use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project herd by FINRAOS.
the class Log4jMdcLoggingFilterTest method testLoggingAnonymousUser.
@Test
public void testLoggingAnonymousUser() throws Exception {
invalidateApplicationUser(null);
// Apply AnonymousAuthenticationFilter
AnonymousAuthenticationFilter anonymousAuthenticationFilter = new AnonymousAuthenticationFilter("AnonymousFilterKey");
anonymousAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());
// Apply user logging filter.
Log4jMdcLoggingFilter filterUnderTest = new Log4jMdcLoggingFilter();
filterUnderTest.init(new MockFilterConfig());
MockFilterChain mockChain = new MockFilterChain();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse rsp = new MockHttpServletResponse();
filterUnderTest.doFilter(req, rsp, mockChain);
filterUnderTest.destroy();
}
use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project spring-security by spring-projects.
the class AnonymousConfigurer method init.
@Override
public void init(H http) {
if (this.authenticationProvider == null) {
this.authenticationProvider = new AnonymousAuthenticationProvider(getKey());
}
if (this.authenticationFilter == null) {
this.authenticationFilter = new AnonymousAuthenticationFilter(getKey(), this.principal, this.authorities);
}
this.authenticationProvider = postProcess(this.authenticationProvider);
http.authenticationProvider(this.authenticationProvider);
}
use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project spring-security by spring-projects.
the class DefaultFilterChainValidatorTests method setUp.
@BeforeEach
public void setUp() {
AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous");
this.fsi = new FilterSecurityInterceptor();
this.fsi.setAccessDecisionManager(this.accessDecisionManager);
this.fsi.setSecurityMetadataSource(this.metadataSource);
AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf, this.fsi);
this.fcp = new FilterChainProxy(securityChain);
this.validator = new DefaultFilterChainValidator();
ReflectionTestUtils.setField(this.validator, "logger", this.logger);
}
use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project motech by motech.
the class SecurityRuleBuilder method addAnonymousAuthenticationFilter.
private void addAnonymousAuthenticationFilter(List<Filter> filters) {
SecureRandom random = new SecureRandom();
AnonymousAuthenticationFilter anonFilter = new AnonymousAuthenticationFilter(Long.toString(random.nextLong()));
filters.add(anonFilter);
}
use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project spring-security by spring-projects.
the class DefaultFilterChainValidator method checkLoginPageIsntProtected.
/*
* Checks for the common error of having a login page URL protected by the security
* interceptor
*/
private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> filterStack) {
ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class, filterStack);
if (etf == null || !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) {
return;
}
String loginPage = ((LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint()).getLoginFormUrl();
this.logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
List<Filter> filters = null;
try {
filters = fcp.getFilters(loginPage);
} catch (Exception ex) {
// May happen legitimately if a filter-chain request matcher requires more
// request data than that provided
// by the dummy request used when creating the filter invocation.
this.logger.info("Failed to obtain filter chain information for the login page. Unable to complete check.");
}
if (filters == null || filters.isEmpty()) {
this.logger.debug("Filter chain is empty for the login page");
return;
}
if (getFilter(DefaultLoginPageGeneratingFilter.class, filters) != null) {
this.logger.debug("Default generated login page is in use");
return;
}
FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters);
FilterInvocationSecurityMetadataSource fids = fsi.getSecurityMetadataSource();
Collection<ConfigAttribute> attributes = fids.getAttributes(loginRequest);
if (attributes == null) {
this.logger.debug("No access attributes defined for login page URL");
if (fsi.isRejectPublicInvocations()) {
this.logger.warn("FilterSecurityInterceptor is configured to reject public invocations." + " Your login page may not be accessible.");
}
return;
}
AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters);
if (anonPF == null) {
this.logger.warn("The login page is being protected by the filter chain, but you don't appear to have" + " anonymous authentication enabled. This is almost certainly an error.");
return;
}
// Simulate an anonymous access with the supplied attributes.
AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonPF.getPrincipal(), anonPF.getAuthorities());
try {
fsi.getAccessDecisionManager().decide(token, loginRequest, attributes);
} catch (AccessDeniedException ex) {
this.logger.warn("Anonymous access to the login page doesn't appear to be enabled. " + "This is almost certainly an error. Please check your configuration allows unauthenticated " + "access to the configured login page. (Simulated access was rejected: " + ex + ")");
} catch (Exception ex) {
// May happen legitimately if a filter-chain request matcher requires more
// request data than that provided
// by the dummy request used when creating the filter invocation. See SEC-1878
this.logger.info("Unable to check access to the login page to determine if anonymous access is allowed. " + "This might be an error, but can happen under normal circumstances.", ex);
}
}
Aggregations