SEC-1052: Add support for the namespace option 'disable-url-rewriting'.

2008-12-17 01:28:29 +00:00 · 2008-12-17 01:28:29 +00:00 · 8f598e9b11
parent 171456a26c
commit 8f598e9b11
2 changed files with 17 additions and 0 deletions
--- a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
+++ b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java
@ -104,6 +104,8 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {

    private static final String ATT_SECURITY_CONTEXT_REPOSITORY = "security-context-repository-ref";

+    private static final String ATT_DISABLE_URL_REWRITING = "disable-url-rewriting";
+
    private static final String EXPRESSION_FIDS_CLASS = "org.springframework.security.expression.web.ExpressionBasedFilterInvocationDefinitionSource";
    private static final String EXPRESSION_HANDLER_CLASS = "org.springframework.security.expression.support.DefaultSecurityExpressionHandler";
    private static final String EXPRESSION_HANDLER_ID = "_webExpressionHandler";
@ -262,6 +264,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {

        String repoRef = element.getAttribute(ATT_SECURITY_CONTEXT_REPOSITORY);
        String createSession = element.getAttribute(ATT_CREATE_SESSION);
+        String disableUrlRewriting = element.getAttribute(ATT_DISABLE_URL_REWRITING);

        if (StringUtils.hasText(repoRef)) {
            scpf.addPropertyReference("securityContextRepository", repoRef);
@ -287,6 +290,11 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
                contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
                scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
            }
+
+            if ("true".equals(disableUrlRewriting)) {
+                contextRepo.addPropertyValue("disableUrlRewriting", Boolean.TRUE);
+            }
+
            scpf.addPropertyValue("securityContextRepository", contextRepo.getBeanDefinition());
        }

--- a/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
+++ b/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
@ -662,6 +662,8 @@ public class HttpSecurityBeanDefinitionParserTests {

        assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "forceEagerSessionCreation"));
        assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.allowSessionCreation"));
+        // Just check that the repo has url rewriting enabled by default
+        assertEquals(Boolean.FALSE, FieldUtils.getFieldValue(filter, "repo.disableUrlRewriting"));
    }

    @Test
@ -754,6 +756,13 @@ public class HttpSecurityBeanDefinitionParserTests {
        assertSame(fh, FieldUtils.getFieldValue(apf, "failureHandler"));
    }

+    @Test
+    public void disablingUrlRewritingThroughTheNamespaceSetsCorrectPropertyOnContextRepo() throws Exception {
+        setContext("<http auto-config='true' disable-url-rewriting='true'/>" + AUTH_PROVIDER_XML);
+        Object filter = appContext.getBean(BeanIds.SECURITY_CONTEXT_PERSISTENCE_FILTER);
+        assertEquals(Boolean.TRUE, FieldUtils.getFieldValue(filter, "repo.disableUrlRewriting"));
+    }
+
    private void setContext(String context) {
        appContext = new InMemoryXmlApplicationContext(context);
    }