diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java index d73161d2e8..01a09ba49f 100644 --- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java +++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java @@ -133,11 +133,13 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain * interceptor */ private void checkLoginPageIsntProtected(FilterChainProxy fcp, List filterStack) { - ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class, filterStack); - if (etf == null || !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) { + ExceptionTranslationFilter exceptions = getFilter(ExceptionTranslationFilter.class, filterStack); + if (exceptions == null + || !(exceptions.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) { return; } - String loginPage = ((LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint()).getLoginFormUrl(); + String loginPage = ((LoginUrlAuthenticationEntryPoint) exceptions.getAuthenticationEntryPoint()) + .getLoginFormUrl(); this.logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration"); FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST"); List filters = null; @@ -158,28 +160,28 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain this.logger.debug("Default generated login page is in use"); return; } - FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters); - FilterInvocationSecurityMetadataSource fids = fsi.getSecurityMetadataSource(); + FilterSecurityInterceptor authorizationInterceptor = getFilter(FilterSecurityInterceptor.class, filters); + FilterInvocationSecurityMetadataSource fids = authorizationInterceptor.getSecurityMetadataSource(); Collection attributes = fids.getAttributes(loginRequest); if (attributes == null) { this.logger.debug("No access attributes defined for login page URL"); - if (fsi.isRejectPublicInvocations()) { + if (authorizationInterceptor.isRejectPublicInvocations()) { this.logger.warn("FilterSecurityInterceptor is configured to reject public invocations." + " Your login page may not be accessible."); } return; } - AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters); - if (anonPF == null) { + AnonymousAuthenticationFilter anonymous = getFilter(AnonymousAuthenticationFilter.class, filters); + if (anonymous == null) { this.logger.warn("The login page is being protected by the filter chain, but you don't appear to have" + " anonymous authentication enabled. This is almost certainly an error."); return; } // Simulate an anonymous access with the supplied attributes. - AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonPF.getPrincipal(), - anonPF.getAuthorities()); + AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonymous.getPrincipal(), + anonymous.getAuthorities()); try { - fsi.getAccessDecisionManager().decide(token, loginRequest, attributes); + authorizationInterceptor.getAccessDecisionManager().decide(token, loginRequest, attributes); } catch (AccessDeniedException ex) { this.logger.warn("Anonymous access to the login page doesn't appear to be enabled. " diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java index 7b2ede4484..4c17673c0a 100644 --- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java +++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java @@ -53,7 +53,7 @@ public class DefaultFilterChainValidatorTests { private DefaultFilterChainValidator validator; - private FilterChainProxy fcp; + private FilterChainProxy chain; @Mock private Log logger; @@ -64,19 +64,19 @@ public class DefaultFilterChainValidatorTests { @Mock private AccessDecisionManager accessDecisionManager; - private FilterSecurityInterceptor fsi; + private FilterSecurityInterceptor authorizationInterceptor; @BeforeEach public void setUp() { AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous"); - this.fsi = new FilterSecurityInterceptor(); - this.fsi.setAccessDecisionManager(this.accessDecisionManager); - this.fsi.setSecurityMetadataSource(this.metadataSource); + this.authorizationInterceptor = new FilterSecurityInterceptor(); + this.authorizationInterceptor.setAccessDecisionManager(this.accessDecisionManager); + this.authorizationInterceptor.setSecurityMetadataSource(this.metadataSource); AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login"); ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint); DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf, - this.fsi); - this.fcp = new FilterChainProxy(securityChain); + this.authorizationInterceptor); + this.chain = new FilterChainProxy(securityChain); this.validator = new DefaultFilterChainValidator(); ReflectionTestUtils.setField(this.validator, "logger", this.logger); } @@ -88,7 +88,7 @@ public class DefaultFilterChainValidatorTests { IllegalArgumentException toBeThrown = new IllegalArgumentException("failed to eval expression"); willThrow(toBeThrown).given(this.accessDecisionManager).decide(any(Authentication.class), anyObject(), any(Collection.class)); - this.validator.validate(this.fcp); + this.validator.validate(this.chain); verify(this.logger).info( "Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.", toBeThrown); @@ -99,8 +99,8 @@ public class DefaultFilterChainValidatorTests { public void validateCustomMetadataSource() { FilterInvocationSecurityMetadataSource customMetaDataSource = mock( FilterInvocationSecurityMetadataSource.class); - this.fsi.setSecurityMetadataSource(customMetaDataSource); - this.validator.validate(this.fcp); + this.authorizationInterceptor.setSecurityMetadataSource(customMetaDataSource); + this.validator.validate(this.chain); verify(customMetaDataSource).getAttributes(any()); }