SEC-2139: named-security-filter are all defined and ordered correctly

2025-06-23 04:22:17 +00:00 · 2013-08-23 14:55:50 -05:00 · 2013-08-23 14:55:50 -05:00 · f9fd448d88
commit f9fd448d88
parent 7bf6046408
3 changed files with 26 additions and 6 deletions
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.rnc
@ -739,4 +739,4 @@ position =
    ## The explicit position at which the custom-filter should be placed in the chain. Use if you are replacing a standard filter.
    attribute position {named-security-filter}

-named-security-filter = "FIRST" | "CHANNEL_FILTER" | "CONCURRENT_SESSION_FILTER" | "SECURITY_CONTEXT_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" |"BASIC_AUTH_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "SESSION_MANAGEMENT_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
+named-security-filter = "FIRST" | "CHANNEL_FILTER" | "SECURITY_CONTEXT_FILTER" | "CONCURRENT_SESSION_FILTER" | "LOGOUT_FILTER" | "X509_FILTER" | "PRE_AUTH_FILTER" | "CAS_FILTER" | "FORM_LOGIN_FILTER" | "OPENID_FILTER" | "LOGIN_PAGE_FILTER" | "DIGEST_AUTH_FILTER" |"BASIC_AUTH_FILTER" | "REQUEST_CACHE_FILTER" | "SERVLET_API_SUPPORT_FILTER" | "JAAS_API_SUPPORT_FILTER" | "REMEMBER_ME_FILTER" | "ANONYMOUS_FILTER" | "SESSION_MANAGEMENT_FILTER" | "EXCEPTION_TRANSLATION_FILTER" | "FILTER_SECURITY_INTERCEPTOR" | "SWITCH_USER_FILTER" | "LAST"
--- a/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-3.1.xsd
@ -1632,20 +1632,24 @@
    <xs:restriction base="xs:token">
      <xs:enumeration value="FIRST"/>
      <xs:enumeration value="CHANNEL_FILTER"/>
-      <xs:enumeration value="CONCURRENT_SESSION_FILTER"/>
      <xs:enumeration value="SECURITY_CONTEXT_FILTER"/>
+      <xs:enumeration value="CONCURRENT_SESSION_FILTER"/>
      <xs:enumeration value="LOGOUT_FILTER"/>
      <xs:enumeration value="X509_FILTER"/>
      <xs:enumeration value="PRE_AUTH_FILTER"/>
      <xs:enumeration value="CAS_FILTER"/>
      <xs:enumeration value="FORM_LOGIN_FILTER"/>
      <xs:enumeration value="OPENID_FILTER"/>
+      <xs:enumeration value="LOGIN_PAGE_FILTER"/>
+      <xs:enumeration value="DIGEST_AUTH_FILTER"/>
      <xs:enumeration value="BASIC_AUTH_FILTER"/>
+      <xs:enumeration value="REQUEST_CACHE_FILTER"/>
      <xs:enumeration value="SERVLET_API_SUPPORT_FILTER"/>
+      <xs:enumeration value="JAAS_API_SUPPORT_FILTER"/>
      <xs:enumeration value="REMEMBER_ME_FILTER"/>
      <xs:enumeration value="ANONYMOUS_FILTER"/>
-      <xs:enumeration value="EXCEPTION_TRANSLATION_FILTER"/>
      <xs:enumeration value="SESSION_MANAGEMENT_FILTER"/>
+      <xs:enumeration value="EXCEPTION_TRANSLATION_FILTER"/>
      <xs:enumeration value="FILTER_SECURITY_INTERCEPTOR"/>
      <xs:enumeration value="SWITCH_USER_FILTER"/>
      <xs:enumeration value="LAST"/>
--- a/config/src/test/groovy/org/springframework/security/config/doc/XsdDocumentedTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/doc/XsdDocumentedTests.groovy
@ -15,7 +15,10 @@
 */
 package org.springframework.security.config.doc

-import groovy.util.slurpersupport.NodeChild;
+import groovy.util.slurpersupport.NodeChild
+
+import org.springframework.security.config.http.SecurityFilters
+
 import spock.lang.*

 /**
@ -31,10 +34,11 @@ class XsdDocumentedTests extends Specification {

    @Shared File schemaDocument = new File('src/main/resources/org/springframework/security/config/spring-security-3.1.xsd')
    @Shared Map<String,Element> elementNameToElement
+    @Shared schemaRootElement

    def setupSpec() {
-        def rootElement = new XmlSlurper().parse(schemaDocument)
-        elementNameToElement = new SpringSecurityXsdParser(rootElement: rootElement).parse()
+        schemaRootElement = new XmlSlurper().parse(schemaDocument)
+        elementNameToElement = new SpringSecurityXsdParser(rootElement: schemaRootElement).parse()
        appendixRoot.getMetaClass().sections = {
            delegate.breadthFirst().inject([]) {result, c->
                if(c.name() == 'section' && c.@id) {
@ -55,6 +59,18 @@ class XsdDocumentedTests extends Specification {
        }
    }

+    def 'SEC-2139: named-security-filter are all defined and ordered properly'() {
+        setup:
+            def expectedFilters = (EnumSet.allOf(SecurityFilters) as List).sort { it.order }
+        when:
+            def nsf = schemaRootElement.simpleType.find { it.@name == 'named-security-filter' }
+            def nsfValues = nsf.children().children().collect { c ->
+                Enum.valueOf(SecurityFilters, c.@value.toString())
+            }
+        then:
+            expectedFilters == nsfValues
+    }
+
    /**
     * This will check to ensure that the expected number of xsd documents are found to ensure that we are validating
     * against the current xsd document. If this test fails, all that is needed is to update the schemaDocument