Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Resolve springSecurityFilterChain to Filter

When enabling debug for spring security, the FilterChainProxy will be wrapped by the DebugFilter.
This DebugFilter will be registered as bean springSecurityFilterChain. The WebTestUtils will now search for the bean by name instead of FilterChainProxy class.
In this case we have to cast to a Java ServletFilter to support both filter...

Fixes gh-3836
Jens Goldhammer 9 years ago
parent
eaf8729941
commit
ceef70946b
2 changed files with 75 additions and 7 deletions
Split View Show Diff Stats
  1. 6 7
      test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
  2. 69 0
      test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java

+ 6 - 7
test/src/main/java/org/springframework/security/test/web/support/WebTestUtils.java
View File 

@@ -21,7 +21,7 @@ import javax.servlet.Filter;
 
 import javax.servlet.http.HttpServletRequest;
 
 
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 
-import org.springframework.security.web.FilterChainProxy;
 
+import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
 
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
 
 import org.springframework.security.web.context.SecurityContextRepository;
 
@@ -98,8 +98,7 @@ public abstract class WebTestUtils {
 
 	}
 
 
 	/**
 
-	 * Sets the {@link CsrfTokenRepository} for the specified
 
-	 * {@link HttpServletRequest}.
 
+	 * Sets the {@link CsrfTokenRepository} for the specified {@link HttpServletRequest}.
 
 	 *
 
 	 * @param request the {@link HttpServletRequest} to obtain the
 
 	 * {@link CsrfTokenRepository}
 
@@ -121,17 +120,17 @@ public abstract class WebTestUtils {
 
 		if (webApplicationContext == null) {
 
 			return null;
 
 		}
 
-		FilterChainProxy springSecurityFilterChain = null;
 
+		Filter springSecurityFilterChain = null;
 
 		try {
 
-			springSecurityFilterChain = webApplicationContext
 
-					.getBean(FilterChainProxy.class);
 
+			springSecurityFilterChain = webApplicationContext.getBean(
 
+					AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME, Filter.class);
 
 		}
 
 		catch (NoSuchBeanDefinitionException notFound) {
 
 			return null;
 
 		}
 
 		List<Filter> filters = (List<Filter>) ReflectionTestUtils.invokeMethod(
 
 				springSecurityFilterChain, "getFilters", request);
 
-		if(filters == null) {
 
+		if (filters == null) {
 
 			return null;
 
 		}
 
 		for (Filter filter : filters) {

+ 69 - 0
test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests.java
View File 

@@ -0,0 +1,69 @@
 
+/*
 
+ * Copyright 2002-2016 the original author or authors.
 
+ *
 
+ * Licensed under the Apache License, Version 2.0 (the "License");
 
+ * you may not use this file except in compliance with the License.
 
+ * You may obtain a copy of the License at
 
+ *
 
+ *      http://www.apache.org/licenses/LICENSE-2.0
 
+ *
 
+ * Unless required by applicable law or agreed to in writing, software
 
+ * distributed under the License is distributed on an "AS IS" BASIS,
 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ * See the License for the specific language governing permissions and
 
+ * limitations under the License.
 
+ */
 
+package org.springframework.security.test.web.servlet.request;
 
+
 
+import org.junit.Test;
 
+import org.junit.runner.RunWith;
 
+import org.springframework.beans.factory.annotation.Autowired;
 
+import org.springframework.mock.web.MockHttpServletRequest;
 
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
+import org.springframework.security.test.web.support.WebTestUtils;
 
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 
+import org.springframework.security.web.csrf.CsrfTokenRepository;
 
+import org.springframework.test.context.ContextConfiguration;
 
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import org.springframework.test.context.web.WebAppConfiguration;
 
+import org.springframework.web.context.WebApplicationContext;
 
+
 
+import static org.assertj.core.api.Assertions.assertThat;
 
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 
+
 
+@RunWith(SpringJUnit4ClassRunner.class)
 
+@ContextConfiguration
 
+@WebAppConfiguration
 
+public class SecurityMockMvcRequestPostProcessorsCsrfDebugFilterTests {
 
+
 
+	@Autowired
 
+	private WebApplicationContext wac;
 
+
 
+	// SEC-3836
 
+	@Test
 
+	public void findCookieCsrfTokenRepository() throws Exception {
 
+		MockHttpServletRequest request = post("/").buildRequest(wac.getServletContext());
 
+		CsrfTokenRepository csrfTokenRepository = WebTestUtils.getCsrfTokenRepository(request);
 
+		assertThat(csrfTokenRepository).isNotNull();
 
+		assertThat(csrfTokenRepository).isEqualTo(Config.cookieCsrfTokenRepository);
 
+	}
 
+
 
+	@EnableWebSecurity
 
+	static class Config extends WebSecurityConfigurerAdapter {
 
+		static CsrfTokenRepository cookieCsrfTokenRepository = new CookieCsrfTokenRepository();
 
+
 
+		@Override
 
+		protected void configure(HttpSecurity http) throws Exception {
 
+			http.csrf().csrfTokenRepository(cookieCsrfTokenRepository);
 
+		}
 
+
 
+		@Override
 
+		public void configure(WebSecurity web) throws Exception {
 
+			// Enable the DebugFilter
 
+			web.debug(true);
 
+		}
 
+	}
 
+}