From d09012f95f20c16f35d06944e06cbb6c9040f1e7 Mon Sep 17 00:00:00 2001 From: Dongmin Shin Date: Sat, 15 Dec 2018 22:11:50 +0900 Subject: [PATCH] Remove Servlet Spec 2.5 Support for HttpSessionSecurityContextRepository Fixes: gh-6261 --- .../HttpSessionSecurityContextRepository.java | 12 ++--- ...curityContextRepositoryServlet25Tests.java | 54 ------------------- 2 files changed, 4 insertions(+), 62 deletions(-) delete mode 100644 web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryServlet25Tests.java diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java index 01f84c3063b..03976a7ea7b 100644 --- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java +++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java @@ -35,7 +35,6 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolderStrategy; import org.springframework.util.Assert; -import org.springframework.util.ClassUtils; import org.springframework.web.util.WebUtils; /** @@ -95,7 +94,6 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo private final Object contextObject = SecurityContextHolder.createEmptyContext(); private boolean allowSessionCreation = true; private boolean disableUrlRewriting = false; - private boolean isServlet3 = ClassUtils.hasMethod(ServletRequest.class, "startAsync"); private String springSecurityContextKey = SPRING_SECURITY_CONTEXT_KEY; private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl(); @@ -127,10 +125,8 @@ public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHold response, request, httpSession != null, context); requestResponseHolder.setResponse(wrappedResponse); - if (isServlet3) { - requestResponseHolder.setRequest(new Servlet3SaveToSessionRequestWrapper( - request, wrappedResponse)); - } + requestResponseHolder.setRequest(new SaveToSessionRequestWrapper( + request, wrappedResponse)); return context; } @@ -269,11 +265,11 @@ public void setSpringSecurityContextKey(String springSecurityContextKey) { // ~ Inner Classes // ================================================================================================== - private static class Servlet3SaveToSessionRequestWrapper extends + private static class SaveToSessionRequestWrapper extends HttpServletRequestWrapper { private final SaveContextOnUpdateOrErrorResponseWrapper response; - public Servlet3SaveToSessionRequestWrapper(HttpServletRequest request, + public SaveToSessionRequestWrapper(HttpServletRequest request, SaveContextOnUpdateOrErrorResponseWrapper response) { super(request); this.response = response; diff --git a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryServlet25Tests.java b/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryServlet25Tests.java deleted file mode 100644 index 5f9f4c28127..00000000000 --- a/web/src/test/java/org/springframework/security/web/context/HttpSessionSecurityContextRepositoryServlet25Tests.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 2002-2016 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.web.context; - -import javax.servlet.ServletRequest; - -import org.junit.Test; -import org.junit.runner.RunWith; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.util.ClassUtils; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.powermock.api.mockito.PowerMockito.spy; -import static org.powermock.api.mockito.PowerMockito.when; - -/** - * @author Luke Taylor - * @author Rob Winch - */ -@RunWith(PowerMockRunner.class) -@PrepareForTest({ ClassUtils.class }) -public class HttpSessionSecurityContextRepositoryServlet25Tests { - @Test - public void servlet25Compatability() throws Exception { - spy(ClassUtils.class); - when(ClassUtils.class, "hasMethod", ServletRequest.class, "startAsync", - new Class[] {}).thenReturn(false); - HttpSessionSecurityContextRepository repo = new HttpSessionSecurityContextRepository(); - MockHttpServletRequest request = new MockHttpServletRequest(); - MockHttpServletResponse response = new MockHttpServletResponse(); - HttpRequestResponseHolder holder = new HttpRequestResponseHolder(request, - response); - repo.loadContext(holder); - assertThat(holder.getRequest()).isSameAs(request); - } -}