Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 21:12:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2455: form-login@login-processing-url & logout@logout-url use matchers

Browse Source 
Remove the deprecation warnings of using setFilterProcessingUrl by invoking
the matcher methods instead.
This commit is contained in:
Rob Winch 2014-01-29 15:35:18 -06:00
parent b5f5665ea6
commit 8d8475deb1
5 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
View File

@ -148,7 +148,10 @@ public class FormLoginBeanDefinitionParser {
loginUrl = defaultLoginProcessingUrl; loginUrl = defaultLoginProcessingUrl;
} }
filterBuilder.addPropertyValue("filterProcessesUrl", loginUrl); BeanDefinitionBuilder matcherBuilder = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.logout.LogoutFilter$FilterProcessUrlRequestMatcher");
matcherBuilder.addConstructorArgValue(loginUrl);
filterBuilder.addPropertyValue("requiresAuthenticationRequestMatcher", matcherBuilder.getBeanDefinition());
if (StringUtils.hasText(successHandlerRef)) { if (StringUtils.hasText(successHandlerRef)) {
filterBuilder.addPropertyReference("authenticationSuccessHandler", successHandlerRef); filterBuilder.addPropertyReference("authenticationSuccessHandler", successHandlerRef);

5
config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
View File

@ -78,7 +78,10 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
if (!StringUtils.hasText(logoutUrl)) { if (!StringUtils.hasText(logoutUrl)) {
logoutUrl = DEF_LOGOUT_URL; logoutUrl = DEF_LOGOUT_URL;
} }
builder.addPropertyValue("filterProcessesUrl", logoutUrl); BeanDefinitionBuilder matcherBuilder = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter$FilterProcessUrlRequestMatcher");
matcherBuilder.addConstructorArgValue(logoutUrl);
builder.addPropertyValue("logoutRequestMatcher", matcherBuilder.getBeanDefinition());
if (StringUtils.hasText(successHandlerRef)) { if (StringUtils.hasText(successHandlerRef)) {
if (StringUtils.hasText(logoutSuccessUrl)) { if (StringUtils.hasText(logoutSuccessUrl)) {

16
config/src/test/groovy/org/springframework/security/config/http/FormLoginConfigTests.groovy
View File

@ -6,6 +6,8 @@ import org.springframework.security.web.access.ExceptionTranslationFilter
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.util.ReflectionUtils;
/** /**
* *
@ -102,4 +104,18 @@ class FormLoginConfigTests extends AbstractHttpConfigTests {
apf.usernameParameter == 'xname'; apf.usernameParameter == 'xname';
apf.passwordParameter == 'xpass' apf.passwordParameter == 'xpass'
} }
def 'SEC-2455: http@login-processing-url'() {
when:
xml.http {
'form-login'('login-processing-url':'/authenticate')
}
createAppContext()
def apf = getFilter(UsernamePasswordAuthenticationFilter);
then:
apf.filterProcessesUrl == null // SEC-2455 setFilterProcessesUrl was not invoked
FieldUtils.getFieldValue(apf,'requiresAuthenticationRequestMatcher.filterProcessesUrl') == '/authenticate'
}
} }

25
config/src/test/groovy/org/springframework/security/config/http/LogoutConfigTests.groovy Normal file
View File

@ -0,0 +1,25 @@
package org.springframework.security.config.http
import org.springframework.security.util.FieldUtils
import org.springframework.security.web.authentication.logout.LogoutFilter
/**
*
* @author Rob Winch
*/
class LogoutConfigTests extends AbstractHttpConfigTests {
def 'SEC-2455: logout@logout-url'() {
when:
httpAutoConfig {
'logout'('logout-url':'/logout')
}
createAppContext()
def lf = getFilter(LogoutFilter);
then:
lf.filterProcessesUrl == null // SEC-2455 setFilterProcessesUrl was not invoked
FieldUtils.getFieldValue(lf,'logoutRequestMatcher.filterProcessesUrl') == '/logout'
}
}

1
web/src/main/java/org/springframework/security/web/authentication/logout/LogoutFilter.java
View File

@ -125,6 +125,7 @@ public class LogoutFilter extends GenericFilterBean {
public void setLogoutRequestMatcher(RequestMatcher logoutRequestMatcher) { public void setLogoutRequestMatcher(RequestMatcher logoutRequestMatcher) {
Assert.notNull(logoutRequestMatcher, "logoutRequestMatcher cannot be null"); Assert.notNull(logoutRequestMatcher, "logoutRequestMatcher cannot be null");
this.logoutRequestMatcher = logoutRequestMatcher; this.logoutRequestMatcher = logoutRequestMatcher;
this.filterProcessesUrl = null;
} }
@Deprecated @Deprecated