From f4712069d7d79415cf87e7e0a98b09aca318db9b Mon Sep 17 00:00:00 2001 From: Marcus Hert Da Coregio Date: Wed, 10 Apr 2024 13:21:46 -0300 Subject: [PATCH] Allow customization of redirect strategy in CasAuthenticationEntrypoint Closes gh-14881 --- .../cas/web/CasAuthenticationEntryPoint.java | 18 ++++++++++--- .../web/CasAuthenticationEntryPointTests.java | 27 +++++++++++++++++++ 2 files changed, 42 insertions(+), 3 deletions(-) diff --git a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java index 3f8661614a0..5f702ed493a 100644 --- a/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java +++ b/cas/src/main/java/org/springframework/security/cas/web/CasAuthenticationEntryPoint.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,6 +28,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.DefaultRedirectStrategy; +import org.springframework.security.web.RedirectStrategy; import org.springframework.util.Assert; /** @@ -61,6 +62,8 @@ public class CasAuthenticationEntryPoint implements AuthenticationEntryPoint, In */ private boolean encodeServiceUrlWithSessionId = true; + private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); + @Override public void afterPropertiesSet() { Assert.hasLength(this.loginUrl, "loginUrl must be specified"); @@ -74,8 +77,7 @@ public final void commence(final HttpServletRequest servletRequest, HttpServletR String urlEncodedService = createServiceUrl(servletRequest, response); String redirectUrl = createRedirectUrl(urlEncodedService); preCommence(servletRequest, response); - new DefaultRedirectStrategy().sendRedirect(servletRequest, response, redirectUrl); - // response.sendRedirect(redirectUrl); + this.redirectStrategy.sendRedirect(servletRequest, response, redirectUrl); } /** @@ -149,4 +151,14 @@ protected boolean getEncodeServiceUrlWithSessionId() { return this.encodeServiceUrlWithSessionId; } + /** + * Sets the {@link RedirectStrategy} to use + * @param redirectStrategy the {@link RedirectStrategy} to use + * @since 6.3 + */ + public void setRedirectStrategy(RedirectStrategy redirectStrategy) { + Assert.notNull(redirectStrategy, "redirectStrategy cannot be null"); + this.redirectStrategy = redirectStrategy; + } + } diff --git a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java index 3720bf57181..4ef20e4b37f 100644 --- a/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java +++ b/cas/src/test/java/org/springframework/security/cas/web/CasAuthenticationEntryPointTests.java @@ -16,16 +16,22 @@ package org.springframework.security.cas.web; +import java.io.IOException; import java.net.URLEncoder; import org.junit.jupiter.api.Test; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.cas.ServiceProperties; +import org.springframework.security.web.RedirectStrategy; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; /** * Tests {@link CasAuthenticationEntryPoint}. @@ -95,4 +101,25 @@ public void testNormalOperationWithRenewTrue() throws Exception { .isEqualTo(response.getRedirectedUrl()); } + @Test + void setRedirectStrategyThenUses() throws IOException { + CasAuthenticationEntryPoint ep = new CasAuthenticationEntryPoint(); + ServiceProperties sp = new ServiceProperties(); + + sp.setService("https://mycompany.com/login/cas"); + ep.setServiceProperties(sp); + ep.setLoginUrl("https://cas/login"); + + RedirectStrategy redirectStrategy = mock(); + + ep.setRedirectStrategy(redirectStrategy); + MockHttpServletRequest req = new MockHttpServletRequest(); + MockHttpServletResponse res = new MockHttpServletResponse(); + + ep.commence(req, res, new BadCredentialsException("bad credentials")); + + verify(redirectStrategy).sendRedirect(eq(req), eq(res), + eq("https://cas/login?service=https%3A%2F%2Fmycompany.com%2Flogin%2Fcas")); + } + }