use of org.springframework.beans.BeanMetadataElement in project spring-security by spring-projects.
the class FilterInvocationSecurityMetadataSourceParser method parseInterceptUrlsForFilterInvocationRequestMap.
private static ManagedMap<BeanMetadataElement, BeanDefinition> parseInterceptUrlsForFilterInvocationRequestMap(MatcherType matcherType, List<Element> urlElts, boolean useExpressions, boolean addAuthenticatedAll, ParserContext parserContext) {
ManagedMap<BeanMetadataElement, BeanDefinition> filterInvocationDefinitionMap = new ManagedMap<BeanMetadataElement, BeanDefinition>();
for (Element urlElt : urlElts) {
String access = urlElt.getAttribute(ATT_ACCESS);
if (!StringUtils.hasText(access)) {
continue;
}
String path = urlElt.getAttribute(ATT_PATTERN);
String matcherRef = urlElt.getAttribute(ATT_REQUEST_MATCHER_REF);
boolean hasMatcherRef = StringUtils.hasText(matcherRef);
if (!hasMatcherRef && !StringUtils.hasText(path)) {
parserContext.getReaderContext().error("path attribute cannot be empty or null", urlElt);
}
String method = urlElt.getAttribute(ATT_HTTP_METHOD);
if (!StringUtils.hasText(method)) {
method = null;
}
String servletPath = urlElt.getAttribute(ATT_SERVLET_PATH);
if (!StringUtils.hasText(servletPath)) {
servletPath = null;
} else if (!MatcherType.mvc.equals(matcherType)) {
parserContext.getReaderContext().error(ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'", urlElt);
}
BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef) : matcherType.createMatcher(parserContext, path, method, servletPath);
BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
if (useExpressions) {
logger.info("Creating access control expression attribute '" + access + "' for " + path);
// The single expression will be parsed later by the
// ExpressionBasedFilterInvocationSecurityMetadataSource
attributeBuilder.addConstructorArgValue(new String[] { access });
attributeBuilder.setFactoryMethod("createList");
} else {
attributeBuilder.addConstructorArgValue(access);
attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
}
if (filterInvocationDefinitionMap.containsKey(matcher)) {
logger.warn("Duplicate URL defined: " + path + ". The original attribute values will be overwritten");
}
filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
}
if (addAuthenticatedAll && filterInvocationDefinitionMap.isEmpty()) {
BeanDefinition matcher = matcherType.createMatcher(parserContext, "/**", null);
BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
attributeBuilder.addConstructorArgValue(new String[] { "authenticated" });
attributeBuilder.setFactoryMethod("createList");
filterInvocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
}
return filterInvocationDefinitionMap;
}
use of org.springframework.beans.BeanMetadataElement in project spring-security by spring-projects.
the class FilterInvocationSecurityMetadataSourceParser method createSecurityMetadataSource.
static RootBeanDefinition createSecurityMetadataSource(List<Element> interceptUrls, boolean addAllAuth, Element httpElt, ParserContext pc) {
MatcherType matcherType = MatcherType.fromElement(httpElt);
boolean useExpressions = isUseExpressions(httpElt);
ManagedMap<BeanMetadataElement, BeanDefinition> requestToAttributesMap = parseInterceptUrlsForFilterInvocationRequestMap(matcherType, interceptUrls, useExpressions, addAllAuth, pc);
BeanDefinitionBuilder fidsBuilder;
if (useExpressions) {
Element expressionHandlerElt = DomUtils.getChildElementByTagName(httpElt, Elements.EXPRESSION_HANDLER);
String expressionHandlerRef = expressionHandlerElt == null ? null : expressionHandlerElt.getAttribute("ref");
if (StringUtils.hasText(expressionHandlerRef)) {
logger.info("Using bean '" + expressionHandlerRef + "' as web SecurityExpressionHandler implementation");
} else {
expressionHandlerRef = registerDefaultExpressionHandler(pc);
}
fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
fidsBuilder.addConstructorArgValue(requestToAttributesMap);
fidsBuilder.addConstructorArgReference(expressionHandlerRef);
} else {
fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
fidsBuilder.addConstructorArgValue(requestToAttributesMap);
}
fidsBuilder.getRawBeanDefinition().setSource(pc.extractSource(httpElt));
return (RootBeanDefinition) fidsBuilder.getBeanDefinition();
}
use of org.springframework.beans.BeanMetadataElement in project spring-security by spring-projects.
the class AuthenticationConfigBuilder method selectEntryPoint.
private BeanMetadataElement selectEntryPoint() {
// We need to establish the main entry point.
// First check if a custom entry point bean is set
String customEntryPoint = httpElt.getAttribute(ATT_ENTRY_POINT_REF);
if (StringUtils.hasText(customEntryPoint)) {
return new RuntimeBeanReference(customEntryPoint);
}
Element basicAuthElt = DomUtils.getChildElementByTagName(httpElt, Elements.BASIC_AUTH);
Element formLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.FORM_LOGIN);
Element openIDLoginElt = DomUtils.getChildElementByTagName(httpElt, Elements.OPENID_LOGIN);
// Basic takes precedence if explicit element is used and no others are configured
if (basicAuthElt != null && formLoginElt == null && openIDLoginElt == null) {
return basicEntryPoint;
}
if (formLoginPage != null && openIDLoginPage != null) {
pc.getReaderContext().error("Only one login-page can be defined, either for OpenID or form-login, " + "but not both.", pc.extractSource(openIDLoginElt));
}
if (formFilterId != null && openIDLoginPage == null) {
return formEntryPoint;
}
// Otherwise use OpenID if enabled
if (openIDFilterId != null) {
return openIDEntryPoint;
}
// If X.509 or JEE have been enabled, use the preauth entry point.
if (preAuthEntryPoint != null) {
return preAuthEntryPoint;
}
pc.getReaderContext().error("No AuthenticationEntryPoint could be established. Please " + "make sure you have a login mechanism configured through the namespace (such as form-login) or " + "specify a custom AuthenticationEntryPoint with the '" + ATT_ENTRY_POINT_REF + "' attribute ", pc.extractSource(httpElt));
return null;
}
use of org.springframework.beans.BeanMetadataElement in project spring-security by spring-projects.
the class ClearCredentialsMethodInvokingFactoryBean method createSecurityFilterChainBean.
private BeanReference createSecurityFilterChainBean(Element element, ParserContext pc, List<?> filterChain) {
BeanMetadataElement filterChainMatcher;
String requestMatcherRef = element.getAttribute(ATT_REQUEST_MATCHER_REF);
String filterChainPattern = element.getAttribute(ATT_PATH_PATTERN);
if (StringUtils.hasText(requestMatcherRef)) {
if (StringUtils.hasText(filterChainPattern)) {
pc.getReaderContext().error("You can't define a pattern and a request-matcher-ref for the " + "same filter chain", pc.extractSource(element));
}
filterChainMatcher = new RuntimeBeanReference(requestMatcherRef);
} else if (StringUtils.hasText(filterChainPattern)) {
filterChainMatcher = MatcherType.fromElement(element).createMatcher(pc, filterChainPattern, null);
} else {
filterChainMatcher = new RootBeanDefinition(AnyRequestMatcher.class);
}
BeanDefinitionBuilder filterChainBldr = BeanDefinitionBuilder.rootBeanDefinition(DefaultSecurityFilterChain.class);
filterChainBldr.addConstructorArgValue(filterChainMatcher);
filterChainBldr.addConstructorArgValue(filterChain);
BeanDefinition filterChainBean = filterChainBldr.getBeanDefinition();
String id = element.getAttribute("name");
if (!StringUtils.hasText(id)) {
id = element.getAttribute("id");
if (!StringUtils.hasText(id)) {
id = pc.getReaderContext().generateBeanName(filterChainBean);
}
}
pc.registerBeanComponent(new BeanComponentDefinition(filterChainBean, id));
return new RuntimeBeanReference(id);
}
use of org.springframework.beans.BeanMetadataElement in project spring-security-oauth by spring-projects.
the class OAuthConsumerBeanDefinitionParser method parse.
public BeanDefinition parse(Element element, ParserContext parserContext) {
BeanDefinitionBuilder consumerContextFilterBean = BeanDefinitionBuilder.rootBeanDefinition(OAuthConsumerContextFilter.class);
String failureHandlerRef = element.getAttribute("failure-handler-ref");
if (StringUtils.hasText(failureHandlerRef)) {
consumerContextFilterBean.addPropertyReference("OAuthFailureHandler", failureHandlerRef);
} else {
String failurePage = element.getAttribute("oauth-failure-page");
if (StringUtils.hasText(failurePage)) {
AccessDeniedHandlerImpl failureHandler = new AccessDeniedHandlerImpl();
failureHandler.setErrorPage(failurePage);
consumerContextFilterBean.addPropertyValue("OAuthFailureHandler", failureHandler);
}
}
String resourceDetailsRef = element.getAttribute("resource-details-service-ref");
String supportRef = element.getAttribute("support-ref");
if (!StringUtils.hasText(supportRef)) {
BeanDefinitionBuilder consumerSupportBean = BeanDefinitionBuilder.rootBeanDefinition(CoreOAuthConsumerSupport.class);
if (StringUtils.hasText(resourceDetailsRef)) {
consumerSupportBean.addPropertyReference("protectedResourceDetailsService", resourceDetailsRef);
}
parserContext.getRegistry().registerBeanDefinition("oauthConsumerSupport", consumerSupportBean.getBeanDefinition());
supportRef = "oauthConsumerSupport";
}
consumerContextFilterBean.addPropertyReference("consumerSupport", supportRef);
String tokenServicesFactoryRef = element.getAttribute("token-services-ref");
if (StringUtils.hasText(tokenServicesFactoryRef)) {
consumerContextFilterBean.addPropertyReference("tokenServices", tokenServicesFactoryRef);
}
String rememberMeServicesRef = element.getAttribute("remember-me-services-ref");
if (StringUtils.hasText(rememberMeServicesRef)) {
consumerContextFilterBean.addPropertyReference("rememberMeServices", rememberMeServicesRef);
}
String redirectStrategyRef = element.getAttribute("redirect-strategy-ref");
if (StringUtils.hasText(redirectStrategyRef)) {
consumerContextFilterBean.addPropertyReference("redirectStrategy", redirectStrategyRef);
}
parserContext.getRegistry().registerBeanDefinition("oauthConsumerContextFilter", consumerContextFilterBean.getBeanDefinition());
List<BeanMetadataElement> filterChain = ConfigUtils.findFilterChain(parserContext, element.getAttribute("filter-chain-ref"));
filterChain.add(filterChain.size(), new RuntimeBeanReference("oauthConsumerContextFilter"));
BeanDefinition fids = ConfigUtils.createSecurityMetadataSource(element, parserContext);
if (fids != null) {
BeanDefinitionBuilder consumerAccessFilterBean = BeanDefinitionBuilder.rootBeanDefinition(OAuthConsumerProcessingFilter.class);
if (StringUtils.hasText(resourceDetailsRef)) {
consumerAccessFilterBean.addPropertyReference("protectedResourceDetailsService", resourceDetailsRef);
}
String requireAuthenticated = element.getAttribute("requireAuthenticated");
if (StringUtils.hasText(requireAuthenticated)) {
consumerAccessFilterBean.addPropertyValue("requireAuthenticated", requireAuthenticated);
}
consumerAccessFilterBean.addPropertyValue("objectDefinitionSource", fids);
parserContext.getRegistry().registerBeanDefinition("oauthConsumerFilter", consumerAccessFilterBean.getBeanDefinition());
filterChain.add(filterChain.size(), new RuntimeBeanReference("oauthConsumerFilter"));
}
return null;
}
Aggregations