Examples with ConfigAttribute org.springframework.security.access.ConfigAttribute used on opensource projects

Example 46 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security-oauth by spring-projects.

the class ScopeVoterTests method testDenyIfOAuth2AndExplictlyDenied.

@Test
public void testDenyIfOAuth2AndExplictlyDenied() throws Exception {
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("read"));
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(oAuth2Authentication, null, Collections.<ConfigAttribute>singleton(new SecurityConfig("DENY_OAUTH"))));
}

Example 47 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-boot by spring-projects.

the class AuthorizationAuditListenerTests method testDetailsAreIncludedInAuditEvent.

@Test
public void testDetailsAreIncludedInAuditEvent() throws Exception {
    Object details = new Object();
    UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("user", "password");
    authentication.setDetails(details);
    AuditApplicationEvent event = handleAuthorizationEvent(new AuthorizationFailureEvent(this, Collections.<ConfigAttribute>singletonList(new SecurityConfig("USER")), authentication, new AccessDeniedException("Bad user")));
    assertThat(event.getAuditEvent().getType()).isEqualTo(AuthorizationAuditListener.AUTHORIZATION_FAILURE);
    assertThat(event.getAuditEvent().getData()).containsEntry("details", details);
}

Example 48 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class ChannelSecurityConfigurer method addAttribute.

private ChannelRequestMatcherRegistry addAttribute(String attribute, List<? extends RequestMatcher> matchers) {
    for (RequestMatcher matcher : matchers) {
        Collection<ConfigAttribute> attrs = Arrays.<ConfigAttribute>asList(new SecurityConfig(attribute));
        requestMap.put(matcher, attrs);
    }
    return REGISTRY;
}

Example 49 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class GlobalMethodSecurityBeanDefinitionParser method parseProtectPointcuts.

private Map<String, List<ConfigAttribute>> parseProtectPointcuts(ParserContext parserContext, List<Element> protectPointcutElts) {
    Map<String, List<ConfigAttribute>> pointcutMap = new LinkedHashMap<String, List<ConfigAttribute>>();
    for (Element childElt : protectPointcutElts) {
        String accessConfig = childElt.getAttribute(ATT_ACCESS);
        String expression = childElt.getAttribute(ATT_EXPRESSION);
        if (!StringUtils.hasText(accessConfig)) {
            parserContext.getReaderContext().error("Access configuration required", parserContext.extractSource(childElt));
        }
        if (!StringUtils.hasText(expression)) {
            parserContext.getReaderContext().error("Pointcut expression required", parserContext.extractSource(childElt));
        }
        String[] attributeTokens = StringUtils.commaDelimitedListToStringArray(accessConfig);
        List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(attributeTokens.length);
        for (String token : attributeTokens) {
            attributes.add(new SecurityConfig(token));
        }
        pointcutMap.put(expression, attributes);
    }
    return pointcutMap;
}

Example 50 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class DefaultFilterChainValidator method checkLoginPageIsntProtected.

/*
	 * Checks for the common error of having a login page URL protected by the security
	 * interceptor
	 */
private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> filterStack) {
    ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class, filterStack);
    if (etf == null || !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) {
        return;
    }
    String loginPage = ((LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint()).getLoginFormUrl();
    logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
    FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
    List<Filter> filters = null;
    try {
        filters = fcp.getFilters(loginPage);
    } catch (Exception e) {
        // May happen legitimately if a filter-chain request matcher requires more
        // request data than that provided
        // by the dummy request used when creating the filter invocation.
        logger.info("Failed to obtain filter chain information for the login page. Unable to complete check.");
    }
    if (filters == null || filters.isEmpty()) {
        logger.debug("Filter chain is empty for the login page");
        return;
    }
    if (getFilter(DefaultLoginPageGeneratingFilter.class, filters) != null) {
        logger.debug("Default generated login page is in use");
        return;
    }
    FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters);
    FilterInvocationSecurityMetadataSource fids = fsi.getSecurityMetadataSource();
    Collection<ConfigAttribute> attributes = fids.getAttributes(loginRequest);
    if (attributes == null) {
        logger.debug("No access attributes defined for login page URL");
        if (fsi.isRejectPublicInvocations()) {
            logger.warn("FilterSecurityInterceptor is configured to reject public invocations." + " Your login page may not be accessible.");
        }
        return;
    }
    AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters);
    if (anonPF == null) {
        logger.warn("The login page is being protected by the filter chain, but you don't appear to have" + " anonymous authentication enabled. This is almost certainly an error.");
        return;
    }
    // Simulate an anonymous access with the supplied attributes.
    AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonPF.getPrincipal(), anonPF.getAuthorities());
    try {
        fsi.getAccessDecisionManager().decide(token, loginRequest, attributes);
    } catch (AccessDeniedException e) {
        logger.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly " + "an error. Please check your configuration allows unauthenticated access to the configured " + "login page. (Simulated access was rejected: " + e + ")");
    } catch (Exception e) {
        // May happen legitimately if a filter-chain request matcher requires more
        // request data than that provided
        // by the dummy request used when creating the filter invocation. See SEC-1878
        logger.info("Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.", e);
    }
}