Initially PathPatternRequestMatcher was designed to match relative
to the servlet path. However, this was changed to be relative to
the context path. This commit updates the documentation and removes
references to the servlet path other than in the context of setting
a basePath to remove boilerplate.
Issue gh-16430
This commit changes the config module to use
PathPatternRequestMatcher in favor of
MvcRequestMatcher and AntPathRequestMatcher.
This allows removing several HandlerMappingIntrospector
support classes as well which were in place to
support MvcRequestMatcher.
Issue gh-16886
Issue gh-16887
Update toString() method in DefaultRequiresCsrfMatcher to better reflect its logic during trace-level logging.
Closes gh-17250
Signed-off-by: Deep Dhamala <dhamaladeep2@gmail.com>
This simplifies the logic when extracting the principal and allows
more flexibility in the future by allowing the format and regex to be
added as setters.
Clarify misleading SecurityContextRepository setter documentation.
Note that AbstractPreAuthenticatedProcessingFilter saves the
SecurityContext upon successful authentication, and this behavior
can be customized via the setSecurityContextRepository setter.
Closes gh-14137
Signed-off-by: Mark Putsiata <m.putsiata@gmail.com>
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler
Improves debugging capabilities without changing functionality.
Closes gh-13626
Signed-off-by: yybmion <yunyubin54@gmail.com>
Add trace-level logging to show the logical path of CSRF token processing
- Log token source (header or parameter) in resolveCsrfTokenValue
- Log request attribute names in handle methods
- Log failures in XorCsrfTokenRequestAttributeHandler (especially Base64 decoding)
- Add similar logging to XorServerCsrfTokenRequestAttributeHandler
Improves debugging capabilities without changing functionality.
Closes gh-13626
Signed-off-by: yybmion <yunyubin54@gmail.com>
The test should not provide SavedCookie.class to the ObjectMapper
since this is not done in production. In particular, it provides the
type that it should be deserialized, but this must be provided in the
JSON since the type is unknown at the time of deserialization.
Issue gh-17006
