Example 86 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project midpoint by Evolveum.
the class MidPointGuiAuthorizationEvaluator method decide.
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
if (!(object instanceof FilterInvocation)) {
return;
}
FilterInvocation filterInvocation = (FilterInvocation) object;
Collection<ConfigAttribute> guiConfigAttr = new ArrayList<>();
for (PageUrlMapping urlMapping : PageUrlMapping.values()) {
addSecurityConfig(filterInvocation, guiConfigAttr, urlMapping.getUrl(), urlMapping.getAction());
}
Map<String, DisplayableValue<String>[]> actions = DescriptorLoader.getActions();
for (Map.Entry<String, DisplayableValue<String>[]> entry : actions.entrySet()) {
addSecurityConfig(filterInvocation, guiConfigAttr, entry.getKey(), entry.getValue());
}
if (configAttributes == null || guiConfigAttr.isEmpty()) {
return;
}
Collection<ConfigAttribute> configAttributesToUse = guiConfigAttr;
if (guiConfigAttr.isEmpty()) {
configAttributesToUse = configAttributes;
}
try {
securityEnforcer.decide(authentication, object, configAttributesToUse);
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("DECIDE: authentication={}, object={}, configAttributesToUse={}: OK", authentication, object, configAttributesToUse);
}
} catch (AccessDeniedException | InsufficientAuthenticationException e) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("DECIDE: authentication={}, object={}, configAttributesToUse={}: {}", authentication, object, configAttributesToUse, e);
}
throw e;
}
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
ArrayList(java.util.ArrayList)
FilterInvocation(org.springframework.security.web.FilterInvocation)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
Map(java.util.Map)
Example 87 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project dhis2-core by dhis2.
the class ActionAccessVoter method allAuthorities.
private int allAuthorities(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
int supported = 0;
for (ConfigAttribute attribute : attributes) {
if (supports(attribute)) {
++supported;
boolean found = false;
for (GrantedAuthority authority : authentication.getAuthorities()) {
if (authority.getAuthority().equals(attribute.getAttribute())) {
found = true;
break;
}
}
if (!found) {
LOG.debug("ACCESS_DENIED [" + object.toString() + "]");
return ACCESS_DENIED;
}
}
}
if (supported > 0) {
LOG.debug("ACCESS_GRANTED [" + object.toString() + "]");
return ACCESS_GRANTED;
}
LOG.debug("ACCESS_ABSTAIN [" + object.toString() + "]: No supported attributes.");
return ACCESS_ABSTAIN;
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
Example 88 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project dhis2-core by dhis2.
the class ActionAccessVoter method vote.
@Override
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
if (!supports(object.getClass())) {
LOG.debug("ACCESS_ABSTAIN [" + object.toString() + "]: Class not supported.");
return ACCESS_ABSTAIN;
}
ActionConfig actionConfig = (ActionConfig) object;
Collection<ConfigAttribute> requiredAuthorities = StrutsAuthorityUtils.getConfigAttributes(actionConfig, requiredAuthoritiesKey);
Collection<ConfigAttribute> anyAuthorities = StrutsAuthorityUtils.getConfigAttributes(actionConfig, anyAuthoritiesKey);
int allStatus = allAuthorities(authentication, object, requiredAuthorities);
if (allStatus == ACCESS_DENIED) {
return ACCESS_DENIED;
}
int anyStatus = anyAuthority(authentication, object, anyAuthorities);
if (anyStatus == ACCESS_DENIED) {
return ACCESS_DENIED;
}
if (allStatus == ACCESS_GRANTED || anyStatus == ACCESS_GRANTED) {
return ACCESS_GRANTED;
}
return ACCESS_ABSTAIN;
}
Also used :
ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
Aggregations
ConfigAttribute (org.springframework.security.access.ConfigAttribute)88
Test (org.junit.Test)54
SecurityConfig (org.springframework.security.access.SecurityConfig)21
FilterInvocation (org.springframework.security.web.FilterInvocation)15
AccessDeniedException (org.springframework.security.access.AccessDeniedException)13
MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)12
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10
ArrayList (java.util.ArrayList)9
LinkedHashMap (java.util.LinkedHashMap)8
Authentication (org.springframework.security.core.Authentication)8
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)8
Collection (java.util.Collection)6
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)6
Method (java.lang.reflect.Method)5
List (java.util.List)5
MethodInvocation (org.aopalliance.intercept.MethodInvocation)5
GrantedAuthority (org.springframework.security.core.GrantedAuthority)5
RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)5
AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)4
SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4
