From b7eebabce683f6923ec589de789706e190fc6d9f Mon Sep 17 00:00:00 2001 From: Filip Hanik Date: Mon, 2 Dec 2019 03:26:17 -0800 Subject: [PATCH] Ensure that both matchers carry the same pattern. AbstractAuthenticationProcessingFilter.setRequiresAuthenticationRequestMatcher is public and final, so there is a risk that the underlying matcher can become different if one is not careful. --- .../samples/config/SecurityConfigTests.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java b/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java index 3943eb91e0..010b39c008 100644 --- a/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java +++ b/samples/javaconfig/saml2login/src/test/java/org/springframework/security/samples/config/SecurityConfigTests.java @@ -15,9 +15,6 @@ */ package org.springframework.security.samples.config; -import org.junit.Assert; -import org.junit.Test; -import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter; @@ -26,6 +23,11 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.test.util.ReflectionTestUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.Arrays; import java.util.List; import javax.servlet.Filter; @@ -53,8 +55,10 @@ public class SecurityConfigTests { ) .findFirst() .get(); - final Object matcher = ReflectionTestUtils.getField(filter, "requiresAuthenticationRequestMatcher"); - final Object pattern = ReflectionTestUtils.getField(matcher, "pattern"); - Assert.assertEquals("loginProcessingUrl mismatch", "/sample/jc/saml2/sso/{registrationId}", pattern); + for (String field : Arrays.asList("requiresAuthenticationRequestMatcher", "matcher")) { + final Object matcher = ReflectionTestUtils.getField(filter, field); + final Object pattern = ReflectionTestUtils.getField(matcher, "pattern"); + Assert.assertEquals("loginProcessingUrl mismatch", "/sample/jc/saml2/sso/{registrationId}", pattern); + } } }