SEC-1052: Add support for the namespace option 'disable-url-rewriting'.

core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java

@@ -104,6 +104,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
     private static final String ATT_SECURITY_CONTEXT_REPOSITORY = "security-context-repository-ref";
 
+    private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting";
+
     private static final String EXPRESSION_FIDS_CLASS = "org.springframework.security.expression.web.ExpressionBasedFilterInvocationDefinitionSource";
     private static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.expression.support.DefaultSecurityExpressionHandler";
     private static final String EXPRESSION_HANDLER_ID = "_webExpressionHandler";
@@ -262,6 +264,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
         String repoRef = element.getAttribute(ATT_SECURITY_CONTEXT_REPOSITORY);
         String createSession = element.getAttribute(ATT_CREATE_SESSION);
+        String disableUrlRewriting = element.getAttribute(ATT_DISABLE_URL_REWRITING);
 
         if (StringUtils.hasText(repoRef)) {
             scpf.addPropertyReference("securityContextRepository", repoRef);
@@ -287,6 +290,11 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
                 contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
                 scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
             }
+
+            if ("true".equals(disableUrlRewriting)) {
+                contextRepo.addPropertyValue("disableUrlRewriting", Boolean.TRUE);
+            }
+
             scpf.addPropertyValue("securityContextRepository", contextRepo.getBeanDefinition());
         }
 

core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java

@@ -662,6 +662,8 @@ public class HttpSecurityBeanDefinitionParserTests {
 
         assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
         assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
+        // Just check that the repo has url rewriting enabled by default
+        assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "repo.disableUrlRewriting"));
     }
 
     @Test
@@ -754,6 +756,13 @@ public class HttpSecurityBeanDefinitionParserTests {
         assertSame(fh, FieldUtils.getFieldValue(apf, "failureHandler"));
     }
 
+    @Test
+    public void disablingUrlRewritingThroughTheNamespaceSetsCorrectPropertyOnContextRepo() throws Exception {
+        setContext("<http auto-config='true' disable-url-rewriting='true'/>" + AUTH_PROVIDER_XML);
+        Object filter = appContext.getBean(BeanIds.SECURITY_CONTEXT_PERSISTENCE_FILTER);
+        assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.disableUrlRewriting"));
+    }
+
     private void setContext(String context) {
         appContext = new InMemoryXmlApplicationContext(context);
     }