Cwikius-Spring/spring-security
1
0
Fork 0
mirror of synced 2026-05-22 21:33:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change the default of shouldFilterAllDispatchTypes to true

Browse Source 
Closes gh-11107
This commit is contained in:
Marcus Da Coregio
2022-04-14 16:30:42 -03:00
parent 84b5c76a7b
commit 5367524030
4 changed files with 24 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
+2 -2
View File
@@ -50,7 +50,7 @@ public class AuthorizationFilter extends OncePerRequestFilter {
private AuthorizationEventPublisher eventPublisher = AuthorizationFilter::noPublish;
private boolean shouldFilterAllDispatcherTypes = false;
private boolean shouldFilterAllDispatcherTypes = true;
/**
* Creates an instance.
@@ -120,7 +120,7 @@ public class AuthorizationFilter extends OncePerRequestFilter {
/**
* Sets whether to filter all dispatcher types.
* @param shouldFilterAllDispatcherTypes should filter all dispatcher types. Default
* is {@code false}
* is {@code true}
* @since 5.7
*/
public void setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes) {
web/src/test/java/org/springframework/security/web/access/intercept/AuthorizationFilterTests.java
+16 -16
View File
@@ -167,7 +167,7 @@ public class AuthorizationFilterTests {
}
@Test
public void doFilterWhenErrorThenDoNotFilter() throws Exception {
public void doFilterWhenErrorThenDoFilter() throws Exception {
AuthorizationManager<HttpServletRequest> authorizationManager = mock(AuthorizationManager.class);
AuthorizationFilter authorizationFilter = new AuthorizationFilter(authorizationManager);
MockHttpServletRequest mockRequest = new MockHttpServletRequest(null, "/path");
@@ -176,25 +176,25 @@ public class AuthorizationFilterTests {
MockHttpServletResponse mockResponse = new MockHttpServletResponse();
FilterChain mockFilterChain = mock(FilterChain.class);
authorizationFilter.doFilter(mockRequest, mockResponse, mockFilterChain);
verify(authorizationManager).check(any(Supplier.class), eq(mockRequest));
}
@Test
public void doFilterWhenErrorAndShouldFilterAllDispatcherTypesFalseThenDoNotFilter() throws Exception {
AuthorizationManager<HttpServletRequest> authorizationManager = mock(AuthorizationManager.class);
AuthorizationFilter authorizationFilter = new AuthorizationFilter(authorizationManager);
authorizationFilter.setShouldFilterAllDispatcherTypes(false);
MockHttpServletRequest mockRequest = new MockHttpServletRequest(null, "/path");
mockRequest.setDispatcherType(DispatcherType.ERROR);
mockRequest.setAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE, "/error");
MockHttpServletResponse mockResponse = new MockHttpServletResponse();
FilterChain mockFilterChain = mock(FilterChain.class);
authorizationFilter.doFilter(mockRequest, mockResponse, mockFilterChain);
verifyNoInteractions(authorizationManager);
}
@Test
public void doFilterWhenErrorAndShouldFilterAllDispatcherTypesThenFilter() throws Exception {
AuthorizationManager<HttpServletRequest> authorizationManager = mock(AuthorizationManager.class);
AuthorizationFilter authorizationFilter = new AuthorizationFilter(authorizationManager);
authorizationFilter.setShouldFilterAllDispatcherTypes(true);
MockHttpServletRequest mockRequest = new MockHttpServletRequest(null, "/path");
mockRequest.setDispatcherType(DispatcherType.ERROR);
mockRequest.setAttribute(WebUtils.ERROR_REQUEST_URI_ATTRIBUTE, "/error");
MockHttpServletResponse mockResponse = new MockHttpServletResponse();
FilterChain mockFilterChain = mock(FilterChain.class);
authorizationFilter.doFilter(mockRequest, mockResponse, mockFilterChain);
verify(authorizationManager).check(any(Supplier.class), any(HttpServletRequest.class));
}
@Test
public void doFilterNestedErrorDispatchWhenAuthorizationManagerThenUses() throws Exception {
AuthorizationManager<HttpServletRequest> authorizationManager = mock(AuthorizationManager.class);