SEC-2455: Fix XML default login generation

12 years ago · 85305050c0
3 changed files with 123 additions and 0 deletions
--- a/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthenticationConfigBuilder.java
@ -128,6 +128,9 @@ final class AuthenticationConfigBuilder {
				@@ -128,6 +128,9 @@ final class AuthenticationConfigBuilder {
    private final BeanReference portResolver;
    private final BeanMetadataElement csrfLogoutHandler;

+    private String loginProcessingUrl;
+    private String openidLoginProcessingUrl;
+
    public AuthenticationConfigBuilder(Element element, ParserContext pc, SessionCreationPolicy sessionPolicy,
            BeanReference requestCache, BeanReference authenticationManager, BeanReference sessionStrategy, BeanReference portMapper, BeanReference portResolver, BeanMetadataElement csrfLogoutHandler) {
        this.httpElt = element;
@ -197,6 +200,7 @@ final class AuthenticationConfigBuilder {
				@@ -197,6 +200,7 @@ final class AuthenticationConfigBuilder {
            parser.parse(formLoginElt, pc);
            formFilter = parser.getFilterBean();
            formEntryPoint = parser.getEntryPointBean();
+            loginProcessingUrl = parser.getLoginProcessingUrl();
        }

        if (formFilter != null) {
@ -221,6 +225,7 @@ final class AuthenticationConfigBuilder {
				@@ -221,6 +225,7 @@ final class AuthenticationConfigBuilder {
            parser.parse(openIDLoginElt, pc);
            openIDFilter = parser.getFilterBean();
            openIDEntryPoint = parser.getEntryPointBean();
+            openidLoginProcessingUrl = parser.getLoginProcessingUrl();

            List<Element> attrExElts = DomUtils.getChildElementsByTagName(openIDLoginElt, Elements.OPENID_ATTRIBUTE_EXCHANGE);

@ -473,10 +478,12 @@ final class AuthenticationConfigBuilder {
				@@ -473,10 +478,12 @@ final class AuthenticationConfigBuilder {

            if (formFilterId != null) {
                loginPageFilter.addConstructorArgReference(formFilterId);
+                loginPageFilter.addPropertyValue("authenticationUrl", loginProcessingUrl);
            }

            if (openIDFilterId != null) {
                loginPageFilter.addConstructorArgReference(openIDFilterId);
+                loginPageFilter.addPropertyValue("openIDauthenticationUrl", openidLoginProcessingUrl);
            }

            loginPageGenerationFilter = loginPageFilter.getBeanDefinition();
--- a/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FormLoginBeanDefinitionParser.java
@ -66,6 +66,7 @@ public class FormLoginBeanDefinitionParser {
				@@ -66,6 +66,7 @@ public class FormLoginBeanDefinitionParser {
    private RootBeanDefinition filterBean;
    private RootBeanDefinition entryPointBean;
    private String loginPage;
+    private String loginProcessingUrl;

    FormLoginBeanDefinitionParser(String defaultLoginProcessingUrl, String filterClassName,
            BeanReference requestCache, BeanReference sessionStrategy, boolean allowSessionCreation, BeanReference portMapper, BeanReference portResolver) {
@ -148,6 +149,8 @@ public class FormLoginBeanDefinitionParser {
				@@ -148,6 +149,8 @@ public class FormLoginBeanDefinitionParser {
            loginUrl = defaultLoginProcessingUrl;
        }

+        this.loginProcessingUrl = loginUrl;
+
        BeanDefinitionBuilder matcherBuilder = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.logout.LogoutFilter$FilterProcessUrlRequestMatcher");
        matcherBuilder.addConstructorArgValue(loginUrl);

@ -204,4 +207,8 @@ public class FormLoginBeanDefinitionParser {
				@@ -204,4 +207,8 @@ public class FormLoginBeanDefinitionParser {
    String getLoginPage() {
        return loginPage;
    }
+
+    String getLoginProcessingUrl() {
+        return loginProcessingUrl;
+    }
 }
--- a/config/src/test/groovy/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.groovy
@ -0,0 +1,109 @@
				@@ -0,0 +1,109 @@
+package org.springframework.security.config.http
+
+import org.springframework.mock.web.MockFilterChain
+import org.springframework.mock.web.MockHttpServletRequest
+import org.springframework.mock.web.MockHttpServletResponse
+
+/**
+ *
+ * @author Luke Taylor
+ */
+class FormLoginBeanDefinitionParserTests extends AbstractHttpConfigTests {
+
+    def 'form-login default login page'() {
+        setup:
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
+            MockHttpServletResponse response = new MockHttpServletResponse()
+            MockFilterChain chain = new MockFilterChain()
+            httpAutoConfig {
+            }
+            createAppContext()
+        when:
+            springSecurityFilterChain.doFilter(request,response,chain)
+        then:
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
+<h3>Login with Username and Password</h3><form name='f' action='/j_spring_security_check' method='POST'>
+ <table>
+    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
+    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form></body></html>"""
+    }
+
+    def 'form-login default login page custom attributes'() {
+        setup:
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
+            MockHttpServletResponse response = new MockHttpServletResponse()
+            MockFilterChain chain = new MockFilterChain()
+            httpAutoConfig {
+                'form-login'('login-processing-url':'/login_custom','username-parameter':'custom_user','password-parameter':'custom_password')
+            }
+            createAppContext()
+        when:
+            springSecurityFilterChain.doFilter(request,response,chain)
+        then:
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.custom_user.focus();'>
+<h3>Login with Username and Password</h3><form name='f' action='/login_custom' method='POST'>
+ <table>
+    <tr><td>User:</td><td><input type='text' name='custom_user' value=''></td></tr>
+    <tr><td>Password:</td><td><input type='password' name='custom_password'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form></body></html>"""
+    }
+
+    def 'openid-login default login page'() {
+        setup:
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
+            MockHttpServletResponse response = new MockHttpServletResponse()
+            MockFilterChain chain = new MockFilterChain()
+            httpAutoConfig {
+                'openid-login'()
+            }
+            createAppContext()
+        when:
+            springSecurityFilterChain.doFilter(request,response,chain)
+        then:
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
+<h3>Login with Username and Password</h3><form name='f' action='/j_spring_security_check' method='POST'>
+ <table>
+    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
+    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form><h3>Login with OpenID Identity</h3><form name='oidf' action='/j_spring_openid_security_check' method='POST'>
+ <table>
+    <tr><td>Identity:</td><td><input type='text' size='30' name='openid_identifier'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form></body></html>"""
+    }
+
+    def 'openid-login default login page custom attributes'() {
+        setup:
+            MockHttpServletRequest request = new MockHttpServletRequest(method:'GET',requestURI:'/spring_security_login')
+            MockHttpServletResponse response = new MockHttpServletResponse()
+            MockFilterChain chain = new MockFilterChain()
+            httpAutoConfig {
+                'openid-login'('login-processing-url':'/login_custom')
+            }
+            createAppContext()
+        when:
+            springSecurityFilterChain.doFilter(request,response,chain)
+        then:
+            response.getContentAsString() == """<html><head><title>Login Page</title></head><body onload='document.f.j_username.focus();'>
+<h3>Login with Username and Password</h3><form name='f' action='/j_spring_security_check' method='POST'>
+ <table>
+    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
+    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form><h3>Login with OpenID Identity</h3><form name='oidf' action='/login_custom' method='POST'>
+ <table>
+    <tr><td>Identity:</td><td><input type='text' size='30' name='openid_identifier'/></td></tr>
+    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
+  </table>
+</form></body></html>"""
+    }
+}