GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

ignore Multipart requests in HttpSessionRequestCache.requestMatcher

pull/7167/head
Ahmed Sayed 7 years ago
parent
21a0e45622
commit
0591403dea
1 changed files with 14 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java

26
config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java
Unescape View File

@ -142,22 +142,12 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> exte
return null; return null;
} }
} }
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
private RequestMatcher createDefaultSavedRequestMatcher(H http) { private RequestMatcher createDefaultSavedRequestMatcher(H http) {
ContentNegotiationStrategy contentNegotiationStrategy = http
.getSharedObject(ContentNegotiationStrategy.class);
if (contentNegotiationStrategy == null) {
contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
}
RequestMatcher notFavIcon = new NegatedRequestMatcher(new AntPathRequestMatcher( RequestMatcher notFavIcon = new NegatedRequestMatcher(new AntPathRequestMatcher(
"/**/favicon.*")); "/**/favicon.*"));
MediaTypeRequestMatcher jsonRequest = new MediaTypeRequestMatcher(
contentNegotiationStrategy, MediaType.APPLICATION_JSON);
jsonRequest.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
RequestMatcher notJson = new NegatedRequestMatcher(jsonRequest);
RequestMatcher notXRequestedWith = new NegatedRequestMatcher( RequestMatcher notXRequestedWith = new NegatedRequestMatcher(
new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")); new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
@ -169,9 +159,21 @@ public final class RequestCacheConfigurer<H extends HttpSecurityBuilder<H>> exte
matchers.add(0, getRequests); matchers.add(0, getRequests);
} }
matchers.add(notFavIcon); matchers.add(notFavIcon);
matchers.add(notJson); matchers.add(notMatchingMediaType(http, MediaType.APPLICATION_JSON));
matchers.add(notXRequestedWith); matchers.add(notXRequestedWith);
matchers.add(notMatchingMediaType(http, MediaType.MULTIPART_FORM_DATA));
return new AndRequestMatcher(matchers); return new AndRequestMatcher(matchers);
} }
private RequestMatcher notMatchingMediaType(H http, MediaType mediaType) {
ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
if (contentNegotiationStrategy == null) {
contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
}
MediaTypeRequestMatcher jsonRequest = new MediaTypeRequestMatcher(contentNegotiationStrategy, mediaType);
jsonRequest.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
return new NegatedRequestMatcher(jsonRequest);
}
} }

Write Preview
Loading…
Cancel
Save