SEC-1540: Fix to add HTTP-method specific support for namespace requires-channel attribute.

This commit is contained in:
Luke Taylor 2010-08-18 13:01:16 +01:00
parent 3c02989d67
commit 5f6bcc0e1e
2 changed files with 35 additions and 1 deletions

View File

@ -35,7 +35,7 @@ public enum MatcherType {
} }
BeanDefinition createMatcher(String path, String method) { BeanDefinition createMatcher(String path, String method) {
if ("/**".equals(path)) { if ("/**".equals(path) && method == null) {
return new RootBeanDefinition(AnyRequestMatcher.class); return new RootBeanDefinition(AnyRequestMatcher.class);
} }

View File

@ -170,6 +170,40 @@ class MiscHttpConfigTests extends AbstractHttpConfigTests {
attrs.contains(new SecurityConfig("ROLE_B")) attrs.contains(new SecurityConfig("ROLE_B"))
} }
def httpMethodMatchIsSupportedForRequiresChannel() {
httpAutoConfig {
'intercept-url'(pattern: '/anyurl')
'intercept-url'(pattern: '/anyurl', 'method':'GET',access: 'ROLE_ADMIN', 'requires-channel': 'https')
}
createAppContext()
def fids = getFilter(ChannelProcessingFilter).getSecurityMetadataSource();
def attrs = fids.getAttributes(createFilterinvocation("/anyurl", "GET"));
def attrsPost = fids.getAttributes(createFilterinvocation("/anyurl", "POST"));
expect:
attrs.size() == 1
attrs.contains(new SecurityConfig("REQUIRES_SECURE_CHANNEL"))
attrsPost == null
}
def httpMethodMatchIsSupportedForRequiresChannelAny() {
httpAutoConfig {
'intercept-url'(pattern: '/**')
'intercept-url'(pattern: '/**', 'method':'GET',access: 'ROLE_ADMIN', 'requires-channel': 'https')
}
createAppContext()
def fids = getFilter(ChannelProcessingFilter).getSecurityMetadataSource();
def attrs = fids.getAttributes(createFilterinvocation("/anyurl", "GET"));
def attrsPost = fids.getAttributes(createFilterinvocation("/anyurl", "POST"));
expect:
attrs.size() == 1
attrs.contains(new SecurityConfig("REQUIRES_SECURE_CHANNEL"))
attrsPost == null
}
def oncePerRequestAttributeIsSupported() { def oncePerRequestAttributeIsSupported() {
xml.http('once-per-request': 'false') { xml.http('once-per-request': 'false') {
'http-basic'() 'http-basic'()