Support A Well-Known URL for Changing Passwords

Closes gh-8657
2026-05-22 21:33:16 +00:00 · 2020-06-12 18:00:51 +03:00
parent 85e95719a0
commit d121ab9565
25 changed files with 1307 additions and 4 deletions
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.util.Assert;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+/**
+ * Filter that redirects requests that match {@link RequestMatcher} to the specified URL.
+ *
+ * @author Evgeniy Cheban
+ * @since 5.6
+ */
+public final class RequestMatcherRedirectFilter extends OncePerRequestFilter {
+
+	private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
+
+	private final RequestMatcher requestMatcher;
+
+	private final String redirectUrl;
+
+	/**
+	 * Create and initialize an instance of the filter.
+	 * @param requestMatcher the request matcher
+	 * @param redirectUrl the redirect URL
+	 */
+	public RequestMatcherRedirectFilter(RequestMatcher requestMatcher, String redirectUrl) {
+		Assert.notNull(requestMatcher, "requestMatcher cannot be null");
+		Assert.hasText(redirectUrl, "redirectUrl cannot be empty");
+		this.requestMatcher = requestMatcher;
+		this.redirectUrl = redirectUrl;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	@Override
+	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+			throws ServletException, IOException {
+
+		if (this.requestMatcher.matches(request)) {
+			this.redirectStrategy.sendRedirect(request, response, this.redirectUrl);
+		}
+		else {
+			filterChain.doFilter(request, response);
+		}
+	}
+
+}
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.server;
+
+import java.net.URI;
+
+import reactor.core.publisher.Mono;
+
+import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
+import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher.MatchResult;
+import org.springframework.util.Assert;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+
+/**
+ * Web filter that redirects requests that match {@link ServerWebExchangeMatcher} to the
+ * specified URL.
+ *
+ * @author Evgeniy Cheban
+ * @since 5.6
+ */
+public final class ExchangeMatcherRedirectWebFilter implements WebFilter {
+
+	private final ServerRedirectStrategy redirectStrategy = new DefaultServerRedirectStrategy();
+
+	private final ServerWebExchangeMatcher exchangeMatcher;
+
+	private final URI redirectUri;
+
+	/**
+	 * Create and initialize an instance of the web filter.
+	 * @param exchangeMatcher the exchange matcher
+	 * @param redirectUrl the redirect URL
+	 */
+	public ExchangeMatcherRedirectWebFilter(ServerWebExchangeMatcher exchangeMatcher, String redirectUrl) {
+		Assert.notNull(exchangeMatcher, "exchangeMatcher cannot be null");
+		Assert.hasText(redirectUrl, "redirectUrl cannot be empty");
+		this.exchangeMatcher = exchangeMatcher;
+		this.redirectUri = URI.create(redirectUrl);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	@Override
+	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+		// @formatter:off
+		return this.exchangeMatcher.matches(exchange)
+				.filter(MatchResult::isMatch)
+				.switchIfEmpty(chain.filter(exchange).then(Mono.empty()))
+				.flatMap((result) -> this.redirectStrategy.sendRedirect(exchange, this.redirectUri));
+		// @formatter:on
+	}
+
+}
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web;
+
+import javax.servlet.FilterChain;
+
+import org.junit.Test;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoInteractions;
+
+/**
+ * Tests for {@link RequestMatcherRedirectFilter}.
+ *
+ * @author Evgeniy Cheban
+ */
+public class RequestMatcherRedirectFilterTests {
+
+	@Test
+	public void doFilterWhenRequestMatchThenRedirectToSpecifiedUrl() throws Exception {
+		RequestMatcherRedirectFilter filter = new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/context"),
+				"/test");
+
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setServletPath("/context");
+
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		FilterChain filterChain = mock(FilterChain.class);
+
+		filter.doFilter(request, response, filterChain);
+
+		assertThat(response.getStatus()).isEqualTo(HttpStatus.FOUND.value());
+		assertThat(response.getRedirectedUrl()).isEqualTo("/test");
+
+		verifyNoInteractions(filterChain);
+	}
+
+	@Test
+	public void doFilterWhenRequestNotMatchThenNextFilter() throws Exception {
+		RequestMatcherRedirectFilter filter = new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/context"),
+				"/test");
+
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setServletPath("/test");
+
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		FilterChain filterChain = mock(FilterChain.class);
+
+		filter.doFilter(request, response, filterChain);
+
+		assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
+
+		verify(filterChain).doFilter(request, response);
+	}
+
+	@Test
+	public void constructWhenRequestMatcherNull() {
+		assertThatIllegalArgumentException().isThrownBy(() -> new RequestMatcherRedirectFilter(null, "/test"))
+				.withMessage("requestMatcher cannot be null");
+	}
+
+	@Test
+	public void constructWhenRedirectUrlNull() {
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), null))
+				.withMessage("redirectUrl cannot be empty");
+	}
+
+	@Test
+	public void constructWhenRedirectUrlEmpty() {
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), ""))
+				.withMessage("redirectUrl cannot be empty");
+	}
+
+	@Test
+	public void constructWhenRedirectUrlBlank() {
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> new RequestMatcherRedirectFilter(new AntPathRequestMatcher("/**"), " "))
+				.withMessage("redirectUrl cannot be empty");
+	}
+
+}
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2002-2021 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.server;
+
+import java.util.Collections;
+
+import org.junit.Test;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
+import org.springframework.test.web.reactive.server.WebTestClient;
+import org.springframework.web.server.handler.FilteringWebHandler;
+
+import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
+
+/**
+ * Tests for {@link ExchangeMatcherRedirectWebFilter}.
+ *
+ * @author Evgeniy Cheban
+ */
+public class ExchangeMatcherRedirectWebFilterTests {
+
+	@Test
+	public void filterWhenRequestMatchThenRedirectToSpecifiedUrl() {
+		ExchangeMatcherRedirectWebFilter filter = new ExchangeMatcherRedirectWebFilter(
+				new PathPatternParserServerWebExchangeMatcher("/context"), "/test");
+		FilteringWebHandler handler = new FilteringWebHandler((e) -> e.getResponse().setComplete(),
+				Collections.singletonList(filter));
+
+		WebTestClient client = WebTestClient.bindToWebHandler(handler).build();
+		client.get().uri("/context").exchange().expectStatus().isFound().expectHeader()
+				.valueEquals(HttpHeaders.LOCATION, "/test");
+	}
+
+	@Test
+	public void filterWhenRequestNotMatchThenNextFilter() {
+		ExchangeMatcherRedirectWebFilter filter = new ExchangeMatcherRedirectWebFilter(
+				new PathPatternParserServerWebExchangeMatcher("/context"), "/test");
+		FilteringWebHandler handler = new FilteringWebHandler((e) -> e.getResponse().setComplete(),
+				Collections.singletonList(filter));
+
+		WebTestClient client = WebTestClient.bindToWebHandler(handler).build();
+		client.get().uri("/test").exchange().expectStatus().isOk();
+	}
+
+	@Test
+	public void constructWhenExchangeMatcherNull() {
+		assertThatIllegalArgumentException().isThrownBy(() -> new ExchangeMatcherRedirectWebFilter(null, "/test"))
+				.withMessage("exchangeMatcher cannot be null");
+	}
+
+	@Test
+	public void constructWhenRedirectUrlNull() {
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new ExchangeMatcherRedirectWebFilter(new PathPatternParserServerWebExchangeMatcher("/**"), null))
+				.withMessage("redirectUrl cannot be empty");
+	}
+
+	@Test
+	public void constructWhenRedirectUrlEmpty() {
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new ExchangeMatcherRedirectWebFilter(new PathPatternParserServerWebExchangeMatcher("/**"), ""))
+				.withMessage("redirectUrl cannot be empty");
+	}
+
+	@Test
+	public void constructWhenRedirectUrlBlank() {
+		assertThatIllegalArgumentException().isThrownBy(
+				() -> new ExchangeMatcherRedirectWebFilter(new PathPatternParserServerWebExchangeMatcher("/**"), " "))
+				.withMessage("redirectUrl cannot be empty");
+	}
+
+}