GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add RequestMatcher Migration Path for AbstractAuthenticationProcessingFilter 

Issue gh-16417
pull/16717/head
Josh Cummings 10 months ago
parent
91ee5e7f2b
commit
99345537d6
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
5 changed files with 64 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 55
      docs/modules/ROOT/pages/migration/web.adoc
  2. 4
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
  3. 2
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java
  4. 4
      web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
  5. 2
      web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java

55
docs/modules/ROOT/pages/migration/web.adoc
Unescape View File

@ -94,6 +94,61 @@ switchUser.setExitUserMatcher(PathPatternRequestMatcher.withDefaults().matcher(H @@ -94,6 +94,61 @@ switchUser.setExitUserMatcher(PathPatternRequestMatcher.withDefaults().matcher(H
----
======
=== Migrate `filterProcessingUrl` Request Matcher in `AbstractAuthenticationProcessingFilter` Implementations
Spring Security 6 converts any processing endpoint configured through `setFilterProcessingUrl` to an `AntPathRequestMatcher`.
In Spring Security 7, this will change to `PathPatternRequestMatcher`.
If you are directly invoking `setFilterProcessingUrl` on a filter that extends `AbstractAuthenticationProcessingFilter`, like `UsernamePasswordAuthenticationFilter`, `OAuth2LoginAuthenticationFilter`, `Saml2WebSsoAuthenticationFilter`, `OneTimeTokenAuthenticationFilter`, or `WebAuthnAuthenticationFilter`, call `setRequiredAuthenticationRequestMatcher` instead to provide this `PathPatternRequestMatcher` in advance.
That is, change this:
[tabs]
======
Java::
+
[source,java,role="primary"]
----
UsernamePasswordAuthenticationFilter usernamePassword = new UsernamePasswordAuthenticationFilter(authenticationManager);
usernamePassword.setFilterProcessingUrl("/my/processing/url");
----
Kotlin::
+
[source,kotlin,role="secondary"]
----
val usernamePassword = UsernamePasswordAuthenticationFilter(authenticationManager)
usernamePassword.setFilterProcessingUrl("/my/processing/url")
----
======
to this:
[tabs]
======
Java::
+
[source,java,role="primary"]
----
UsernamePasswordAuthenticationFilter usernamePassword = new UsernamePasswordAuthenticationFilter(authenticationManager);
RequestMatcher requestMatcher = PathPatternRequestMatcher.withDefaults().matcher("/my/processing/url");
usernamePassword.setRequest(requestMatcher);
----
Kotlin::
+
[source,kotlin,role="secondary"]
----
val usernamePassword = UsernamePasswordAuthenticationFilter(authenticationManager)
val requestMatcher = PathPatternRequestMatcher.withDefaults().matcher("/my/processing/url")
usernamePassword.setRequest(requestMatcher)
----
======
[NOTE]
-----
Most applications use the DSL instead of setting the `filterProcessingUrl` directly on a filter instance.
-----
=== Migrate CAS Proxy Receptor Request Matcher
Spring Security 6 converts any configured `proxyReceptorUrl` to a request matcher that matches the end of the request, that is `/**/proxy/receptor`.

4
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2LoginAuthenticationFilter.java
Unescape View File

@ -39,7 +39,9 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp @@ -39,7 +39,9 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.MultiValueMap;
import org.springframework.web.util.UriComponentsBuilder;
@ -123,6 +125,8 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce @@ -123,6 +125,8 @@ public class OAuth2LoginAuthenticationFilter extends AbstractAuthenticationProce
public OAuth2LoginAuthenticationFilter(ClientRegistrationRepository clientRegistrationRepository,
OAuth2AuthorizedClientService authorizedClientService) {
this(clientRegistrationRepository, authorizedClientService, DEFAULT_FILTER_PROCESSES_URI);
RequestMatcher processUri = PathPatternRequestMatcher.withDefaults().matcher(DEFAULT_FILTER_PROCESSES_URI);
setRequiresAuthenticationRequestMatcher(processUri);
}
/**

2
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2WebSsoAuthenticationFilter.java
Unescape View File

@ -63,6 +63,8 @@ public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProce @@ -63,6 +63,8 @@ public class Saml2WebSsoAuthenticationFilter extends AbstractAuthenticationProce
*/
public Saml2WebSsoAuthenticationFilter(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
this(relyingPartyRegistrationRepository, DEFAULT_FILTER_PROCESSES_URI);
RequestMatcher processUri = PathPatternRequestMatcher.withDefaults().matcher(DEFAULT_FILTER_PROCESSES_URI);
setRequiresAuthenticationRequestMatcher(processUri);
}
/**

4
web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java
Unescape View File

@ -46,7 +46,7 @@ import org.springframework.security.web.authentication.session.NullAuthenticated @@ -46,7 +46,7 @@ import org.springframework.security.web.authentication.session.NullAuthenticated
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;
@ -395,7 +395,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt @@ -395,7 +395,7 @@ public abstract class AbstractAuthenticationProcessingFilter extends GenericFilt
* @param filterProcessesUrl
*/
public void setFilterProcessesUrl(String filterProcessesUrl) {
setRequiresAuthenticationRequestMatcher(PathPatternRequestMatcher.withDefaults().matcher(filterProcessesUrl));
setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(filterProcessesUrl));
}
public final void setRequiresAuthenticationRequestMatcher(RequestMatcher requestMatcher) {

2
web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilterTests.java
Unescape View File

@ -273,7 +273,7 @@ public class AbstractAuthenticationProcessingFilterTests { @@ -273,7 +273,7 @@ public class AbstractAuthenticationProcessingFilterTests {
filter.setAuthenticationManager(mock(AuthenticationManager.class));
filter.setAuthenticationSuccessHandler(this.successHandler);
assertThatIllegalArgumentException().isThrownBy(() -> filter.setFilterProcessesUrl(null))
.withMessage("pattern cannot be null");
.withMessage("Pattern cannot be null or empty");
}
@Test

Write Preview
Loading…
Cancel
Save