Save Request Before Response Is Committed
Specifically important for cookie-based authorization request repositories. Closes gh-11602
This commit is contained in:
parent
14a48ea939
commit
52c7141aac
|
@ -192,8 +192,8 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
|
||||||
if (authorizationRequest == null) {
|
if (authorizationRequest == null) {
|
||||||
throw authzEx;
|
throw authzEx;
|
||||||
}
|
}
|
||||||
this.sendRedirectForAuthorization(request, response, authorizationRequest);
|
|
||||||
this.requestCache.saveRequest(request, response);
|
this.requestCache.saveRequest(request, response);
|
||||||
|
this.sendRedirectForAuthorization(request, response, authorizationRequest);
|
||||||
}
|
}
|
||||||
catch (Exception failed) {
|
catch (Exception failed) {
|
||||||
this.unsuccessfulRedirectForAuthorization(request, response, failed);
|
this.unsuccessfulRedirectForAuthorization(request, response, failed);
|
||||||
|
|
|
@ -48,6 +48,7 @@ import static org.assertj.core.api.Assertions.assertThat;
|
||||||
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
|
||||||
import static org.mockito.ArgumentMatchers.any;
|
import static org.mockito.ArgumentMatchers.any;
|
||||||
import static org.mockito.BDDMockito.given;
|
import static org.mockito.BDDMockito.given;
|
||||||
|
import static org.mockito.BDDMockito.willAnswer;
|
||||||
import static org.mockito.BDDMockito.willThrow;
|
import static org.mockito.BDDMockito.willThrow;
|
||||||
import static org.mockito.Mockito.mock;
|
import static org.mockito.Mockito.mock;
|
||||||
import static org.mockito.Mockito.times;
|
import static org.mockito.Mockito.times;
|
||||||
|
@ -333,4 +334,22 @@ public class OAuth2AuthorizationRequestRedirectFilterTests {
|
||||||
+ "login_hint=user@provider\\.com");
|
+ "login_hint=user@provider\\.com");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// gh-11602
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void doFilterWhenNotAuthorizationRequestAndClientAuthorizationRequiredExceptionThrownThenSaveRequestBeforeCommitted()
|
||||||
|
throws Exception {
|
||||||
|
String requestUri = "/path";
|
||||||
|
MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
|
||||||
|
request.setServletPath(requestUri);
|
||||||
|
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||||
|
FilterChain filterChain = mock(FilterChain.class);
|
||||||
|
willAnswer((invocation) -> assertThat((invocation.<HttpServletResponse>getArgument(1)).isCommitted()).isFalse())
|
||||||
|
.given(this.requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||||
|
willThrow(new ClientAuthorizationRequiredException(this.registration1.getRegistrationId())).given(filterChain)
|
||||||
|
.doFilter(any(ServletRequest.class), any(ServletResponse.class));
|
||||||
|
this.filter.doFilter(request, response, filterChain);
|
||||||
|
assertThat(response.isCommitted()).isTrue();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue