SEC-3170: Polish
* Prevent a null LogoutHandler from being set when RememberMeServices does not implement LogoutHandler * Fix test which invoked Mock from outside spock which failed * Add explicit test for adding null LogoutHandler to RememberMeConfigurer
This commit is contained in:
Rob Winch
parent
b28c62a6fe
commit
337f1885ea
|
|
@ -230,7 +230,7 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> extend
|
||||||
RememberMeServices rememberMeServices = getRememberMeServices(http, key);
|
RememberMeServices rememberMeServices = getRememberMeServices(http, key);
|
||||||
http.setSharedObject(RememberMeServices.class, rememberMeServices);
|
http.setSharedObject(RememberMeServices.class, rememberMeServices);
|
||||||
LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
|
LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
|
||||||
if (logoutConfigurer != null) {
|
if (logoutConfigurer != null && logoutHandler != null) {
|
||||||
logoutConfigurer.addLogoutHandler(logoutHandler);
|
logoutConfigurer.addLogoutHandler(logoutHandler);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@ import org.springframework.security.config.annotation.authentication.builders.Au
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
|
||||||
|
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurerTests.RememberMeNoLogoutHandler;
|
||||||
import org.springframework.security.web.authentication.RememberMeServices
|
import org.springframework.security.web.authentication.RememberMeServices
|
||||||
import org.springframework.security.web.authentication.logout.LogoutFilter
|
import org.springframework.security.web.authentication.logout.LogoutFilter
|
||||||
|
|
||||||
|
|
@ -114,24 +115,34 @@ class LogoutConfigurerTests extends BaseSpringSpec {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
def "SEC-3170: LogoutConfigurer allows null LogoutHandler"() {
|
def "SEC-3170: LogoutConfigurer RememberMeService not LogoutHandler"() {
|
||||||
when:
|
setup:
|
||||||
|
RememberMeNoLogoutHandler.REMEMBER_ME = Mock(RememberMeServices)
|
||||||
loadConfig(RememberMeNoLogoutHandler)
|
loadConfig(RememberMeNoLogoutHandler)
|
||||||
request.method = "GET"
|
request.method = "POST"
|
||||||
request.servletPath = "/logout"
|
request.servletPath = "/logout"
|
||||||
findFilter(LogoutFilter).doFilter(request, response, chain)
|
when:
|
||||||
|
findFilter(LogoutFilter).doFilter(request,response,chain)
|
||||||
then:
|
then:
|
||||||
thrown(BeanCreationException)
|
response.redirectedUrl == "/login?logout"
|
||||||
|
}
|
||||||
|
|
||||||
|
def "SEC-3170: LogoutConfigurer prevents null LogoutHandler"() {
|
||||||
|
when:
|
||||||
|
new LogoutConfigurer().addLogoutHandler(null)
|
||||||
|
then:
|
||||||
|
thrown(IllegalArgumentException)
|
||||||
}
|
}
|
||||||
|
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
static class RememberMeNoLogoutHandler extends WebSecurityConfigurerAdapter {
|
static class RememberMeNoLogoutHandler extends WebSecurityConfigurerAdapter {
|
||||||
|
static RememberMeServices REMEMBER_ME
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
http
|
http
|
||||||
.rememberMe()
|
.rememberMe()
|
||||||
.rememberMeServices(Mock(RememberMeServices))
|
.rememberMeServices(REMEMBER_ME)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue