Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-14 22:33:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

DefaultLoginPageGeneratingFilter should calculate ContentLength using UTF-8

Browse Source 
Fixes: gh-5309
This commit is contained in:
XYUU 2018-04-26 11:55:06 +08:00 committed by Rob Winch
parent a4b5523063
commit 70d284865f
2 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
View File

@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collections; import java.util.Collections;
import java.util.Map; import java.util.Map;
import java.util.function.Function; import java.util.function.Function;
@ -195,7 +196,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
String loginPageHtml = generateLoginPageHtml(request, loginError, String loginPageHtml = generateLoginPageHtml(request, loginError,
logoutSuccess); logoutSuccess);
response.setContentType("text/html;charset=UTF-8"); response.setContentType("text/html;charset=UTF-8");
response.setContentLength(loginPageHtml.length()); response.setContentLength(loginPageHtml.getBytes(StandardCharsets.UTF_8).length);
response.getWriter().write(loginPageHtml); response.getWriter().write(loginPageHtml);
return; return;

36
web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
View File

@ -15,15 +15,6 @@
*/ */
package org.springframework.security.web.authentication; package org.springframework.security.web.authentication;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
import java.util.Locale;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Test; import org.junit.Test;
import org.springframework.context.support.MessageSourceAccessor; import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletRequest;
@ -35,13 +26,22 @@ import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.web.WebAttributes; import org.springframework.security.web.WebAttributes;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter; import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Collections;
import java.util.Locale;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
/** /**
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
*/ */
public class DefaultLoginPageGeneratingFilterTests { public class DefaultLoginPageGeneratingFilterTests {
FilterChain chain = mock(FilterChain.class); private FilterChain chain = mock(FilterChain.class);
@Test @Test
public void generatingPageWithAuthenticationProcessingFilterOnlyIsSuccessFul() public void generatingPageWithAuthenticationProcessingFilterOnlyIsSuccessFul()
@ -116,6 +116,20 @@ public class DefaultLoginPageGeneratingFilterTests {
assertThat(response.getContentAsString()).isNotEmpty(); assertThat(response.getContentAsString()).isNotEmpty();
} }
@Test
public void generatesForWithContentLength() throws Exception {
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
new UsernamePasswordAuthenticationFilter());
filter.setOauth2LoginEnabled(true);
filter.setOauth2AuthenticationUrlToClientName(Collections.singletonMap("XYUU",
"\u8109\u640F\u7F51\u5E10\u6237\u767B\u5F55"));
MockHttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
filter.doFilter(request, response, chain);
assertThat(response.getContentLength() == response.getContentAsString().getBytes(
response.getCharacterEncoding()).length).isTrue();
}
@Test @Test
public void generatesForWithQueryNoMatch() throws Exception { public void generatesForWithQueryNoMatch() throws Exception {
DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter( DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(
@ -142,7 +156,7 @@ public class DefaultLoginPageGeneratingFilterTests {
@SuppressWarnings("unused") @SuppressWarnings("unused")
private static class MockProcessingFilter extends private static class MockProcessingFilter extends
AbstractAuthenticationProcessingFilter { AbstractAuthenticationProcessingFilter {
protected MockProcessingFilter() { MockProcessingFilter() {
super("/someurl"); super("/someurl");
} }