Example 76 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.
the class ChannelProcessingFilter method afterPropertiesSet.
// ~ Methods
// ========================================================================================================
@Override
public void afterPropertiesSet() {
Assert.notNull(this.securityMetadataSource, "securityMetadataSource must be specified");
Assert.notNull(this.channelDecisionManager, "channelDecisionManager must be specified");
Collection<ConfigAttribute> attrDefs = this.securityMetadataSource.getAllConfigAttributes();
if (attrDefs == null) {
if (this.logger.isWarnEnabled()) {
this.logger.warn("Could not validate configuration attributes as the FilterInvocationSecurityMetadataSource did " + "not return any attributes");
}
return;
}
Set<ConfigAttribute> unsupportedAttributes = new HashSet<ConfigAttribute>();
for (ConfigAttribute attr : attrDefs) {
if (!this.channelDecisionManager.supports(attr)) {
unsupportedAttributes.add(attr);
}
}
if (unsupportedAttributes.size() == 0) {
if (this.logger.isInfoEnabled()) {
this.logger.info("Validated configuration attributes");
}
} else {
throw new IllegalArgumentException("Unsupported configuration attributes: " + unsupportedAttributes);
}
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
HashSet(java.util.HashSet)
Example 77 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.
the class ExpressionBasedFilterInvocationSecurityMetadataSource method processMap.
private static LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> processMap(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap, ExpressionParser parser) {
Assert.notNull(parser, "SecurityExpressionHandler returned a null parser object");
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestToExpressionAttributesMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>(requestMap);
for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
RequestMatcher request = entry.getKey();
Assert.isTrue(entry.getValue().size() == 1, "Expected a single expression attribute for " + request);
ArrayList<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(1);
String expression = entry.getValue().toArray(new ConfigAttribute[1])[0].getAttribute();
logger.debug("Adding web access control expression '" + expression + "', for " + request);
AbstractVariableEvaluationContextPostProcessor postProcessor = createPostProcessor(request);
try {
attributes.add(new WebExpressionConfigAttribute(parser.parseExpression(expression), postProcessor));
} catch (ParseException e) {
throw new IllegalArgumentException("Failed to parse expression '" + expression + "'");
}
requestToExpressionAttributesMap.put(request, attributes);
}
return requestToExpressionAttributesMap;
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
ArrayList(java.util.ArrayList)
LinkedHashMap(java.util.LinkedHashMap)
Collection(java.util.Collection)
ParseException(org.springframework.expression.ParseException)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Example 78 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method extraQuestionMarkStillMatches.
/**
* Check fixes for SEC-321
*/
@Test
public void extraQuestionMarkStillMatches() {
createFids("/someAdminPage.html*", null);
FilterInvocation fi = createFilterInvocation("/someAdminPage.html", null, null, null);
Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
assertThat(response).isEqualTo(this.def);
fi = createFilterInvocation("/someAdminPage.html", null, "?", null);
response = this.fids.getAttributes(fi);
assertThat(response).isEqualTo(this.def);
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 79 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method generalMatchIsUsedIfNoMethodSpecificMatchExists.
@Test
public void generalMatchIsUsedIfNoMethodSpecificMatchExists() {
createFids("/somepage**", null);
FilterInvocation fi = createFilterInvocation("/somepage", null, null, "GET");
Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
assertThat(attrs).isEqualTo(this.def);
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 80 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method mixingPatternsWithAndWithoutHttpMethodsIsSupported.
// SEC-1236
@Test
public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() throws Exception {
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
Collection<ConfigAttribute> userAttrs = SecurityConfig.createList("A");
requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs);
requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"), SecurityConfig.createList("B"));
this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
FilterInvocation fi = createFilterInvocation("/user", null, null, "GET");
Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
assertThat(attrs).isEqualTo(userAttrs);
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Collection(java.util.Collection)
FilterInvocation(org.springframework.security.web.FilterInvocation)
LinkedHashMap(java.util.LinkedHashMap)
Test(org.junit.Test)
Aggregations
ConfigAttribute (org.springframework.security.access.ConfigAttribute)88
Test (org.junit.Test)54
SecurityConfig (org.springframework.security.access.SecurityConfig)21
FilterInvocation (org.springframework.security.web.FilterInvocation)15
AccessDeniedException (org.springframework.security.access.AccessDeniedException)13
MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)12
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10
ArrayList (java.util.ArrayList)9
LinkedHashMap (java.util.LinkedHashMap)8
Authentication (org.springframework.security.core.Authentication)8
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)8
Collection (java.util.Collection)6
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)6
Method (java.lang.reflect.Method)5
List (java.util.List)5
MethodInvocation (org.aopalliance.intercept.MethodInvocation)5
GrantedAuthority (org.springframework.security.core.GrantedAuthority)5
RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)5
AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)4
SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4
