Skip to content

Commit 3a43ed8

Browse files
jzheauxjzheaux
committed
Register NullRequestCache When Disabled
Fixes: gh-6102
1 parent 80e13ba commit 3a43ed8

File tree

2 files changed

+29
-0
lines changed

2 files changed

+29
-0
lines changed

config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java

+7
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
2626
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
2727
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
28+
import org.springframework.security.web.savedrequest.NullRequestCache;
2829
import org.springframework.security.web.savedrequest.RequestCache;
2930
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
3031
import org.springframework.security.web.util.matcher.AndRequestMatcher;
@@ -87,6 +88,12 @@ public RequestCacheConfigurer<H> requestCache(RequestCache requestCache) {
8788
return this;
8889
}
8990

91+
@Override
92+
public H disable() {
93+
getBuilder().setSharedObject(RequestCache.class, new NullRequestCache());
94+
return super.disable();
95+
}
96+
9097
@Override
9198
public void init(H http) throws Exception {
9299
http.setSharedObject(RequestCache.class, getRequestCache(http));

config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java

+22
Original file line numberDiff line numberDiff line change
@@ -249,6 +249,28 @@ protected void configure(HttpSecurity http) throws Exception {
249249
}
250250
}
251251

252+
// gh-6102
253+
@Test
254+
public void getWhenRequestCacheIsDisabledThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception {
255+
this.spring.register(RequestCacheDisabledConfig.class, ExceptionHandlingConfigurerTests.DefaultSecurityConfig.class).autowire();
256+
257+
MockHttpSession session = (MockHttpSession)
258+
this.mvc.perform(get("/bob"))
259+
.andReturn().getRequest().getSession();
260+
261+
this.mvc.perform(formLogin(session))
262+
.andExpect(redirectedUrl("/"));
263+
}
264+
265+
@EnableWebSecurity
266+
static class RequestCacheDisabledConfig extends WebSecurityConfigurerAdapter {
267+
@Override
268+
protected void configure(HttpSecurity http) throws Exception {
269+
super.configure(http);
270+
http.requestCache().disable();
271+
}
272+
}
273+
252274
@EnableWebSecurity
253275
static class DefaultSecurityConfig {
254276

0 commit comments

Comments
 (0)