GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Include HttpStatusRequestRequestedHandler 

Closes gh-12548
pull/12583/head
Josh Cummings 3 years ago
parent
66711f2365
commit
c3563df25a
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 16 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
  2. 10
      config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java

8
config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
Unescape View File

@ -56,7 +56,9 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpr @@ -56,7 +56,9 @@ import org.springframework.security.web.access.expression.DefaultWebSecurityExpr
import org.springframework.security.web.access.intercept.AuthorizationFilter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.debug.DebugFilter;
import org.springframework.security.web.firewall.CompositeRequestRejectedHandler;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.HttpStatusRequestRejectedHandler;
import org.springframework.security.web.firewall.ObservationMarkingRequestRejectedHandler;
import org.springframework.security.web.firewall.RequestRejectedHandler;
import org.springframework.security.web.firewall.StrictHttpFirewall;
@ -309,8 +311,10 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter, @@ -309,8 +311,10 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
filterChainProxy.setRequestRejectedHandler(this.requestRejectedHandler);
}
else if (!this.observationRegistry.isNoop()) {
filterChainProxy
.setRequestRejectedHandler(new ObservationMarkingRequestRejectedHandler(this.observationRegistry));
CompositeRequestRejectedHandler requestRejectedHandler = new CompositeRequestRejectedHandler(
new ObservationMarkingRequestRejectedHandler(this.observationRegistry),
new HttpStatusRequestRejectedHandler());
filterChainProxy.setRequestRejectedHandler(requestRejectedHandler);
}
filterChainProxy.setFilterChainDecorator(getFilterChainDecorator());
filterChainProxy.afterPropertiesSet();

10
config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java
Unescape View File

@ -122,6 +122,16 @@ public class WebSecurityTests { @@ -122,6 +122,16 @@ public class WebSecurityTests {
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST);
}
// gh-12548
@Test
public void requestRejectedHandlerInvokedWhenOperationalObservationRegistry() throws ServletException, IOException {
loadConfig(ObservationRegistryConfig.class);
this.request.setServletPath("/spring");
this.request.setRequestURI("/spring/\u0019path");
this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST);
}
@Test
public void ignoringMvcMatcherServletPath() throws Exception {
loadConfig(MvcMatcherServletPathConfig.class, LegacyMvcMatchingConfig.class);

Write Preview
Loading…
Cancel
Save