Example 1 with FirewalledRequest
use of org.springframework.security.web.firewall.FirewalledRequest in project spring-security by spring-projects.
the class FilterChainProxy method doFilterInternal.
private void doFilterInternal(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
FirewalledRequest fwRequest = firewall.getFirewalledRequest((HttpServletRequest) request);
HttpServletResponse fwResponse = firewall.getFirewalledResponse((HttpServletResponse) response);
List<Filter> filters = getFilters(fwRequest);
if (filters == null || filters.size() == 0) {
if (logger.isDebugEnabled()) {
logger.debug(UrlUtils.buildRequestUrl(fwRequest) + (filters == null ? " has no matching filters" : " has an empty filter list"));
}
fwRequest.reset();
chain.doFilter(fwRequest, fwResponse);
return;
}
VirtualFilterChain vfc = new VirtualFilterChain(fwRequest, chain, filters);
vfc.doFilter(fwRequest, fwResponse);
}
Also used :
Filter(javax.servlet.Filter)
FirewalledRequest(org.springframework.security.web.firewall.FirewalledRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Example 2 with FirewalledRequest
use of org.springframework.security.web.firewall.FirewalledRequest in project spring-security by spring-projects.
the class FilterChainProxyTests method bothWrappersAreResetWithNestedFcps.
// SEC-1639
@Test
public void bothWrappersAreResetWithNestedFcps() throws Exception {
HttpFirewall fw = mock(HttpFirewall.class);
FilterChainProxy firstFcp = new FilterChainProxy(new DefaultSecurityFilterChain(matcher, fcp));
firstFcp.setFirewall(fw);
fcp.setFirewall(fw);
FirewalledRequest firstFwr = mock(FirewalledRequest.class, "firstFwr");
when(firstFwr.getRequestURI()).thenReturn("/");
when(firstFwr.getContextPath()).thenReturn("");
FirewalledRequest fwr = mock(FirewalledRequest.class, "fwr");
when(fwr.getRequestURI()).thenReturn("/");
when(fwr.getContextPath()).thenReturn("");
when(fw.getFirewalledRequest(request)).thenReturn(firstFwr);
when(fw.getFirewalledRequest(firstFwr)).thenReturn(fwr);
when(fwr.getRequest()).thenReturn(firstFwr);
when(firstFwr.getRequest()).thenReturn(request);
when(matcher.matches(any(HttpServletRequest.class))).thenReturn(true);
firstFcp.doFilter(request, response, chain);
verify(firstFwr).reset();
verify(fwr).reset();
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpFirewall(org.springframework.security.web.firewall.HttpFirewall)
FirewalledRequest(org.springframework.security.web.firewall.FirewalledRequest)
Test(org.junit.Test)
Example 3 with FirewalledRequest
use of org.springframework.security.web.firewall.FirewalledRequest in project spring-security by spring-projects.
the class FilterChainProxyTests method wrapperIsResetWhenNoMatchingFilters.
@Test
public void wrapperIsResetWhenNoMatchingFilters() throws Exception {
HttpFirewall fw = mock(HttpFirewall.class);
FirewalledRequest fwr = mock(FirewalledRequest.class);
when(fwr.getRequestURI()).thenReturn("/");
when(fwr.getContextPath()).thenReturn("");
fcp.setFirewall(fw);
when(fw.getFirewalledRequest(request)).thenReturn(fwr);
when(matcher.matches(any(HttpServletRequest.class))).thenReturn(false);
fcp.doFilter(request, response, chain);
verify(fwr).reset();
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpFirewall(org.springframework.security.web.firewall.HttpFirewall)
FirewalledRequest(org.springframework.security.web.firewall.FirewalledRequest)
Test(org.junit.Test)
Aggregations
FirewalledRequest (org.springframework.security.web.firewall.FirewalledRequest)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
Test (org.junit.Test)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
HttpFirewall (org.springframework.security.web.firewall.HttpFirewall)2
Filter (javax.servlet.Filter)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
