jlengrand/quarkus
1
0
Fork 0
mirror of https://github.com/jlengrand/quarkus.git synced 2026-03-10 08:41:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure that whitespaces don't break bean invocation in SpEL

Browse Source 
Fixes: #7343
This commit is contained in:
Georgios Andrianakis
2020-02-21 21:24:01 +02:00
parent 3fc8264663
commit f78c80aff1
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
extensions/spring-security/deployment/src/main/java/io/quarkus/spring/security/deployment/BeanMethodInvocationGenerator.java
View File

@@ -72,7 +72,9 @@ class BeanMethodInvocationGenerator {
int parametersEndIndex = expression.indexOf(')');
String[] beanMethodArgumentExpressions = {};
if (parametersEndIndex > parametersStartIndex + 1) {
beanMethodArgumentExpressions = expression.substring(parametersStartIndex + 1, parametersEndIndex).split(",");
beanMethodArgumentExpressions = expression.substring(parametersStartIndex + 1, parametersEndIndex).trim()
.split("\\s*,\\s*");
;
}
/*
* We need to make sure the cache key contains the both the expression and the parameter types of the method

9
extensions/spring-security/deployment/src/test/java/io/quarkus/spring/security/deployment/BeanMethodCheckTest.java
View File

@@ -85,6 +85,15 @@ public class BeanMethodCheckTest {
assertSuccess(() -> beanWithBeanMethodChecks.withParams("geo", new Person("geo")), "withParams", USER);
}
@Test
public void testWithParamsAndConstant() {
assertSuccess(() -> beanWithBeanMethodChecks.withParamAndConstant(new Person("geo")), "withParamAndConstant",
ANONYMOUS);
assertFailureFor(() -> beanWithBeanMethodChecks.withParamAndConstant(new Person("other")), ForbiddenException.class,
USER);
assertSuccess(() -> beanWithBeanMethodChecks.withParamAndConstant(new Person("geo")), "withParamAndConstant", USER);
}
@Test
public void testWithExtraUnusedParam() {
assertFailureFor(() -> someInterface.doSomething("other", 1, new Person("geo")), UnauthorizedException.class,

5
extensions/spring-security/deployment/src/test/java/io/quarkus/spring/security/deployment/springapp/BeanWithBeanMethodChecks.java
View File

@@ -21,6 +21,11 @@ public class BeanWithBeanMethodChecks {
return "withParams";
}
@PreAuthorize("@personChecker.check(#person, 'geo')")
public String withParamAndConstant(Person person) {
return "withParamAndConstant";
}
@PreAuthorize("@personChecker.check(#person, #input)")
public String anotherWithParams(String input, Person person) {
return "anotherWithParams";