Skip to content

Commit

Permalink
Improve Error Message for Conflicting Filter Chains
Browse files Browse the repository at this point in the history
  • Loading branch information
jzheaux committed Oct 25, 2024
1 parent a367569 commit 4b139fb
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -302,16 +302,18 @@ protected Filter performBuild() throws Exception {
requestMatcherPrivilegeEvaluatorsEntries
.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
}
boolean anyRequestConfigured = false;
DefaultSecurityFilterChain anyRequestFilterChain = null;
for (SecurityBuilder<? extends SecurityFilterChain> securityFilterChainBuilder : this.securityFilterChainBuilders) {
SecurityFilterChain securityFilterChain = securityFilterChainBuilder.build();
Assert.isTrue(!anyRequestConfigured,
"A filter chain that matches any request has already been configured, which means that this filter chain ["
+ securityFilterChain
+ "] will never get invoked. Please use `HttpSecurity#securityMatcher` to ensure that there is only one filter chain configured for 'any request' and that the 'any request' filter chain is published last.");
if (anyRequestFilterChain != null) {
String message = "A filter chain that matches any request [" + anyRequestFilterChain
+ "] has already been configured, which means that this filter chain [" + securityFilterChain
+ "] will never get invoked. Please use `HttpSecurity#securityMatcher` to ensure that there is only one filter chain configured for 'any request' and that the 'any request' filter chain is published last.";
throw new IllegalArgumentException(message);
}
if (securityFilterChain instanceof DefaultSecurityFilterChain defaultSecurityFilterChain) {
if (defaultSecurityFilterChain.getRequestMatcher() instanceof AnyRequestMatcher) {
anyRequestConfigured = true;
anyRequestFilterChain = defaultSecurityFilterChain;
}
}
securityFilterChains.add(securityFilterChain);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,9 @@
import jakarta.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import reactor.util.annotation.NonNull;

import org.springframework.beans.factory.BeanNameAware;
import org.springframework.core.log.LogMessage;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;
Expand All @@ -36,14 +38,16 @@
* @author Jinwoo Bae
* @since 3.1
*/
public final class DefaultSecurityFilterChain implements SecurityFilterChain {
public final class DefaultSecurityFilterChain implements SecurityFilterChain, BeanNameAware {

private static final Log logger = LogFactory.getLog(DefaultSecurityFilterChain.class);

private final RequestMatcher requestMatcher;

private final List<Filter> filters;

private String beanName;

public DefaultSecurityFilterChain(RequestMatcher requestMatcher, Filter... filters) {
this(requestMatcher, Arrays.asList(filters));
}
Expand Down Expand Up @@ -80,8 +84,24 @@ public boolean matches(HttpServletRequest request) {

@Override
public String toString() {
return this.getClass().getSimpleName() + " [RequestMatcher=" + this.requestMatcher + ", Filters=" + this.filters
+ "]";
List<String> filterNames = new ArrayList<>();
for (Filter filter : this.filters) {
String name = filter.getClass().getSimpleName();
if (name.endsWith("Filter")) {
name = name.substring(0, name.length() - "Filter".length());
}
filterNames.add(name);
}
String declaration = this.getClass().getSimpleName();
if (this.beanName != null) {
declaration += " defined as '" + this.beanName + "'";
}
return declaration + " matching [" + this.requestMatcher + "] and having filters " + filterNames;
}

@Override
public void setBeanName(@NonNull String name) {
this.beanName = name;
}

}

0 comments on commit 4b139fb

Please sign in to comment.