Search in sources :

Example 16 with BeanMetadataElement

use of org.springframework.beans.BeanMetadataElement in project spring-security by spring-projects.

the class FilterInvocationSecurityMetadataSourceParser method parseInterceptUrlsForFilterInvocationRequestMap.

private static ManagedMap<BeanMetadataElement, BeanDefinition> parseInterceptUrlsForFilterInvocationRequestMap(MatcherType matcherType, List<Element> urlElts, boolean useExpressions, boolean addAuthenticatedAll, ParserContext parserContext) {
    ManagedMap<BeanMetadataElement, BeanDefinition> filterInvocationDefinitionMap = new ManagedMap<BeanMetadataElement, BeanDefinition>();
    for (Element urlElt : urlElts) {
        String access = urlElt.getAttribute(ATT_ACCESS);
        if (!StringUtils.hasText(access)) {
            continue;
        }
        String path = urlElt.getAttribute(ATT_PATTERN);
        String matcherRef = urlElt.getAttribute(ATT_REQUEST_MATCHER_REF);
        boolean hasMatcherRef = StringUtils.hasText(matcherRef);
        if (!hasMatcherRef && !StringUtils.hasText(path)) {
            parserContext.getReaderContext().error("path attribute cannot be empty or null", urlElt);
        }
        String method = urlElt.getAttribute(ATT_HTTP_METHOD);
        if (!StringUtils.hasText(method)) {
            method = null;
        }
        String servletPath = urlElt.getAttribute(ATT_SERVLET_PATH);
        if (!StringUtils.hasText(servletPath)) {
            servletPath = null;
        } else if (!MatcherType.mvc.equals(matcherType)) {
            parserContext.getReaderContext().error(ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'", urlElt);
        }
        BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef) : matcherType.createMatcher(parserContext, path, method, servletPath);
        BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
        if (useExpressions) {
            logger.info("Creating access control expression attribute '" + access + "' for " + path);
            // The single expression will be parsed later by the
            // ExpressionBasedFilterInvocationSecurityMetadataSource
            attributeBuilder.addConstructorArgValue(new String[] { access });
            attributeBuilder.setFactoryMethod("createList");
        } else {
            attributeBuilder.addConstructorArgValue(access);
            attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
        }
        if (filterInvocationDefinitionMap.containsKey(matcher)) {
            logger.warn("Duplicate URL defined: " + path + ". The original attribute values will be overwritten");
        }
        filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
    }
    if (addAuthenticatedAll && filterInvocationDefinitionMap.isEmpty()) {
        BeanDefinition matcher = matcherType.createMatcher(parserContext, "/**", null);
        BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
        attributeBuilder.addConstructorArgValue(new String[] { "authenticated" });
        attributeBuilder.setFactoryMethod("createList");
        filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
    }
    return filterInvocationDefinitionMap;
}
Also used : BeanMetadataElement(org.springframework.beans.BeanMetadataElement) BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder) BeanMetadataElement(org.springframework.beans.BeanMetadataElement) Element(org.w3c.dom.Element) RootBeanDefinition(org.springframework.beans.factory.support.RootBeanDefinition) BeanDefinition(org.springframework.beans.factory.config.BeanDefinition) RuntimeBeanReference(org.springframework.beans.factory.config.RuntimeBeanReference) ManagedMap(org.springframework.beans.factory.support.ManagedMap)

Example 17 with BeanMetadataElement

use of org.springframework.beans.BeanMetadataElement in project spring-security by spring-projects.

the class FilterInvocationSecurityMetadataSourceParser method createSecurityMetadataSource.

static RootBeanDefinition createSecurityMetadataSource(List<Element> interceptUrls, boolean addAllAuth, Element httpElt, ParserContext pc) {
    MatcherType matcherType = MatcherType.fromElement(httpElt);
    boolean useExpressions = isUseExpressions(httpElt);
    ManagedMap<BeanMetadataElement, BeanDefinition> requestToAttributesMap = parseInterceptUrlsForFilterInvocationRequestMap(matcherType, interceptUrls, useExpressions, addAllAuth, pc);
    BeanDefinitionBuilder fidsBuilder;
    if (useExpressions) {
        Element expressionHandlerElt = DomUtils.getChildElementByTagName(httpElt, Elements.EXPRESSION_HANDLER);
        String expressionHandlerRef = expressionHandlerElt == null ? null : expressionHandlerElt.getAttribute("ref");
        if (StringUtils.hasText(expressionHandlerRef)) {
            logger.info("Using bean '" + expressionHandlerRef + "' as web SecurityExpressionHandler implementation");
        } else {
            expressionHandlerRef = registerDefaultExpressionHandler(pc);
        }
        fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
        fidsBuilder.addConstructorArgValue(requestToAttributesMap);
        fidsBuilder.addConstructorArgReference(expressionHandlerRef);
    } else {
        fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
        fidsBuilder.addConstructorArgValue(requestToAttributesMap);
    }
    fidsBuilder.getRawBeanDefinition().setSource(pc.extractSource(httpElt));
    return (RootBeanDefinition) fidsBuilder.getBeanDefinition();
}
Also used : BeanMetadataElement(org.springframework.beans.BeanMetadataElement) BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder) BeanMetadataElement(org.springframework.beans.BeanMetadataElement) Element(org.w3c.dom.Element) RootBeanDefinition(org.springframework.beans.factory.support.RootBeanDefinition) DefaultFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource) RootBeanDefinition(org.springframework.beans.factory.support.RootBeanDefinition) BeanDefinition(org.springframework.beans.factory.config.BeanDefinition) ExpressionBasedFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource)

Example 18 with BeanMetadataElement

use of org.springframework.beans.BeanMetadataElement in project spring-security by spring-projects.

the class AuthenticationConfigBuilder method selectEntryPoint.

private BeanMetadataElement selectEntryPoint() {
    // We need to establish the main entry point.
    // First check if a custom entry point bean is set
    String customEntryPoint = httpElt.getAttribute(ATT_ENTRY_POINT_REF);
    if (StringUtils.hasText(customEntryPoint)) {
        return new RuntimeBeanReference(customEntryPoint);
    }
    Element basicAuthElt = DomUtils.getChildElementByTagName(httpElt, Elements.BASIC_AUTH);
    Element formLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.FORM_LOGIN);
    Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN);
    // Basic takes precedence if explicit element is used and no others are configured
    if (basicAuthElt != null && formLoginElt == null && openIDLoginElt == null) {
        return basicEntryPoint;
    }
    if (formLoginPage != null && openIDLoginPage != null) {
        pc.getReaderContext().error("Only one login-page can be defined, either for OpenID or form-login, " + "but not both.", pc.extractSource(openIDLoginElt));
    }
    if (formFilterId != null && openIDLoginPage == null) {
        return formEntryPoint;
    }
    // Otherwise use OpenID if enabled
    if (openIDFilterId != null) {
        return openIDEntryPoint;
    }
    // If X.509 or JEE have been enabled, use the preauth entry point.
    if (preAuthEntryPoint != null) {
        return preAuthEntryPoint;
    }
    pc.getReaderContext().error("No AuthenticationEntryPoint could be established. Please " + "make sure you have a login mechanism configured through the namespace (such as form-login) or " + "specify a custom AuthenticationEntryPoint with the '" + ATT_ENTRY_POINT_REF + "' attribute ", pc.extractSource(httpElt));
    return null;
}
Also used : BeanMetadataElement(org.springframework.beans.BeanMetadataElement) Element(org.w3c.dom.Element) RuntimeBeanReference(org.springframework.beans.factory.config.RuntimeBeanReference)

Example 19 with BeanMetadataElement

use of org.springframework.beans.BeanMetadataElement in project spring-security by spring-projects.

the class ClearCredentialsMethodInvokingFactoryBean method createSecurityFilterChainBean.

private BeanReference createSecurityFilterChainBean(Element element, ParserContext pc, List<?> filterChain) {
    BeanMetadataElement filterChainMatcher;
    String requestMatcherRef = element.getAttribute(ATT_REQUEST_MATCHER_REF);
    String filterChainPattern = element.getAttribute(ATT_PATH_PATTERN);
    if (StringUtils.hasText(requestMatcherRef)) {
        if (StringUtils.hasText(filterChainPattern)) {
            pc.getReaderContext().error("You can't define a pattern and a request-matcher-ref for the " + "same filter chain", pc.extractSource(element));
        }
        filterChainMatcher = new RuntimeBeanReference(requestMatcherRef);
    } else if (StringUtils.hasText(filterChainPattern)) {
        filterChainMatcher = MatcherType.fromElement(element).createMatcher(pc, filterChainPattern, null);
    } else {
        filterChainMatcher = new RootBeanDefinition(AnyRequestMatcher.class);
    }
    BeanDefinitionBuilder filterChainBldr = BeanDefinitionBuilder.rootBeanDefinition(DefaultSecurityFilterChain.class);
    filterChainBldr.addConstructorArgValue(filterChainMatcher);
    filterChainBldr.addConstructorArgValue(filterChain);
    BeanDefinition filterChainBean = filterChainBldr.getBeanDefinition();
    String id = element.getAttribute("name");
    if (!StringUtils.hasText(id)) {
        id = element.getAttribute("id");
        if (!StringUtils.hasText(id)) {
            id = pc.getReaderContext().generateBeanName(filterChainBean);
        }
    }
    pc.registerBeanComponent(new BeanComponentDefinition(filterChainBean, id));
    return new RuntimeBeanReference(id);
}
Also used : BeanMetadataElement(org.springframework.beans.BeanMetadataElement) BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder) RootBeanDefinition(org.springframework.beans.factory.support.RootBeanDefinition) BeanComponentDefinition(org.springframework.beans.factory.parsing.BeanComponentDefinition) RuntimeBeanReference(org.springframework.beans.factory.config.RuntimeBeanReference) RootBeanDefinition(org.springframework.beans.factory.support.RootBeanDefinition) BeanDefinition(org.springframework.beans.factory.config.BeanDefinition)

Example 20 with BeanMetadataElement

use of org.springframework.beans.BeanMetadataElement in project spring-security-oauth by spring-projects.

the class OAuthConsumerBeanDefinitionParser method parse.

public BeanDefinition parse(Element element, ParserContext parserContext) {
    BeanDefinitionBuilder consumerContextFilterBean = BeanDefinitionBuilder.rootBeanDefinition(OAuthConsumerContextFilter.class);
    String failureHandlerRef = element.getAttribute("failure-handler-ref");
    if (StringUtils.hasText(failureHandlerRef)) {
        consumerContextFilterBean.addPropertyReference("OAuthFailureHandler", failureHandlerRef);
    } else {
        String failurePage = element.getAttribute("oauth-failure-page");
        if (StringUtils.hasText(failurePage)) {
            AccessDeniedHandlerImpl failureHandler = new AccessDeniedHandlerImpl();
            failureHandler.setErrorPage(failurePage);
            consumerContextFilterBean.addPropertyValue("OAuthFailureHandler", failureHandler);
        }
    }
    String resourceDetailsRef = element.getAttribute("resource-details-service-ref");
    String supportRef = element.getAttribute("support-ref");
    if (!StringUtils.hasText(supportRef)) {
        BeanDefinitionBuilder consumerSupportBean = BeanDefinitionBuilder.rootBeanDefinition(CoreOAuthConsumerSupport.class);
        if (StringUtils.hasText(resourceDetailsRef)) {
            consumerSupportBean.addPropertyReference("protectedResourceDetailsService", resourceDetailsRef);
        }
        parserContext.getRegistry().registerBeanDefinition("oauthConsumerSupport", consumerSupportBean.getBeanDefinition());
        supportRef = "oauthConsumerSupport";
    }
    consumerContextFilterBean.addPropertyReference("consumerSupport", supportRef);
    String tokenServicesFactoryRef = element.getAttribute("token-services-ref");
    if (StringUtils.hasText(tokenServicesFactoryRef)) {
        consumerContextFilterBean.addPropertyReference("tokenServices", tokenServicesFactoryRef);
    }
    String rememberMeServicesRef = element.getAttribute("remember-me-services-ref");
    if (StringUtils.hasText(rememberMeServicesRef)) {
        consumerContextFilterBean.addPropertyReference("rememberMeServices", rememberMeServicesRef);
    }
    String redirectStrategyRef = element.getAttribute("redirect-strategy-ref");
    if (StringUtils.hasText(redirectStrategyRef)) {
        consumerContextFilterBean.addPropertyReference("redirectStrategy", redirectStrategyRef);
    }
    parserContext.getRegistry().registerBeanDefinition("oauthConsumerContextFilter", consumerContextFilterBean.getBeanDefinition());
    List<BeanMetadataElement> filterChain = ConfigUtils.findFilterChain(parserContext, element.getAttribute("filter-chain-ref"));
    filterChain.add(filterChain.size(), new RuntimeBeanReference("oauthConsumerContextFilter"));
    BeanDefinition fids = ConfigUtils.createSecurityMetadataSource(element, parserContext);
    if (fids != null) {
        BeanDefinitionBuilder consumerAccessFilterBean = BeanDefinitionBuilder.rootBeanDefinition(OAuthConsumerProcessingFilter.class);
        if (StringUtils.hasText(resourceDetailsRef)) {
            consumerAccessFilterBean.addPropertyReference("protectedResourceDetailsService", resourceDetailsRef);
        }
        String requireAuthenticated = element.getAttribute("requireAuthenticated");
        if (StringUtils.hasText(requireAuthenticated)) {
            consumerAccessFilterBean.addPropertyValue("requireAuthenticated", requireAuthenticated);
        }
        consumerAccessFilterBean.addPropertyValue("objectDefinitionSource", fids);
        parserContext.getRegistry().registerBeanDefinition("oauthConsumerFilter", consumerAccessFilterBean.getBeanDefinition());
        filterChain.add(filterChain.size(), new RuntimeBeanReference("oauthConsumerFilter"));
    }
    return null;
}
Also used : BeanMetadataElement(org.springframework.beans.BeanMetadataElement) AccessDeniedHandlerImpl(org.springframework.security.web.access.AccessDeniedHandlerImpl) BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder) RuntimeBeanReference(org.springframework.beans.factory.config.RuntimeBeanReference) BeanDefinition(org.springframework.beans.factory.config.BeanDefinition)

Aggregations

BeanMetadataElement (org.springframework.beans.BeanMetadataElement)23 BeanDefinitionBuilder (org.springframework.beans.factory.support.BeanDefinitionBuilder)16 RuntimeBeanReference (org.springframework.beans.factory.config.RuntimeBeanReference)15 Element (org.w3c.dom.Element)14 BeanDefinition (org.springframework.beans.factory.config.BeanDefinition)10 RootBeanDefinition (org.springframework.beans.factory.support.RootBeanDefinition)8 ManagedList (org.springframework.beans.factory.support.ManagedList)7 ManagedMap (org.springframework.beans.factory.support.ManagedMap)5 BeanComponentDefinition (org.springframework.beans.factory.parsing.BeanComponentDefinition)4 TypedStringValue (org.springframework.beans.factory.config.TypedStringValue)3 Method (java.lang.reflect.Method)2 BeanReference (org.springframework.beans.factory.config.BeanReference)2 CompositeComponentDefinition (org.springframework.beans.factory.parsing.CompositeComponentDefinition)2 ParameterizedType (java.lang.reflect.ParameterizedType)1 Type (java.lang.reflect.Type)1 TypeVariable (java.lang.reflect.TypeVariable)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 TypeConverter (org.springframework.beans.TypeConverter)1 TypeMismatchException (org.springframework.beans.TypeMismatchException)1