Examples with ConfigAttribute org.springframework.security.access.ConfigAttribute used on opensource projects

Search in sources :

Example 51 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class Jsr250MethodSecurityMetadataSource method processAnnotations.

private List<ConfigAttribute> processAnnotations(Annotation[] annotations) {
    if (annotations == null || annotations.length == 0) {
        return null;
    }
    List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();
    for (Annotation a : annotations) {
        if (a instanceof DenyAll) {
            attributes.add(Jsr250SecurityConfig.DENY_ALL_ATTRIBUTE);
            return attributes;
        }
        if (a instanceof PermitAll) {
            attributes.add(Jsr250SecurityConfig.PERMIT_ALL_ATTRIBUTE);
            return attributes;
        }
        if (a instanceof RolesAllowed) {
            RolesAllowed ra = (RolesAllowed) a;
            for (String allowed : ra.value()) {
                String defaultedAllowed = getRoleWithDefaultPrefix(allowed);
                attributes.add(new Jsr250SecurityConfig(defaultedAllowed));
            }
            return attributes;
        }
    }
    return null;
}
Also used : DenyAll(javax.annotation.security.DenyAll) RolesAllowed(javax.annotation.security.RolesAllowed) ConfigAttribute(org.springframework.security.access.ConfigAttribute) ArrayList(java.util.ArrayList) PermitAll(javax.annotation.security.PermitAll) Annotation(java.lang.annotation.Annotation)

Example 52 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class MessageSecurityMetadataSourceRegistryTests method getAttribute.

private String getAttribute() {
    MessageSecurityMetadataSource source = messages.createMetadataSource();
    Collection<ConfigAttribute> attrs = source.getAttributes(message);
    if (attrs == null) {
        return null;
    }
    assertThat(attrs.size()).isEqualTo(1);
    return attrs.iterator().next().toString();
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) MessageSecurityMetadataSource(org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource)

Example 53 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class FilterSecurityMetadataSourceBeanDefinitionParserTests method interceptUrlsSupportPropertyPlaceholders.

// SEC-1201
@Test
public void interceptUrlsSupportPropertyPlaceholders() {
    System.setProperty("secure.url", "/secure");
    System.setProperty("secure.role", "ROLE_A");
    setContext("<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" + "<filter-security-metadata-source id='fids' use-expressions='false'>" + "   <intercept-url pattern='${secure.url}' access='${secure.role}'/>" + "</filter-security-metadata-source>");
    DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) this.appContext.getBean("fids");
    Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/secure", "GET"));
    assertThat(cad).isNotNull();
    assertThat(cad).hasSize(1);
    assertThat(cad.contains(new SecurityConfig("ROLE_A"))).isTrue();
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) DefaultFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource) Test(org.junit.Test)

Example 54 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class FilterSecurityMetadataSourceBeanDefinitionParserTests method parsingMinimalConfigurationIsSuccessful.

@Test
public void parsingMinimalConfigurationIsSuccessful() {
    setContext("<filter-security-metadata-source id='fids' use-expressions='false'>" + "   <intercept-url pattern='/**' access='ROLE_A'/>" + "</filter-security-metadata-source>");
    DefaultFilterInvocationSecurityMetadataSource fids = (DefaultFilterInvocationSecurityMetadataSource) this.appContext.getBean("fids");
    Collection<ConfigAttribute> cad = fids.getAttributes(createFilterInvocation("/anything", "GET"));
    assertThat(cad).isNotNull();
    assertThat(cad.contains(new SecurityConfig("ROLE_A"))).isTrue();
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) DefaultFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource) Test(org.junit.Test)

Example 55 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class FilterSecurityMetadataSourceBeanDefinitionParserTests method expressionsAreSupported.

@Test
public void expressionsAreSupported() {
    setContext("<filter-security-metadata-source id='fids'>" + "   <intercept-url pattern='/**' access=\"hasRole('ROLE_A')\" />" + "</filter-security-metadata-source>");
    ExpressionBasedFilterInvocationSecurityMetadataSource fids = (ExpressionBasedFilterInvocationSecurityMetadataSource) this.appContext.getBean("fids");
    ConfigAttribute[] cad = fids.getAttributes(createFilterInvocation("/anything", "GET")).toArray(new ConfigAttribute[0]);
    assertThat(cad.length).isEqualTo(1);
    assertThat(cad[0].toString()).isEqualTo("hasRole('ROLE_A')");
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) ExpressionBasedFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource) Test(org.junit.Test)

Aggregations

ConfigAttribute (org.springframework.security.access.ConfigAttribute)88 Test (org.junit.Test)54 SecurityConfig (org.springframework.security.access.SecurityConfig)21 FilterInvocation (org.springframework.security.web.FilterInvocation)15 AccessDeniedException (org.springframework.security.access.AccessDeniedException)13 MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)12 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10 ArrayList (java.util.ArrayList)9 LinkedHashMap (java.util.LinkedHashMap)8 Authentication (org.springframework.security.core.Authentication)8 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)8 Collection (java.util.Collection)6 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)6 Method (java.lang.reflect.Method)5 List (java.util.List)5 MethodInvocation (org.aopalliance.intercept.MethodInvocation)5 GrantedAuthority (org.springframework.security.core.GrantedAuthority)5 RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)5 AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)4 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial