Example 1 with FilterChainProxy
use of org.springframework.security.web.FilterChainProxy in project spring-boot by spring-projects.
the class ManagementWebSecurityAutoConfigurationTests method testWebConfiguration.
@Test
public void testWebConfiguration() throws Exception {
this.context = new AnnotationConfigWebApplicationContext();
this.context.setServletContext(new MockServletContext());
this.context.register(SecurityAutoConfiguration.class, WebMvcAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, JacksonAutoConfiguration.class, HttpMessageConvertersAutoConfiguration.class, EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class, PropertyPlaceholderAutoConfiguration.class, AuditAutoConfiguration.class);
EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
this.context.refresh();
assertThat(this.context.getBean(AuthenticationManagerBuilder.class)).isNotNull();
FilterChainProxy filterChainProxy = this.context.getBean(FilterChainProxy.class);
// 1 for static resources, one for management endpoints and one for the rest
assertThat(filterChainProxy.getFilterChains()).hasSize(3);
assertThat(filterChainProxy.getFilters("/beans")).isNotEmpty();
assertThat(filterChainProxy.getFilters("/beans/")).isNotEmpty();
assertThat(filterChainProxy.getFilters("/beans.foo")).isNotEmpty();
assertThat(filterChainProxy.getFilters("/beans/foo/bar")).isNotEmpty();
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
AnnotationConfigWebApplicationContext(org.springframework.web.context.support.AnnotationConfigWebApplicationContext)
MockServletContext(org.springframework.mock.web.MockServletContext)
Test(org.junit.Test)
Example 2 with FilterChainProxy
use of org.springframework.security.web.FilterChainProxy in project spring-security by spring-projects.
the class DefaultFilterChainValidatorTests method setUp.
@Before
public void setUp() throws Exception {
AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous");
fsi = new FilterSecurityInterceptor();
fsi.setAccessDecisionManager(accessDecisionManager);
fsi.setSecurityMetadataSource(metadataSource);
AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf, fsi);
fcp = new FilterChainProxy(securityChain);
validator = new DefaultFilterChainValidator();
Whitebox.setInternalState(validator, "logger", logger);
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter)
FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor)
AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
Before(org.junit.Before)
Example 3 with FilterChainProxy
use of org.springframework.security.web.FilterChainProxy in project spring-security by spring-projects.
the class FilterChainProxyConfigTests method mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues.
// SEC-1235
@Test
public void mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues() throws Exception {
FilterChainProxy fcp = appCtx.getBean("sec1235FilterChainProxy", FilterChainProxy.class);
List<SecurityFilterChain> chains = fcp.getFilterChains();
assertThat(getPattern(chains.get(0))).isEqualTo("/login*");
assertThat(getPattern(chains.get(1))).isEqualTo("/logout");
assertThat(((DefaultSecurityFilterChain) chains.get(2)).getRequestMatcher() instanceof AnyRequestMatcher).isTrue();
}
Also used :
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher)
Test(org.junit.Test)
Example 4 with FilterChainProxy
use of org.springframework.security.web.FilterChainProxy in project spring-security by spring-projects.
the class FilterChainProxyConfigTests method normalOperation.
@Test
public void normalOperation() throws Exception {
FilterChainProxy filterChainProxy = appCtx.getBean("filterChain", FilterChainProxy.class);
doNormalOperation(filterChainProxy);
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
Test(org.junit.Test)
Example 5 with FilterChainProxy
use of org.springframework.security.web.FilterChainProxy in project spring-security by spring-projects.
the class FilterChainProxyConfigTests method pathWithNoMatchHasNoFilters.
@Test
public void pathWithNoMatchHasNoFilters() throws Exception {
FilterChainProxy filterChainProxy = appCtx.getBean("newFilterChainProxyNoDefaultPath", FilterChainProxy.class);
assertThat(filterChainProxy.getFilters("/nomatch")).isEqualTo(null);
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
Test(org.junit.Test)
Aggregations
FilterChainProxy (org.springframework.security.web.FilterChainProxy)14
Test (org.junit.Test)12
DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)5
Filter (javax.servlet.Filter)4
MockMvc (org.springframework.test.web.servlet.MockMvc)3
SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)2
CsrfFilter (org.springframework.security.web.csrf.CsrfFilter)2
HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)2
ArrayList (java.util.ArrayList)1
Before (org.junit.Before)1
MockServletContext (org.springframework.mock.web.MockServletContext)1
EnableWebSecurity (org.springframework.security.config.annotation.web.configuration.EnableWebSecurity)1
AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)1
ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)1
FilterSecurityInterceptor (org.springframework.security.web.access.intercept.FilterSecurityInterceptor)1
AnonymousAuthenticationFilter (org.springframework.security.web.authentication.AnonymousAuthenticationFilter)1
LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)1
DebugFilter (org.springframework.security.web.debug.DebugFilter)1
MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)1
AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)1
