Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

HttpSessionRequestCache Allow Any SavedRequest

Browse Source 
Fixes: gh-5585
This commit is contained in:
Rob Winch 2018-07-26 12:50:00 -05:00
parent 7b2b1a877d
commit 483e25f821
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
web/src/main/java/org/springframework/security/web/savedrequest/HttpSessionRequestCache.java
View File

@ -23,6 +23,7 @@ import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.springframework.security.web.PortResolver; import org.springframework.security.web.PortResolver;
import org.springframework.security.web.PortResolverImpl; import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.security.web.util.matcher.AnyRequestMatcher; import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher;
@ -88,13 +89,9 @@ public class HttpSessionRequestCache implements RequestCache {
public HttpServletRequest getMatchingRequest(HttpServletRequest request, public HttpServletRequest getMatchingRequest(HttpServletRequest request,
HttpServletResponse response) { HttpServletResponse response) {
DefaultSavedRequest saved = (DefaultSavedRequest) getRequest(request, response); SavedRequest saved = getRequest(request, response);
if (saved == null) { if (!matchesSavedRequest(request, saved)) {
return null;
}
if (!saved.doesRequestMatch(request, portResolver)) {
logger.debug("saved request doesn't match"); logger.debug("saved request doesn't match");
return null; return null;
} }
@ -104,6 +101,20 @@ public class HttpSessionRequestCache implements RequestCache {
return new SavedRequestAwareWrapper(saved, request); return new SavedRequestAwareWrapper(saved, request);
} }
private boolean matchesSavedRequest(HttpServletRequest request, SavedRequest savedRequest) {
if (savedRequest == null) {
return false;
}
if (savedRequest instanceof DefaultSavedRequest) {
DefaultSavedRequest defaultSavedRequest = (DefaultSavedRequest) savedRequest;
return defaultSavedRequest.doesRequestMatch(request, this.portResolver);
}
String currentUrl = UrlUtils.buildFullRequestUrl(request);
return savedRequest.getRedirectUrl().equals(currentUrl);
}
/** /**
* Allows selective use of saved requests for a subset of requests. By default any * Allows selective use of saved requests for a subset of requests. By default any
* request will be cached by the {@code saveRequest} method. * request will be cached by the {@code saveRequest} method.