From 70327420c35cc5fa18c24adaf567fbfb970a499b Mon Sep 17 00:00:00 2001 From: Olivier Vanekem Date: Wed, 2 Aug 2023 11:04:48 +0200 Subject: [PATCH] Adds integrity attribute for bootstrap signin.css to generated login and logout pages Closes gh-13486 --- .../web/configurers/DefaultLoginPageConfigurerTests.java | 8 ++++---- .../config/http/FormLoginBeanDefinitionParserTests.java | 6 +++--- .../ui/DefaultLoginPageGeneratingFilter.java | 2 +- .../ui/DefaultLogoutPageGeneratingFilter.java | 4 ++-- .../web/server/ui/LoginPageGeneratingWebFilter.java | 2 +- .../web/server/ui/LogoutPageGeneratingWebFilter.java | 2 +- .../ui/DefaultLogoutPageGeneratingFilterTests.java | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java index e906f89f473..f45e93dfcb5 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java @@ -96,7 +96,7 @@ public void loginPageThenDefaultLoginPageIsRendered() throws Exception { + " \n" + " Please sign in\n" + " \n" - + " \n" + + " \n" + " \n" + " \n" + "
\n" @@ -145,7 +145,7 @@ public void loginPageWhenErrorThenDefaultLoginPageWithError() throws Exception { + " \n" + " Please sign in\n" + " \n" - + " \n" + + " \n" + " \n" + " \n" + "
\n" @@ -197,7 +197,7 @@ public void loginPageWhenLoggedOutThenDefaultLoginPageWithLogoutMessage() throws + " \n" + " Please sign in\n" + " \n" - + " \n" + + " \n" + " \n" + " \n" + "
\n" @@ -250,7 +250,7 @@ public void loginPageWhenRememberConfigureThenDefaultLoginPageWithRememberMeChec + " \n" + " Please sign in\n" + " \n" - + " \n" + + " \n" + " \n" + " \n" + "
\n" diff --git a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java index d501ee82bd4..86a1c351acb 100644 --- a/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java +++ b/config/src/test/java/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -63,7 +63,7 @@ public void getLoginWhenAutoConfigThenShowsDefaultLoginPage() throws Exception { + " \n" + " Please sign in\n" + " \n" - + " \n" + + " \n" + " \n" + " \n" + "
\n" @@ -104,7 +104,7 @@ public void getLoginWhenConfiguredWithCustomAttributesThenLoginPageReflects() th + " \n" + " Please sign in\n" + " \n" - + " \n" + + " \n" + " \n" + " \n" + "
\n" diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java index 9e8ded38ccd..cc45ca87955 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLoginPageGeneratingFilter.java @@ -203,7 +203,7 @@ private String generateLoginPageHtml(HttpServletRequest request, boolean loginEr sb.append(" \n"); sb.append(" \n"); + + "rel=\"stylesheet\" integrity=\"sha384-oOE/3m0LUMPub4kaC09mrdEhIc+e3exm4xOGxAmuFXhBNF4hcg/6MiAXAf5p0P56\" crossorigin=\"anonymous\"/>\n"); sb.append(" \n"); sb.append(" \n"); sb.append("
\n"); diff --git a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java index 40a1ab84fcb..29f4b3d5d5f 100644 --- a/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java +++ b/web/src/main/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -73,7 +73,7 @@ private void renderLogout(HttpServletRequest request, HttpServletResponse respon + "rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" " + "crossorigin=\"anonymous\">\n"); sb.append(" \n"); + + "rel=\"stylesheet\" integrity=\"sha384-oOE/3m0LUMPub4kaC09mrdEhIc+e3exm4xOGxAmuFXhBNF4hcg/6MiAXAf5p0P56\" crossorigin=\"anonymous\"/>\n"); sb.append(" \n"); sb.append(" \n"); sb.append("
\n"); diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java index 4248433f756..cc448ceb37c 100644 --- a/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/ui/LoginPageGeneratingWebFilter.java @@ -99,7 +99,7 @@ private byte[] createPage(ServerWebExchange exchange, String csrfTokenHtmlInput) + "rel=\"stylesheet\" integrity=\"sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M\" " + "crossorigin=\"anonymous\">\n"); page.append(" \n"); + + "rel=\"stylesheet\" integrity=\"sha384-oOE/3m0LUMPub4kaC09mrdEhIc+e3exm4xOGxAmuFXhBNF4hcg/6MiAXAf5p0P56\" crossorigin=\"anonymous\"/>\n"); page.append(" \n"); page.append(" \n"); page.append("
\n"); diff --git a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java index 135b5f097fc..7725e92af4d 100644 --- a/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java +++ b/web/src/main/java/org/springframework/security/web/server/ui/LogoutPageGeneratingWebFilter.java @@ -79,7 +79,7 @@ private static byte[] createPage(String csrfTokenHtmlInput, String contextPath) page.append(" \n"); page.append(" \n"); + + "rel=\"stylesheet\" integrity=\"sha384-oOE/3m0LUMPub4kaC09mrdEhIc+e3exm4xOGxAmuFXhBNF4hcg/6MiAXAf5p0P56\" crossorigin=\"anonymous\"/>\n"); page.append(" \n"); page.append(" \n"); page.append("
\n"); diff --git a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java index 4ab89fa99e3..a8f120b75be 100644 --- a/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java +++ b/web/src/test/java/org/springframework/security/web/authentication/ui/DefaultLogoutPageGeneratingFilterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -44,7 +44,7 @@ public void doFilterWhenNoHiddenInputsThenPageRendered() throws Exception { + " \n" + " \n" + " Confirm Log Out?\n" + " \n" - + " \n" + + " \n" + " \n" + " \n" + "
\n" + "
\n" + " \n"