首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

HttpSessionOAuth2AuthorizationRequestRepository removes empty Map from session

Fixes gh-5263
Joe Grandja 7 年之前
父节点
49b63e260d
当前提交
4cc5705ae5
共有 2 个文件被更改,包括 27 次插入1 次删除
分列视图 显示文件统计
  1. 5 1
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
  2. 22 0
      oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java

+ 5 - 1
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepository.java
查看文件 

@@ -77,7 +77,11 @@ public final class HttpSessionOAuth2AuthorizationRequestRepository implements Au
 
 		}
 
 		Map<String, OAuth2AuthorizationRequest> authorizationRequests = this.getAuthorizationRequests(request);
 
 		OAuth2AuthorizationRequest originalRequest = authorizationRequests.remove(stateParameter);
 
-		request.getSession().setAttribute(this.sessionAttributeName, authorizationRequests);
 
+		if (!authorizationRequests.isEmpty()) {
 
+			request.getSession().setAttribute(this.sessionAttributeName, authorizationRequests);
 
+		} else {
 
+			request.getSession().removeAttribute(this.sessionAttributeName);
 
+		}
 
 		return originalRequest;
 
 	}

+ 22 - 0
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/HttpSessionOAuth2AuthorizationRequestRepositoryTests.java
查看文件 

@@ -242,6 +242,28 @@ public class HttpSessionOAuth2AuthorizationRequestRepositoryTests {
 
 		assertThat(loadedAuthorizationRequest).isNull();
 
 	}
 
 
+	// gh-5263
 
+	@Test
 
+	public void removeAuthorizationRequestWhenSavedThenRemovedFromSession() {
 
+		MockHttpServletRequest request = new MockHttpServletRequest();
 
+		MockHttpServletResponse response = new MockHttpServletResponse();
 
+
 
+		OAuth2AuthorizationRequest authorizationRequest = createAuthorizationRequest().build();
 
+
 
+		this.authorizationRequestRepository.saveAuthorizationRequest(
 
+				authorizationRequest, request, response);
 
+
 
+		request.addParameter(OAuth2ParameterNames.STATE, authorizationRequest.getState());
 
+		OAuth2AuthorizationRequest removedAuthorizationRequest =
 
+				this.authorizationRequestRepository.removeAuthorizationRequest(request);
 
+
 
+		String sessionAttributeName = HttpSessionOAuth2AuthorizationRequestRepository.class.getName() +
 
+				".AUTHORIZATION_REQUEST";
 
+
 
+		assertThat(removedAuthorizationRequest).isNotNull();
 
+		assertThat(request.getSession().getAttribute(sessionAttributeName)).isNull();
 
+	}
 
+
 
 	@Test
 
 	public void removeAuthorizationRequestWhenNotSavedThenNotRemoved() {
 
 		MockHttpServletRequest request = new MockHttpServletRequest();