mirror of
				https://github.com/spring-projects/spring-security.git
				synced 2025-10-21 17:58:48 +00:00 
			
		
		
		
	Add ParameterRequestMatcher
Closes gh-15342
This commit is contained in:
		
							parent
							
								
									207680ba02
								
							
						
					
					
						commit
						773e86701e
					
				| @ -1,5 +1,5 @@ | |||||||
| /* | /* | ||||||
|  * Copyright 2002-2023 the original author or authors. |  * Copyright 2002-2024 the original author or authors. | ||||||
|  * |  * | ||||||
|  * Licensed under the Apache License, Version 2.0 (the "License"); |  * Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  * you may not use this file except in compliance with the License. |  * you may not use this file except in compliance with the License. | ||||||
| @ -18,8 +18,6 @@ package org.springframework.security.config.annotation.web.configurers.saml2; | |||||||
| 
 | 
 | ||||||
| import java.util.ArrayList; | import java.util.ArrayList; | ||||||
| import java.util.List; | import java.util.List; | ||||||
| import java.util.Objects; |  | ||||||
| import java.util.function.Predicate; |  | ||||||
| 
 | 
 | ||||||
| import jakarta.servlet.http.HttpServletRequest; | import jakarta.servlet.http.HttpServletRequest; | ||||||
| 
 | 
 | ||||||
| @ -60,6 +58,7 @@ import org.springframework.security.web.csrf.CsrfLogoutHandler; | |||||||
| import org.springframework.security.web.csrf.CsrfTokenRepository; | import org.springframework.security.web.csrf.CsrfTokenRepository; | ||||||
| import org.springframework.security.web.util.matcher.AndRequestMatcher; | import org.springframework.security.web.util.matcher.AndRequestMatcher; | ||||||
| import org.springframework.security.web.util.matcher.AntPathRequestMatcher; | import org.springframework.security.web.util.matcher.AntPathRequestMatcher; | ||||||
|  | import org.springframework.security.web.util.matcher.ParameterRequestMatcher; | ||||||
| import org.springframework.security.web.util.matcher.RequestMatcher; | import org.springframework.security.web.util.matcher.RequestMatcher; | ||||||
| 
 | 
 | ||||||
| /** | /** | ||||||
| @ -508,23 +507,6 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>> | |||||||
| 
 | 
 | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	private static class ParameterRequestMatcher implements RequestMatcher { |  | ||||||
| 
 |  | ||||||
| 		Predicate<String> test = Objects::nonNull; |  | ||||||
| 
 |  | ||||||
| 		String name; |  | ||||||
| 
 |  | ||||||
| 		ParameterRequestMatcher(String name) { |  | ||||||
| 			this.name = name; |  | ||||||
| 		} |  | ||||||
| 
 |  | ||||||
| 		@Override |  | ||||||
| 		public boolean matches(HttpServletRequest request) { |  | ||||||
| 			return this.test.test(request.getParameter(this.name)); |  | ||||||
| 		} |  | ||||||
| 
 |  | ||||||
| 	} |  | ||||||
| 
 |  | ||||||
| 	private static class Saml2RelyingPartyInitiatedLogoutFilter extends LogoutFilter { | 	private static class Saml2RelyingPartyInitiatedLogoutFilter extends LogoutFilter { | ||||||
| 
 | 
 | ||||||
| 		Saml2RelyingPartyInitiatedLogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers) { | 		Saml2RelyingPartyInitiatedLogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers) { | ||||||
|  | |||||||
| @ -1,5 +1,5 @@ | |||||||
| /* | /* | ||||||
|  * Copyright 2002-2022 the original author or authors. |  * Copyright 2002-2024 the original author or authors. | ||||||
|  * |  * | ||||||
|  * Licensed under the Apache License, Version 2.0 (the "License"); |  * Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  * you may not use this file except in compliance with the License. |  * you may not use this file except in compliance with the License. | ||||||
| @ -18,8 +18,6 @@ package org.springframework.security.config.http; | |||||||
| 
 | 
 | ||||||
| import java.util.Arrays; | import java.util.Arrays; | ||||||
| import java.util.List; | import java.util.List; | ||||||
| import java.util.Objects; |  | ||||||
| import java.util.function.Predicate; |  | ||||||
| 
 | 
 | ||||||
| import jakarta.servlet.http.HttpServletRequest; | import jakarta.servlet.http.HttpServletRequest; | ||||||
| import org.w3c.dom.Element; | import org.w3c.dom.Element; | ||||||
| @ -44,6 +42,7 @@ import org.springframework.security.web.authentication.logout.SecurityContextLog | |||||||
| import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler; | import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler; | ||||||
| import org.springframework.security.web.util.matcher.AndRequestMatcher; | import org.springframework.security.web.util.matcher.AndRequestMatcher; | ||||||
| import org.springframework.security.web.util.matcher.AntPathRequestMatcher; | import org.springframework.security.web.util.matcher.AntPathRequestMatcher; | ||||||
|  | import org.springframework.security.web.util.matcher.ParameterRequestMatcher; | ||||||
| import org.springframework.security.web.util.matcher.RequestMatcher; | import org.springframework.security.web.util.matcher.RequestMatcher; | ||||||
| import org.springframework.util.CollectionUtils; | import org.springframework.util.CollectionUtils; | ||||||
| import org.springframework.util.StringUtils; | import org.springframework.util.StringUtils; | ||||||
| @ -228,23 +227,6 @@ final class Saml2LogoutBeanDefinitionParser implements BeanDefinitionParser { | |||||||
| 		return this.logoutFilter; | 		return this.logoutFilter; | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	private static class ParameterRequestMatcher implements RequestMatcher { |  | ||||||
| 
 |  | ||||||
| 		Predicate<String> test = Objects::nonNull; |  | ||||||
| 
 |  | ||||||
| 		String name; |  | ||||||
| 
 |  | ||||||
| 		ParameterRequestMatcher(String name) { |  | ||||||
| 			this.name = name; |  | ||||||
| 		} |  | ||||||
| 
 |  | ||||||
| 		@Override |  | ||||||
| 		public boolean matches(HttpServletRequest request) { |  | ||||||
| 			return this.test.test(request.getParameter(this.name)); |  | ||||||
| 		} |  | ||||||
| 
 |  | ||||||
| 	} |  | ||||||
| 
 |  | ||||||
| 	public static class Saml2RequestMatcher implements RequestMatcher { | 	public static class Saml2RequestMatcher implements RequestMatcher { | ||||||
| 
 | 
 | ||||||
| 		private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder | 		private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder | ||||||
|  | |||||||
| @ -0,0 +1,91 @@ | |||||||
|  | /* | ||||||
|  |  * Copyright 2002-2024 the original author or authors. | ||||||
|  |  * | ||||||
|  |  * Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  |  * you may not use this file except in compliance with the License. | ||||||
|  |  * You may obtain a copy of the License at | ||||||
|  |  * | ||||||
|  |  *      https://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  |  * | ||||||
|  |  * Unless required by applicable law or agreed to in writing, software | ||||||
|  |  * distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  |  * See the License for the specific language governing permissions and | ||||||
|  |  * limitations under the License. | ||||||
|  |  */ | ||||||
|  | 
 | ||||||
|  | package org.springframework.security.web.util.matcher; | ||||||
|  | 
 | ||||||
|  | import java.util.Map; | ||||||
|  | import java.util.Objects; | ||||||
|  | 
 | ||||||
|  | import jakarta.servlet.http.HttpServletRequest; | ||||||
|  | 
 | ||||||
|  | /** | ||||||
|  |  * A {@link RequestMatcher} for matching on a request parameter and its value. | ||||||
|  |  * | ||||||
|  |  * <p> | ||||||
|  |  * The value may also be specified as a placeholder in order to match on any value, | ||||||
|  |  * returning the value as part of the {@link MatchResult}. | ||||||
|  |  * | ||||||
|  |  * @author Josh Cummings | ||||||
|  |  * @since 6.4 | ||||||
|  |  */ | ||||||
|  | public final class ParameterRequestMatcher implements RequestMatcher { | ||||||
|  | 
 | ||||||
|  | 	private static final MatchesValueMatcher NON_NULL = Objects::nonNull; | ||||||
|  | 
 | ||||||
|  | 	private final String name; | ||||||
|  | 
 | ||||||
|  | 	private final ValueMatcher matcher; | ||||||
|  | 
 | ||||||
|  | 	public ParameterRequestMatcher(String name) { | ||||||
|  | 		this.name = name; | ||||||
|  | 		this.matcher = NON_NULL; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	public ParameterRequestMatcher(String name, String value) { | ||||||
|  | 		this.name = name; | ||||||
|  | 		MatchesValueMatcher matcher = value::equals; | ||||||
|  | 		if (value.startsWith("{") && value.endsWith("}")) { | ||||||
|  | 			String key = value.substring(1, value.length() - 1); | ||||||
|  | 			this.matcher = (v) -> (v != null) ? MatchResult.match(Map.of(key, v)) : MatchResult.notMatch(); | ||||||
|  | 		} | ||||||
|  | 		else { | ||||||
|  | 			this.matcher = matcher; | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	@Override | ||||||
|  | 	public boolean matches(HttpServletRequest request) { | ||||||
|  | 		return matcher(request).isMatch(); | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	@Override | ||||||
|  | 	public MatchResult matcher(HttpServletRequest request) { | ||||||
|  | 		String parameterValue = request.getParameter(this.name); | ||||||
|  | 		return this.matcher.matcher(parameterValue); | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	private interface ValueMatcher { | ||||||
|  | 
 | ||||||
|  | 		MatchResult matcher(String value); | ||||||
|  | 
 | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	private interface MatchesValueMatcher extends ValueMatcher { | ||||||
|  | 
 | ||||||
|  | 		default MatchResult matcher(String value) { | ||||||
|  | 			if (matches(value)) { | ||||||
|  | 				return MatchResult.match(); | ||||||
|  | 			} | ||||||
|  | 			else { | ||||||
|  | 				return MatchResult.notMatch(); | ||||||
|  | 			} | ||||||
|  | 		} | ||||||
|  | 
 | ||||||
|  | 		boolean matches(String value); | ||||||
|  | 
 | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | } | ||||||
| @ -0,0 +1,64 @@ | |||||||
|  | /* | ||||||
|  |  * Copyright 2002-2024 the original author or authors. | ||||||
|  |  * | ||||||
|  |  * Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  |  * you may not use this file except in compliance with the License. | ||||||
|  |  * You may obtain a copy of the License at | ||||||
|  |  * | ||||||
|  |  *      https://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  |  * | ||||||
|  |  * Unless required by applicable law or agreed to in writing, software | ||||||
|  |  * distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  |  * See the License for the specific language governing permissions and | ||||||
|  |  * limitations under the License. | ||||||
|  |  */ | ||||||
|  | 
 | ||||||
|  | package org.springframework.security.web.util.matcher; | ||||||
|  | 
 | ||||||
|  | import org.junit.jupiter.api.Test; | ||||||
|  | import org.junit.jupiter.api.extension.ExtendWith; | ||||||
|  | import org.mockito.junit.jupiter.MockitoExtension; | ||||||
|  | 
 | ||||||
|  | import org.springframework.mock.web.MockHttpServletRequest; | ||||||
|  | 
 | ||||||
|  | import static org.assertj.core.api.Assertions.assertThat; | ||||||
|  | 
 | ||||||
|  | /** | ||||||
|  |  * Tests for {@link ParameterRequestMatcher} | ||||||
|  |  * | ||||||
|  |  * @author Josh Cummings | ||||||
|  |  */ | ||||||
|  | @ExtendWith(MockitoExtension.class) | ||||||
|  | public class ParameterRequestMatcherTests { | ||||||
|  | 
 | ||||||
|  | 	@Test | ||||||
|  | 	public void matchesWhenNameThenMatchesOnParameterName() { | ||||||
|  | 		ParameterRequestMatcher matcher = new ParameterRequestMatcher("name"); | ||||||
|  | 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo/bar"); | ||||||
|  | 		assertThat(matcher.matches(request)).isFalse(); | ||||||
|  | 		request.setParameter("name", "value"); | ||||||
|  | 		assertThat(matcher.matches(request)).isTrue(); | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	@Test | ||||||
|  | 	public void matchesWhenNameAndValueThenMatchesOnBoth() { | ||||||
|  | 		ParameterRequestMatcher matcher = new ParameterRequestMatcher("name", "value"); | ||||||
|  | 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo/bar"); | ||||||
|  | 		request.setParameter("name", "value"); | ||||||
|  | 		assertThat(matcher.matches(request)).isTrue(); | ||||||
|  | 		request.setParameter("name", "wrong"); | ||||||
|  | 		assertThat(matcher.matches(request)).isFalse(); | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | 	@Test | ||||||
|  | 	public void matchesWhenValuePlaceholderThenMatchesOnName() { | ||||||
|  | 		ParameterRequestMatcher matcher = new ParameterRequestMatcher("name", "{placeholder}"); | ||||||
|  | 		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/foo/bar"); | ||||||
|  | 		request.setParameter("name", "value"); | ||||||
|  | 		RequestMatcher.MatchResult result = matcher.matcher(request); | ||||||
|  | 		assertThat(result.isMatch()).isTrue(); | ||||||
|  | 		assertThat(result.getVariables().get("placeholder")).isEqualTo("value"); | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
|  | } | ||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user