From 44e2543015f67bd197707984441437bdd0c0badf Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Mon, 24 Oct 2011 21:21:10 +0100 Subject: [PATCH] Minor changes to make filter chain validation more robust with custom request matchers. --- .../config/http/DefaultFilterChainValidator.java | 12 ++++++++++-- .../security/web/DefaultSecurityFilterChain.java | 4 ++++ .../security/web/FilterChainProxy.java | 1 - .../security/web/FilterInvocation.java | 1 + 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java index 711c90ae50..8dbe102cd8 100644 --- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java +++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java @@ -119,9 +119,17 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain } String loginPage = ((LoginUrlAuthenticationEntryPoint)etf.getAuthenticationEntryPoint()).getLoginFormUrl(); - FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST"); - List filters = fcp.getFilters(loginPage); logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration"); + FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST"); + List filters = null; + + try { + filters = fcp.getFilters(loginPage); + } catch (Exception e) { + // May happen legitimately if a filter-chain request matcher requires more request data than that provided + // by the dummy request used when creating the filter invocation. + logger.info("Failed to obtain filter chain information for the login page. Unable to complete check."); + } if (filters == null || filters.isEmpty()) { logger.debug("Filter chain is empty for the login page"); diff --git a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java index cc4e418347..466d1254ef 100644 --- a/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java +++ b/web/src/main/java/org/springframework/security/web/DefaultSecurityFilterChain.java @@ -1,5 +1,7 @@ package org.springframework.security.web; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.springframework.security.web.util.RequestMatcher; import javax.servlet.Filter; @@ -14,6 +16,7 @@ import java.util.*; * @since 3.1 */ public final class DefaultSecurityFilterChain implements SecurityFilterChain { + private static final Log logger = LogFactory.getLog(DefaultSecurityFilterChain.class); private final RequestMatcher requestMatcher; private final List filters; @@ -22,6 +25,7 @@ public final class DefaultSecurityFilterChain implements SecurityFilterChain { } public DefaultSecurityFilterChain(RequestMatcher requestMatcher, List filters) { + logger.info("Creating filter chain: " + requestMatcher + ", " + filters); this.requestMatcher = requestMatcher; this.filters = new ArrayList(filters); } diff --git a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java index 19a3d44da5..bd163f1180 100644 --- a/web/src/main/java/org/springframework/security/web/FilterChainProxy.java +++ b/web/src/main/java/org/springframework/security/web/FilterChainProxy.java @@ -20,7 +20,6 @@ import org.apache.commons.logging.LogFactory; import org.springframework.security.web.firewall.DefaultHttpFirewall; import org.springframework.security.web.firewall.FirewalledRequest; import org.springframework.security.web.firewall.HttpFirewall; -import org.springframework.security.web.util.AnyRequestMatcher; import org.springframework.security.web.util.RequestMatcher; import org.springframework.security.web.util.UrlUtils; import org.springframework.web.filter.DelegatingFilterProxy; diff --git a/web/src/main/java/org/springframework/security/web/FilterInvocation.java b/web/src/main/java/org/springframework/security/web/FilterInvocation.java index 7c7fe37847..f7006d500b 100644 --- a/web/src/main/java/org/springframework/security/web/FilterInvocation.java +++ b/web/src/main/java/org/springframework/security/web/FilterInvocation.java @@ -92,6 +92,7 @@ public class FilterInvocation { } request.setContextPath(contextPath); request.setServletPath(servletPath); + request.setRequestURI(contextPath + servletPath + (pathInfo == null ? "" : pathInfo)); request.setPathInfo(pathInfo); request.setQueryString(query); request.setMethod(method);