Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

SEC-1404: Use a factory method to convert the path to lower case for use in the filter-chain map.

Delays the conversion till after palceholders have been substituted, preventing the placeholder from being converted (or the value not being converted).
Luke Taylor 15 years ago
parent
d2413cf237
commit
2173029216
2 changed files with 19 additions and 23 deletions
Split View Show Diff Stats
  1. 14 13
      config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
  2. 5 10
      config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java

+ 14 - 13
config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
View File 

@@ -83,8 +83,7 @@ class HttpConfigurationBuilder {
 
     private final List<Element> interceptUrls;
 
 
     // Use ManagedMap to allow placeholder resolution
 
-    private List<String> emptyFilterChainPaths;
 
-    private ManagedMap<String, List<BeanMetadataElement>> filterChainMap;
 
+    private ManagedMap<BeanDefinition, List<BeanMetadataElement>> filterChainMap;
 
 
     private BeanDefinition cpf;
 
     private BeanDefinition securityContextPersistenceFilter;
 
@@ -97,7 +96,6 @@ class HttpConfigurationBuilder {
 
     private String portMapperName;
 
     private BeanReference fsi;
 
 
-
 
     public HttpConfigurationBuilder(Element element, ParserContext pc, UrlMatcher matcher, String portMapperName) {
 
         this.httpElt = element;
 
         this.pc = pc;
 
@@ -111,8 +109,7 @@ class HttpConfigurationBuilder {
 
     }
 
 
     void parseInterceptUrlsForEmptyFilterChains() {
 
-        emptyFilterChainPaths = new ArrayList<String>();
 
-        filterChainMap = new ManagedMap<String, List<BeanMetadataElement>>();
 
+        filterChainMap = new ManagedMap<BeanDefinition, List<BeanMetadataElement>>();
 
 
         for (Element urlElt : interceptUrls) {
 
             String path = urlElt.getAttribute(ATT_PATH_PATTERN);
 
@@ -121,9 +118,10 @@ class HttpConfigurationBuilder {
 
                 pc.getReaderContext().error("path attribute cannot be empty or null", urlElt);
 
             }
 
 
-            if (convertPathsToLowerCase) {
 
-                path = path.toLowerCase();
 
-            }
 
+            BeanDefinitionBuilder pathBean = BeanDefinitionBuilder.rootBeanDefinition(HttpConfigurationBuilder.class);
 
+            pathBean.setFactoryMethod("createPath");
 
+            pathBean.addConstructorArgValue(path);
 
+            pathBean.addConstructorArgValue(convertPathsToLowerCase);
 
 
             String filters = urlElt.getAttribute(ATT_FILTERS);
 
 
@@ -133,14 +131,17 @@ class HttpConfigurationBuilder {
 
                             "filters attribute", urlElt);
 
                 }
 
 
-                emptyFilterChainPaths.add(path);
 
-
 
                 List<BeanMetadataElement> noFilters = Collections.emptyList();
 
-                filterChainMap.put(path, noFilters);
 
+                filterChainMap.put(pathBean.getBeanDefinition(), noFilters);
 
             }
 
         }
 
     }
 
 
+    // Needed to account for placeholders
 
+    static String createPath(String path, boolean lowerCase) {
 
+        return lowerCase ? path.toLowerCase() : path;
 
+    }
 
+
 
     void createSecurityContextPersistenceFilter() {
 
         BeanDefinitionBuilder scpf = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextPersistenceFilter.class);
 
 
@@ -463,8 +464,8 @@ class HttpConfigurationBuilder {
 
         return allowSessionCreation;
 
     }
 
 
-    List<String> getEmptyFilterChainPaths() {
 
-        return emptyFilterChainPaths;
 
+    public ManagedMap<BeanDefinition, List<BeanMetadataElement>> getFilterChainMap() {
 
+        return filterChainMap;
 
     }
 
 
     List<OrderDecorator> getFilters() {

+ 5 - 10
config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
View File 

@@ -135,18 +135,13 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
             filterChain.add(od.bean);
 
         }
 
 
-        ManagedMap<String, List<BeanMetadataElement>> filterChainMap = new ManagedMap<String, List<BeanMetadataElement>>();
 
-
 
-        for (String path : httpBldr.getEmptyFilterChainPaths()) {
 
-            filterChainMap.put(path, NO_FILTERS);
 
-        }
 
-
 
-        filterChainMap.put(matcher.getUniversalMatchPattern(), filterChain);
 
+        ManagedMap<BeanDefinition, List<BeanMetadataElement>> filterChainMap = httpBldr.getFilterChainMap();
 
+        BeanDefinition universalMatch = new RootBeanDefinition(String.class);
 
+        universalMatch.getConstructorArgumentValues().addGenericArgumentValue(matcher.getUniversalMatchPattern());
 
+        filterChainMap.put(universalMatch, filterChain);
 
 
         registerFilterChainProxy(pc, filterChainMap, matcher, source);
 
 
-
 
-
 
         pc.popAndRegisterContainingComponent();
 
         return null;
 
     }
 
@@ -252,7 +247,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
         return customFilters;
 
     }
 
 
-    private void registerFilterChainProxy(ParserContext pc, Map<String, List<BeanMetadataElement>> filterChainMap, UrlMatcher matcher, Object source) {
 
+    private void registerFilterChainProxy(ParserContext pc, Map<BeanDefinition, List<BeanMetadataElement>> filterChainMap, UrlMatcher matcher, Object source) {
 
         if (pc.getRegistry().containsBeanDefinition(BeanIds.FILTER_CHAIN_PROXY)) {
 
             pc.getReaderContext().error("Duplicate <http> element detected", source);
 
         }