diff --git a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java index 7abf9fad19..c076c782d7 100644 --- a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java +++ b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java @@ -104,6 +104,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { private static final String ATT_SECURITY_CONTEXT_REPOSITORY = "security-context-repository-ref"; + private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting"; + private static final String EXPRESSION_FIDS_CLASS = "org.springframework.security.expression.web.ExpressionBasedFilterInvocationDefinitionSource"; private static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.expression.support.DefaultSecurityExpressionHandler"; private static final String EXPRESSION_HANDLER_ID = "_webExpressionHandler"; @@ -262,6 +264,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { String repoRef = element.getAttribute(ATT_SECURITY_CONTEXT_REPOSITORY); String createSession = element.getAttribute(ATT_CREATE_SESSION); + String disableUrlRewriting = element.getAttribute(ATT_DISABLE_URL_REWRITING); if (StringUtils.hasText(repoRef)) { scpf.addPropertyReference("securityContextRepository", repoRef); @@ -287,6 +290,11 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE); scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE); } + + if ("true".equals(disableUrlRewriting)) { + contextRepo.addPropertyValue("disableUrlRewriting", Boolean.TRUE); + } + scpf.addPropertyValue("securityContextRepository", contextRepo.getBeanDefinition()); } diff --git a/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java index c7d7acd6ac..3592fc480f 100644 --- a/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java +++ b/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java @@ -662,6 +662,8 @@ public class HttpSecurityBeanDefinitionParserTests { assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation")); assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation")); + // Just check that the repo has url rewriting enabled by default + assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "repo.disableUrlRewriting")); } @Test @@ -754,6 +756,13 @@ public class HttpSecurityBeanDefinitionParserTests { assertSame(fh, FieldUtils.getFieldValue(apf, "failureHandler")); } + @Test + public void disablingUrlRewritingThroughTheNamespaceSetsCorrectPropertyOnContextRepo() throws Exception { + setContext("" + AUTH_PROVIDER_XML); + Object filter = appContext.getBean(BeanIds.SECURITY_CONTEXT_PERSISTENCE_FILTER); + assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.disableUrlRewriting")); + } + private void setContext(String context) { appContext = new InMemoryXmlApplicationContext(context); }