Examples with ConfigAttribute - org.springframework.security.access.ConfigAttribute

Example 71 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class ConsensusBasedTests method testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault.

@Test(expected = AccessDeniedException.class)
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteDeniesAccessWithoutDefault() throws Exception {
    TestingAuthenticationToken auth = makeTestToken();
    ConsensusBased mgr = makeDecisionManager();
    mgr.setAllowIfEqualGrantedDeniedDecisions(false);
    // check changed
    assertThat(!mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue();
    List<ConfigAttribute> config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE");
    mgr.decide(auth, new Object(), config);
}

Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Example 72 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class ConsensusBasedTests method testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault.

@Test
public void testOneAffirmativeVoteOneDenyVoteOneAbstainVoteGrantsAccessWithDefault() throws Exception {
    TestingAuthenticationToken auth = makeTestToken();
    ConsensusBased mgr = makeDecisionManager();
    // check default
    assertThat(mgr.isAllowIfEqualGrantedDeniedDecisions()).isTrue();
    List<ConfigAttribute> config = SecurityConfig.createList("ROLE_1", "DENY_FOR_SURE");
    mgr.decide(auth, new Object(), config);
}

Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)

Example 73 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class AfterInvocationProviderManagerTests method testCorrectOperation.

// ~ Methods
// ========================================================================================================
@Test
public void testCorrectOperation() throws Exception {
    AfterInvocationProviderManager manager = new AfterInvocationProviderManager();
    List list = new Vector();
    list.add(new MockAfterInvocationProvider("swap1", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP1")));
    list.add(new MockAfterInvocationProvider("swap2", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP2")));
    list.add(new MockAfterInvocationProvider("swap3", MethodInvocation.class, new SecurityConfig("GIVE_ME_SWAP3")));
    manager.setProviders(list);
    assertThat(manager.getProviders()).isEqualTo(list);
    manager.afterPropertiesSet();
    List<ConfigAttribute> attr1 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP1" });
    List<ConfigAttribute> attr2 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2" });
    List<ConfigAttribute> attr3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP3" });
    List<ConfigAttribute> attr2and3 = SecurityConfig.createList(new String[] { "GIVE_ME_SWAP2", "GIVE_ME_SWAP3" });
    List<ConfigAttribute> attr4 = SecurityConfig.createList(new String[] { "NEVER_CAUSES_SWAP" });
    assertThat(manager.decide(null, new SimpleMethodInvocation(), attr1, "content-before-swapping")).isEqualTo("swap1");
    assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2, "content-before-swapping")).isEqualTo("swap2");
    assertThat(manager.decide(null, new SimpleMethodInvocation(), attr3, "content-before-swapping")).isEqualTo("swap3");
    assertThat(manager.decide(null, new SimpleMethodInvocation(), attr4, "content-before-swapping")).isEqualTo("content-before-swapping");
    assertThat(manager.decide(null, new SimpleMethodInvocation(), attr2and3, "content-before-swapping")).isEqualTo("swap3");
}

Also used : SecurityConfig(org.springframework.security.access.SecurityConfig) ConfigAttribute(org.springframework.security.access.ConfigAttribute) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) List(java.util.List) SimpleMethodInvocation(org.springframework.security.util.SimpleMethodInvocation) MethodInvocation(org.aopalliance.intercept.MethodInvocation) Vector(java.util.Vector) Test(org.junit.Test)

Example 74 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class ExpressionBasedMessageSecurityMetadataSourceFactoryTests method createExpressionMessageMetadataSourceMatchFirst.

@Test
public void createExpressionMessageMetadataSourceMatchFirst() {
    when(matcher1.matches(message)).thenReturn(true);
    Collection<ConfigAttribute> attrs = source.getAttributes(message);
    assertThat(attrs.size()).isEqualTo(1);
    ConfigAttribute attr = attrs.iterator().next();
    assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class);
    assertThat(((MessageExpressionConfigAttribute) attr).getAuthorizeExpression().getValue(rootObject)).isEqualTo(true);
}

Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) Test(org.junit.Test)

Example 75 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class ChannelProcessingFilter method doFilter.

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    FilterInvocation fi = new FilterInvocation(request, response, chain);
    Collection<ConfigAttribute> attr = this.securityMetadataSource.getAttributes(fi);
    if (attr != null) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Request: " + fi.toString() + "; ConfigAttributes: " + attr);
        }
        this.channelDecisionManager.decide(fi, attr);
        if (fi.getResponse().isCommitted()) {
            return;
        }
    }
    chain.doFilter(request, response);
}

Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ConfigAttribute(org.springframework.security.access.ConfigAttribute) HttpServletResponse(javax.servlet.http.HttpServletResponse) FilterInvocation(org.springframework.security.web.FilterInvocation)

Aggregations

ConfigAttribute (org.springframework.security.access.ConfigAttribute)88 Test (org.junit.Test)54 SecurityConfig (org.springframework.security.access.SecurityConfig)21 FilterInvocation (org.springframework.security.web.FilterInvocation)15 AccessDeniedException (org.springframework.security.access.AccessDeniedException)13 MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)12 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10 ArrayList (java.util.ArrayList)9 LinkedHashMap (java.util.LinkedHashMap)8 Authentication (org.springframework.security.core.Authentication)8 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)8 Collection (java.util.Collection)6 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)6 Method (java.lang.reflect.Method)5 List (java.util.List)5 MethodInvocation (org.aopalliance.intercept.MethodInvocation)5 GrantedAuthority (org.springframework.security.core.GrantedAuthority)5 RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)5 AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)4 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4