Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-1143: Fixed by using BeanDefinitionRegistry.isBeanNameInUse() instead of containsBeanDefinition() to check for the SessionRegistry availability. The former picks up the alias registration of the standard bean Id for user's bean Id.

Browse Source
This commit is contained in:
Luke Taylor
2009-04-28 12:08:48 +00:00
parent e94baf38b3
commit 39cc865a36
3 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/src/main/java/org/springframework/security/config/FormLoginBeanDefinitionParser.java
+1 -1
View File
@@ -111,7 +111,7 @@ public class FormLoginBeanDefinitionParser implements BeanDefinitionParser {
new RuntimeBeanReference(BeanIds.REMEMBER_ME_SERVICES) );
}
if (pc.getRegistry().containsBeanDefinition(BeanIds.SESSION_REGISTRY)) {
if (pc.getRegistry().isBeanNameInUse(BeanIds.SESSION_REGISTRY)) {
filterBean.getPropertyValues().addPropertyValue("sessionRegistry",
new RuntimeBeanReference(BeanIds.SESSION_REGISTRY));
}
config/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java
+6 -2
View File
@@ -511,16 +511,20 @@ public class HttpSecurityBeanDefinitionParserTests {
"<b:bean id='seshRegistry' class='" + SessionRegistryImpl.class.getName() + "'/>" +
AUTH_PROVIDER_XML);
Object sessionRegistry = appContext.getBean("seshRegistry");
Object sessionRegistryFromFilter = FieldUtils.getFieldValue(
Object sessionRegistryFromConcurrencyFilter = FieldUtils.getFieldValue(
appContext.getBean(BeanIds.CONCURRENT_SESSION_FILTER),"sessionRegistry");
Object sessionRegistryFromFormLoginFilter = FieldUtils.getFieldValue(
appContext.getBean(BeanIds.FORM_LOGIN_FILTER),"sessionRegistry");
Object sessionRegistryFromController = FieldUtils.getFieldValue(
appContext.getBean(BeanIds.CONCURRENT_SESSION_CONTROLLER),"sessionRegistry");
Object sessionRegistryFromFixationFilter = FieldUtils.getFieldValue(
appContext.getBean(BeanIds.SESSION_FIXATION_PROTECTION_FILTER),"sessionRegistry");
assertSame(sessionRegistry, sessionRegistryFromFilter);
assertSame(sessionRegistry, sessionRegistryFromConcurrencyFilter);
assertSame(sessionRegistry, sessionRegistryFromController);
assertSame(sessionRegistry, sessionRegistryFromFixationFilter);
// SEC-1143
assertSame(sessionRegistry, sessionRegistryFromFormLoginFilter);
}
@Test(expected=BeanDefinitionParsingException.class)