-
Notifications
You must be signed in to change notification settings - Fork 168
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: fix redirect URL for PUSH with websocket transport (#20666) (CP:…
… 24.4) (#20678) * fix: fix redirect URL for PUSH with websocket transport (#20666) When PUSH is enabled with websocket transport, the redirect URL to be used after a successfull login is not correctly computed because it is based on the PUSH servlet mapping. This change detects the situation and computes the correct URL. Fixes #20575 * fix version --------- Co-authored-by: Marco Collovati <[email protected]>
- Loading branch information
1 parent
25b0c3f
commit 375e795
Showing
8 changed files
with
214 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
113 changes: 113 additions & 0 deletions
113
flow-tests/vaadin-spring-tests/test-spring-security-flow-websocket/pom.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
<parent> | ||
<groupId>com.vaadin</groupId> | ||
<artifactId>vaadin-spring-tests</artifactId> | ||
<version>24.4-SNAPSHOT</version> | ||
</parent> | ||
<artifactId>test-spring-security-flow-websocket</artifactId> | ||
<name>Integration tests for Vaadin Spring Security and Flow With Websocket PUSH</name> | ||
<packaging>jar</packaging> | ||
<properties> | ||
<maven.deploy.skip>true</maven.deploy.skip> | ||
</properties> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>com.vaadin</groupId> | ||
<artifactId>vaadin-spring</artifactId> | ||
<version>${project.version}</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>com.vaadin</groupId> | ||
<artifactId>vaadin-dev-server</artifactId> | ||
<version>${project.version}</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-web</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-devtools</artifactId> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-security</artifactId> | ||
</dependency> | ||
|
||
<dependency> | ||
<groupId>com.vaadin</groupId> | ||
<artifactId>test-spring-security-flow</artifactId> | ||
<version>${project.version}</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>com.vaadin</groupId> | ||
<artifactId>test-spring-security-flow</artifactId> | ||
<version>${project.version}</version> | ||
<type>test-jar</type> | ||
<classifier>tests</classifier> | ||
<scope>test</scope> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<defaultGoal>spring-boot:run</defaultGoal> | ||
<pluginManagement> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-maven-plugin</artifactId> | ||
<version>${spring.boot.version}</version> | ||
</plugin> | ||
</plugins> | ||
</pluginManagement> | ||
|
||
<plugins> | ||
<plugin> | ||
<groupId>com.vaadin</groupId> | ||
<artifactId>flow-maven-plugin</artifactId> | ||
<version>${project.version}</version> | ||
<configuration> | ||
<forceProductionBuild>true</forceProductionBuild> | ||
</configuration> | ||
<executions> | ||
<execution> | ||
<goals> | ||
<goal>prepare-frontend</goal> | ||
<goal>build-frontend</goal> | ||
</goals> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
<plugin> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-maven-plugin</artifactId> | ||
<configuration> | ||
<jvmArguments> | ||
-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=18888 | ||
</jvmArguments> | ||
</configuration> | ||
<executions> | ||
<!-- start and stop application when running | ||
integration tests --> | ||
<execution> | ||
<id>pre-integration-test</id> | ||
<goals> | ||
<goal>start</goal> | ||
</goals> | ||
</execution> | ||
<execution> | ||
<id>post-integration-test</id> | ||
<goals> | ||
<goal>stop</goal> | ||
</goals> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
|
||
</project> |
14 changes: 14 additions & 0 deletions
14
...low-websocket/src/main/java/com/vaadin/flow/spring/flowsecuritywebsocket/Application.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
package com.vaadin.flow.spring.flowsecuritywebsocket; | ||
|
||
import org.springframework.boot.SpringApplication; | ||
import org.springframework.boot.autoconfigure.SpringBootApplication; | ||
|
||
@SpringBootApplication | ||
public class Application | ||
extends com.vaadin.flow.spring.flowsecurity.Application { | ||
|
||
public static void main(String[] args) { | ||
SpringApplication.run(Application.class, args); | ||
} | ||
|
||
} |
52 changes: 52 additions & 0 deletions
52
...t/src/main/java/com/vaadin/flow/spring/flowsecuritywebsocket/PushWebsocketConfigurer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
/* | ||
* Copyright 2000-2024 Vaadin Ltd. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
* use this file except in compliance with the License. You may obtain a copy of | ||
* the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations under | ||
* the License. | ||
*/ | ||
|
||
package com.vaadin.flow.spring.flowsecuritywebsocket; | ||
|
||
import org.springframework.stereotype.Component; | ||
|
||
import com.vaadin.flow.router.BeforeEnterEvent; | ||
import com.vaadin.flow.router.BeforeEnterListener; | ||
import com.vaadin.flow.router.ListenerPriority; | ||
import com.vaadin.flow.server.ServiceInitEvent; | ||
import com.vaadin.flow.server.VaadinServiceInitListener; | ||
import com.vaadin.flow.shared.ui.Transport; | ||
|
||
@Component | ||
public class PushWebsocketConfigurer implements VaadinServiceInitListener { | ||
|
||
private final PushTransportSetter pushTransportSetter = new PushTransportSetter(); | ||
|
||
@Override | ||
public void serviceInit(ServiceInitEvent event) { | ||
|
||
event.getSource().addUIInitListener(uiInitEvent -> { | ||
// Transport cannot be set directly in UI listener because | ||
// BootstrapHandler overrides it with @Push annotation value. | ||
uiInitEvent.getUI().addBeforeEnterListener(pushTransportSetter); | ||
}); | ||
} | ||
|
||
@ListenerPriority(10) | ||
private static class PushTransportSetter implements BeforeEnterListener { | ||
|
||
@Override | ||
public void beforeEnter(BeforeEnterEvent event) { | ||
event.getUI().getPushConfiguration() | ||
.setTransport(Transport.WEBSOCKET); | ||
} | ||
} | ||
} |
4 changes: 4 additions & 0 deletions
4
...pring-tests/test-spring-security-flow-websocket/src/main/resources/application.properties
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
server.port=8888 | ||
logging.level.org.springframework.security=TRACE | ||
logging.level.org.atmosphere=DEBUG | ||
server.servlet.session.persistent=false |
20 changes: 20 additions & 0 deletions
20
...-flow-websocket/src/test/java/com/vaadin/flow/spring/flowsecuritywebsocket/AppViewIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package com.vaadin.flow.spring.flowsecuritywebsocket; | ||
|
||
import org.junit.Ignore; | ||
import org.junit.Test; | ||
|
||
public class AppViewIT extends com.vaadin.flow.spring.flowsecurity.AppViewIT { | ||
|
||
@Test | ||
@Ignore(""" | ||
With WEBSOCKET transport the WS connection is closed when session | ||
is invalidated, but Flow client attempts a reconnection and | ||
re-enables heartbeat. The heartbeat ping resolves in a 403 HTTP | ||
status code because of session expiration, causing the client-side | ||
session expiration handler to redirect to the timeout page instead | ||
of the logout view, because the logout process is still ongoing. | ||
""") | ||
public void logout_via_doLogin_redirects_to_logout() { | ||
super.logout_via_doLogin_redirects_to_logout(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters