GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-2055: SaveContextServletOutputStream flush/close delegates to original ServletOutputStream instead of using super

pull/16/head
Rob Winch 13 years ago
parent
abe5e4af48
commit
dbc88f3226
2 changed files with 36 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
  2. 34
      web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java

6
web/src/main/java/org/springframework/security/web/context/SaveContextOnUpdateOrErrorResponseWrapper.java
Unescape View File

@ -203,16 +203,14 @@ public abstract class SaveContextOnUpdateOrErrorResponseWrapper extends HttpServ @@ -203,16 +203,14 @@ public abstract class SaveContextOnUpdateOrErrorResponseWrapper extends HttpServ
this.delegate.write(b);
}
@Override
public void flush() throws IOException {
doSaveContext();
super.flush();
delegate.flush();
}
@Override
public void close() throws IOException {
doSaveContext();
super.close();
delegate.close();
}
}
}

34
web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryTests.java
Unescape View File

@ -16,6 +16,8 @@ import static org.junit.Assert.*; @@ -16,6 +16,8 @@ import static org.junit.Assert.*;
import static org.mockito.Mockito.*;
import static org.springframework.security.web.context.HttpSessionSecurityContextRepository.*;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.junit.After;
@ -257,6 +259,38 @@ public class HttpSessionSecurityContextRepositoryTests { @@ -257,6 +259,38 @@ public class HttpSessionSecurityContextRepositoryTests {
assertEquals(SecurityContextHolder.getContext(), request.getSession().getAttribute("imTheContext"));
}
// SEC-SEC-2055
@Test
public void outputStreamCloseDelegate() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
repo.setSpringSecurityContextKey("imTheContext");
MockHttpServletRequest request = new MockHttpServletRequest();
HttpServletResponse response = mock(HttpServletResponse.class);
ServletOutputStream outputstream = mock(ServletOutputStream.class);
when(response.getOutputStream()).thenReturn(outputstream);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
SecurityContextHolder.setContext(repo.loadContext(holder));
SecurityContextHolder.getContext().setAuthentication(testToken);
holder.getResponse().getOutputStream().close();
verify(outputstream).close();
}
// SEC-SEC-2055
@Test
public void outputStreamFlushesDelegate() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();
repo.setSpringSecurityContextKey("imTheContext");
MockHttpServletRequest request = new MockHttpServletRequest();
HttpServletResponse response = mock(HttpServletResponse.class);
ServletOutputStream outputstream = mock(ServletOutputStream.class);
when(response.getOutputStream()).thenReturn(outputstream);
HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, response);
SecurityContextHolder.setContext(repo.loadContext(holder));
SecurityContextHolder.getContext().setAuthentication(testToken);
holder.getResponse().getOutputStream().flush();
verify(outputstream).flush();
}
@Test
public void noSessionIsCreatedIfSessionWasInvalidatedDuringTheRequest() throws Exception {
HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository();

Write Preview
Loading…
Cancel
Save