OPEN - issue SEC-775: CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration.

http://jira.springframework.org/browse/SEC-775. Corrected check for value of observe-once-per-request attribute. Should be a check for "false" as it is true by default.
This commit is contained in:
Luke Taylor 2008-04-15 16:57:47 +00:00
parent 31a9fa553d
commit 7238097310
4 changed files with 10 additions and 7 deletions

View File

@ -169,8 +169,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
filterSecurityInterceptorBuilder.addPropertyValue("authenticationManager",
ConfigUtils.registerProviderManagerIfNecessary(parserContext));
if ("true".equals(element.getAttribute(ATT_ONCE_PER_REQUEST))) {
filterSecurityInterceptorBuilder.addPropertyValue("observeOncePerRequest", Boolean.TRUE);
if ("false".equals(element.getAttribute(ATT_ONCE_PER_REQUEST))) {
filterSecurityInterceptorBuilder.addPropertyValue("observeOncePerRequest", Boolean.FALSE);
}
// SEC-501 - should paths stored in request maps be converted to lower case

View File

@ -214,7 +214,7 @@ http.attlist &=
## Allows a customized AuthenticationEntryPoint to be used.
attribute entry-point-ref {xsd:string}?
http.attlist &=
## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "false"
## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "true"
attribute once-per-request {boolean}?
http.attlist &=
## Allows the access denied page to be set (the user will be redirected here if an AccessDeniedException is raised).

View File

@ -700,7 +700,7 @@
<xs:attribute name="once-per-request" type="security:boolean">
<xs:annotation>
<xs:documentation>Corresponds to the observeOncePerRequest property of
FilterSecurityInterceptor. Defaults to "false"</xs:documentation>
FilterSecurityInterceptor. Defaults to "true"</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="access-denied-page" type="xs:string">

View File

@ -97,7 +97,10 @@ public class HttpSecurityBeanDefinitionParserTests {
assertTrue(filters.next() instanceof RememberMeProcessingFilter);
assertTrue(filters.next() instanceof AnonymousProcessingFilter);
assertTrue(filters.next() instanceof ExceptionTranslationFilter);
assertTrue(filters.next() instanceof FilterSecurityInterceptor);
Object fsiObj = filters.next();
assertTrue(fsiObj instanceof FilterSecurityInterceptor);
FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) fsiObj;
assertTrue(fsi.isObserveOncePerRequest());
}
@Test
@ -202,12 +205,12 @@ public class HttpSecurityBeanDefinitionParserTests {
@Test
public void oncePerRequestAttributeIsSupported() throws Exception {
setContext("<http once-per-request='true'><http-basic /></http>" + AUTH_PROVIDER_XML);
setContext("<http once-per-request='false'><http-basic /></http>" + AUTH_PROVIDER_XML);
List filters = getFilters("/someurl");
FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) filters.get(filters.size() - 1);
assertTrue(fsi.isObserveOncePerRequest());
assertFalse(fsi.isObserveOncePerRequest());
}
@Test