ServerRequestCache.removeMatchingRequest

Issue: gh-4789
2017-11-16 11:22:17 -06:00 · 2017-11-16 11:22:17 -06:00 · 75a7c5268a
parent 563139c469
commit 75a7c5268a
6 changed files with 10 additions and 43 deletions
--- a/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java
@ -60,15 +60,8 @@ public class WebSessionServerCsrfTokenRepository
 			return Mono.just(token);
 		}
 		return exchange.getSession()
-			.map(WebSession::getAttributes)
+			.doOnSuccess(session -> putToken(session.getAttributes(), token))
-			.flatMap( attrs -> save(attrs, token));
+			.flatMap(r -> Mono.justOrEmpty(token));
 	}
 	private Mono<CsrfToken> save(Map<String, Object> attributes, CsrfToken token) {
 		return Mono.defer(() -> {
 			putToken(attributes, token);
 			return Mono.justOrEmpty(token);
 		});
 	}
 	private void putToken(Map<String, Object> attributes, CsrfToken token) {
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/NoOpServerRequestCache.java
@ -38,16 +38,11 @@ public class NoOpServerRequestCache implements ServerRequestCache {
 	}
 	@Override
-	public Mono<ServerHttpRequest> getMatchingRequest(
+	public Mono<ServerHttpRequest> removeMatchingRequest(
 		ServerWebExchange exchange) {
 		return Mono.empty();
 	}
 	@Override
 	public Mono<ServerHttpRequest> removeRequest(ServerWebExchange exchange) {
 		return Mono.empty();
 	}
 	public static NoOpServerRequestCache getInstance() {
 		return new NoOpServerRequestCache();
 	}
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCache.java
@ -52,15 +52,5 @@ public interface ServerRequestCache {
 	 * @param exchange the exchange to obtain the request from
 	 * @return the {@link ServerHttpRequest}
 	 */
-	Mono<ServerHttpRequest> getMatchingRequest(ServerWebExchange exchange);
+	Mono<ServerHttpRequest> removeMatchingRequest(ServerWebExchange exchange);
 	/**
 	 * If the {@link ServerWebExchange} contains a saved {@link ServerHttpRequest} remove
 	 * and return it.
 	 *
 	 * @param exchange the {@link ServerWebExchange} to obtain and remove the
 	 * {@link ServerHttpRequest}
 	 * @return the {@link ServerHttpRequest}
 	 */
 	Mono<ServerHttpRequest> removeRequest(ServerWebExchange exchange);
 }
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/ServerRequestCacheWebFilter.java
@ -33,8 +33,7 @@ public class ServerRequestCacheWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-		return this.requestCache.getMatchingRequest(exchange)
+		return this.requestCache.removeMatchingRequest(exchange)
 			.flatMap(r -> this.requestCache.removeRequest(exchange))
 			.map(r -> exchange.mutate().request(r).build())
 			.defaultIfEmpty(exchange)
 			.flatMap(e -> chain.filter(e));
--- a/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCache.java
@ -77,22 +77,12 @@ public class WebSessionServerRequestCache implements ServerRequestCache {
 	}
 	@Override
-	public Mono<ServerHttpRequest> getMatchingRequest(
+	public Mono<ServerHttpRequest> removeMatchingRequest(
 		ServerWebExchange exchange) {
 		return getRedirectUri(exchange)
 			.map(URI::toASCIIString)
 			.map(path ->  exchange.getRequest().mutate().path(path).build())
 			.filter( request -> pathInApplication(request).equals(
 				pathInApplication(exchange.getRequest())));
 	}
 	@Override
 	public Mono<ServerHttpRequest> removeRequest(ServerWebExchange exchange) {
 		return exchange.getSession()
 			.map(WebSession::getAttributes)
-			.flatMap(attrs -> Mono.justOrEmpty(attrs.remove(this.sessionAttrName)))
+			.filter(attributes -> attributes.remove(this.sessionAttrName, pathInApplication(exchange.getRequest())))
-			.cast(String.class)
+			.map(attributes -> exchange.getRequest());
 			.map(path -> exchange.getRequest().mutate().path(path).build());
 	}
 	private static String pathInApplication(ServerHttpRequest request) {
--- a/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/savedrequest/WebSessionServerRequestCacheTests.java
@ -67,7 +67,7 @@ public class WebSessionServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/"));
 		this.cache.saveRequest(exchange).block();
-		ServerHttpRequest saved = this.cache.removeRequest(exchange).block();
+		ServerHttpRequest saved = this.cache.removeMatchingRequest(exchange).block();
 		assertThat(saved.getURI()).isEqualTo(exchange.getRequest().getURI());
 	}
@ -77,7 +77,7 @@ public class WebSessionServerRequestCacheTests {
 		MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/"));
 		this.cache.saveRequest(exchange).block();
-		this.cache.removeRequest(exchange).block();
+		this.cache.removeMatchingRequest(exchange).block();
 		assertThat(this.cache.getRedirectUri(exchange).block()).isNull();
 	}