6 年之前 · 5aa50500cf
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2018 the original author or authors.
			
 
				+ * Copyright 2002-2019 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -66,6 +66,7 @@ import org.springframework.security.web.util.matcher.AndRequestMatcher;
 
				 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
			
 
				 import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
			
 
				 import org.springframework.security.web.util.matcher.OrRequestMatcher;
			
 
				+import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
			
 
				 import org.springframework.security.web.util.matcher.RequestMatcher;
			
 
				 import org.springframework.util.Assert;
			
 
				 import org.springframework.util.ClassUtils;
			
@@ -623,8 +624,11 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
				 		RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher(
			
 
				 				new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher);
			
 
				 
			
 
				+		RequestMatcher notXRequestedWith = new NegatedRequestMatcher(
			
 
				+				new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
			
 
				+
			
 
				 		LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
			
 
				-		entryPoints.put(new NegatedRequestMatcher(defaultLoginPageMatcher),
			
 
				+		entryPoints.put(new AndRequestMatcher(notXRequestedWith, new NegatedRequestMatcher(defaultLoginPageMatcher)),
			
 
				 				new LoginUrlAuthenticationEntryPoint(providerLoginPage));
			
 
				 
			
 
				 		DelegatingAuthenticationEntryPoint loginEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);
			
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java
@@ -374,6 +374,21 @@ public class OAuth2LoginConfigurerTests {
 
				 		assertThat(this.response.getRedirectedUrl()).matches("http://localhost/login");
			
 
				 	}
			
 
				 
			
 
				+	// gh-6812
			
 
				+	@Test
			
 
				+	public void oauth2LoginWithOneClientConfiguredAndRequestXHRNotAuthenticatedThenDoesNotRedirectForAuthorization() throws Exception {
			
 
				+		loadConfig(OAuth2LoginConfig.class);
			
 
				+
			
 
				+		String requestUri = "/";
			
 
				+		this.request = new MockHttpServletRequest("GET", requestUri);
			
 
				+		this.request.setServletPath(requestUri);
			
 
				+		this.request.addHeader("X-Requested-With", "XMLHttpRequest");
			
 
				+
			
 
				+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.filterChain);
			
 
				+
			
 
				+		assertThat(this.response.getRedirectedUrl()).doesNotMatch("http://localhost/oauth2/authorization/google");
			
 
				+	}
			
 
				+
			
 
				 	@Test
			
 
				 	public void oauth2LoginWithCustomLoginPageThenRedirectCustomLoginPage() throws Exception {
			
 
				 		loadConfig(OAuth2LoginConfigCustomLoginPage.class);