Remove MvcRequestMatcher.afterPropertiesSet()
The validation does not work due to restrictions within the servlet container. Specifically we cannot access the servlets that are registered. This commit reverts the validation logic for MvcRequestMatcher to determine if servletPath is required. Fixes gh-4027
This commit is contained in:
Rob Winch
Joe Grandja
parent
1171e25bc7
commit
c6366baee2
|
|
@ -15,9 +15,13 @@
|
|||
*/
|
||||
package org.springframework.security.config.http
|
||||
|
||||
import javax.servlet.ServletContext
|
||||
import javax.servlet.ServletRegistration
|
||||
import javax.servlet.http.HttpServletResponse
|
||||
|
||||
import org.mockito.invocation.InvocationOnMock
|
||||
import org.mockito.stubbing.Answer
|
||||
import org.springframework.beans.factory.BeanCreationException
|
||||
|
||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException
|
||||
import org.springframework.mock.web.MockFilterChain
|
||||
import org.springframework.mock.web.MockHttpServletRequest
|
||||
|
|
@ -29,10 +33,6 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
|
|||
import org.springframework.web.bind.annotation.RequestMapping
|
||||
import org.springframework.web.bind.annotation.RestController
|
||||
|
||||
import javax.servlet.ServletContext
|
||||
import javax.servlet.ServletRegistration
|
||||
import javax.servlet.http.HttpServletResponse
|
||||
|
||||
import static org.mockito.Mockito.*
|
||||
/**
|
||||
*
|
||||
|
|
@ -313,30 +313,6 @@ class InterceptUrlConfigTests extends AbstractHttpConfigTests {
|
|||
response.status == HttpServletResponse.SC_UNAUTHORIZED
|
||||
}
|
||||
|
||||
def "intercept-url mvc matchers servlet path required"() {
|
||||
when:
|
||||
MockServletContext servletContext = mockServletContext("/spring");
|
||||
xml.http('request-matcher':'mvc') {
|
||||
'http-basic'()
|
||||
'intercept-url'(pattern: '/path', access: "denyAll")
|
||||
}
|
||||
createWebAppContext(servletContext)
|
||||
then:
|
||||
thrown(BeanCreationException)
|
||||
}
|
||||
|
||||
def "intercept-url mvc matchers servlet path NOT required"() {
|
||||
when:
|
||||
MockServletContext servletContext = mockServletContext();
|
||||
xml.http('request-matcher':'mvc') {
|
||||
'http-basic'()
|
||||
'intercept-url'(pattern: '/path', access: "denyAll")
|
||||
}
|
||||
createWebAppContext(servletContext)
|
||||
then:
|
||||
noExceptionThrown()
|
||||
}
|
||||
|
||||
def "intercept-url ant matcher with servlet path fails"() {
|
||||
when:
|
||||
xml.http('request-matcher':'ant') {
|
||||
|
|
|
|||
|
|
@ -1,89 +0,0 @@
|
|||
/*
|
||||
* Copyright 2012-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.config.annotation.web;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
||||
import org.mockito.runners.MockitoJUnitRunner;
|
||||
import org.mockito.stubbing.Answer;
|
||||
import org.springframework.mock.web.MockServletContext;
|
||||
import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
|
||||
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.ServletRegistration;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class AbstractRequestMatcherRegistryTests {
|
||||
|
||||
@Mock
|
||||
HandlerMappingIntrospector introspector;
|
||||
|
||||
MvcRequestMatcher matcher;
|
||||
|
||||
ServletContext servletContext;
|
||||
|
||||
@Before
|
||||
public void setup() {
|
||||
servletContext = spy(new MockServletContext());
|
||||
matcher = new MvcRequestMatcher(introspector, "/foo");
|
||||
matcher.setServletContext(servletContext);
|
||||
}
|
||||
|
||||
@Test(expected = IllegalStateException.class)
|
||||
public void servletPathValidatingMvcRequestMatcherAfterPropertiesSetFailsWithSpringServlet() throws Exception {
|
||||
setMappings("/spring");
|
||||
matcher.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void servletPathValidatingMvcRequestMatcherAfterPropertiesSetWithSpringServlet() throws Exception {
|
||||
matcher.setServletPath("/spring");
|
||||
setMappings("/spring");
|
||||
matcher.afterPropertiesSet();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void servletPathValidatingMvcRequestMatcherAfterPropertiesSetDefaultServlet() throws Exception {
|
||||
setMappings("/");
|
||||
matcher.afterPropertiesSet();
|
||||
}
|
||||
|
||||
private void setMappings(String... mappings) {
|
||||
final ServletRegistration registration = mock(ServletRegistration.class);
|
||||
when(registration.getMappings()).thenReturn(Arrays.asList(mappings));
|
||||
Answer<Map<String, ? extends ServletRegistration>> answer = new Answer<Map<String, ? extends ServletRegistration>>() {
|
||||
@Override
|
||||
public Map<String, ? extends ServletRegistration> answer(InvocationOnMock invocation) throws Throwable {
|
||||
return Collections.<String, ServletRegistration>singletonMap("spring", registration);
|
||||
}
|
||||
};
|
||||
when(servletContext.getServletRegistrations()).thenAnswer(answer);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -15,19 +15,12 @@
|
|||
*/
|
||||
package org.springframework.security.config.annotation.web.configurers;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.ServletRegistration;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.mockito.invocation.InvocationOnMock;
|
||||
import org.mockito.stubbing.Answer;
|
||||
|
||||
import org.springframework.beans.factory.BeanCreationException;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
|
@ -55,9 +48,7 @@ import org.springframework.web.context.support.AnnotationConfigWebApplicationCon
|
|||
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.spy;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
|
|
@ -450,20 +441,6 @@ public class AuthorizeRequestsTests {
|
|||
}
|
||||
}
|
||||
|
||||
@Test(expected = BeanCreationException.class)
|
||||
public void mvcMatcherServletPathRequired() throws Exception {
|
||||
final ServletRegistration registration = mock(ServletRegistration.class);
|
||||
when(registration.getMappings()).thenReturn(Collections.singleton("/spring"));
|
||||
Answer<Map<String, ? extends ServletRegistration>> answer = new Answer<Map<String, ? extends ServletRegistration>>() {
|
||||
@Override
|
||||
public Map<String, ? extends ServletRegistration> answer(InvocationOnMock invocation) throws Throwable {
|
||||
return Collections.<String, ServletRegistration>singletonMap("spring", registration);
|
||||
}
|
||||
};
|
||||
when(servletContext.getServletRegistrations()).thenAnswer(answer);
|
||||
loadConfig(MvcMatcherPathServletPathRequiredConfig.class);
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
@Configuration
|
||||
@EnableWebMvc
|
||||
|
|
|
|||
|
|
@ -16,27 +16,21 @@
|
|||
|
||||
package org.springframework.security.web.servlet.util.matcher;
|
||||
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestVariablesExtractor;
|
||||
import org.springframework.util.AntPathMatcher;
|
||||
import org.springframework.util.ClassUtils;
|
||||
import org.springframework.util.PathMatcher;
|
||||
import org.springframework.web.context.ServletContextAware;
|
||||
import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
|
||||
import org.springframework.web.servlet.handler.MatchableHandlerMapping;
|
||||
import org.springframework.web.servlet.handler.RequestMatchResult;
|
||||
import org.springframework.web.util.UrlPathHelper;
|
||||
|
||||
import javax.servlet.ServletContext;
|
||||
import javax.servlet.ServletRegistration;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* A {@link RequestMatcher} that uses Spring MVC's {@link HandlerMappingIntrospector} to
|
||||
* match the path and extract variables.
|
||||
|
|
@ -44,18 +38,14 @@ import java.util.Map;
|
|||
* <p>
|
||||
* It is important to understand that Spring MVC's matching is relative to the servlet
|
||||
* path. This means if you have mapped any servlet to a path that starts with "/" and is
|
||||
* greater than one, you should also specify the {@link #setServletPath(String)}
|
||||
* attribute to differentiate mappings.
|
||||
* greater than one, you should also specify the {@link #setServletPath(String)} attribute
|
||||
* to differentiate mappings.
|
||||
* </p>
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 4.1.1
|
||||
*/
|
||||
public class MvcRequestMatcher
|
||||
implements RequestMatcher, RequestVariablesExtractor, InitializingBean, ServletContextAware {
|
||||
|
||||
private static final boolean isServlet30 = ClassUtils.isPresent(
|
||||
"javax.servlet.ServletRegistration", MvcRequestMatcher.class.getClassLoader());
|
||||
public class MvcRequestMatcher implements RequestMatcher, RequestVariablesExtractor {
|
||||
|
||||
private final DefaultMatcher defaultMatcher = new DefaultMatcher();
|
||||
|
||||
|
|
@ -63,7 +53,6 @@ public class MvcRequestMatcher
|
|||
private final String pattern;
|
||||
private HttpMethod method;
|
||||
private String servletPath;
|
||||
private ServletContext servletContext;
|
||||
|
||||
public MvcRequestMatcher(HandlerMappingIntrospector introspector, String pattern) {
|
||||
this.introspector = introspector;
|
||||
|
|
@ -75,7 +64,8 @@ public class MvcRequestMatcher
|
|||
if (this.method != null && !this.method.name().equals(request.getMethod())) {
|
||||
return false;
|
||||
}
|
||||
if (this.servletPath != null && !this.servletPath.equals(request.getServletPath())) {
|
||||
if (this.servletPath != null
|
||||
&& !this.servletPath.equals(request.getServletPath())) {
|
||||
return false;
|
||||
}
|
||||
MatchableHandlerMapping mapping = getMapping(request);
|
||||
|
|
@ -112,40 +102,6 @@ public class MvcRequestMatcher
|
|||
: result.extractUriTemplateVariables();
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
|
||||
*/
|
||||
@Override
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
// servletPath is required when at least one registered Servlet
|
||||
// is mapped to a path other than the default (root) path '/'
|
||||
if (this.servletContext == null || !isServlet30) {
|
||||
return;
|
||||
}
|
||||
if (this.getServletPath() != null) {
|
||||
return;
|
||||
}
|
||||
for (ServletRegistration registration : this.servletContext.getServletRegistrations().values()) {
|
||||
for (String mapping : registration.getMappings()) {
|
||||
if (mapping.startsWith("/") && mapping.length() > 1) {
|
||||
throw new IllegalStateException(
|
||||
"servletPath must not be null for mvcPattern \"" + this.getMvcPattern()
|
||||
+ "\" when providing a servlet mapping of "
|
||||
+ mapping + " for servlet "
|
||||
+ registration.getClassName());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.web.context.ServletContextAware#setServletContext(javax.servlet.ServletContext)
|
||||
*/
|
||||
@Override
|
||||
public void setServletContext(ServletContext servletContext) {
|
||||
this.servletContext = servletContext;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param method the method to set
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in New Issue