mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-25 05:22:16 +00:00
SEC-1269: Combining <form-login> and <open-id> fails to find entry point. Fixed entry point choice conditions when using openID and/or form-login
This commit is contained in:
Luke Taylor
parent
12d825e557
commit
799b96520b
@ -331,10 +331,6 @@ final class AuthenticationConfigBuilder {
|
||||
void createLoginPageFilterIfNeeded() {
|
||||
boolean needLoginPage = formFilter != null || openIDFilter != null;
|
||||
String formLoginPage = getLoginFormUrl(formEntryPoint);
|
||||
// If the login URL is the default one, then it is assumed not to have been set explicitly
|
||||
if (DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL == formLoginPage) {
|
||||
formLoginPage = null;
|
||||
}
|
||||
String openIDLoginPage = getLoginFormUrl(openIDEntryPoint);
|
||||
|
||||
// If no login page has been defined, add in the default page generator.
|
||||
@ -498,15 +494,21 @@ final class AuthenticationConfigBuilder {
|
||||
}
|
||||
|
||||
// If formLogin has been enabled either through an element or auto-config, then it is used if no openID login page
|
||||
// has been set
|
||||
// has been set.
|
||||
String formLoginPage = getLoginFormUrl(formEntryPoint);
|
||||
String openIDLoginPage = getLoginFormUrl(openIDEntryPoint);
|
||||
|
||||
if (formLoginPage != null && openIDLoginPage != null) {
|
||||
pc.getReaderContext().error("Only one login-page can be defined, either for OpenID or form-login, " +
|
||||
"but not both.", pc.extractSource(openIDLoginElt));
|
||||
}
|
||||
|
||||
if (formFilter != null && openIDLoginPage == null) {
|
||||
return formEntryPoint;
|
||||
}
|
||||
|
||||
// Otherwise use OpenID if enabled
|
||||
if (openIDFilter != null && formFilter == null) {
|
||||
if (openIDFilter != null) {
|
||||
return openIDEntryPoint;
|
||||
}
|
||||
|
||||
@ -533,6 +535,11 @@ final class AuthenticationConfigBuilder {
|
||||
return null;
|
||||
}
|
||||
|
||||
// If the login URL is the default one, then it is assumed not to have been set explicitly
|
||||
if (DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL.equals(pv.getValue())) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return (String) pv.getValue();
|
||||
}
|
||||
|
||||
|
||||
@ -993,6 +993,52 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
"</http>", appContext);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void openIDAndFormLoginWorkTogether() throws Exception {
|
||||
setContext(
|
||||
"<http>" +
|
||||
" <openid-login />" +
|
||||
" <form-login />" +
|
||||
"</http>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class);
|
||||
LoginUrlAuthenticationEntryPoint ap = (LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint();
|
||||
assertEquals("/spring_security_login", ap.getLoginFormUrl());
|
||||
// Default login filter should be present since we haven't specified any login URLs
|
||||
getFilter(DefaultLoginPageGeneratingFilter.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void formLoginEntryPointTakesPrecedenceIfLoginUrlIsSet() throws Exception {
|
||||
setContext(
|
||||
"<http>" +
|
||||
" <openid-login />" +
|
||||
" <form-login login-page='/form_login_page' />" +
|
||||
"</http>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class);
|
||||
LoginUrlAuthenticationEntryPoint ap = (LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint();
|
||||
assertEquals("/form_login_page", ap.getLoginFormUrl());
|
||||
try {
|
||||
getFilter(DefaultLoginPageGeneratingFilter.class);
|
||||
fail("Login page generating filter shouldn't be present");
|
||||
} catch (Exception expected) {
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void openIDEntryPointTakesPrecedenceIfLoginUrlIsSet() throws Exception {
|
||||
setContext(
|
||||
"<http>" +
|
||||
" <openid-login login-page='/openid_login' />" +
|
||||
" <form-login />" +
|
||||
"</http>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
ExceptionTranslationFilter etf = (ExceptionTranslationFilter) getFilter(ExceptionTranslationFilter.class);
|
||||
LoginUrlAuthenticationEntryPoint ap = (LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint();
|
||||
assertEquals("/openid_login", ap.getLoginFormUrl());
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
@Test
|
||||
public void openIDWithAttributeExchangeConfigurationIsParsedCorrectly() throws Exception {
|
||||
@ -1018,6 +1064,15 @@ public class HttpSecurityBeanDefinitionParserTests {
|
||||
assertEquals(2, attributes.get(1).getCount());
|
||||
}
|
||||
|
||||
@Test(expected=BeanDefinitionParsingException.class)
|
||||
public void multipleLoginPagesCausesError() throws Exception {
|
||||
setContext(
|
||||
"<http>" +
|
||||
" <openid-login login-page='/openid_login_page' />" +
|
||||
" <form-login login-page='/form_login_page' />" +
|
||||
"</http>" +
|
||||
AUTH_PROVIDER_XML);
|
||||
}
|
||||
|
||||
private void setContext(String context) {
|
||||
appContext = new InMemoryXmlApplicationContext(context);
|
||||
|
||||
@ -67,7 +67,7 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
|
||||
if (openIDFilter != null) {
|
||||
openIdEnabled = true;
|
||||
openIDauthenticationUrl = openIDFilter.getFilterProcessesUrl();
|
||||
openIDusernameParameter = (String) (new BeanWrapperImpl(openIDFilter)).getPropertyValue("claimedIdentityFieldName");
|
||||
openIDusernameParameter = "j_username";
|
||||
|
||||
if (openIDFilter.getRememberMeServices() instanceof AbstractRememberMeServices) {
|
||||
openIDrememberMeParameter = ((AbstractRememberMeServices)openIDFilter.getRememberMeServices()).getParameter();
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user