Examples with ChannelAccessPolicy - org.springframework.integration.security.channel.ChannelAccessPolicy

Example 6 with ChannelAccessPolicy

use of org.springframework.integration.security.channel.ChannelAccessPolicy in project spring-integration by spring-projects.

the class SecuredChannelsParserTests method retrievePolicyForPatternString.

@SuppressWarnings("unchecked")
private ChannelAccessPolicy retrievePolicyForPatternString(String patternString, ChannelSecurityInterceptor interceptor) {
    DirectFieldAccessor accessor = new DirectFieldAccessor(interceptor.obtainSecurityMetadataSource());
    Map<Pattern, ChannelAccessPolicy> policies = (Map<Pattern, ChannelAccessPolicy>) accessor.getPropertyValue("patternMappings");
    for (Map.Entry<Pattern, ChannelAccessPolicy> entry : policies.entrySet()) {
        if (entry.getKey().pattern().equals(patternString)) {
            return entry.getValue();
        }
    }
    return null;
}

Also used : Pattern(java.util.regex.Pattern) ChannelAccessPolicy(org.springframework.integration.security.channel.ChannelAccessPolicy) DirectFieldAccessor(org.springframework.beans.DirectFieldAccessor) Map(java.util.Map)

Example 7 with ChannelAccessPolicy

use of org.springframework.integration.security.channel.ChannelAccessPolicy in project spring-integration by spring-projects.

the class SecuredChannelsParserTests method testAdminRequiredForSendAndReceive.

@Test
public void testAdminRequiredForSendAndReceive() {
    String beanName = "adminRequiredForSendAndReceive";
    messageChannel.setBeanName(beanName);
    MessageChannel proxy = (MessageChannel) applicationContext.getAutowireCapableBeanFactory().applyBeanPostProcessorsAfterInitialization(messageChannel, beanName);
    assertTrue("Channel was not proxied", AopUtils.isAopProxy(proxy));
    Advisor[] advisors = ((Advised) proxy).getAdvisors();
    assertEquals("Wrong number of interceptors", 1, advisors.length);
    ChannelSecurityInterceptor interceptor = (ChannelSecurityInterceptor) advisors[0].getAdvice();
    ChannelAccessPolicy policy = this.retrievePolicyForPatternString(beanName, interceptor);
    assertNotNull("Pattern '" + beanName + "' is not included in mappings", policy);
    Collection<ConfigAttribute> sendDefinition = policy.getConfigAttributesForSend();
    Collection<ConfigAttribute> receiveDefinition = policy.getConfigAttributesForReceive();
    assertNotNull("Pattern does not apply to 'send'", sendDefinition);
    assertNotNull("Pattern does not apply to 'receive'", receiveDefinition);
    Collection<String> sendRoles = this.getRolesFromDefintion(sendDefinition);
    Collection<String> receiveRoles = this.getRolesFromDefintion(receiveDefinition);
    assertTrue("ROLE_ADMIN not found in send attributes", sendRoles.contains("ROLE_ADMIN"));
    assertTrue("ROLE_ADMIN not found in receive attributes", receiveRoles.contains("ROLE_ADMIN"));
}

Also used : MessageChannel(org.springframework.messaging.MessageChannel) ChannelAccessPolicy(org.springframework.integration.security.channel.ChannelAccessPolicy) Advised(org.springframework.aop.framework.Advised) ConfigAttribute(org.springframework.security.access.ConfigAttribute) Advisor(org.springframework.aop.Advisor) ChannelSecurityInterceptor(org.springframework.integration.security.channel.ChannelSecurityInterceptor) Test(org.junit.Test)

Example 8 with ChannelAccessPolicy

use of org.springframework.integration.security.channel.ChannelAccessPolicy in project spring-integration by spring-projects.

the class SecurityIntegrationConfigurationInitializer method initialize.

@Override
@SuppressWarnings("unchecked")
public void initialize(ConfigurableListableBeanFactory beanFactory) throws BeansException {
    BeanDefinitionRegistry registry = (BeanDefinitionRegistry) beanFactory;
    Map<String, ManagedSet<String>> securityInterceptors = new ManagedMap<String, ManagedSet<String>>();
    Map<String, Map<Pattern, ChannelAccessPolicy>> policies = new HashMap<String, Map<Pattern, ChannelAccessPolicy>>();
    for (String beanName : registry.getBeanDefinitionNames()) {
        BeanDefinition beanDefinition = registry.getBeanDefinition(beanName);
        if (ChannelSecurityInterceptor.class.getName().equals(beanDefinition.getBeanClassName())) {
            BeanDefinition metadataSource = (BeanDefinition) beanDefinition.getConstructorArgumentValues().getIndexedArgumentValue(0, BeanDefinition.class).getValue();
            Map<String, ?> value = (Map<String, ?>) metadataSource.getConstructorArgumentValues().getIndexedArgumentValue(0, Map.class).getValue();
            ManagedSet<String> patterns = new ManagedSet<String>();
            if (!securityInterceptors.containsKey(beanName)) {
                securityInterceptors.put(beanName, patterns);
            } else {
                patterns = securityInterceptors.get(beanName);
            }
            patterns.addAll(value.keySet());
        } else if (beanDefinition instanceof AnnotatedBeanDefinition) {
            if (beanDefinition.getSource() instanceof MethodMetadata) {
                MethodMetadata beanMethod = (MethodMetadata) beanDefinition.getSource();
                String annotationType = SecuredChannel.class.getName();
                if (beanMethod.isAnnotated(annotationType)) {
                    Map<String, Object> securedAttributes = beanMethod.getAnnotationAttributes(annotationType);
                    String[] interceptors = (String[]) securedAttributes.get("interceptor");
                    String[] sendAccess = (String[]) securedAttributes.get("sendAccess");
                    String[] receiveAccess = (String[]) securedAttributes.get("receiveAccess");
                    ChannelAccessPolicy accessPolicy = new DefaultChannelAccessPolicy(sendAccess, receiveAccess);
                    for (String interceptor : interceptors) {
                        ManagedSet<String> patterns = new ManagedSet<String>();
                        if (!securityInterceptors.containsKey(interceptor)) {
                            securityInterceptors.put(interceptor, patterns);
                        } else {
                            patterns = securityInterceptors.get(interceptor);
                        }
                        patterns.add(beanName);
                        Map<Pattern, ChannelAccessPolicy> mapping = new HashMap<Pattern, ChannelAccessPolicy>();
                        if (!policies.containsKey(interceptor)) {
                            policies.put(interceptor, mapping);
                        } else {
                            mapping = policies.get(interceptor);
                        }
                        mapping.put(Pattern.compile(beanName), accessPolicy);
                    }
                }
            }
        }
    }
    if (!securityInterceptors.isEmpty()) {
        BeanDefinitionBuilder builder = BeanDefinitionBuilder.rootBeanDefinition(ChannelSecurityInterceptorBeanPostProcessor.class).addConstructorArgValue(securityInterceptors);
        if (!policies.isEmpty()) {
            builder.addConstructorArgValue(policies);
        }
        registry.registerBeanDefinition(CHANNEL_SECURITY_INTERCEPTOR_BPP_BEAN_NAME, builder.getBeanDefinition());
    }
}

Also used : ManagedSet(org.springframework.beans.factory.support.ManagedSet) Pattern(java.util.regex.Pattern) AnnotatedBeanDefinition(org.springframework.beans.factory.annotation.AnnotatedBeanDefinition) DefaultChannelAccessPolicy(org.springframework.integration.security.channel.DefaultChannelAccessPolicy) HashMap(java.util.HashMap) BeanDefinitionRegistry(org.springframework.beans.factory.support.BeanDefinitionRegistry) AnnotatedBeanDefinition(org.springframework.beans.factory.annotation.AnnotatedBeanDefinition) BeanDefinition(org.springframework.beans.factory.config.BeanDefinition) BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder) ChannelAccessPolicy(org.springframework.integration.security.channel.ChannelAccessPolicy) DefaultChannelAccessPolicy(org.springframework.integration.security.channel.DefaultChannelAccessPolicy) SecuredChannel(org.springframework.integration.security.channel.SecuredChannel) MethodMetadata(org.springframework.core.type.MethodMetadata) ManagedMap(org.springframework.beans.factory.support.ManagedMap) HashMap(java.util.HashMap) Map(java.util.Map) ChannelSecurityInterceptor(org.springframework.integration.security.channel.ChannelSecurityInterceptor) ManagedMap(org.springframework.beans.factory.support.ManagedMap)

Aggregations

ChannelAccessPolicy (org.springframework.integration.security.channel.ChannelAccessPolicy)8 ChannelSecurityInterceptor (org.springframework.integration.security.channel.ChannelSecurityInterceptor)7 Test (org.junit.Test)5 Advisor (org.springframework.aop.Advisor)5 Advised (org.springframework.aop.framework.Advised)5 MessageChannel (org.springframework.messaging.MessageChannel)5 ConfigAttribute (org.springframework.security.access.ConfigAttribute)5 Map (java.util.Map)3 Pattern (java.util.regex.Pattern)3 HashMap (java.util.HashMap)1 DirectFieldAccessor (org.springframework.beans.DirectFieldAccessor)1 AnnotatedBeanDefinition (org.springframework.beans.factory.annotation.AnnotatedBeanDefinition)1 BeanDefinition (org.springframework.beans.factory.config.BeanDefinition)1 BeanDefinitionBuilder (org.springframework.beans.factory.support.BeanDefinitionBuilder)1 BeanDefinitionRegistry (org.springframework.beans.factory.support.BeanDefinitionRegistry)1 ManagedMap (org.springframework.beans.factory.support.ManagedMap)1 ManagedSet (org.springframework.beans.factory.support.ManagedSet)1 MethodMetadata (org.springframework.core.type.MethodMetadata)1 ChannelSecurityMetadataSource (org.springframework.integration.security.channel.ChannelSecurityMetadataSource)1 DefaultChannelAccessPolicy (org.springframework.integration.security.channel.DefaultChannelAccessPolicy)1