Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
github
/
spring-security
kopia lustrzana https://github.com/spring-projects/spring-security
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

SEC-2882: DefaultLoginPageGeneratingFilter match on /login

Previously DefaultLoginPageGeneratingFilter would match on /**/login
which was not ideal since other parts of the application may want to
match on the URL.

Now it matches on /login.
Rob Winch 10 lat temu
rodzic
217152c8fd
commit
9d0085bb64
2 zmienionych plików z 71 dodań i 2 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 2 2
      web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
  2. 69 0
      web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java

+ 2 - 2
web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java
Wyświetl plik 

@@ -260,9 +260,9 @@ public class DefaultLoginPageGeneratingFilter extends GenericFilterBean {
 
         }
 
 
         if ("".equals(request.getContextPath())) {
 
-            return uri.endsWith(url);
 
+            return uri.equals(url);
 
         }
 
 
-        return uri.endsWith(request.getContextPath() + url);
 
+        return uri.equals(request.getContextPath() + url);
 
     }
 
 }

+ 69 - 0
web/src/test/java/org/springframework/security/web/authentication/DefaultLoginPageGeneratingFilterTests.java
Wyświetl plik 

@@ -1,5 +1,6 @@
 
 package org.springframework.security.web.authentication;
 
 
+import static org.fest.assertions.Assertions.assertThat;
 
 import static org.mockito.Mockito.mock;
 
 
 import java.util.Locale;
 
@@ -34,6 +35,74 @@ public class DefaultLoginPageGeneratingFilterTests {
 
         filter.doFilter(new MockHttpServletRequest("GET", "/login;pathparam=unused"), new MockHttpServletResponse(), chain);
 
     }
 
 
+    @Test
 
+    public void generatesForGetLogin() throws Exception {
 
+        DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationFilter());
 
+        MockHttpServletResponse response = new MockHttpServletResponse();
 
+
 
+        filter.doFilter(new MockHttpServletRequest("GET", "/login"), response, chain);
 
+
 
+        assertThat(response.getContentAsString()).isNotEmpty();
 
+    }
 
+
 
+    @Test
 
+    public void generatesForPostLogin() throws Exception {
 
+        DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationFilter());
 
+        MockHttpServletResponse response = new MockHttpServletResponse();
 
+
 
+        MockHttpServletRequest request = new MockHttpServletRequest("POST", "/login");
 
+        filter.doFilter(request, response, chain);
 
+
 
+        assertThat(response.getContentAsString()).isEmpty();
 
+    }
 
+
 
+    @Test
 
+    public void generatesForNotEmptyContextLogin() throws Exception {
 
+        DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationFilter());
 
+        MockHttpServletResponse response = new MockHttpServletResponse();
 
+
 
+        MockHttpServletRequest request = new MockHttpServletRequest("GET", "/context/login");
 
+        request.setContextPath("/context");
 
+        filter.doFilter(request, response, chain);
 
+
 
+        assertThat(response.getContentAsString()).isNotEmpty();
 
+    }
 
+
 
+    @Test
 
+    public void generatesForGetApiLogin() throws Exception {
 
+        DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationFilter());
 
+        MockHttpServletResponse response = new MockHttpServletResponse();
 
+
 
+        filter.doFilter(new MockHttpServletRequest("GET", "/api/login"), response, chain);
 
+
 
+        assertThat(response.getContentAsString()).isEmpty();
 
+    }
 
+
 
+    @Test
 
+    public void generatesForWithQueryMatch() throws Exception {
 
+        DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationFilter());
 
+        MockHttpServletResponse response = new MockHttpServletResponse();
 
+
 
+        MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
 
+        request.setQueryString("error");
 
+
 
+        filter.doFilter(request, response, chain);
 
+
 
+        assertThat(response.getContentAsString()).isNotEmpty();
 
+    }
 
+
 
+    @Test
 
+    public void generatesForWithQueryNoMatch() throws Exception {
 
+        DefaultLoginPageGeneratingFilter filter = new DefaultLoginPageGeneratingFilter(new UsernamePasswordAuthenticationFilter());
 
+        MockHttpServletResponse response = new MockHttpServletResponse();
 
+
 
+        MockHttpServletRequest request = new MockHttpServletRequest("GET", "/login");
 
+        request.setQueryString("not");
 
+
 
+        filter.doFilter(request, response, chain);
 
+
 
+        assertThat(response.getContentAsString()).isEmpty();
 
+    }
 
 
     @Test
 
     public void generatingPageWithOpenIdFilterOnlyIsSuccessFul() throws Exception {