Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 17:22:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish SecurityContextHolderStrategy XML Configuration for Defaults

Browse Source 
Issue gh-11061
This commit is contained in:
Josh Cummings 2022-06-23 15:43:55 -06:00
parent 084dd56b92
commit c29b91cec7
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
3 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
View File

@ -215,7 +215,7 @@ final class AuthenticationConfigBuilder {
AuthenticationConfigBuilder(Element element, boolean forceAutoConfig, ParserContext pc, AuthenticationConfigBuilder(Element element, boolean forceAutoConfig, ParserContext pc,
SessionCreationPolicy sessionPolicy, BeanReference requestCache, BeanReference authenticationManager, SessionCreationPolicy sessionPolicy, BeanReference requestCache, BeanReference authenticationManager,
BeanReference authenticationFilterSecurityContextHolderStrategyRef, BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef,
BeanReference authenticationFilterSecurityContextRepositoryRef, BeanReference sessionStrategy, BeanReference authenticationFilterSecurityContextRepositoryRef, BeanReference sessionStrategy,
BeanReference portMapper, BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) { BeanReference portMapper, BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) {
this.httpElt = element; this.httpElt = element;
@ -272,7 +272,7 @@ final class AuthenticationConfigBuilder {
} }
void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager, void createFormLoginFilter(BeanReference sessionStrategy, BeanReference authManager,
BeanReference authenticationFilterSecurityContextHolderStrategyRef, BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef,
BeanReference authenticationFilterSecurityContextRepositoryRef) { BeanReference authenticationFilterSecurityContextRepositoryRef) {
Element formLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN); Element formLoginElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.FORM_LOGIN);
RootBeanDefinition formFilter = null; RootBeanDefinition formFilter = null;
@ -442,7 +442,7 @@ final class AuthenticationConfigBuilder {
} }
void createBasicFilter(BeanReference authManager, void createBasicFilter(BeanReference authManager,
BeanReference authenticationFilterSecurityContextHolderStrategyRef) { BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
Element basicAuthElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH); Element basicAuthElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.BASIC_AUTH);
if (basicAuthElt == null && !this.autoConfig) { if (basicAuthElt == null && !this.autoConfig) {
// No basic auth, do nothing // No basic auth, do nothing
@ -612,7 +612,7 @@ final class AuthenticationConfigBuilder {
} }
} }
void createLogoutFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) { void createLogoutFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
Element logoutElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.LOGOUT); Element logoutElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.LOGOUT);
if (logoutElt != null || this.autoConfig) { if (logoutElt != null || this.autoConfig) {
String formLoginPage = this.formLoginPage; String formLoginPage = this.formLoginPage;
@ -677,7 +677,7 @@ final class AuthenticationConfigBuilder {
return this.csrfIgnoreRequestMatchers; return this.csrfIgnoreRequestMatchers;
} }
void createAnonymousFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) { void createAnonymousFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
Element anonymousElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.ANONYMOUS); Element anonymousElt = DomUtils.getChildElementByTagName(this.httpElt, Elements.ANONYMOUS);
if (anonymousElt != null && "false".equals(anonymousElt.getAttribute("enabled"))) { if (anonymousElt != null && "false".equals(anonymousElt.getAttribute("enabled"))) {
return; return;
@ -723,7 +723,7 @@ final class AuthenticationConfigBuilder {
return Long.toString(random.nextLong()); return Long.toString(random.nextLong());
} }
void createExceptionTranslationFilter(BeanReference authenticationFilterSecurityContextHolderStrategyRef) { void createExceptionTranslationFilter(BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class); BeanDefinitionBuilder etfBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExceptionTranslationFilter.class);
this.accessDeniedHandler = createAccessDeniedHandler(this.httpElt, this.pc); this.accessDeniedHandler = createAccessDeniedHandler(this.httpElt, this.pc);
etfBuilder.addPropertyValue("accessDeniedHandler", this.accessDeniedHandler); etfBuilder.addPropertyValue("accessDeniedHandler", this.accessDeniedHandler);

17
config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -160,7 +160,7 @@ class HttpConfigurationBuilder {
private BeanDefinition forceEagerSessionCreationFilter; private BeanDefinition forceEagerSessionCreationFilter;
private BeanReference holderStrategyRef; private BeanMetadataElement holderStrategyRef;
private BeanReference contextRepoRef; private BeanReference contextRepoRef;
@ -301,7 +301,7 @@ class HttpConfigurationBuilder {
return lowerCase ? path.toLowerCase() : path; return lowerCase ? path.toLowerCase() : path;
} }
BeanReference getSecurityContextHolderStrategyForAuthenticationFilters() { BeanMetadataElement getSecurityContextHolderStrategyForAuthenticationFilters() {
return this.holderStrategyRef; return this.holderStrategyRef;
} }
@ -350,13 +350,12 @@ class HttpConfigurationBuilder {
private void createSecurityContextHolderStrategy() { private void createSecurityContextHolderStrategy() {
String holderStrategyRef = this.httpElt.getAttribute(ATT_SECURITY_CONTEXT_HOLDER_STRATEGY); String holderStrategyRef = this.httpElt.getAttribute(ATT_SECURITY_CONTEXT_HOLDER_STRATEGY);
if (!StringUtils.hasText(holderStrategyRef)) { if (StringUtils.hasText(holderStrategyRef)) {
BeanDefinition holderStrategyBean = BeanDefinitionBuilder this.holderStrategyRef = new RuntimeBeanReference(holderStrategyRef);
.rootBeanDefinition(SecurityContextHolderStrategyFactory.class).getBeanDefinition(); return;
holderStrategyRef = this.pc.getReaderContext().generateBeanName(holderStrategyBean);
this.pc.registerBeanComponent(new BeanComponentDefinition(holderStrategyBean, holderStrategyRef));
} }
this.holderStrategyRef = new RuntimeBeanReference(holderStrategyRef); this.holderStrategyRef = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextHolderStrategyFactory.class)
.getBeanDefinition();
} }
private void createSecurityContextRepository() { private void createSecurityContextRepository() {

7
config/src/main/java/org/springframework/security/config/http/LogoutBeanDefinitionParser.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2019 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -20,7 +20,6 @@ import org.w3c.dom.Element;
import org.springframework.beans.BeanMetadataElement; import org.springframework.beans.BeanMetadataElement;
import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.config.BeanReference;
import org.springframework.beans.factory.config.RuntimeBeanReference; import org.springframework.beans.factory.config.RuntimeBeanReference;
import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.ManagedList; import org.springframework.beans.factory.support.ManagedList;
@ -62,10 +61,10 @@ class LogoutBeanDefinitionParser implements BeanDefinitionParser {
private BeanMetadataElement logoutSuccessHandler; private BeanMetadataElement logoutSuccessHandler;
private BeanReference authenticationFilterSecurityContextHolderStrategyRef; private BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef;
LogoutBeanDefinitionParser(String loginPageUrl, String rememberMeServices, BeanMetadataElement csrfLogoutHandler, LogoutBeanDefinitionParser(String loginPageUrl, String rememberMeServices, BeanMetadataElement csrfLogoutHandler,
BeanReference authenticationFilterSecurityContextHolderStrategyRef) { BeanMetadataElement authenticationFilterSecurityContextHolderStrategyRef) {
this.defaultLogoutUrl = loginPageUrl + "?logout"; this.defaultLogoutUrl = loginPageUrl + "?logout";
this.rememberMeServices = rememberMeServices; this.rememberMeServices = rememberMeServices;
this.csrfEnabled = csrfLogoutHandler != null; this.csrfEnabled = csrfLogoutHandler != null;