Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-28 14:52:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add HttpSecurity.mvcMatcher

Browse Source 
Fixes gh-3970
This commit is contained in:
Rob Winch 2016-07-14 09:21:19 -05:00 committed by Joe Grandja
parent 945e2e2ad4
commit ada146244e
2 changed files with 86 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2013 the original author or authors. * Copyright 2002-2016 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -65,6 +65,7 @@ import org.springframework.security.web.PortMapper;
import org.springframework.security.web.PortMapperImpl; import org.springframework.security.web.PortMapperImpl;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
import org.springframework.security.web.session.HttpSessionEventPublisher; import org.springframework.security.web.session.HttpSessionEventPublisher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher; import org.springframework.security.web.util.matcher.AnyRequestMatcher;
@ -1080,12 +1081,12 @@ public final class HttpSecurity extends
* Allows specifying which {@link HttpServletRequest} instances this * Allows specifying which {@link HttpServletRequest} instances this
* {@link HttpSecurity} will be invoked on. This method allows for easily invoking the * {@link HttpSecurity} will be invoked on. This method allows for easily invoking the
* {@link HttpSecurity} for multiple different {@link RequestMatcher} instances. If * {@link HttpSecurity} for multiple different {@link RequestMatcher} instances. If
* only a single {@link RequestMatcher} is necessary consider using * only a single {@link RequestMatcher} is necessary consider using {@link #mvcMatcher(String)},
* {@link #antMatcher(String)}, {@link #regexMatcher(String)}, or * {@link #antMatcher(String)}, {@link #regexMatcher(String)}, or
* {@link #requestMatcher(RequestMatcher)}. * {@link #requestMatcher(RequestMatcher)}.
* *
* <p> * <p>
* Invoking {@link #requestMatchers()} will not override previous invocations of * Invoking {@link #requestMatchers()} will not override previous invocations of {@link #mvcMatcher(String)}},
* {@link #requestMatchers()}, {@link #antMatcher(String)}, * {@link #requestMatchers()}, {@link #antMatcher(String)},
* {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}. * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
* </p> * </p>
@ -1194,7 +1195,7 @@ public final class HttpSecurity extends
* *
* <p> * <p>
* Invoking {@link #requestMatcher(RequestMatcher)} will override previous invocations * Invoking {@link #requestMatcher(RequestMatcher)} will override previous invocations
* of {@link #requestMatchers()}, {@link #antMatcher(String)}, * of {@link #requestMatchers()}, {@link #mvcMatcher(String)}, {@link #antMatcher(String)},
* {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}. * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
* </p> * </p>
* *
@ -1216,7 +1217,7 @@ public final class HttpSecurity extends
* {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}. * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}.
* *
* <p> * <p>
* Invoking {@link #antMatcher(String)} will override previous invocations of * Invoking {@link #antMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}},
* {@link #requestMatchers()}, {@link #antMatcher(String)}, * {@link #requestMatchers()}, {@link #antMatcher(String)},
* {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}. * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
* </p> * </p>
@ -1229,13 +1230,33 @@ public final class HttpSecurity extends
return requestMatcher(new AntPathRequestMatcher(antPattern)); return requestMatcher(new AntPathRequestMatcher(antPattern));
} }
/**
* Allows configuring the {@link HttpSecurity} to only be invoked when matching the
* provided Spring MVC pattern. If more advanced configuration is necessary, consider using
* {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}.
*
* <p>
* Invoking {@link #mvcMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}},
* {@link #requestMatchers()}, {@link #antMatcher(String)},
* {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
* </p>
*
* @param mvcPattern the Spring MVC Pattern to match on (i.e. "/admin/**")
* @return the {@link HttpSecurity} for further customizations
* @see MvcRequestMatcher
*/
public HttpSecurity mvcMatcher(String mvcPattern) {
HandlerMappingIntrospector introspector = new HandlerMappingIntrospector(getContext());
return requestMatcher(new MvcRequestMatcher(introspector, mvcPattern));
}
/** /**
* Allows configuring the {@link HttpSecurity} to only be invoked when matching the * Allows configuring the {@link HttpSecurity} to only be invoked when matching the
* provided regex pattern. If more advanced configuration is necessary, consider using * provided regex pattern. If more advanced configuration is necessary, consider using
* {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}. * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}.
* *
* <p> * <p>
* Invoking {@link #regexMatcher(String)} will override previous invocations of * Invoking {@link #regexMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}},
* {@link #requestMatchers()}, {@link #antMatcher(String)}, * {@link #requestMatchers()}, {@link #antMatcher(String)},
* {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}. * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}.
* </p> * </p>

59
config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java
View File

@ -68,6 +68,65 @@ public class HttpSecurityRequestMatchersTests {
} }
} }
@Test
public void mvcMatcher() throws Exception {
loadConfig(MvcMatcherConfig.class);
this.request.setServletPath("/path");
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(this.response.getStatus())
.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
setup();
this.request.setServletPath("/path.html");
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(this.response.getStatus())
.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
setup();
this.request.setServletPath("/path/");
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(this.response.getStatus())
.isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
}
@EnableWebSecurity
@Configuration
@EnableWebMvc
static class MvcMatcherConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.mvcMatcher("/path")
.httpBasic().and()
.authorizeRequests()
.anyRequest().denyAll();
// @formatter:on
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// @formatter:off
auth
.inMemoryAuthentication();
// @formatter:on
}
@RestController
static class PathController {
@RequestMapping("/path")
public String path() {
return "path";
}
}
}
@Test @Test
public void requestMatchersMvcMatcher() throws Exception { public void requestMatchersMvcMatcher() throws Exception {
loadConfig(RequestMatchersMvcMatcherConfig.class); loadConfig(RequestMatchersMvcMatcherConfig.class);