Skip to content

Commit

Permalink
Merge branch '6.0.x' into 6.1.x
Browse files Browse the repository at this point in the history
  • Loading branch information
marcusdacoregio committed Jul 17, 2023
2 parents d72c0f1 + cbef118 commit aaa3131
Show file tree
Hide file tree
Showing 5 changed files with 131 additions and 8 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -16,13 +16,16 @@

package org.springframework.security.config.web.server;

import java.util.ArrayList;
import java.util.List;

import org.springframework.http.HttpMethod;
import org.springframework.security.web.server.util.matcher.OrServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.web.util.pattern.PathPattern;
import org.springframework.web.util.pattern.PathPatternParser;

/**
* @author Rob Winch
Expand Down Expand Up @@ -62,7 +65,8 @@ public T pathMatchers(HttpMethod method) {
* {@link ServerWebExchangeMatcher}
*/
public T pathMatchers(HttpMethod method, String... antPatterns) {
return matcher(ServerWebExchangeMatchers.pathMatchers(method, antPatterns));
List<PathPattern> pathPatterns = parsePatterns(antPatterns);
return matcher(ServerWebExchangeMatchers.pathMatchers(method, pathPatterns.toArray(new PathPattern[0])));
}

/**
Expand All @@ -74,7 +78,19 @@ public T pathMatchers(HttpMethod method, String... antPatterns) {
* {@link ServerWebExchangeMatcher}
*/
public T pathMatchers(String... antPatterns) {
return matcher(ServerWebExchangeMatchers.pathMatchers(antPatterns));
List<PathPattern> pathPatterns = parsePatterns(antPatterns);
return matcher(ServerWebExchangeMatchers.pathMatchers(pathPatterns.toArray(new PathPattern[0])));
}

private List<PathPattern> parsePatterns(String[] antPatterns) {
PathPatternParser parser = getPathPatternParser();
List<PathPattern> pathPatterns = new ArrayList<>(antPatterns.length);
for (String pattern : antPatterns) {
pattern = parser.initFullPathPattern(pattern);
PathPattern pathPattern = parser.parse(pattern);
pathPatterns.add(pathPattern);
}
return pathPatterns;
}

/**
Expand All @@ -96,6 +112,10 @@ public T matchers(ServerWebExchangeMatcher... matchers) {
*/
protected abstract T registerMatcher(ServerWebExchangeMatcher matcher);

protected PathPatternParser getPathPatternParser() {
return PathPatternParser.defaultInstance;
}

/**
* Associates a {@link ServerWebExchangeMatcher} instances
* @param matcher the {@link ServerWebExchangeMatcher} instance
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -191,9 +191,11 @@
import org.springframework.web.cors.reactive.CorsProcessor;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.cors.reactive.DefaultCorsProcessor;
import org.springframework.web.reactive.result.method.annotation.RequestMappingHandlerMapping;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import org.springframework.web.util.pattern.PathPatternParser;

/**
* A {@link ServerHttpSecurity} is similar to Spring Security's {@code HttpSecurity} but
Expand Down Expand Up @@ -1661,6 +1663,18 @@ private <T> T getBeanOrNull(ResolvableType type) {
return null;
}

private <T> T getBeanOrNull(String beanName, Class<T> requiredClass) {
if (this.context == null) {
return null;
}
try {
return this.context.getBean(beanName, requiredClass);
}
catch (Exception ex) {
return null;
}
}

private <T> String[] getBeanNamesForTypeOrEmpty(Class<T> beanClass) {
if (this.context == null) {
return new String[0];
Expand All @@ -1681,13 +1695,17 @@ protected void setApplicationContext(ApplicationContext applicationContext) thro
*/
public class AuthorizeExchangeSpec extends AbstractServerWebExchangeMatcherRegistry<AuthorizeExchangeSpec.Access> {

private static final String REQUEST_MAPPING_HANDLER_MAPPING_BEAN_NAME = "requestMappingHandlerMapping";

private DelegatingReactiveAuthorizationManager.Builder managerBldr = DelegatingReactiveAuthorizationManager
.builder();

private ServerWebExchangeMatcher matcher;

private boolean anyExchangeRegistered;

private PathPatternParser pathPatternParser;

/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
Expand All @@ -1710,6 +1728,22 @@ public Access anyExchange() {
return result;
}

@Override
protected PathPatternParser getPathPatternParser() {
if (this.pathPatternParser != null) {
return this.pathPatternParser;
}
RequestMappingHandlerMapping requestMappingHandlerMapping = getBeanOrNull(
REQUEST_MAPPING_HANDLER_MAPPING_BEAN_NAME, RequestMappingHandlerMapping.class);
if (requestMappingHandlerMapping != null) {
this.pathPatternParser = requestMappingHandlerMapping.getPathPatternParser();
}
if (this.pathPatternParser == null) {
this.pathPatternParser = PathPatternParser.defaultInstance;
}
return this.pathPatternParser;
}

@Override
protected Access registerMatcher(ServerWebExchangeMatcher matcher) {
Assert.state(!this.anyExchangeRegistered, () -> "Cannot register " + matcher
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -42,8 +42,6 @@ public final class PathPatternParserServerWebExchangeMatcher implements ServerWe

private static final Log logger = LogFactory.getLog(PathPatternParserServerWebExchangeMatcher.class);

private static final PathPatternParser DEFAULT_PATTERN_PARSER = new PathPatternParser();

private final PathPattern pattern;

private final HttpMethod method;
Expand All @@ -60,14 +58,20 @@ public PathPatternParserServerWebExchangeMatcher(PathPattern pattern, HttpMethod

public PathPatternParserServerWebExchangeMatcher(String pattern, HttpMethod method) {
Assert.notNull(pattern, "pattern cannot be null");
this.pattern = DEFAULT_PATTERN_PARSER.parse(pattern);
this.pattern = parse(pattern);
this.method = method;
}

public PathPatternParserServerWebExchangeMatcher(String pattern) {
this(pattern, null);
}

private PathPattern parse(String pattern) {
PathPatternParser parser = PathPatternParser.defaultInstance;
pattern = parser.initFullPathPattern(pattern);
return parser.parse(pattern);
}

@Override
public Mono<MatchResult> matches(ServerWebExchange exchange) {
ServerHttpRequest request = exchange.getRequest();
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -23,6 +23,7 @@

import org.springframework.http.HttpMethod;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.util.pattern.PathPattern;

/**
* Provides factory methods for creating common {@link ServerWebExchangeMatcher}
Expand Down Expand Up @@ -59,6 +60,30 @@ public static ServerWebExchangeMatcher pathMatchers(String... patterns) {
return pathMatchers(null, patterns);
}

/**
* Creates a matcher that matches on any of the provided {@link PathPattern}s.
* @param pathPatterns the {@link PathPattern}s to match on
* @return the matcher to use
*/
public static ServerWebExchangeMatcher pathMatchers(PathPattern... pathPatterns) {
return pathMatchers(null, pathPatterns);
}

/**
* Creates a matcher that matches on the specific method and any of the provided
* {@link PathPattern}s.
* @param method the method to match on. If null, any method will be matched.
* @param pathPatterns the {@link PathPattern}s to match on
* @return the matcher to use
*/
public static ServerWebExchangeMatcher pathMatchers(HttpMethod method, PathPattern... pathPatterns) {
List<ServerWebExchangeMatcher> matchers = new ArrayList<>(pathPatterns.length);
for (PathPattern pathPattern : pathPatterns) {
matchers.add(new PathPatternParserServerWebExchangeMatcher(pathPattern, method));
}
return new OrServerWebExchangeMatcher(matchers);
}

/**
* Creates a matcher that will match on any of the provided matchers
* @param matchers the matchers to match on
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
/*
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.springframework.security.web.server.util.matcher;

import org.junit.jupiter.api.Test;

import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
import org.springframework.mock.web.server.MockServerWebExchange;

import static org.assertj.core.api.Assertions.assertThat;

/**
* Tests for {@link PathPatternParserServerWebExchangeMatcher}
*
* @author Marcus da Coregio
*/
class PathPatternParserServerWebExchangeMatcherTests {

@Test
void matchesWhenConfiguredWithNoTrailingSlashAndPathContainsSlashThenMatches() {
PathPatternParserServerWebExchangeMatcher matcher = new PathPatternParserServerWebExchangeMatcher("user/**");
MockServerHttpRequest request = MockServerHttpRequest.get("/user/test").build();
assertThat(matcher.matches(MockServerWebExchange.from(request)).block().isMatch()).isTrue();
}

}

0 comments on commit aaa3131

Please sign in to comment.