Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove Servlet Spec 2.5 Support for HttpSessionSecurityContextRepository 

Fixes: gh-6261
This commit is contained in:
Dongmin Shin 2018-12-15 22:11:50 +09:00 committed by Josh Cummings
parent 733a380bc7
commit 3230cd653c
2 changed files with 4 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
View File

@ -35,7 +35,6 @@ import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy; import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
import org.springframework.web.util.WebUtils; import org.springframework.web.util.WebUtils;
/** /**
@ -95,7 +94,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
private final Object contextObject = SecurityContextHolder.createEmptyContext(); private final Object contextObject = SecurityContextHolder.createEmptyContext();
private boolean allowSessionCreation = true; private boolean allowSessionCreation = true;
private boolean disableUrlRewriting = false; private boolean disableUrlRewriting = false;
private boolean isServlet3 = ClassUtils.hasMethod(ServletRequest.class, "startAsync");
private String springSecurityContextKey = SPRING_SECURITY_CONTEXT_KEY; private String springSecurityContextKey = SPRING_SECURITY_CONTEXT_KEY;
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
@ -127,10 +125,8 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
response, request, httpSession != null, context); response, request, httpSession != null, context);
requestResponseHolder.setResponse(wrappedResponse); requestResponseHolder.setResponse(wrappedResponse);
if (isServlet3) { requestResponseHolder.setRequest(new SaveToSessionRequestWrapper(
requestResponseHolder.setRequest(new Servlet3SaveToSessionRequestWrapper( request, wrappedResponse));
request, wrappedResponse));
}
return context; return context;
} }
@ -269,11 +265,11 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
// ~ Inner Classes // ~ Inner Classes
// ================================================================================================== // ==================================================================================================
private static class Servlet3SaveToSessionRequestWrapper extends private static class SaveToSessionRequestWrapper extends
HttpServletRequestWrapper { HttpServletRequestWrapper {
private final SaveContextOnUpdateOrErrorResponseWrapper response; private final SaveContextOnUpdateOrErrorResponseWrapper response;
public Servlet3SaveToSessionRequestWrapper(HttpServletRequest request, public SaveToSessionRequestWrapper(HttpServletRequest request,
SaveContextOnUpdateOrErrorResponseWrapper response) { SaveContextOnUpdateOrErrorResponseWrapper response) {
super(request); super(request);
this.response = response; this.response = response;

54
web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryServlet25Tests.java
View File

@ -1,54 +0,0 @@
/*
* Copyright 2002-2016 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.context;
import javax.servlet.ServletRequest;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.util.ClassUtils;
import static org.assertj.core.api.Assertions.assertThat;
import static org.powermock.api.mockito.PowerMockito.spy;
import static org.powermock.api.mockito.PowerMockito.when;
/**
* @author Luke Taylor
* @author Rob Winch
*/
@RunWith(PowerMockRunner.class)
@PrepareForTest({ ClassUtils.class })
public class HttpSessionSecurityContextRepositoryServlet25Tests {
@Test
public void servlet25Compatability() throws Exception {
spy(ClassUtils.class);
when(ClassUtils.class, "hasMethod", ServletRequest.class, "startAsync",
new Class[] {}).thenReturn(false);
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request,
response);
repo.loadContext(holder);
assertThat(holder.getRequest()).isSameAs(request);
}
}