OPEN - issue SEC-775: CLONE -impossible to specify "observeOncePerRequest" property in the namespace based configuration.
http://jira.springframework.org/browse/SEC-775. Corrected check for value of observe-once-per-request attribute. Should be a check for "false" as it is true by default.
This commit is contained in:
parent
31a9fa553d
commit
7238097310
|
@ -169,8 +169,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
|||
filterSecurityInterceptorBuilder.addPropertyValue("authenticationManager",
|
||||
ConfigUtils.registerProviderManagerIfNecessary(parserContext));
|
||||
|
||||
if ("true".equals(element.getAttribute(ATT_ONCE_PER_REQUEST))) {
|
||||
filterSecurityInterceptorBuilder.addPropertyValue("observeOncePerRequest", Boolean.TRUE);
|
||||
if ("false".equals(element.getAttribute(ATT_ONCE_PER_REQUEST))) {
|
||||
filterSecurityInterceptorBuilder.addPropertyValue("observeOncePerRequest", Boolean.FALSE);
|
||||
}
|
||||
|
||||
// SEC-501 - should paths stored in request maps be converted to lower case
|
||||
|
|
|
@ -214,7 +214,7 @@ http.attlist &=
|
|||
## Allows a customized AuthenticationEntryPoint to be used.
|
||||
attribute entry-point-ref {xsd:string}?
|
||||
http.attlist &=
|
||||
## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "false"
|
||||
## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "true"
|
||||
attribute once-per-request {boolean}?
|
||||
http.attlist &=
|
||||
## Allows the access denied page to be set (the user will be redirected here if an AccessDeniedException is raised).
|
||||
|
|
|
@ -700,7 +700,7 @@
|
|||
<xs:attribute name="once-per-request" type="security:boolean">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Corresponds to the observeOncePerRequest property of
|
||||
FilterSecurityInterceptor. Defaults to "false"</xs:documentation>
|
||||
FilterSecurityInterceptor. Defaults to "true"</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="access-denied-page" type="xs:string">
|
||||
|
|
|
@ -97,7 +97,10 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
assertTrue(filters.next() instanceof RememberMeProcessingFilter);
|
||||
assertTrue(filters.next() instanceof AnonymousProcessingFilter);
|
||||
assertTrue(filters.next() instanceof ExceptionTranslationFilter);
|
||||
assertTrue(filters.next() instanceof FilterSecurityInterceptor);
|
||||
Object fsiObj = filters.next();
|
||||
assertTrue(fsiObj instanceof FilterSecurityInterceptor);
|
||||
FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) fsiObj;
|
||||
assertTrue(fsi.isObserveOncePerRequest());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -202,12 +205,12 @@ public class HttpSecurityBeanDefinitionParserTests {
|
|||
|
||||
@Test
|
||||
public void oncePerRequestAttributeIsSupported() throws Exception {
|
||||
setContext("<http once-per-request='true'><http-basic /></http>" + AUTH_PROVIDER_XML);
|
||||
setContext("<http once-per-request='false'><http-basic /></http>" + AUTH_PROVIDER_XML);
|
||||
List filters = getFilters("/someurl");
|
||||
|
||||
FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) filters.get(filters.size() - 1);
|
||||
|
||||
assertTrue(fsi.isObserveOncePerRequest());
|
||||
assertFalse(fsi.isObserveOncePerRequest());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
Loading…
Reference in New Issue