Add XML support for shouldFilterAllDispatcherTypes
Closes gh-11492
This commit is contained in:
Marcus Da Coregio
Marcus Hert Da Coregio
parent
8a5aed2983
commit
f3321c256c
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2016 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -60,6 +60,8 @@ class AuthorizationFilterParser implements BeanDefinitionParser {
|
|||
|
||||
private static final String ATT_SERVLET_PATH = "servlet-path";
|
||||
|
||||
private static final String ATT_FILTER_ALL_DISPATCHER_TYPES = "filter-all-dispatcher-types";
|
||||
|
||||
private String authorizationManagerRef;
|
||||
|
||||
private final BeanMetadataElement securityContextHolderStrategy;
|
||||
|
|
@ -83,7 +85,11 @@ class AuthorizationFilterParser implements BeanDefinitionParser {
|
|||
this.authorizationManagerRef = createAuthorizationManager(element, parserContext);
|
||||
BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder.rootBeanDefinition(AuthorizationFilter.class);
|
||||
filterBuilder.getRawBeanDefinition().setSource(parserContext.extractSource(element));
|
||||
BeanDefinition filter = filterBuilder.addConstructorArgReference(this.authorizationManagerRef)
|
||||
filterBuilder.addConstructorArgReference(this.authorizationManagerRef);
|
||||
if ("true".equals(element.getAttribute(ATT_FILTER_ALL_DISPATCHER_TYPES))) {
|
||||
filterBuilder.addPropertyValue("shouldFilterAllDispatcherTypes", Boolean.TRUE);
|
||||
}
|
||||
BeanDefinition filter = filterBuilder
|
||||
.addPropertyValue("securityContextHolderStrategy", this.securityContextHolderStrategy)
|
||||
.getBeanDefinition();
|
||||
String id = element.getAttribute(AbstractBeanDefinitionParser.ID_ATTRIBUTE);
|
||||
|
|
|
|||
|
|
@ -385,6 +385,9 @@ http.attlist &=
|
|||
http.attlist &=
|
||||
## Corresponds to the observeOncePerRequest property of FilterSecurityInterceptor. Defaults to "true"
|
||||
attribute once-per-request {xsd:boolean}?
|
||||
http.attlist &=
|
||||
## Corresponds to the shouldFilterAllDispatcherTypes property of AuthorizationFilter. Only works when use-authorization-manager=true. Defauls to "false".
|
||||
attribute filter-all-dispatcher-types {xsd:boolean}?
|
||||
http.attlist &=
|
||||
## Prevents the jsessionid parameter from being added to rendered URLs. Defaults to "true" (rewriting is disabled).
|
||||
attribute disable-url-rewriting {xsd:boolean}?
|
||||
|
|
|
|||
|
|
@ -1385,6 +1385,13 @@
|
|||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="filter-all-dispatcher-types" type="xs:boolean">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Corresponds to the shouldFilterAllDispatcherTypes property of AuthorizationFilter. Only
|
||||
works when use-authorization-manager=true. Defauls to "false".
|
||||
</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="disable-url-rewriting" type="xs:boolean">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Prevents the jsessionid parameter from being added to rendered URLs. Defaults to "true"
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
|
@ -19,6 +19,7 @@ package org.springframework.security.config.http;
|
|||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.DispatcherType;
|
||||
import javax.servlet.ServletRegistration;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
|
@ -33,10 +34,12 @@ import org.springframework.security.config.test.SpringTestContext;
|
|||
import org.springframework.security.config.test.SpringTestContextExtension;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.request.RequestPostProcessor;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.context.ConfigurableWebApplicationContext;
|
||||
import org.springframework.web.util.WebUtils;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
|
|
@ -373,6 +376,29 @@ public class InterceptUrlConfigTests {
|
|||
.configLocations(this.xml("DefaultMatcherServletPathAuthorizationManager")).autowire());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenUsingFilterAllDispatcherTypesAndAuthorizationManagerThenAuthorizesRequestsAccordingly()
|
||||
throws Exception {
|
||||
this.spring.configLocations(this.xml("AuthorizationManagerFilterAllDispatcherTypes")).autowire();
|
||||
// @formatter:off
|
||||
this.mvc.perform(get("/path").with(userCredentials()))
|
||||
.andExpect(status().isOk());
|
||||
this.mvc.perform(get("/path").with(adminCredentials()))
|
||||
.andExpect(status().isForbidden());
|
||||
this.mvc.perform(get("/error").with((request) -> {
|
||||
request.setAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE, "/error");
|
||||
request.setDispatcherType(DispatcherType.ERROR);
|
||||
return request;
|
||||
})).andExpect(status().isOk());
|
||||
this.mvc.perform(get("/path").with((request) -> {
|
||||
request.setAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE, "/path");
|
||||
request.setDispatcherType(DispatcherType.ERROR);
|
||||
return request;
|
||||
})).andExpect(status().isUnauthorized());
|
||||
// @formatter:on
|
||||
assertThat(this.spring.getContext().getBean(AuthorizationManager.class)).isNotNull();
|
||||
}
|
||||
|
||||
private static RequestPostProcessor adminCredentials() {
|
||||
return httpBasic("admin", "password");
|
||||
}
|
||||
|
|
@ -410,6 +436,16 @@ public class InterceptUrlConfigTests {
|
|||
|
||||
}
|
||||
|
||||
@RestController
|
||||
static class ErrorController {
|
||||
|
||||
@GetMapping("/error")
|
||||
String error() {
|
||||
return "error";
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public static class Id {
|
||||
|
||||
public boolean isOne(int i) {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,55 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ https://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
https://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true" use-authorization-manager="true" filter-all-dispatcher-types="true">
|
||||
<intercept-url request-matcher-ref="pathErrorRequestMatcher" access="permitAll()" />
|
||||
<intercept-url request-matcher-ref="errorRequestMatcher" access="authenticated" />
|
||||
<intercept-url pattern="/**" access="hasRole('USER')"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<b:bean name="path" class="org.springframework.security.config.http.InterceptUrlConfigTests.PathController"/>
|
||||
<b:bean name="error" class="org.springframework.security.config.http.InterceptUrlConfigTests.ErrorController"/>
|
||||
|
||||
<b:bean name="errorRequestMatcher" class="org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher">
|
||||
<b:constructor-arg value="ERROR"/>
|
||||
</b:bean>
|
||||
|
||||
<b:bean name="errorPathRequestMatcher" class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
|
||||
<b:constructor-arg value="/error"/>
|
||||
</b:bean>
|
||||
|
||||
<b:bean name="pathErrorRequestMatcher" class="org.springframework.security.web.util.matcher.AndRequestMatcher">
|
||||
<b:constructor-arg>
|
||||
<b:list>
|
||||
<b:ref bean="errorRequestMatcher"/>
|
||||
<b:ref bean="errorPathRequestMatcher"/>
|
||||
</b:list>
|
||||
</b:constructor-arg>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -97,6 +97,12 @@ Corresponds to the `observeOncePerRequest` property of `FilterSecurityIntercepto
|
|||
Defaults to `true`.
|
||||
|
||||
|
||||
[[nsa-http-filter-all-dispatcher-types]]
|
||||
* **filter-all-dispatcher-types**
|
||||
Corresponds to the `shouldFilterAllDispatcherTypes` property of the `AuthorizationFilter`. Only works when `use-authorization-manager=true`.
|
||||
Defaults to `false`.
|
||||
|
||||
|
||||
[[nsa-http-pattern]]
|
||||
* **pattern**
|
||||
Defining a pattern for the <<nsa-http,http>> element controls the requests which will be filtered through the list of filters which it defines.
|
||||
|
|
|
|||
Loading…
Reference in New Issue