WebSessionServerRequestCache ignores favicon and html
Fixes: gh-5874
This commit is contained in:
Rob Winch
parent
8e4d540bfb
commit
e4597b5213
|
|
@ -19,7 +19,11 @@ package org.springframework.security.web.server.savedrequest;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.server.reactive.ServerHttpRequest;
|
||||
import org.springframework.security.web.server.util.matcher.AndServerWebExchangeMatcher;
|
||||
import org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher;
|
||||
import org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher;
|
||||
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
|
||||
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
|
||||
import org.springframework.util.Assert;
|
||||
|
|
@ -28,6 +32,7 @@ import org.springframework.web.server.WebSession;
|
|||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Collections;
|
||||
|
||||
/**
|
||||
* An implementation of {@link ServerRequestCache} that saves the
|
||||
|
|
@ -45,8 +50,7 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
|
|||
|
||||
private String sessionAttrName = DEFAULT_SAVED_REQUEST_ATTR;
|
||||
|
||||
private ServerWebExchangeMatcher saveRequestMatcher = ServerWebExchangeMatchers.pathMatchers(
|
||||
HttpMethod.GET, "/**");
|
||||
private ServerWebExchangeMatcher saveRequestMatcher = createDefaultRequestMacher();
|
||||
|
||||
/**
|
||||
* Sets the matcher to determine if the request should be saved. The default is to match
|
||||
|
|
@ -88,4 +92,12 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
|
|||
private static String pathInApplication(ServerHttpRequest request) {
|
||||
return request.getPath().pathWithinApplication().value();
|
||||
}
|
||||
|
||||
private static ServerWebExchangeMatcher createDefaultRequestMacher() {
|
||||
ServerWebExchangeMatcher get = ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/**");
|
||||
ServerWebExchangeMatcher notFavicon = new NegatedServerWebExchangeMatcher(ServerWebExchangeMatchers.pathMatchers("/favicon.*"));
|
||||
MediaTypeServerWebExchangeMatcher html = new MediaTypeServerWebExchangeMatcher(MediaType.TEXT_HTML);
|
||||
html.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
|
||||
return new AndServerWebExchangeMatcher(get, notFavicon, html);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
package org.springframework.security.web.server.savedrequest;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.server.reactive.ServerHttpRequest;
|
||||
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
|
||||
import org.springframework.mock.web.server.MockServerWebExchange;
|
||||
|
|
@ -35,7 +36,7 @@ public class WebSessionServerRequestCacheTests {
|
|||
|
||||
@Test
|
||||
public void saveRequestGetRequestWhenGetThenFound() {
|
||||
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/"));
|
||||
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML));
|
||||
this.cache.saveRequest(exchange).block();
|
||||
|
||||
URI saved = this.cache.getRedirectUri(exchange).block();
|
||||
|
|
@ -43,6 +44,16 @@ public class WebSessionServerRequestCacheTests {
|
|||
assertThat(saved).isEqualTo(exchange.getRequest().getURI());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void saveRequestGetRequestWhenFaviconThenNotFound() {
|
||||
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/favicon.png").accept(MediaType.TEXT_HTML));
|
||||
this.cache.saveRequest(exchange).block();
|
||||
|
||||
URI saved = this.cache.getRedirectUri(exchange).block();
|
||||
|
||||
assertThat(saved).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void saveRequestGetRequestWhenPostThenNotFound() {
|
||||
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.post("/secured/"));
|
||||
|
|
@ -64,7 +75,7 @@ public class WebSessionServerRequestCacheTests {
|
|||
|
||||
@Test
|
||||
public void saveRequestRemoveRequestWhenThenFound() {
|
||||
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/"));
|
||||
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML));
|
||||
this.cache.saveRequest(exchange).block();
|
||||
|
||||
ServerHttpRequest saved = this.cache.removeMatchingRequest(exchange).block();
|
||||
|
|
|
|||
Loading…
Reference in New Issue