Головна сторінка Огляд Довідка
Реєстрація Увійти
github
/
spring-security
дзеркало https://github.com/spring-projects/spring-security
2
0
Відгалуження 0
Файли Проблеми 0 Wiki
Переглянути джерело

Improve CsrfBeanDefinitionParser xml parsing

1. CsrfBeanDefinitionParser registers requestDataValueProcessor
if not already registered
2. Created Tests in CsrfBeanDefinitionParserTests

Fixes: gh-6423
Ankur Pathak 6 роки тому
батько
ffe602fdbe
коміт
2e70d66063
3 змінених файлів з 80 додано та 5 видалено
Розділений вигляд Показати статистику Diff
  1. 8 5
      config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
  2. 41 0
      config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java
  3. 31 0
      config/src/test/resources/org/springframework/security/config/http/CsrfBeanDefinitionParserTests-RegisterDataValueProcessorOnyIfNotRegistered.xml

+ 8 - 5
config/src/main/java/org/springframework/security/config/http/CsrfBeanDefinitionParser.java
Переглянути файл 

@@ -45,6 +45,7 @@ import org.springframework.util.StringUtils;
 
  * Parser for the {@code CsrfFilter}.
 
  *
 
  * @author Rob Winch
 
+ * @author Ankur Pathak
 
  * @since 3.2
 
  */
 
 public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 
@@ -67,11 +68,13 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
 
 		boolean webmvcPresent = ClassUtils.isPresent(DISPATCHER_SERVLET_CLASS_NAME,
 
 				getClass().getClassLoader());
 
 		if (webmvcPresent) {
 
-			RootBeanDefinition beanDefinition = new RootBeanDefinition(
 
-					CsrfRequestDataValueProcessor.class);
 
-			BeanComponentDefinition componentDefinition = new BeanComponentDefinition(
 
-					beanDefinition, REQUEST_DATA_VALUE_PROCESSOR);
 
-			pc.registerBeanComponent(componentDefinition);
 
+			if (!pc.getRegistry().containsBeanDefinition(REQUEST_DATA_VALUE_PROCESSOR)) {
 
+				RootBeanDefinition beanDefinition = new RootBeanDefinition(
 
+						CsrfRequestDataValueProcessor.class);
 
+				BeanComponentDefinition componentDefinition = new BeanComponentDefinition(
 
+						beanDefinition, REQUEST_DATA_VALUE_PROCESSOR);
 
+				pc.registerBeanComponent(componentDefinition);
 
+			}
 
 		}
 
 
 		String matcherRef = null;

+ 41 - 0
config/src/test/java/org/springframework/security/config/http/CsrfBeanDefinitionParserTests.java
Переглянути файл 

@@ -0,0 +1,41 @@
 
+/*
 
+ * Copyright 2002-2018 the original author or authors.
 
+ *
 
+ * Licensed under the Apache License, Version 2.0 (the "License");
 
+ * you may not use this file except in compliance with the License.
 
+ * You may obtain a copy of the License at
 
+ *
 
+ *      http://www.apache.org/licenses/LICENSE-2.0
 
+ *
 
+ * Unless required by applicable law or agreed to in writing, software
 
+ * distributed under the License is distributed on an "AS IS" BASIS,
 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ * See the License for the specific language governing permissions and
 
+ * limitations under the License.
 
+ */
 
+package org.springframework.security.config.http;
 
+
 
+import org.junit.Test;
 
+
 
+import org.springframework.context.support.ClassPathXmlApplicationContext;
 
+
 
+/**
 
+ * @author Ankur Pathak
 
+ */
 
+public class CsrfBeanDefinitionParserTests {
 
+	private static final String CONFIG_LOCATION_PREFIX =
 
+			"classpath:org/springframework/security/config/http/CsrfBeanDefinitionParserTests";
 
+
 
+	@Test
 
+	public void registerDataValueProcessorOnlyIfNotRegistered() throws Exception {
 
+		try (ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext()) {
 
+			context.setAllowBeanDefinitionOverriding(false);
 
+			context.setConfigLocation(this.xml("RegisterDataValueProcessorOnyIfNotRegistered"));
 
+			context.refresh();
 
+		}
 
+	}
 
+
 
+	private String xml(String configName) {
 
+		return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
 
+	}
 
+}

+ 31 - 0
config/src/test/resources/org/springframework/security/config/http/CsrfBeanDefinitionParserTests-RegisterDataValueProcessorOnyIfNotRegistered.xml
Переглянути файл 

@@ -0,0 +1,31 @@
 
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 
+	   xmlns:context="http://www.springframework.org/schema/context"
 
+	   xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util"
 
+	   xmlns:security="http://www.springframework.org/schema/security"
 
+	   xsi:schemaLocation="
 
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
 
+http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
 
+http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
 
+http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
 
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
 
+">
 
+
 
+	<security:http pattern="/foo/**">
 
+		<security:intercept-url pattern="/**" access="hasRole('FOO')" />
 
+		<security:http-basic/>
 
+	</security:http>
 
+
 
+	<security:http pattern="/bar/**">
 
+		<security:intercept-url pattern="/**" access="hasRole('BAR')" />
 
+		<security:http-basic/>
 
+	</security:http>
 
+
 
+	<security:authentication-manager >
 
+		<security:authentication-provider>
 
+			<security:user-service>
 
+				<security:user name="gnu" password="{noop}gnat" authorities="ROLE_FOO" />
 
+			</security:user-service>
 
+		</security:authentication-provider>
 
+	</security:authentication-manager>
 
+
 
+</beans>