diff --git a/config/src/main/java/org/springframework/security/config/BeanIds.java b/config/src/main/java/org/springframework/security/config/BeanIds.java index 2ced2b2af1..12ad2cc679 100644 --- a/config/src/main/java/org/springframework/security/config/BeanIds.java +++ b/config/src/main/java/org/springframework/security/config/BeanIds.java @@ -29,7 +29,6 @@ public abstract class BeanIds { public static final String FILTER_CHAIN_PROXY = "_filterChainProxy"; public static final String LDAP_AUTHENTICATION_PROVIDER = "_ldapAuthenticationProvider"; - public static final String SESSION_FIXATION_PROTECTION_FILTER = "_sessionFixationProtectionFilter"; public static final String METHOD_SECURITY_METADATA_SOURCE_ADVISOR = "_methodSecurityMetadataSourceAdvisor"; public static final String EMBEDDED_APACHE_DS = "_apacheDirectoryServerContainer"; public static final String CONTEXT_SOURCE = "_securityContextSource"; diff --git a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java index 2ad93ff371..917436c93e 100644 --- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java @@ -41,6 +41,7 @@ import org.springframework.security.config.BeanIds; import org.springframework.security.config.Elements; import org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper; import org.springframework.security.web.FilterChainProxy; +import org.springframework.security.web.PortResolverImpl; import org.springframework.security.web.access.AccessDeniedHandlerImpl; import org.springframework.security.web.access.ExceptionTranslationFilter; import org.springframework.security.web.access.channel.ChannelDecisionManagerImpl; @@ -204,9 +205,10 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { // Register the portMapper. A default will always be created, even if no element exists. BeanDefinition portMapper = new PortMappingsBeanDefinitionParser().parse( DomUtils.getChildElementByTagName(element, Elements.PORT_MAPPINGS), pc); + String portMapperName = pc.getReaderContext().registerWithGeneratedName(portMapper); RootBeanDefinition rememberMeFilter = createRememberMeFilter(element, pc, authenticationManager); BeanDefinition anonFilter = createAnonymousFilter(element, pc); - BeanReference requestCache = createRequestCache(element, pc, allowSessionCreation); + BeanReference requestCache = createRequestCache(element, pc, allowSessionCreation, portMapperName); BeanDefinition requestCacheAwareFilter = new RootBeanDefinition(RequestCacheAwareFilter.class); requestCacheAwareFilter.getPropertyValues().addPropertyValue("requestCache", requestCache); @@ -215,16 +217,15 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { sessionRegistryRef); BeanDefinition fsi = createFilterSecurityInterceptor(element, pc, matcher, convertPathsToLowerCase, authenticationManager); - String portMapperName = pc.getReaderContext().registerWithGeneratedName(portMapper); if (channelRequestMap.size() > 0) { // At least one channel requirement has been specified cpf = createChannelProcessingFilter(pc, matcher, channelRequestMap, portMapperName); } - if (sfpf != null) { - // Used by SessionRegistryinjectionPP - pc.getRegistry().registerBeanDefinition(BeanIds.SESSION_FIXATION_PROTECTION_FILTER, sfpf); - } +// if (sfpf != null) { +// // Used by SessionRegistryinjectionPP +// pc.getRegistry().registerBeanDefinition(BeanIds.SESSION_FIXATION_PROTECTION_FILTER, sfpf); +// } final FilterAndEntryPoint basic = createBasicFilter(element, pc, autoConfig, authenticationManager); final FilterAndEntryPoint form = createFormLoginFilter(element, pc, autoConfig, allowSessionCreation, @@ -758,9 +759,13 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { return new RuntimeBeanReference(id); } - private BeanReference createRequestCache(Element element, ParserContext pc, boolean allowSessionCreation) { + private BeanReference createRequestCache(Element element, ParserContext pc, boolean allowSessionCreation, + String portMapperName) { BeanDefinitionBuilder requestCache = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionRequestCache.class); + BeanDefinitionBuilder portResolver = BeanDefinitionBuilder.rootBeanDefinition(PortResolverImpl.class); + portResolver.addPropertyReference("portMapper", portMapperName); requestCache.addPropertyValue("createSessionAllowed", Boolean.valueOf(allowSessionCreation)); + requestCache.addPropertyValue("portResolver", portResolver.getBeanDefinition()); BeanDefinition bean = requestCache.getBeanDefinition(); String id = pc.getReaderContext().registerWithGeneratedName(bean); @@ -775,7 +780,6 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class); exceptionTranslationFilterBuilder.addPropertyValue("accessDeniedHandler", createAccessDeniedHandler(element, pc)); - return exceptionTranslationFilterBuilder.getBeanDefinition(); } diff --git a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java index 96f340eca6..000770a24f 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java +++ b/web/src/main/java/org/springframework/security/web/authentication/SavedRequestAwareAuthenticationSuccessHandler.java @@ -79,22 +79,7 @@ public class SavedRequestAwareAuthenticationSuccessHandler extends SimpleUrlAuth RedirectUtils.sendRedirect(request, response, targetUrl, isUseRelativeContext()); } -// private SavedRequest getSavedRequest(HttpServletRequest request) { -// HttpSession session = request.getSession(false); -// -// if (session != null) { -// return (SavedRequest) session.getAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY); -// } -// -// return null; -// } -// -// private void removeSavedRequest(HttpServletRequest request) { -// HttpSession session = request.getSession(false); -// -// if (session != null) { -// logger.debug("Removing SavedRequest from session if present"); -// session.removeAttribute(SavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY); -// } -// } + public void setRequestCache(RequestCache requestCache) { + this.requestCache = requestCache; + } }