Skip to content

Commit ddad61d

Browse files
jzheauxjzheaux
committed
Register NullRequestCache When Disabled
Fixes: gh-6102
1 parent e6a1552 commit ddad61d

File tree

2 files changed

+29
-0
lines changed

2 files changed

+29
-0
lines changed

config/src/main/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurer.java

+7
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
2424
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
2525
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
26+
import org.springframework.security.web.savedrequest.NullRequestCache;
2627
import org.springframework.security.web.savedrequest.RequestCache;
2728
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
2829
import org.springframework.security.web.util.matcher.AndRequestMatcher;
@@ -85,6 +86,12 @@ public RequestCacheConfigurer<H> requestCache(RequestCache requestCache) {
8586
return this;
8687
}
8788

89+
@Override
90+
public H disable() {
91+
getBuilder().setSharedObject(RequestCache.class, new NullRequestCache());
92+
return super.disable();
93+
}
94+
8895
@Override
8996
public void init(H http) throws Exception {
9097
http.setSharedObject(RequestCache.class, getRequestCache(http));

config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java

+22
Original file line numberDiff line numberDiff line change
@@ -236,6 +236,28 @@ protected void configure(HttpSecurity http) throws Exception {
236236
}
237237
}
238238

239+
// gh-6102
240+
@Test
241+
public void getWhenRequestCacheIsDisabledThenExceptionTranslationFilterDoesNotStoreRequest() throws Exception {
242+
this.spring.register(RequestCacheDisabledConfig.class, DefaultSecurityConfig.class).autowire();
243+
244+
MockHttpSession session = (MockHttpSession)
245+
this.mvc.perform(get("/bob"))
246+
.andReturn().getRequest().getSession();
247+
248+
this.mvc.perform(formLogin(session))
249+
.andExpect(redirectedUrl("/"));
250+
}
251+
252+
@EnableWebSecurity
253+
static class RequestCacheDisabledConfig extends WebSecurityConfigurerAdapter {
254+
@Override
255+
protected void configure(HttpSecurity http) throws Exception {
256+
super.configure(http);
257+
http.requestCache().disable();
258+
}
259+
}
260+
239261
@EnableWebSecurity
240262
static class DefaultSecurityConfig {
241263

0 commit comments

Comments
 (0)