|
19 | 19 | import java.util.Arrays;
|
20 | 20 | import java.util.Collections;
|
21 | 21 | import java.util.HashMap;
|
22 |
| -import java.util.LinkedHashMap; |
23 | 22 | import java.util.List;
|
24 | 23 | import java.util.Map;
|
25 | 24 |
|
26 | 25 | import org.w3c.dom.Element;
|
27 | 26 |
|
28 | 27 | import org.springframework.beans.BeanMetadataElement;
|
29 | 28 | import org.springframework.beans.BeansException;
|
| 29 | +import org.springframework.beans.factory.FactoryBean; |
30 | 30 | import org.springframework.beans.factory.config.BeanDefinition;
|
31 | 31 | import org.springframework.beans.factory.config.BeanReference;
|
32 | 32 | import org.springframework.beans.factory.config.RuntimeBeanReference;
|
33 | 33 | import org.springframework.beans.factory.parsing.BeanComponentDefinition;
|
34 | 34 | import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
| 35 | +import org.springframework.beans.factory.support.ManagedMap; |
35 | 36 | import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
36 | 37 | import org.springframework.beans.factory.xml.ParserContext;
|
37 | 38 | import org.springframework.context.ApplicationContext;
|
|
57 | 58 | import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
|
58 | 59 | import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
|
59 | 60 | import org.springframework.security.web.util.matcher.AndRequestMatcher;
|
60 |
| -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; |
61 | 61 | import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
|
62 | 62 | import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
|
63 | 63 | import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
@@ -235,7 +235,7 @@ public BeanDefinition parse(Element element, ParserContext parserContext) {
|
235 | 235 | .getBeanDefinition();
|
236 | 236 | }
|
237 | 237 | else {
|
238 |
| - Map<RequestMatcher, AuthenticationEntryPoint> entryPoint = getLoginEntryPoint(element); |
| 238 | + Map<BeanDefinition, AuthenticationEntryPoint> entryPoint = getLoginEntryPoint(element); |
239 | 239 | if (entryPoint != null) {
|
240 | 240 | this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder
|
241 | 241 | .rootBeanDefinition(DelegatingAuthenticationEntryPoint.class)
|
@@ -364,42 +364,35 @@ BeanDefinition getOAuth2LoginLinks() {
|
364 | 364 | return this.oauth2LoginLinks;
|
365 | 365 | }
|
366 | 366 |
|
367 |
| - private Map<RequestMatcher, AuthenticationEntryPoint> getLoginEntryPoint(Element element) { |
368 |
| - Map<RequestMatcher, AuthenticationEntryPoint> entryPoints = null; |
| 367 | + private Map<BeanDefinition, AuthenticationEntryPoint> getLoginEntryPoint(Element element) { |
| 368 | + Map<BeanDefinition, AuthenticationEntryPoint> entryPoints = null; |
369 | 369 | Element clientRegsElt = DomUtils.getChildElementByTagName(element.getOwnerDocument().getDocumentElement(),
|
370 | 370 | Elements.CLIENT_REGISTRATIONS);
|
371 | 371 | if (clientRegsElt != null) {
|
372 | 372 | List<Element> clientRegList = DomUtils.getChildElementsByTagName(clientRegsElt, ELT_CLIENT_REGISTRATION);
|
373 | 373 | if (clientRegList.size() == 1) {
|
374 |
| - RequestMatcher loginPageMatcher = new AntPathRequestMatcher(DEFAULT_LOGIN_URI); |
375 |
| - RequestMatcher faviconMatcher = new AntPathRequestMatcher("/favicon.ico"); |
376 |
| - RequestMatcher defaultEntryPointMatcher = this.getAuthenticationEntryPointMatcher(); |
377 |
| - RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher( |
378 |
| - new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher); |
379 |
| - RequestMatcher notXRequestedWith = new NegatedRequestMatcher( |
380 |
| - new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")); |
| 374 | + BeanDefinition loginPageMatcher = BeanDefinitionBuilder |
| 375 | + .rootBeanDefinition(RequestMatcherFactoryBean.class) |
| 376 | + .addConstructorArgValue(DEFAULT_LOGIN_URI) |
| 377 | + .getBeanDefinition(); |
| 378 | + BeanDefinition faviconMatcher = BeanDefinitionBuilder |
| 379 | + .rootBeanDefinition(RequestMatcherFactoryBean.class) |
| 380 | + .addConstructorArgValue("/favicon.ico") |
| 381 | + .getBeanDefinition(); |
| 382 | + BeanDefinition entryPointMatcher = BeanDefinitionBuilder |
| 383 | + .rootBeanDefinition(EntryPointMatcherFactoryBean.class) |
| 384 | + .addConstructorArgValue(loginPageMatcher) |
| 385 | + .addConstructorArgValue(faviconMatcher) |
| 386 | + .getBeanDefinition(); |
381 | 387 | Element clientRegElt = clientRegList.get(0);
|
382 |
| - entryPoints = new LinkedHashMap<>(); |
383 |
| - entryPoints.put( |
384 |
| - new AndRequestMatcher(notXRequestedWith, new NegatedRequestMatcher(defaultLoginPageMatcher)), |
385 |
| - new LoginUrlAuthenticationEntryPoint(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/" |
386 |
| - + clientRegElt.getAttribute(ATT_REGISTRATION_ID))); |
| 388 | + entryPoints = new ManagedMap<>(); |
| 389 | + entryPoints.put(entryPointMatcher, new LoginUrlAuthenticationEntryPoint( |
| 390 | + DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/" + clientRegElt.getAttribute(ATT_REGISTRATION_ID))); |
387 | 391 | }
|
388 | 392 | }
|
389 | 393 | return entryPoints;
|
390 | 394 | }
|
391 | 395 |
|
392 |
| - private RequestMatcher getAuthenticationEntryPointMatcher() { |
393 |
| - ContentNegotiationStrategy contentNegotiationStrategy = new HeaderContentNegotiationStrategy(); |
394 |
| - MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, |
395 |
| - MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, |
396 |
| - MediaType.TEXT_PLAIN); |
397 |
| - mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); |
398 |
| - RequestMatcher notXRequestedWith = new NegatedRequestMatcher( |
399 |
| - new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")); |
400 |
| - return new AndRequestMatcher(Arrays.asList(notXRequestedWith, mediaMatcher)); |
401 |
| - } |
402 |
| - |
403 | 396 | private static class OidcAuthenticationRequestChecker implements AuthenticationProvider {
|
404 | 397 |
|
405 | 398 | @Override
|
@@ -463,4 +456,42 @@ Map<String, String> getLoginLinks() {
|
463 | 456 |
|
464 | 457 | }
|
465 | 458 |
|
| 459 | + @Deprecated |
| 460 | + static class EntryPointMatcherFactoryBean implements FactoryBean<RequestMatcher> { |
| 461 | + |
| 462 | + private final RequestMatcher entryPointMatcher; |
| 463 | + |
| 464 | + EntryPointMatcherFactoryBean(RequestMatcher loginPageMatcher, RequestMatcher faviconMatcher) { |
| 465 | + RequestMatcher defaultEntryPointMatcher = getAuthenticationEntryPointMatcher(); |
| 466 | + RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher( |
| 467 | + new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher); |
| 468 | + RequestMatcher notXRequestedWith = new NegatedRequestMatcher( |
| 469 | + new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")); |
| 470 | + this.entryPointMatcher = new AndRequestMatcher(notXRequestedWith, |
| 471 | + new NegatedRequestMatcher(defaultLoginPageMatcher)); |
| 472 | + } |
| 473 | + |
| 474 | + private RequestMatcher getAuthenticationEntryPointMatcher() { |
| 475 | + ContentNegotiationStrategy contentNegotiationStrategy = new HeaderContentNegotiationStrategy(); |
| 476 | + MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, |
| 477 | + MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, |
| 478 | + MediaType.TEXT_PLAIN); |
| 479 | + mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL)); |
| 480 | + RequestMatcher notXRequestedWith = new NegatedRequestMatcher( |
| 481 | + new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")); |
| 482 | + return new AndRequestMatcher(Arrays.asList(notXRequestedWith, mediaMatcher)); |
| 483 | + } |
| 484 | + |
| 485 | + @Override |
| 486 | + public RequestMatcher getObject() { |
| 487 | + return this.entryPointMatcher; |
| 488 | + } |
| 489 | + |
| 490 | + @Override |
| 491 | + public Class<?> getObjectType() { |
| 492 | + return RequestMatcher.class; |
| 493 | + } |
| 494 | + |
| 495 | + } |
| 496 | + |
466 | 497 | }
|
0 commit comments