Resolve springSecurityFilterChain to Filter
When enabling debug for spring security, the FilterChainProxy will be wrapped by the DebugFilter. This DebugFilter will be registered as bean springSecurityFilterChain. The WebTestUtils will now search for the bean by name instead of FilterChainProxy class. In this case we have to cast to a Java ServletFilter to support both filter... Fixes gh-3836
This commit is contained in:
Jens Goldhammer
Joe Grandja
parent
eaf8729941
commit
ceef70946b
|
|
@ -21,7 +21,7 @@ import javax.servlet.Filter;
|
|||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.context.SecurityContextRepository;
|
||||
|
|
@ -98,8 +98,7 @@ public abstract class WebTestUtils {
|
|||
}
|
||||
|
||||
/**
|
||||
* Sets the {@link CsrfTokenRepository} for the specified
|
||||
* {@link HttpServletRequest}.
|
||||
* Sets the {@link CsrfTokenRepository} for the specified {@link HttpServletRequest}.
|
||||
*
|
||||
* @param request the {@link HttpServletRequest} to obtain the
|
||||
* {@link CsrfTokenRepository}
|
||||
|
|
@ -121,17 +120,17 @@ public abstract class WebTestUtils {
|
|||
if (webApplicationContext == null) {
|
||||
return null;
|
||||
}
|
||||
FilterChainProxy springSecurityFilterChain = null;
|
||||
Filter springSecurityFilterChain = null;
|
||||
try {
|
||||
springSecurityFilterChain = webApplicationContext
|
||||
.getBean(FilterChainProxy.class);
|
||||
springSecurityFilterChain = webApplicationContext.getBean(
|
||||
AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME, Filter.class);
|
||||
}
|
||||
catch (NoSuchBeanDefinitionException notFound) {
|
||||
return null;
|
||||
}
|
||||
List<Filter> filters = (List<Filter>) ReflectionTestUtils.invokeMethod(
|
||||
springSecurityFilterChain, "getFilters", request);
|
||||
if(filters == null) {
|
||||
if (filters == null) {
|
||||
return null;
|
||||
}
|
||||
for (Filter filter : filters) {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,69 @@
|
|||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.test.web.servlet.request;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.WebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.test.web.support.WebTestUtils;
|
||||
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRepository;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@ContextConfiguration
|
||||
@WebAppConfiguration
|
||||
public class SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests {
|
||||
|
||||
@Autowired
|
||||
private WebApplicationContext wac;
|
||||
|
||||
// SEC-3836
|
||||
@Test
|
||||
public void findCookieCsrfTokenRepository() throws Exception {
|
||||
MockHttpServletRequest request = post("/").buildRequest(wac.getServletContext());
|
||||
CsrfTokenRepository csrfTokenRepository = WebTestUtils.getCsrfTokenRepository(request);
|
||||
assertThat(csrfTokenRepository).isNotNull();
|
||||
assertThat(csrfTokenRepository).isEqualTo(Config.cookieCsrfTokenRepository);
|
||||
}
|
||||
|
||||
@EnableWebSecurity
|
||||
static class Config extends WebSecurityConfigurerAdapter {
|
||||
static CsrfTokenRepository cookieCsrfTokenRepository = new CookieCsrfTokenRepository();
|
||||
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().csrfTokenRepository(cookieCsrfTokenRepository);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void configure(WebSecurity web) throws Exception {
|
||||
// Enable the DebugFilter
|
||||
web.debug(true);
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue