Rob Winch
Joe Grandja
parent
2ef3da1b47
commit
a7fb6d2e58
|
|
@ -149,6 +149,23 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
|
||||||
put(filter, position + 1);
|
put(filter, position + 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Registers a {@link Filter} to exist at a particular {@link Filter} position
|
||||||
|
* @param filter the {@link Filter} to register
|
||||||
|
* @param atFilter the {@link Filter} that is already registered and that
|
||||||
|
* {@code filter} should be placed at.
|
||||||
|
*/
|
||||||
|
public void registerAt(Class<? extends Filter> filter,
|
||||||
|
Class<? extends Filter> atFilter) {
|
||||||
|
Integer position = getOrder(atFilter);
|
||||||
|
if (position == null) {
|
||||||
|
throw new IllegalArgumentException(
|
||||||
|
"Cannot register after unregistered Filter " + atFilter);
|
||||||
|
}
|
||||||
|
|
||||||
|
put(filter, position);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Registers a {@link Filter} to exist before a particular {@link Filter} that is
|
* Registers a {@link Filter} to exist before a particular {@link Filter} that is
|
||||||
* already registered.
|
* already registered.
|
||||||
|
|
|
||||||
|
|
@ -1025,6 +1025,25 @@ public final class HttpSecurity extends
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Adds the Filter at the location of the specified Filter class. For example, if you
|
||||||
|
* want the filter CustomFilter to be registered in the same position as
|
||||||
|
* {@link UsernamePasswordAuthenticationFilter}, you can invoke:
|
||||||
|
*
|
||||||
|
* <pre>
|
||||||
|
* addFilterAt(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)
|
||||||
|
* </pre>
|
||||||
|
*
|
||||||
|
* @param filter the Filter to register
|
||||||
|
* @param atFilter the location of another {@link Filter} that is already registered
|
||||||
|
* (i.e. known) with Spring Security.
|
||||||
|
* @return the {@link HttpSecurity} for further customizations
|
||||||
|
*/
|
||||||
|
public HttpSecurity addFilterAt(Filter filter, Class<? extends Filter> atFilter) {
|
||||||
|
this.comparitor.registerAt(filter.getClass(), atFilter);
|
||||||
|
return addFilter(filter);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Allows specifying which {@link HttpServletRequest} instances this
|
* Allows specifying which {@link HttpServletRequest} instances this
|
||||||
* {@link HttpSecurity} will be invoked on. This method allows for easily invoking the
|
* {@link HttpSecurity} will be invoked on. This method allows for easily invoking the
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ package org.springframework.security.config.annotation.web.configurers;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
|
import javax.servlet.FilterChain
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
@ -55,6 +56,7 @@ import org.springframework.security.web.servletapi.SecurityContextHolderAwareReq
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher
|
||||||
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
|
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
|
||||||
import org.springframework.security.web.util.matcher.RequestMatcher
|
import org.springframework.security.web.util.matcher.RequestMatcher
|
||||||
|
import org.springframework.web.filter.OncePerRequestFilter
|
||||||
|
|
||||||
import spock.lang.Ignore;
|
import spock.lang.Ignore;
|
||||||
|
|
||||||
|
|
@ -127,7 +129,26 @@ public class NamespaceHttpCustomFilterTests extends BaseSpringSpec {
|
||||||
// if not, use addFilterBefore or addFilterAfter
|
// if not, use addFilterBefore or addFilterAfter
|
||||||
.addFilter(new CustomFilter())
|
.addFilter(new CustomFilter())
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
def "http/custom-filter@position at"() {
|
||||||
|
when:
|
||||||
|
loadConfig(CustomFilterPositionAtConfig)
|
||||||
|
then:
|
||||||
|
filterChain().filters.collect { it.class } == [OtherCustomFilter]
|
||||||
|
}
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
static class CustomFilterPositionAtConfig extends BaseWebConfig {
|
||||||
|
CustomFilterPositionAtConfig() {
|
||||||
|
// do not add the default filters to make testing easier
|
||||||
|
super(true)
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void configure(HttpSecurity http) {
|
||||||
|
http
|
||||||
|
.addFilterAt(new OtherCustomFilter(), UsernamePasswordAuthenticationFilter.class)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
def "http/custom-filter no AuthenticationManager in HttpSecurity"() {
|
def "http/custom-filter no AuthenticationManager in HttpSecurity"() {
|
||||||
|
|
@ -159,6 +180,13 @@ public class NamespaceHttpCustomFilterTests extends BaseSpringSpec {
|
||||||
}
|
}
|
||||||
|
|
||||||
static class CustomFilter extends UsernamePasswordAuthenticationFilter {}
|
static class CustomFilter extends UsernamePasswordAuthenticationFilter {}
|
||||||
|
static class OtherCustomFilter extends OncePerRequestFilter {
|
||||||
|
protected void doFilterInternal(
|
||||||
|
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
||||||
|
throws ServletException, IOException {
|
||||||
|
filterChain.doFilter(request,response);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static class CustomAuthenticationManager implements AuthenticationManager {
|
static class CustomAuthenticationManager implements AuthenticationManager {
|
||||||
public Authentication authenticate(Authentication authentication)
|
public Authentication authenticate(Authentication authentication)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue