From 496579dde2678a64c5b2f8ffec1f27a4046bf84b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edd=C3=BA=20Mel=C3=A9ndez?= Date: Thu, 25 Jul 2019 21:15:21 -0500 Subject: [PATCH] Add match result for servlet requests Fixes gh-7148 --- ...ultOAuth2AuthorizationRequestResolver.java | 3 +- ...ilterInvocationSecurityMetadataSource.java | 5 +- .../util/matcher/MvcRequestMatcher.java | 25 +++++--- .../util/matcher/AntPathRequestMatcher.java | 12 +++- .../web/util/matcher/RequestMatcher.java | 63 ++++++++++++++++++- .../matcher/RequestVariablesExtractor.java | 3 +- .../util/matcher/MvcRequestMatcherTests.java | 9 ++- 7 files changed, 104 insertions(+), 16 deletions(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java index 81e423b202..84e2ec47be 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.java @@ -50,6 +50,7 @@ import java.util.Map; * * @author Joe Grandja * @author Rob Winch + * @author Eddú Meléndez * @since 5.1 * @see OAuth2AuthorizationRequestResolver * @see OAuth2AuthorizationRequestRedirectFilter @@ -147,7 +148,7 @@ public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2Au private String resolveRegistrationId(HttpServletRequest request) { if (this.authorizationRequestMatcher.matches(request)) { return this.authorizationRequestMatcher - .extractUriTemplateVariables(request).get(REGISTRATION_ID_URI_VARIABLE_NAME); + .matcher(request).getVariables().get(REGISTRATION_ID_URI_VARIABLE_NAME); } return null; } diff --git a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java index c893871574..da0f3e35f7 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/ExpressionBasedFilterInvocationSecurityMetadataSource.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -40,6 +40,7 @@ import org.springframework.util.Assert; * Expression-based {@code FilterInvocationSecurityMetadataSource}. * * @author Luke Taylor + * @author Eddú Meléndez * @since 3.0 */ public final class ExpressionBasedFilterInvocationSecurityMetadataSource @@ -111,7 +112,7 @@ public final class ExpressionBasedFilterInvocationSecurityMetadataSource @Override Map extractVariables(HttpServletRequest request) { - return this.matcher.extractUriTemplateVariables(request); + return this.matcher.matcher(request).getVariables(); } } diff --git a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java index a455d1ca7a..168a77c681 100644 --- a/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcher.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2016 the original author or authors. + * Copyright 2012-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,7 +16,6 @@ package org.springframework.security.web.servlet.util.matcher; -import java.util.Collections; import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -43,6 +42,7 @@ import org.springframework.web.util.UrlPathHelper; *

* * @author Rob Winch + * @author Eddú Meléndez * @since 4.1.1 */ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtractor { @@ -93,13 +93,18 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac */ @Override public Map extractUriTemplateVariables(HttpServletRequest request) { + return matcher(request).getVariables(); + } + + @Override + public MatchResult matcher(HttpServletRequest request) { MatchableHandlerMapping mapping = getMapping(request); if (mapping == null) { - return this.defaultMatcher.extractUriTemplateVariables(request); + return this.defaultMatcher.matcher(request); } RequestMatchResult result = mapping.match(request, this.pattern); - return result == null ? Collections.emptyMap() - : result.extractUriTemplateVariables(); + return result == null ? MatchResult.notMatch() + : MatchResult.match(result.extractUriTemplateVariables()); } /** @@ -160,12 +165,18 @@ public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtrac @Override public Map extractUriTemplateVariables( HttpServletRequest request) { + return matcher(request).getVariables(); + } + + @Override + public MatchResult matcher(HttpServletRequest request) { String lookupPath = this.pathHelper.getLookupPathForRequest(request); if (matches(lookupPath)) { - return this.pathMatcher.extractUriTemplateVariables( + Map variables = this.pathMatcher.extractUriTemplateVariables( MvcRequestMatcher.this.pattern, lookupPath); + return MatchResult.match(variables); } - return Collections.emptyMap(); + return MatchResult.notMatch(); } } } diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java index f734b4c6d2..7861e983ef 100644 --- a/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/util/matcher/AntPathRequestMatcher.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -49,6 +49,7 @@ import org.springframework.web.util.UrlPathHelper; * * @author Luke Taylor * @author Rob Winch + * @author Eddú Meléndez * @since 3.1 * * @see org.springframework.util.AntPathMatcher @@ -182,11 +183,16 @@ public final class AntPathRequestMatcher @Override public Map extractUriTemplateVariables(HttpServletRequest request) { + return matcher(request).getVariables(); + } + + @Override + public MatchResult matcher(HttpServletRequest request) { if (this.matcher == null || !matches(request)) { - return Collections.emptyMap(); + return MatchResult.notMatch(); } String url = getRequestPath(request); - return this.matcher.extractUriTemplateVariables(url); + return MatchResult.match(this.matcher.extractUriTemplateVariables(url)); } private String getRequestPath(HttpServletRequest request) { diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java index 84a5018eac..61ce2d0842 100644 --- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java +++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestMatcher.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,12 +15,16 @@ */ package org.springframework.security.web.util.matcher; +import java.util.Collections; +import java.util.Map; + import javax.servlet.http.HttpServletRequest; /** * Simple strategy to match an HttpServletRequest. * * @author Luke Taylor + * @author Eddú Meléndez * @since 3.0.2 */ public interface RequestMatcher { @@ -33,4 +37,61 @@ public interface RequestMatcher { */ boolean matches(HttpServletRequest request); + /** + * @since 5.2 + */ + default MatchResult matcher(HttpServletRequest request) { + boolean match = matches(request); + return new MatchResult(match, Collections.emptyMap()); + } + + /** + * The result of matching + */ + class MatchResult { + private final boolean match; + private final Map variables; + + MatchResult(boolean match, Map variables) { + this.match = match; + this.variables = variables; + } + + public boolean isMatch() { + return this.match; + } + + public Map getVariables() { + return this.variables; + } + + /** + * Creates an instance of {@link MatchResult} that is a match with no variables + * + * @return + */ + public static MatchResult match() { + return new MatchResult(true, Collections.emptyMap()); + } + + /** + * Creates an instance of {@link MatchResult} that is a match with the specified variables + * + * @param variables + * @return + */ + public static MatchResult match(Map variables) { + return new MatchResult(true, variables); + } + + /** + * Creates an instance of {@link MatchResult} that is not a match. + * + * @return + */ + public static MatchResult notMatch() { + return new MatchResult(false, Collections.emptyMap()); + } + } + } diff --git a/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java b/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java index 93d4dbe83a..c3444d0e70 100644 --- a/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java +++ b/web/src/main/java/org/springframework/security/web/util/matcher/RequestVariablesExtractor.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2016 the original author or authors. + * Copyright 2012-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletRequest; * * @author Rob Winch * @since 4.1.1 + * @deprecated */ public interface RequestVariablesExtractor { diff --git a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java index b6b69796cc..68a380128e 100644 --- a/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java +++ b/web/src/test/java/org/springframework/security/web/servlet/util/matcher/MvcRequestMatcherTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2016 the original author or authors. + * Copyright 2012-2019 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -40,6 +40,7 @@ import static org.mockito.Mockito.when; /** * @author Rob Winch + * @author Eddú Meléndez */ @RunWith(MockitoJUnitRunner.class) public class MvcRequestMatcherTests { @@ -73,6 +74,8 @@ public class MvcRequestMatcherTests { assertThat(this.matcher.extractUriTemplateVariables(this.request)) .containsEntry("p", "path"); + assertThat(this.matcher.matcher(this.request).getVariables()) + .containsEntry("p", "path"); } @Test @@ -85,6 +88,7 @@ public class MvcRequestMatcherTests { .thenReturn(this.result); assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty(); + assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty(); } @Test @@ -94,6 +98,8 @@ public class MvcRequestMatcherTests { assertThat(this.matcher.extractUriTemplateVariables(this.request)) .containsEntry("p", "path"); + assertThat(this.matcher.matcher(this.request).getVariables()) + .containsEntry("p", "path"); } @Test @@ -102,6 +108,7 @@ public class MvcRequestMatcherTests { when(this.introspector.getMatchableHandlerMapping(this.request)).thenReturn(null); assertThat(this.matcher.extractUriTemplateVariables(this.request)).isEmpty(); + assertThat(this.matcher.matcher(this.request).getVariables()).isEmpty(); } @Test