root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Fix HandlerMappingIntrospector uri matching 

Prior to this commit, the `HandlerMappingIntrospector` would comparea
request with a cached request by using `String#matches` on their String
URI. This could lead to `PatternSyntaxException` exceptions at runtime
if the request URI contained pattern characters.

This commit fixes this typo to use `String#equals` instead.

Fixes gh-31937
This commit is contained in:
Brian Clozel 2024-01-04 16:44:00 +01:00
parent 4f599b7396
commit 7c9307e970
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
spring-webmvc/src/main/java/org/springframework/web/servlet/handler/HandlerMappingIntrospector.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -399,7 +399,7 @@ public class HandlerMappingIntrospector
public boolean matches(HttpServletRequest request) { public boolean matches(HttpServletRequest request) {
return (this.dispatcherType.equals(request.getDispatcherType()) && return (this.dispatcherType.equals(request.getDispatcherType()) &&
this.requestURI.matches(request.getRequestURI())); this.requestURI.equals(request.getRequestURI()));
} }
@Nullable @Nullable

11
spring-webmvc/src/test/java/org/springframework/web/servlet/handler/HandlerMappingIntrospectorTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2024 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -204,15 +204,16 @@ public class HandlerMappingIntrospectorTests {
assertThat(corsConfig.getAllowedMethods()).isEqualTo(Collections.singletonList("POST")); assertThat(corsConfig.getAllowedMethods()).isEqualTo(Collections.singletonList("POST"));
} }
@Test @ParameterizedTest
void cacheFilter() throws Exception { @ValueSource(strings = {"/test", "/resource/1234****"}) // gh-31937
void cacheFilter(String uri) throws Exception {
CorsConfiguration corsConfig = new CorsConfiguration(); CorsConfiguration corsConfig = new CorsConfiguration();
TestMatchableHandlerMapping mapping = new TestMatchableHandlerMapping(); TestMatchableHandlerMapping mapping = new TestMatchableHandlerMapping();
mapping.registerHandler("/test", new TestHandler(corsConfig)); mapping.registerHandler("/*", new TestHandler(corsConfig));
HandlerMappingIntrospector introspector = initIntrospector(mapping); HandlerMappingIntrospector introspector = initIntrospector(mapping);
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/test"); MockHttpServletRequest request = new MockHttpServletRequest("GET", uri);
MockHttpServletResponse response = new MockHttpServletResponse(); MockHttpServletResponse response = new MockHttpServletResponse();
MockFilterChain filterChain = new MockFilterChain( MockFilterChain filterChain = new MockFilterChain(