Home Esplora Aiuto
Registrati Accedi
github
/
spring-security
mirror da https://github.com/spring-projects/spring-security
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

AntRegexRequestMatcher Optimization

Closes gh-11234
Rob Winch 3 anni fa
parent
9059fb3fc7
commit
7f121e82f4
2 ha cambiato i file con 23 aggiunte e 8 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 7 8
      web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
  2. 16 0
      web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java

+ 7 - 8
web/src/main/java/org/springframework/security/web/util/matcher/RegexRequestMatcher.java
Vedi File 

@@ -40,8 +40,13 @@ import org.springframework.util.StringUtils;
 
  * @since 3.1
 
  */
 
 public final class RegexRequestMatcher implements RequestMatcher {
 
+
 
 	private final static Log logger = LogFactory.getLog(RegexRequestMatcher.class);
 
 
+	private static final int DEFAULT = Pattern.DOTALL;
 
+
 
+	private static final int CASE_INSENSITIVE = DEFAULT | Pattern.CASE_INSENSITIVE;
 
+
 
 	private final Pattern pattern;
 
 	private final HttpMethod httpMethod;
 
 
@@ -64,14 +69,8 @@ public final class RegexRequestMatcher implements RequestMatcher {
 
 	 * {@link Pattern#CASE_INSENSITIVE} flag set.
 
 	 */
 
 	public RegexRequestMatcher(String pattern, String httpMethod, boolean caseInsensitive) {
 
-		if (caseInsensitive) {
 
-			this.pattern = Pattern.compile(pattern, Pattern.CASE_INSENSITIVE);
 
-		}
 
-		else {
 
-			this.pattern = Pattern.compile(pattern);
 
-		}
 
-		this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod
 
-				.valueOf(httpMethod) : null;
 
+		this.pattern = Pattern.compile(pattern, caseInsensitive ? CASE_INSENSITIVE : DEFAULT);
 
+		this.httpMethod = StringUtils.hasText(httpMethod) ? HttpMethod.valueOf(httpMethod) : null;
 
 	}
 
 
 	/**

+ 16 - 0
web/src/test/java/org/springframework/security/web/util/matcher/RegexRequestMatcherTests.java
Vedi File 

@@ -108,6 +108,22 @@ public class RegexRequestMatcherTests {
 
 		assertThat(matcher.matches(request)).isFalse();
 
 	}
 
 
+	@Test
 
+	public void matchesWithCarriageReturn() {
 
+		RegexRequestMatcher matcher = new RegexRequestMatcher(".*", null);
 
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/blah%0a");
 
+		request.setServletPath("/blah\n");
 
+		assertThat(matcher.matches(request)).isTrue();
 
+	}
 
+
 
+	@Test
 
+	public void matchesWithLineFeed() {
 
+		RegexRequestMatcher matcher = new RegexRequestMatcher(".*", null);
 
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", "/blah%0d");
 
+		request.setServletPath("/blah\r");
 
+		assertThat(matcher.matches(request)).isTrue();
 
+	}
 
+
 
 	@Test
 
 	public void toStringThenFormatted() {
 
 		RegexRequestMatcher matcher = new RegexRequestMatcher("/blah", "GET");