Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
github
/
spring-security
-ын хуулбар https://github.com/spring-projects/spring-security
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

WebFlux now uses ParsingPathMatcher

Fixes gh-4388
Rob Winch 8 жил өмнө
parent
554768f1e4
commit
337317a060
7 өөрчлөгдсөн 35 нэмэгдсэн , 37 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 6 10
      config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
  2. 6 6
      config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java
  3. 2 2
      samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java
  4. 2 2
      samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java
  5. 4 2
      webflux/src/main/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcher.java
  6. 3 3
      webflux/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
  7. 12 12
      webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java

+ 6 - 10
config/src/main/java/org/springframework/security/config/web/server/AbstractServerWebExchangeMatcherRegistry.java
Файл харах 

@@ -20,10 +20,6 @@ import org.springframework.security.web.server.util.matcher.OrServerWebExchangeM
 
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
 
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
 
 
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.*;
 
-
 
-import java.util.ArrayList;
 
-import java.util.Arrays;
 
 import java.util.List;
 
 
 
@@ -52,8 +48,8 @@ abstract class AbstractServerWebExchangeMatcherRegistry<T> {
 
 	 *
 
 	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
 
 	 */
 
-	public T antMatchers(HttpMethod method) {
 
-		return antMatchers(method, new String[] { "/**" });
 
+	public T pathMatchers(HttpMethod method) {
 
+		return pathMatchers(method, new String[] { "/**" });
 
 	}
 
 
 	/**
 
@@ -68,8 +64,8 @@ abstract class AbstractServerWebExchangeMatcherRegistry<T> {
 
 	 *
 
 	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
 
 	 */
 
-	public T antMatchers(HttpMethod method, String... antPatterns) {
 
-		return matcher(ServerWebExchangeMatchers.antMatchers(method, antPatterns));
 
+	public T pathMatchers(HttpMethod method, String... antPatterns) {
 
+		return matcher(ServerWebExchangeMatchers.pathMatchers(method, antPatterns));
 
 	}
 
 
 	/**
 
@@ -82,8 +78,8 @@ abstract class AbstractServerWebExchangeMatcherRegistry<T> {
 
 	 *
 
 	 * @return the object that is chained after creating the {@link ServerWebExchangeMatcher}
 
 	 */
 
-	public T antMatchers(String... antPatterns) {
 
-		return matcher(ServerWebExchangeMatchers.antMatchers(antPatterns));
 
+	public T pathMatchers(String... antPatterns) {
 
+		return matcher(ServerWebExchangeMatchers.pathMatchers(antPatterns));
 
 	}
 
 
 	/**

+ 6 - 6
config/src/test/java/org/springframework/security/config/web/server/AuthorizeExchangeBuilderTests.java
Файл харах 

@@ -33,7 +33,7 @@ public class AuthorizeExchangeBuilderTests {
 
 
 	@Test
 
 	public void antMatchersWhenMethodAndPatternsThenDiscriminatesByMethod() {
 
-		authorization.antMatchers(HttpMethod.POST, "/a", "/b").denyAll();
 
+		authorization.pathMatchers(HttpMethod.POST, "/a", "/b").denyAll();
 
 		authorization.anyExchange().permitAll();
 
 
 		WebTestClient client = buildClient();
 
@@ -62,7 +62,7 @@ public class AuthorizeExchangeBuilderTests {
 
 
 	@Test
 
 	public void antMatchersWhenPatternsThenAnyMethod() {
 
-		authorization.antMatchers("/a", "/b").denyAll();
 
+		authorization.pathMatchers("/a", "/b").denyAll();
 
 		authorization.anyExchange().permitAll();
 
 
 		WebTestClient client = buildClient();
 
@@ -90,19 +90,19 @@ public class AuthorizeExchangeBuilderTests {
 
 
 	@Test(expected = IllegalStateException.class)
 
 	public void antMatchersWhenNoAccessAndAnotherMatcherThenThrowsException() {
 
-		authorization.antMatchers("/incomplete");
 
-		authorization.antMatchers("/throws-exception");
 
+		authorization.pathMatchers("/incomplete");
 
+		authorization.pathMatchers("/throws-exception");
 
 	}
 
 
 	@Test(expected = IllegalStateException.class)
 
 	public void anyExchangeWhenFollowedByMatcherThenThrowsException() {
 
 		authorization.anyExchange().denyAll();
 
-		authorization.antMatchers("/never-reached");
 
+		authorization.pathMatchers("/never-reached");
 
 	}
 
 
 	@Test(expected = IllegalStateException.class)
 
 	public void buildWhenMatcherDefinedWithNoAccessThenThrowsException() {
 
-		authorization.antMatchers("/incomplete");
 
+		authorization.pathMatchers("/incomplete");
 
 		authorization.build();
 
 	}

+ 2 - 2
samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java
Файл харах 

@@ -40,8 +40,8 @@ public class SecurityConfig {
 
 	@Bean
 
 	WebFilterChainFilter springSecurityFilterChain(HttpSecurity http) throws Exception {
 
 		http.authorizeExchange()
 
-			.antMatchers("/admin/**").hasRole("ADMIN")
 
-			.antMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
 
+			.pathMatchers("/admin/**").hasRole("ADMIN")
 
+			.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
 
 			.anyExchange().authenticated();
 
 
 		return http.build();

+ 2 - 2
samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java
Файл харах 

@@ -40,8 +40,8 @@ public class SecurityConfig {
 
 	@Bean
 
 	WebFilterChainFilter springSecurityFilterChain(HttpSecurity http) throws Exception {
 
 		http.authorizeExchange()
 
-			.antMatchers("/admin/**").hasRole("ADMIN")
 
-			.antMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
 
+			.pathMatchers("/admin/**").hasRole("ADMIN")
 
+			.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
 
 			.anyExchange().authenticated();
 
 
 		return http.build();

+ 4 - 2
webflux/src/main/java/org/springframework/security/web/server/util/matcher/PathMatcherServerWebExchangeMatcher.java
Файл харах 

@@ -22,10 +22,10 @@ import java.util.Map;
 
 
 import org.springframework.http.HttpMethod;
 
 import org.springframework.http.server.reactive.ServerHttpRequest;
 
-import org.springframework.util.AntPathMatcher;
 
 import org.springframework.util.Assert;
 
 import org.springframework.util.PathMatcher;
 
 import org.springframework.web.server.ServerWebExchange;
 
+import org.springframework.web.util.pattern.ParsingPathMatcher;
 
 import reactor.core.publisher.Mono;
 
 
 /**
 
@@ -33,7 +33,9 @@ import reactor.core.publisher.Mono;
 
  * @since 5.0
 
  */
 
 public final class PathMatcherServerWebExchangeMatcher implements ServerWebExchangeMatcher {
 
-	private PathMatcher pathMatcher = new AntPathMatcher();
 
+	private static final PathMatcher DEFAULT_PATH_MATCHER = new ParsingPathMatcher();
 
+
 
+	private PathMatcher pathMatcher = DEFAULT_PATH_MATCHER;
 
 
 	private final String pattern;
 
 	private final HttpMethod method;

+ 3 - 3
webflux/src/main/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchers.java
Файл харах 

@@ -30,7 +30,7 @@ import java.util.List;
 
  */
 
 public abstract class ServerWebExchangeMatchers {
 
 
-	public static ServerWebExchangeMatcher antMatchers(HttpMethod method, String... patterns) {
 
+	public static ServerWebExchangeMatcher pathMatchers(HttpMethod method, String... patterns) {
 
 		List<ServerWebExchangeMatcher> matchers = new ArrayList<>(patterns.length);
 
 		for (String pattern : patterns) {
 
 			matchers.add(new PathMatcherServerWebExchangeMatcher(pattern, method));
 
@@ -38,8 +38,8 @@ public abstract class ServerWebExchangeMatchers {
 
 		return new OrServerWebExchangeMatcher(matchers);
 
 	}
 
 
-	public static ServerWebExchangeMatcher antMatchers(String... patterns) {
 
-		return antMatchers(null, patterns);
 
+	public static ServerWebExchangeMatcher pathMatchers(String... patterns) {
 
+		return pathMatchers(null, patterns);
 
 	}
 
 
 	public static ServerWebExchangeMatcher matchers(ServerWebExchangeMatcher... matchers) {

+ 12 - 12
webflux/src/test/java/org/springframework/security/web/server/util/matcher/ServerWebExchangeMatchersTests.java
Файл харах 

@@ -27,7 +27,7 @@ import static org.assertj.core.api.Assertions.*;
 
 import static org.mockito.Mockito.mock;
 
 import static org.mockito.Mockito.verify;
 
 import static org.mockito.Mockito.verifyZeroInteractions;
 
-import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.antMatchers;
 
+import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
 
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.anyExchange;
 
 
 /**
 
@@ -38,28 +38,28 @@ public class ServerWebExchangeMatchersTests {
 
 	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
 
 
 	@Test
 
-	public void antMatchersWhenSingleAndSamePatternThenMatches() throws Exception {
 
-		assertThat(antMatchers("/").matches(exchange).block().isMatch()).isTrue();
 
+	public void pathMatchersWhenSingleAndSamePatternThenMatches() throws Exception {
 
+		assertThat(pathMatchers("/").matches(exchange).block().isMatch()).isTrue();
 
 	}
 
 
 	@Test
 
-	public void antMatchersWhenSingleAndSamePatternAndMethodThenMatches() throws Exception {
 
-		assertThat(antMatchers(HttpMethod.GET, "/").matches(exchange).block().isMatch()).isTrue();
 
+	public void pathMatchersWhenSingleAndSamePatternAndMethodThenMatches() throws Exception {
 
+		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/").matches(exchange).block().isMatch()).isTrue();
 
 	}
 
 
 	@Test
 
-	public void antMatchersWhenSingleAndSamePatternAndDiffMethodThenDoesNotMatch() throws Exception {
 
-		assertThat(antMatchers(HttpMethod.POST, "/").matches(exchange).block().isMatch()).isFalse();
 
+	public void pathMatchersWhenSingleAndSamePatternAndDiffMethodThenDoesNotMatch() throws Exception {
 
+		assertThat(ServerWebExchangeMatchers.pathMatchers(HttpMethod.POST, "/").matches(exchange).block().isMatch()).isFalse();
 
 	}
 
 
 	@Test
 
-	public void antMatchersWhenSingleAndDifferentPatternThenDoesNotMatch() throws Exception {
 
-		assertThat(antMatchers("/foobar").matches(exchange).block().isMatch()).isFalse();
 
+	public void pathMatchersWhenSingleAndDifferentPatternThenDoesNotMatch() throws Exception {
 
+		assertThat(pathMatchers("/foobar").matches(exchange).block().isMatch()).isFalse();
 
 	}
 
 
 	@Test
 
-	public void antMatchersWhenMultiThenMatches() throws Exception {
 
-		assertThat(antMatchers("/foobar", "/").matches(exchange).block().isMatch()).isTrue();
 
+	public void pathMatchersWhenMultiThenMatches() throws Exception {
 
+		assertThat(pathMatchers("/foobar", "/").matches(exchange).block().isMatch()).isTrue();
 
 	}
 
 
 	@Test
 
@@ -74,7 +74,7 @@ public class ServerWebExchangeMatchersTests {
 
 	/**
 
 	 * If a LinkedMap is used and anyRequest equals anyRequest then the following is added:
 
 	 * anyRequest() -> authenticated()
 
-	 * antMatchers("/admin/**") -> hasRole("ADMIN")
 
+	 * pathMatchers("/admin/**") -> hasRole("ADMIN")
 
 	 * anyRequest() -> permitAll
 
 	 *
 
 	 * will result in the first entry being overridden