Search in sources :

Example 1 with AnonymousAuthenticationFilter

use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project herd by FINRAOS.

the class Log4jMdcLoggingFilterTest method testLoggingAnonymousUser.

@Test
public void testLoggingAnonymousUser() throws Exception {
    invalidateApplicationUser(null);
    // Apply AnonymousAuthenticationFilter
    AnonymousAuthenticationFilter anonymousAuthenticationFilter = new AnonymousAuthenticationFilter("AnonymousFilterKey");
    anonymousAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());
    // Apply user logging filter.
    Log4jMdcLoggingFilter filterUnderTest = new Log4jMdcLoggingFilter();
    filterUnderTest.init(new MockFilterConfig());
    MockFilterChain mockChain = new MockFilterChain();
    MockHttpServletRequest req = new MockHttpServletRequest();
    MockHttpServletResponse rsp = new MockHttpServletResponse();
    filterUnderTest.doFilter(req, rsp, mockChain);
    filterUnderTest.destroy();
}
Also used : AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) MockFilterConfig(org.springframework.mock.web.MockFilterConfig) Test(org.junit.Test)

Example 2 with AnonymousAuthenticationFilter

use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project spring-security by spring-projects.

the class AnonymousConfigurer method init.

@Override
public void init(H http) {
    if (this.authenticationProvider == null) {
        this.authenticationProvider = new AnonymousAuthenticationProvider(getKey());
    }
    if (this.authenticationFilter == null) {
        this.authenticationFilter = new AnonymousAuthenticationFilter(getKey(), this.principal, this.authorities);
    }
    this.authenticationProvider = postProcess(this.authenticationProvider);
    http.authenticationProvider(this.authenticationProvider);
}
Also used : AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) AnonymousAuthenticationProvider(org.springframework.security.authentication.AnonymousAuthenticationProvider)

Example 3 with AnonymousAuthenticationFilter

use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project spring-security by spring-projects.

the class DefaultFilterChainValidatorTests method setUp.

@BeforeEach
public void setUp() {
    AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous");
    this.fsi = new FilterSecurityInterceptor();
    this.fsi.setAccessDecisionManager(this.accessDecisionManager);
    this.fsi.setSecurityMetadataSource(this.metadataSource);
    AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
    ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
    DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf, this.fsi);
    this.fcp = new FilterChainProxy(securityChain);
    this.validator = new DefaultFilterChainValidator();
    ReflectionTestUtils.setField(this.validator, "logger", this.logger);
}
Also used : FilterChainProxy(org.springframework.security.web.FilterChainProxy) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint) ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 4 with AnonymousAuthenticationFilter

use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project motech by motech.

the class SecurityRuleBuilder method addAnonymousAuthenticationFilter.

private void addAnonymousAuthenticationFilter(List<Filter> filters) {
    SecureRandom random = new SecureRandom();
    AnonymousAuthenticationFilter anonFilter = new AnonymousAuthenticationFilter(Long.toString(random.nextLong()));
    filters.add(anonFilter);
}
Also used : AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) SecureRandom(java.security.SecureRandom)

Example 5 with AnonymousAuthenticationFilter

use of org.springframework.security.web.authentication.AnonymousAuthenticationFilter in project spring-security by spring-projects.

the class DefaultFilterChainValidator method checkLoginPageIsntProtected.

/*
	 * Checks for the common error of having a login page URL protected by the security
	 * interceptor
	 */
private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> filterStack) {
    ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class, filterStack);
    if (etf == null || !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) {
        return;
    }
    String loginPage = ((LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint()).getLoginFormUrl();
    this.logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
    FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
    List<Filter> filters = null;
    try {
        filters = fcp.getFilters(loginPage);
    } catch (Exception ex) {
        // May happen legitimately if a filter-chain request matcher requires more
        // request data than that provided
        // by the dummy request used when creating the filter invocation.
        this.logger.info("Failed to obtain filter chain information for the login page. Unable to complete check.");
    }
    if (filters == null || filters.isEmpty()) {
        this.logger.debug("Filter chain is empty for the login page");
        return;
    }
    if (getFilter(DefaultLoginPageGeneratingFilter.class, filters) != null) {
        this.logger.debug("Default generated login page is in use");
        return;
    }
    FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters);
    FilterInvocationSecurityMetadataSource fids = fsi.getSecurityMetadataSource();
    Collection<ConfigAttribute> attributes = fids.getAttributes(loginRequest);
    if (attributes == null) {
        this.logger.debug("No access attributes defined for login page URL");
        if (fsi.isRejectPublicInvocations()) {
            this.logger.warn("FilterSecurityInterceptor is configured to reject public invocations." + " Your login page may not be accessible.");
        }
        return;
    }
    AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters);
    if (anonPF == null) {
        this.logger.warn("The login page is being protected by the filter chain, but you don't appear to have" + " anonymous authentication enabled. This is almost certainly an error.");
        return;
    }
    // Simulate an anonymous access with the supplied attributes.
    AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonPF.getPrincipal(), anonPF.getAuthorities());
    try {
        fsi.getAccessDecisionManager().decide(token, loginRequest, attributes);
    } catch (AccessDeniedException ex) {
        this.logger.warn("Anonymous access to the login page doesn't appear to be enabled. " + "This is almost certainly an error. Please check your configuration allows unauthenticated " + "access to the configured login page. (Simulated access was rejected: " + ex + ")");
    } catch (Exception ex) {
        // May happen legitimately if a filter-chain request matcher requires more
        // request data than that provided
        // by the dummy request used when creating the filter invocation. See SEC-1878
        this.logger.info("Unable to check access to the login page to determine if anonymous access is allowed. " + "This might be an error, but can happen under normal circumstances.", ex);
    }
}
Also used : DefaultLoginPageGeneratingFilter(org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter) AccessDeniedException(org.springframework.security.access.AccessDeniedException) ConfigAttribute(org.springframework.security.access.ConfigAttribute) FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor) ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint) FilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource) AccessDeniedException(org.springframework.security.access.AccessDeniedException) SecurityContextPersistenceFilter(org.springframework.security.web.context.SecurityContextPersistenceFilter) Filter(jakarta.servlet.Filter) DefaultLoginPageGeneratingFilter(org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter) SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter) JaasApiIntegrationFilter(org.springframework.security.web.jaasapi.JaasApiIntegrationFilter) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) BasicAuthenticationFilter(org.springframework.security.web.authentication.www.BasicAuthenticationFilter) SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter) ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter) UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) FilterInvocation(org.springframework.security.web.FilterInvocation)

Aggregations

AnonymousAuthenticationFilter (org.springframework.security.web.authentication.AnonymousAuthenticationFilter)6 ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)2 FilterSecurityInterceptor (org.springframework.security.web.access.intercept.FilterSecurityInterceptor)2 LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)2 MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)1 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)1 MidpointAnonymousAuthenticationFilter (com.evolveum.midpoint.authentication.impl.filter.MidpointAnonymousAuthenticationFilter)1 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)1 Filter (jakarta.servlet.Filter)1 SecureRandom (java.security.SecureRandom)1 ServletRequest (javax.servlet.ServletRequest)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 Test (org.junit.Test)1 BeforeEach (org.junit.jupiter.api.BeforeEach)1 MockFilterChain (org.springframework.mock.web.MockFilterChain)1 MockFilterConfig (org.springframework.mock.web.MockFilterConfig)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 ConfigAttribute (org.springframework.security.access.ConfigAttribute)1