From a88a7744ed7fe0116c4c9f713d59a8c65c389595 Mon Sep 17 00:00:00 2001 From: Marcus Hert Da Coregio Date: Tue, 17 Sep 2024 08:21:26 -0300 Subject: [PATCH] Require GeneratedOneTimeTokenHandler on constructor Issue gh-15114 --- .../ott/OneTimeTokenLoginConfigurer.java | 4 ++-- .../ott/GenerateOneTimeTokenFilter.java | 20 ++++++------------- 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.java index a8ae662e60..92e7b165f6 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ott/OneTimeTokenLoginConfigurer.java @@ -133,8 +133,8 @@ public final class OneTimeTokenLoginConfigurer> } private void configureOttGenerateFilter(H http) { - GenerateOneTimeTokenFilter generateFilter = new GenerateOneTimeTokenFilter(getOneTimeTokenService(http)); - generateFilter.setGeneratedOneTimeTokenHandler(getGeneratedOneTimeTokenHandler(http)); + GenerateOneTimeTokenFilter generateFilter = new GenerateOneTimeTokenFilter(getOneTimeTokenService(http), + getGeneratedOneTimeTokenHandler(http)); generateFilter.setRequestMatcher(antMatcher(HttpMethod.POST, this.generateTokenUrl)); http.addFilter(postProcess(generateFilter)); http.addFilter(DefaultResourcesFilter.css()); diff --git a/web/src/main/java/org/springframework/security/web/authentication/ott/GenerateOneTimeTokenFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ott/GenerateOneTimeTokenFilter.java index 8bb88cf17b..a6a3133a84 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ott/GenerateOneTimeTokenFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ott/GenerateOneTimeTokenFilter.java @@ -45,14 +45,16 @@ public final class GenerateOneTimeTokenFilter extends OncePerRequestFilter { private final OneTimeTokenService oneTimeTokenService; - private RequestMatcher requestMatcher = antMatcher(HttpMethod.POST, "/ott/generate"); + private final GeneratedOneTimeTokenHandler generatedOneTimeTokenHandler; - private GeneratedOneTimeTokenHandler generatedOneTimeTokenHandler = new RedirectGeneratedOneTimeTokenHandler( - "/login/ott"); + private RequestMatcher requestMatcher = antMatcher(HttpMethod.POST, "/ott/generate"); - public GenerateOneTimeTokenFilter(OneTimeTokenService oneTimeTokenService) { + public GenerateOneTimeTokenFilter(OneTimeTokenService oneTimeTokenService, + GeneratedOneTimeTokenHandler generatedOneTimeTokenHandler) { Assert.notNull(oneTimeTokenService, "oneTimeTokenService cannot be null"); + Assert.notNull(generatedOneTimeTokenHandler, "generatedOneTimeTokenHandler cannot be null"); this.oneTimeTokenService = oneTimeTokenService; + this.generatedOneTimeTokenHandler = generatedOneTimeTokenHandler; } @Override @@ -81,14 +83,4 @@ public final class GenerateOneTimeTokenFilter extends OncePerRequestFilter { this.requestMatcher = requestMatcher; } - /** - * Specifies {@link GeneratedOneTimeTokenHandler} to be used to handle generated - * one-time tokens - * @param generatedOneTimeTokenHandler - */ - public void setGeneratedOneTimeTokenHandler(GeneratedOneTimeTokenHandler generatedOneTimeTokenHandler) { - Assert.notNull(generatedOneTimeTokenHandler, "generatedOneTimeTokenHandler cannot be null"); - this.generatedOneTimeTokenHandler = generatedOneTimeTokenHandler; - } - }