanComponentDefinition( - beanDefinition, REQUEST_DATA_VALUE_PROCESSOR); - pc.registerBeanComponent(componentDefinition); + if (!pc.getRegistry().containsBeanDefinition(REQUEST_DATA_VALUE_PROCESSOR)) { + RootBeanDefinition beanDefinition = new RootBeanDefinition( + CsrfRequestDataValueProcessor.class); + BeanComponentDefinition componentDefinition = new BeanComponentDefinition( + beanDefinition, REQUEST_DATA_VALUE_PROCESSOR); + pc.registerBeanComponent(componentDefinition); + } } String matcherRef = null; diff --git a/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java new file mode 100644 index 0000000000..60d95574a8 --- /dev/null +++ b/config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java @@ -0,0 +1,41 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.config.http; + +import org.junit.Test; + +import org.springframework.context.support.ClassPathXmlApplicationContext; + +/** + * @author Ankur Pathak + */ +public class CsrfBeanDefinitionParserTests { + private static final String CONFIG_LOCATION_PREFIX = + "classpath:org/springframework/security/config/http/CsrfBeanDefinitionParserTests"; + + @Test + public void registerDataValueProcessorOnlyIfNotRegistered() throws Exception { + try (ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext()) { + context.setAllowBeanDefinitionOverriding(false); + context.setConfigLocation(this.xml("RegisterDataValueProcessorOnyIfNotRegistered")); + context.refresh(); + } + } + + private String xml(String configName) { + return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml"; + } +} diff --git a/config/src/test/resources/org/springframework/security/config/http/CsrfBeanDefinitionParserTests-RegisterDataValueProcessorOnyIfNotRegistered.xml b/config/src/test/resources/org/springframework/security/config/http/CsrfBeanDefinitionParserTests-RegisterDataValueProcessorOnyIfNotRegistered.xml new file mode 100644 index 0000000000..333e9d11ee --- /dev/null +++ b/config/src/test/resources/org/springframework/security/config/http/CsrfBeanDefinitionParserTests-RegisterDataValueProcessorOnyIfNotRegistered.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + +