Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
github
/
spring-security
kopia lustrzana https://github.com/spring-projects/spring-security
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

SEC-2455: Fix XML default login generation

Rob Winch 11 lat temu
rodzic
8a3a7961cb
commit
85305050c0
3 zmienionych plików z 123 dodań i 0 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 7 0
      config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
  2. 7 0
      config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
  3. 109 0
      config/src/test/groovy/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.groovy

+ 7 - 0
config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
Wyświetl plik 

@@ -128,6 +128,9 @@ final class AuthenticationConfigBuilder {
 
     private final BeanReference portResolver;
 
     private final BeanMetadataElement csrfLogoutHandler;
 
 
+    private String loginProcessingUrl;
 
+    private String openidLoginProcessingUrl;
 
+
 
     public AuthenticationConfigBuilder(Element element, ParserContext pc, SessionCreationPolicy sessionPolicy,
 
             BeanReference requestCache, BeanReference authenticationManager, BeanReference sessionStrategy, BeanReference portMapper, BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) {
 
         this.httpElt = element;
 
@@ -197,6 +200,7 @@ final class AuthenticationConfigBuilder {
 
             parser.parse(formLoginElt, pc);
 
             formFilter = parser.getFilterBean();
 
             formEntryPoint = parser.getEntryPointBean();
 
+            loginProcessingUrl = parser.getLoginProcessingUrl();
 
         }
 
 
         if (formFilter != null) {
 
@@ -221,6 +225,7 @@ final class AuthenticationConfigBuilder {
 
             parser.parse(openIDLoginElt, pc);
 
             openIDFilter = parser.getFilterBean();
 
             openIDEntryPoint = parser.getEntryPointBean();
 
+            openidLoginProcessingUrl = parser.getLoginProcessingUrl();
 
 
             List<Element> attrExElts = DomUtils.getChildElementsByTagName(openIDLoginElt, Elements.OPENID_ATTRIBUTE_EXCHANGE);
 
 
@@ -473,10 +478,12 @@ final class AuthenticationConfigBuilder {
 
 
             if (formFilterId != null) {
 
                 loginPageFilter.addConstructorArgReference(formFilterId);
 
+                loginPageFilter.addPropertyValue("authenticationUrl", loginProcessingUrl);
 
             }
 
 
             if (openIDFilterId != null) {
 
                 loginPageFilter.addConstructorArgReference(openIDFilterId);
 
+                loginPageFilter.addPropertyValue("openIDauthenticationUrl", openidLoginProcessingUrl);
 
             }
 
 
             loginPageGenerationFilter = loginPageFilter.getBeanDefinition();

+ 7 - 0
config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
Wyświetl plik 

@@ -66,6 +66,7 @@ public class FormLoginBeanDefinitionParser {
 
     private RootBeanDefinition filterBean;
 
     private RootBeanDefinition entryPointBean;
 
     private String loginPage;
 
+    private String loginProcessingUrl;
 
 
     FormLoginBeanDefinitionParser(String defaultLoginProcessingUrl, String filterClassName,
 
             BeanReference requestCache, BeanReference sessionStrategy, boolean allowSessionCreation, BeanReference portMapper, BeanReference portResolver) {
 
@@ -148,6 +149,8 @@ public class FormLoginBeanDefinitionParser {
 
             loginUrl = defaultLoginProcessingUrl;
 
         }
 
 
+        this.loginProcessingUrl = loginUrl;
 
+
 
         BeanDefinitionBuilder matcherBuilder = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.logout.LogoutFilter$FilterProcessUrlRequestMatcher");
 
         matcherBuilder.addConstructorArgValue(loginUrl);
 
 
@@ -204,4 +207,8 @@ public class FormLoginBeanDefinitionParser {
 
     String getLoginPage() {
 
         return loginPage;
 
     }
 
+
 
+    String getLoginProcessingUrl() {
 
+        return loginProcessingUrl;
 
+    }
 
 }

+ 109 - 0
config/src/test/groovy/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.groovy
Wyświetl plik 

@@ -0,0 +1,109 @@
 
+package org.springframework.security.config.http
 
+
 
+import org.springframework.mock.web.MockFilterChain
 
+import org.springframework.mock.web.MockHttpServletRequest
 
+import org.springframework.mock.web.MockHttpServletResponse
 
+
 
+/**
 
+ *
 
+ * @author Luke Taylor
 
+ */
 
+class FormLoginBeanDefinitionParserTests extends AbstractHttpConfigTests {
 
+
 
+    def 'form-login default login page'() {
 
+        setup:
 
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
 
+            MockHttpServletResponse response = new MockHttpServletResponse()
 
+            MockFilterChain chain = new MockFilterChain()
 
+            httpAutoConfig {
 
+            }
 
+            createAppContext()
 
+        when:
 
+            springSecurityFilterChain.doFilter(request,response,chain)
 
+        then:
 
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
 
+<h3>Login with Username and Password</h3><form name='f' action='/j_spring_security_check' method='POST'>
 
+ <table>
 
+    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
 
+    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
 
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
 
+  </table>
 
+</form></body></html>"""
 
+    }
 
+
 
+    def 'form-login default login page custom attributes'() {
 
+        setup:
 
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
 
+            MockHttpServletResponse response = new MockHttpServletResponse()
 
+            MockFilterChain chain = new MockFilterChain()
 
+            httpAutoConfig {
 
+                'form-login'('login-processing-url':'/login_custom','username-parameter':'custom_user','password-parameter':'custom_password')
 
+            }
 
+            createAppContext()
 
+        when:
 
+            springSecurityFilterChain.doFilter(request,response,chain)
 
+        then:
 
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.custom_user.focus();'>
 
+<h3>Login with Username and Password</h3><form name='f' action='/login_custom' method='POST'>
 
+ <table>
 
+    <tr><td>User:</td><td><input type='text' name='custom_user' value=''></td></tr>
 
+    <tr><td>Password:</td><td><input type='password' name='custom_password'/></td></tr>
 
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
 
+  </table>
 
+</form></body></html>"""
 
+    }
 
+
 
+    def 'openid-login default login page'() {
 
+        setup:
 
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
 
+            MockHttpServletResponse response = new MockHttpServletResponse()
 
+            MockFilterChain chain = new MockFilterChain()
 
+            httpAutoConfig {
 
+                'openid-login'()
 
+            }
 
+            createAppContext()
 
+        when:
 
+            springSecurityFilterChain.doFilter(request,response,chain)
 
+        then:
 
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
 
+<h3>Login with Username and Password</h3><form name='f' action='/j_spring_security_check' method='POST'>
 
+ <table>
 
+    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
 
+    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
 
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
 
+  </table>
 
+</form><h3>Login with OpenID Identity</h3><form name='oidf' action='/j_spring_openid_security_check' method='POST'>
 
+ <table>
 
+    <tr><td>Identity:</td><td><input type='text' size='30' name='openid_identifier'/></td></tr>
 
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
 
+  </table>
 
+</form></body></html>"""
 
+    }
 
+
 
+    def 'openid-login default login page custom attributes'() {
 
+        setup:
 
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
 
+            MockHttpServletResponse response = new MockHttpServletResponse()
 
+            MockFilterChain chain = new MockFilterChain()
 
+            httpAutoConfig {
 
+                'openid-login'('login-processing-url':'/login_custom')
 
+            }
 
+            createAppContext()
 
+        when:
 
+            springSecurityFilterChain.doFilter(request,response,chain)
 
+        then:
 
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
 
+<h3>Login with Username and Password</h3><form name='f' action='/j_spring_security_check' method='POST'>
 
+ <table>
 
+    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
 
+    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
 
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
 
+  </table>
 
+</form><h3>Login with OpenID Identity</h3><form name='oidf' action='/login_custom' method='POST'>
 
+ <table>
 
+    <tr><td>Identity:</td><td><input type='text' size='30' name='openid_identifier'/></td></tr>
 
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
 
+  </table>
 
+</form></body></html>"""
 
+    }
 
+}