Examples with ConfigAttribute org.springframework.security.access.ConfigAttribute used on opensource projects

Search in sources :

Example 81 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class DefaultFilterInvocationSecurityMetadataSourceTests method requestWithDifferentHttpMethodDoesntMatch.

@Test
public void requestWithDifferentHttpMethodDoesntMatch() {
    createFids("/somepage**", "GET");
    FilterInvocation fi = createFilterInvocation("/somepage", null, null, "POST");
    Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
    assertThat(attrs).isNull();
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) FilterInvocation(org.springframework.security.web.FilterInvocation) Test(org.junit.Test)

Example 82 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class ExpressionBasedFilterInvocationSecurityMetadataSourceTests method expectedAttributeIsReturned.

@Test
public void expectedAttributeIsReturned() {
    final String expression = "hasRole('X')";
    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
    requestMap.put(AnyRequestMatcher.INSTANCE, SecurityConfig.createList(expression));
    ExpressionBasedFilterInvocationSecurityMetadataSource mds = new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, new DefaultWebSecurityExpressionHandler());
    assertThat(mds.getAllConfigAttributes()).hasSize(1);
    Collection<ConfigAttribute> attrs = mds.getAttributes(new FilterInvocation("/path", "GET"));
    assertThat(attrs).hasSize(1);
    WebExpressionConfigAttribute attribute = (WebExpressionConfigAttribute) attrs.toArray()[0];
    assertThat(attribute.getAttribute()).isNull();
    assertThat(attribute.getAuthorizeExpression().getExpressionString()).isEqualTo(expression);
    assertThat(attribute.toString()).isEqualTo(expression);
}
Also used : AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) ConfigAttribute(org.springframework.security.access.ConfigAttribute) Collection(java.util.Collection) FilterInvocation(org.springframework.security.web.FilterInvocation) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.Test)

Example 83 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class DefaultFilterInvocationSecurityMetadataSourceTests method lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase.

/**
	 * SEC-501. Note that as of 2.0, lower case comparisons are the default for this
	 * class.
	 */
@Test
public void lookupNotRequiringExactMatchSucceedsIfSecureUrlPathContainsUpperCase() {
    createFids("/secure/super/**", null);
    FilterInvocation fi = createFilterInvocation("/secure", "/super/somefile.html", null, null);
    Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
    assertThat(response).isEqualTo(this.def);
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) FilterInvocation(org.springframework.security.web.FilterInvocation) Test(org.junit.Test)

Example 84 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class DefaultFilterInvocationSecurityMetadataSourceTests method createFids.

// ~ Methods
// ========================================================================================================
private void createFids(String pattern, String method) {
    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
    requestMap.put(new AntPathRequestMatcher(pattern, method), this.def);
    this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) ConfigAttribute(org.springframework.security.access.ConfigAttribute) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) Collection(java.util.Collection) LinkedHashMap(java.util.LinkedHashMap)

Example 85 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class DefaultFilterInvocationSecurityMetadataSourceTests method lookupRequiringExactMatchIsSuccessful.

@Test
public void lookupRequiringExactMatchIsSuccessful() {
    createFids("/SeCurE/super/**", null);
    FilterInvocation fi = createFilterInvocation("/SeCurE/super/somefile.html", null, null, null);
    Collection<ConfigAttribute> response = this.fids.getAttributes(fi);
    assertThat(response).isEqualTo(this.def);
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) FilterInvocation(org.springframework.security.web.FilterInvocation) Test(org.junit.Test)

Aggregations

ConfigAttribute (org.springframework.security.access.ConfigAttribute)88 Test (org.junit.Test)54 SecurityConfig (org.springframework.security.access.SecurityConfig)21 FilterInvocation (org.springframework.security.web.FilterInvocation)15 AccessDeniedException (org.springframework.security.access.AccessDeniedException)13 MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)12 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10 ArrayList (java.util.ArrayList)9 LinkedHashMap (java.util.LinkedHashMap)8 Authentication (org.springframework.security.core.Authentication)8 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)8 Collection (java.util.Collection)6 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)6 Method (java.lang.reflect.Method)5 List (java.util.List)5 MethodInvocation (org.aopalliance.intercept.MethodInvocation)5 GrantedAuthority (org.springframework.security.core.GrantedAuthority)5 RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)5 AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)4 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial