Examples with ConfigAttribute org.springframework.security.access.ConfigAttribute used on opensource projects

Example 1 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class SecuredAnnotationMetadataExtractor method extractAttributes.

public Collection<ConfigAttribute> extractAttributes(Secured secured) {
    String[] attributeTokens = secured.value();
    List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(attributeTokens.length);
    for (String token : attributeTokens) {
        attributes.add(new SecurityConfig(token));
    }
    return attributes;
}

Example 2 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class AbstractSecurityInterceptor method afterPropertiesSet.

// ~ Methods
// ========================================================================================================
public void afterPropertiesSet() throws Exception {
    Assert.notNull(getSecureObjectClass(), "Subclass must provide a non-null response to getSecureObjectClass()");
    Assert.notNull(this.messages, "A message source must be set");
    Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
    Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required");
    Assert.notNull(this.runAsManager, "A RunAsManager is required");
    Assert.notNull(this.obtainSecurityMetadataSource(), "An SecurityMetadataSource is required");
    Assert.isTrue(this.obtainSecurityMetadataSource().supports(getSecureObjectClass()), "SecurityMetadataSource does not support secure object class: " + getSecureObjectClass());
    Assert.isTrue(this.runAsManager.supports(getSecureObjectClass()), "RunAsManager does not support secure object class: " + getSecureObjectClass());
    Assert.isTrue(this.accessDecisionManager.supports(getSecureObjectClass()), "AccessDecisionManager does not support secure object class: " + getSecureObjectClass());
    if (this.afterInvocationManager != null) {
        Assert.isTrue(this.afterInvocationManager.supports(getSecureObjectClass()), "AfterInvocationManager does not support secure object class: " + getSecureObjectClass());
    }
    if (this.validateConfigAttributes) {
        Collection<ConfigAttribute> attributeDefs = this.obtainSecurityMetadataSource().getAllConfigAttributes();
        if (attributeDefs == null) {
            logger.warn("Could not validate configuration attributes as the SecurityMetadataSource did not return " + "any attributes from getAllConfigAttributes()");
            return;
        }
        Set<ConfigAttribute> unsupportedAttrs = new HashSet<ConfigAttribute>();
        for (ConfigAttribute attr : attributeDefs) {
            if (!this.runAsManager.supports(attr) && !this.accessDecisionManager.supports(attr) && ((this.afterInvocationManager == null) || !this.afterInvocationManager.supports(attr))) {
                unsupportedAttrs.add(attr);
            }
        }
        if (unsupportedAttrs.size() != 0) {
            throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttrs);
        }
        logger.debug("Validated configuration attributes");
    }
}

Example 3 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security-oauth by spring-projects.

the class ScopeVoter method vote.

public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
    int result = ACCESS_ABSTAIN;
    if (!(authentication instanceof OAuth2Authentication)) {
        return result;
    }
    for (ConfigAttribute attribute : attributes) {
        if (denyAccess.equals(attribute.getAttribute())) {
            return ACCESS_DENIED;
        }
    }
    OAuth2Request clientAuthentication = ((OAuth2Authentication) authentication).getOAuth2Request();
    for (ConfigAttribute attribute : attributes) {
        if (this.supports(attribute)) {
            result = ACCESS_DENIED;
            Set<String> scopes = clientAuthentication.getScope();
            for (String scope : scopes) {
                if (attribute.getAttribute().toUpperCase().equals((scopePrefix + scope).toUpperCase())) {
                    return ACCESS_GRANTED;
                }
            }
            if (result == ACCESS_DENIED && throwException) {
                InsufficientScopeException failure = new InsufficientScopeException("Insufficient scope for this resource", Collections.singleton(attribute.getAttribute().substring(scopePrefix.length())));
                throw new AccessDeniedException(failure.getMessage(), failure);
            }
        }
    }
    return result;
}

Example 4 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project camel by apache.

the class SpringSecurityAuthorizationPolicy method beforeProcess.

protected void beforeProcess(Exchange exchange) throws Exception {
    List<ConfigAttribute> attributes = accessPolicy.getConfigAttributes();
    try {
        Authentication authToken = getAuthentication(exchange.getIn());
        if (authToken == null) {
            CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot find the Authentication instance.", exchange);
            throw authorizationException;
        }
        Authentication authenticated = authenticateIfRequired(authToken);
        // Attempt authorization with exchange
        try {
            this.accessDecisionManager.decide(authenticated, exchange, attributes);
        } catch (AccessDeniedException accessDeniedException) {
            exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
            AuthorizationFailureEvent event = new AuthorizationFailureEvent(exchange, attributes, authenticated, accessDeniedException);
            publishEvent(event);
            throw accessDeniedException;
        }
        publishEvent(new AuthorizedEvent(exchange, attributes, authenticated));
    } catch (RuntimeException exception) {
        exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
        CamelAuthorizationException authorizationException = new CamelAuthorizationException("Cannot access the processor which has been protected.", exchange, exception);
        throw authorizationException;
    }
}

Example 5 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security-oauth by spring-projects.

the class ClientScopeVoterTests method testAccessDeniedNoException.

@Test
public void testAccessDeniedNoException() {
    voter.setThrowException(false);
    client.setScope(Arrays.asList("none"));
    assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(authentication, null, Arrays.<ConfigAttribute>asList(new SecurityConfig("CLIENT_HAS_SCOPE"))));
}