Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve CsrfBeanDefinitionParser xml parsing 

1. CsrfBeanDefinitionParser registers requestDataValueProcessor
if not already registered
2. Created Tests in CsrfBeanDefinitionParserTests

Fixes: gh-6423
This commit is contained in:
Ankur Pathak 2019-01-17 15:54:23 +05:30 committed by Rob Winch
parent ffe602fdbe
commit 2e70d66063
3 changed files with 80 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
View File

@ -45,6 +45,7 @@ import org.springframework.util.StringUtils;
* Parser for the {@code CsrfFilter}. * Parser for the {@code CsrfFilter}.
* *
* @author Rob Winch * @author Rob Winch
* @author Ankur Pathak
* @since 3.2 * @since 3.2
*/ */
public class CsrfBeanDefinitionParser implements BeanDefinitionParser { public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
@ -67,11 +68,13 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
boolean webmvcPresent = ClassUtils.isPresent(DISPATCHER_SERVLET_CLASS_NAME, boolean webmvcPresent = ClassUtils.isPresent(DISPATCHER_SERVLET_CLASS_NAME,
getClass().getClassLoader()); getClass().getClassLoader());
if (webmvcPresent) { if (webmvcPresent) {
RootBeanDefinition beanDefinition = new RootBeanDefinition( if (!pc.getRegistry().containsBeanDefinition(REQUEST_DATA_VALUE_PROCESSOR)) {
CsrfRequestDataValueProcessor.class); RootBeanDefinition beanDefinition = new RootBeanDefinition(
BeanComponentDefinition componentDefinition = new BeanComponentDefinition( CsrfRequestDataValueProcessor.class);
beanDefinition, REQUEST_DATA_VALUE_PROCESSOR); BeanComponentDefinition componentDefinition = new BeanComponentDefinition(
pc.registerBeanComponent(componentDefinition); beanDefinition, REQUEST_DATA_VALUE_PROCESSOR);
pc.registerBeanComponent(componentDefinition);
}
} }
String matcherRef = null; String matcherRef = null;

41
config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java Normal file
View File

@ -0,0 +1,41 @@
/*
* Copyright 2002-2018 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.config.http;
import org.junit.Test;
import org.springframework.context.support.ClassPathXmlApplicationContext;
/**
* @author Ankur Pathak
*/
public class CsrfBeanDefinitionParserTests {
private static final String CONFIG_LOCATION_PREFIX =
"classpath:org/springframework/security/config/http/CsrfBeanDefinitionParserTests";
@Test
public void registerDataValueProcessorOnlyIfNotRegistered() throws Exception {
try (ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext()) {
context.setAllowBeanDefinitionOverriding(false);
context.setConfigLocation(this.xml("RegisterDataValueProcessorOnyIfNotRegistered"));
context.refresh();
}
}
private String xml(String configName) {
return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
}
}

31
config/src/test/resources/org/springframework/security/config/http/CsrfBeanDefinitionParserTests-RegisterDataValueProcessorOnyIfNotRegistered.xml Normal file
View File

@ -0,0 +1,31 @@
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
">
<security:http pattern="/foo/**">
<security:intercept-url pattern="/**" access="hasRole('FOO')" />
<security:http-basic/>
</security:http>
<security:http pattern="/bar/**">
<security:intercept-url pattern="/**" access="hasRole('BAR')" />
<security:http-basic/>
</security:http>
<security:authentication-manager >
<security:authentication-provider>
<security:user-service>
<security:user name="gnu" password="{noop}gnat" authorities="ROLE_FOO" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>