15 éve · 45674a16ea
--- a/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java
@@ -396,6 +396,11 @@ class HttpConfigurationBuilder {
 
				                 BeanDefinition requestKey = new RootBeanDefinition(RequestKey.class);
			
 
				                 requestKey.getConstructorArgumentValues().addGenericArgumentValue(path);
			
 
				 
			
 
				+                String method = urlElt.getAttribute(ATT_HTTP_METHOD);
			
 
				+                if(StringUtils.hasText(method)) {
			
 
				+                    requestKey.getConstructorArgumentValues().addGenericArgumentValue(method);
			
 
				+                }
			
 
				+
			
 
				                 RootBeanDefinition channelAttributes = new RootBeanDefinition(ChannelAttributeFactory.class);
			
 
				                 channelAttributes.getConstructorArgumentValues().addGenericArgumentValue(requiredChannel);
			
 
				                 channelAttributes.setFactoryMethodName("createChannelAttributes");
			
--- a/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParser.java
@@ -56,6 +56,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser {
 
				     static final String OPT_FILTERS_NONE = "none";
			
 
				 
			
 
				     static final String ATT_REQUIRES_CHANNEL = "requires-channel";
			
 
				+    static final String ATT_HTTP_METHOD = "method";
			
 
				 
			
 
				     private static final String ATT_LOWERCASE_COMPARISONS = "lowercase-comparisons";
			
 
				 
			
--- a/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java
@@ -85,6 +85,7 @@ import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
 
				 import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
			
 
				 import org.springframework.security.web.session.ConcurrentSessionFilter;
			
 
				 import org.springframework.security.web.session.SessionManagementFilter;
			
 
				+import org.springframework.test.util.ReflectionTestUtils;
			
 
				 import org.springframework.util.ReflectionUtils;
			
 
				 
			
 
				 /**
			
@@ -407,6 +408,23 @@ public class HttpSecurityBeanDefinitionParserTests {
 
				         assertTrue(attrs.contains(new SecurityConfig("ROLE_B")));
			
 
				     }
			
 
				 
			
 
				+
			
 
				+    @Test
			
 
				+    public void httpMethodMatchIsSupportedForRequiresChannel() throws Exception {
			
 
				+        setContext(
			
 
				+                 "    <http auto-config='true'>" +
			
 
				+                 "        <intercept-url pattern='/anyurl'/>" +
			
 
				+                 "        <intercept-url pattern='/anyurl' method='GET' access='ROLE_ADMIN' requires-channel='https' />" +
			
 
				+                 "    </http>" + AUTH_PROVIDER_XML);
			
 
				+
			
 
				+        ChannelProcessingFilter filter = getFilter(ChannelProcessingFilter.class);
			
 
				+        FilterInvocationSecurityMetadataSource fids = (FilterInvocationSecurityMetadataSource)FieldUtils.getFieldValue(filter,"securityMetadataSource");
			
 
				+        Collection<ConfigAttribute> attrs = fids.getAttributes(createFilterinvocation("/anyurl", "GET"));
			
 
				+         assertEquals(1, attrs.size());
			
 
				+        attrs = fids.getAttributes(createFilterinvocation("/anyurl", "POST"));
			
 
				+         assertEquals(null, attrs);
			
 
				+    }
			
 
				+
			
 
				     @Test
			
 
				     public void oncePerRequestAttributeIsSupported() throws Exception {
			
 
				         setContext("<http once-per-request='false'><http-basic /></http>" + AUTH_PROVIDER_XML);