diff --git a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java index 89d738ed23..e8f4d26955 100644 --- a/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java +++ b/core/src/main/java/org/springframework/security/config/HttpSecurityBeanDefinitionParser.java @@ -276,8 +276,11 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { builder.addPropertyValue("observeOncePerRequest", Boolean.FALSE); } - builder.addPropertyValue("objectDefinitionSource", - new DefaultFilterInvocationDefinitionSource(matcher, filterInvocationDefinitionMap)); + DefaultFilterInvocationDefinitionSource fids = + new DefaultFilterInvocationDefinitionSource(matcher, filterInvocationDefinitionMap); + fids.setStripQueryStringFromUrls(matcher instanceof AntUrlPathMatcher); + + builder.addPropertyValue("objectDefinitionSource", fids); pc.getRegistry().registerBeanDefinition(BeanIds.FILTER_SECURITY_INTERCEPTOR, builder.getBeanDefinition()); ConfigUtils.addHttpFilter(pc, new RuntimeBeanReference(BeanIds.FILTER_SECURITY_INTERCEPTOR)); } @@ -288,7 +291,7 @@ public class HttpSecurityBeanDefinitionParser implements BeanDefinitionParser { new RuntimeBeanReference(BeanIds.CHANNEL_DECISION_MANAGER)); DefaultFilterInvocationDefinitionSource channelFilterInvDefSource = new DefaultFilterInvocationDefinitionSource(matcher, channelRequestMap); - + channelFilterInvDefSource.setStripQueryStringFromUrls(matcher instanceof AntUrlPathMatcher); channelFilter.getPropertyValues().addPropertyValue("filterInvocationDefinitionSource", channelFilterInvDefSource); diff --git a/core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java b/core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java index 0d3bab2a5c..9bb386a7ee 100644 --- a/core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java +++ b/core/src/main/java/org/springframework/security/intercept/web/DefaultFilterInvocationDefinitionSource.java @@ -78,7 +78,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation DefaultFilterInvocationDefinitionSource(UrlMatcher urlMatcher) { this.urlMatcher = urlMatcher; } - + /** * Builds the internal request map from the supplied map. The key elements should be of type {@link RequestKey}, * which contains a URL path and an optional HTTP method (may be null). The path stored in the key will depend on @@ -252,7 +252,7 @@ public class DefaultFilterInvocationDefinitionSource implements FilterInvocation return urlMatcher.requiresLowerCaseUrl(); } - protected void setStripQueryStringFromUrls(boolean stripQueryStringFromUrls) { + public void setStripQueryStringFromUrls(boolean stripQueryStringFromUrls) { this.stripQueryStringFromUrls = stripQueryStringFromUrls; } } diff --git a/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java b/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java index 3692de7776..6f726837f1 100644 --- a/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java +++ b/core/src/test/java/org/springframework/security/config/HttpSecurityBeanDefinitionParserTests.java @@ -83,6 +83,7 @@ public class HttpSecurityBeanDefinitionParserTests { List filterList = getFilters("/anyurl"); checkAutoConfigFilters(filterList); + assertEquals(true, FieldUtils.getFieldValue(filterList.get(10), "objectDefinitionSource.stripQueryStringFromUrls")); } @Test(expected=BeanDefinitionParsingException.class) @@ -137,7 +138,9 @@ public class HttpSecurityBeanDefinitionParserTests { " " + AUTH_PROVIDER_XML); assertEquals(0, getFilters("/imlowercase").size()); // This will be matched by the default pattern ".*" - checkAutoConfigFilters(getFilters("/ImCaughtByTheUniversalMatchPattern")); + List allFilters = getFilters("/ImCaughtByTheUniversalMatchPattern"); + checkAutoConfigFilters(allFilters); + assertEquals(false, FieldUtils.getFieldValue(allFilters.get(10), "objectDefinitionSource.stripQueryStringFromUrls")); } @Test