Example 96 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project dhis2-core by dhis2.
the class ActionAccessVoter method allAuthorities.
private int allAuthorities(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
int supported = 0;
for (ConfigAttribute attribute : attributes) {
if (supports(attribute)) {
++supported;
boolean found = false;
for (GrantedAuthority authority : authentication.getAuthorities()) {
if (authority.getAuthority().equals(attribute.getAttribute())) {
found = true;
break;
}
}
if (!found) {
log.debug("ACCESS_DENIED [" + object.toString() + "]");
return AccessDecisionVoter.ACCESS_DENIED;
}
}
}
if (supported > 0) {
log.debug("ACCESS_GRANTED [" + object.toString() + "]");
return AccessDecisionVoter.ACCESS_GRANTED;
}
log.debug("ACCESS_ABSTAIN [" + object.toString() + "]: No supported attributes.");
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
Example 97 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project dhis2-core by dhis2.
the class ActionAccessVoter method vote.
@Override
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
if (!supports(object.getClass())) {
log.debug("ACCESS_ABSTAIN [" + object.toString() + "]: Class not supported.");
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
ActionConfig actionConfig = (ActionConfig) object;
Collection<ConfigAttribute> requiredAuthorities = StrutsAuthorityUtils.getConfigAttributes(actionConfig, requiredAuthoritiesKey);
Collection<ConfigAttribute> anyAuthorities = StrutsAuthorityUtils.getConfigAttributes(actionConfig, anyAuthoritiesKey);
int allStatus = allAuthorities(authentication, object, requiredAuthorities);
if (allStatus == AccessDecisionVoter.ACCESS_DENIED) {
return AccessDecisionVoter.ACCESS_DENIED;
}
int anyStatus = anyAuthority(authentication, object, anyAuthorities);
if (anyStatus == AccessDecisionVoter.ACCESS_DENIED) {
return AccessDecisionVoter.ACCESS_DENIED;
}
if (allStatus == AccessDecisionVoter.ACCESS_GRANTED || anyStatus == AccessDecisionVoter.ACCESS_GRANTED) {
return AccessDecisionVoter.ACCESS_GRANTED;
}
return AccessDecisionVoter.ACCESS_ABSTAIN;
}
Also used :
ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
Example 98 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.
the class ExpressionBasedMessageSecurityMetadataSourceFactoryTests method createExpressionMessageMetadataSourceMatchFirst.
@Test
public void createExpressionMessageMetadataSourceMatchFirst() {
given(this.matcher1.matches(this.message)).willReturn(true);
Collection<ConfigAttribute> attrs = this.source.getAttributes(this.message);
assertThat(attrs).hasSize(1);
ConfigAttribute attr = attrs.iterator().next();
assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class);
assertThat(((MessageExpressionConfigAttribute) attr).getAuthorizeExpression().getValue(this.rootObject)).isEqualTo(true);
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
Test(org.junit.jupiter.api.Test)
Example 99 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.
the class ChannelProcessingFilter method doFilter.
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
FilterInvocation filterInvocation = new FilterInvocation(request, response, chain);
Collection<ConfigAttribute> attributes = this.securityMetadataSource.getAttributes(filterInvocation);
if (attributes != null) {
this.logger.debug(LogMessage.format("Request: %s; ConfigAttributes: %s", filterInvocation, attributes));
this.channelDecisionManager.decide(filterInvocation, attributes);
if (filterInvocation.getResponse().isCommitted()) {
return;
}
}
chain.doFilter(request, response);
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Example 100 with ConfigAttribute
use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.
the class ChannelDecisionManagerImplTests method testDecideIsOperational.
@Test
public void testDecideIsOperational() throws Exception {
ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl();
MockChannelProcessor cpXyz = new MockChannelProcessor("xyz", false);
MockChannelProcessor cpAbc = new MockChannelProcessor("abc", true);
List list = new Vector();
list.add(cpXyz);
list.add(cpAbc);
cdm.setChannelProcessors(list);
cdm.afterPropertiesSet();
MockHttpServletRequest request = new MockHttpServletRequest();
MockHttpServletResponse response = new MockHttpServletResponse();
FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
List<ConfigAttribute> cad = SecurityConfig.createList("xyz");
cdm.decide(fi, cad);
assertThat(fi.getResponse().isCommitted()).isTrue();
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
FilterChain(jakarta.servlet.FilterChain)
List(java.util.List)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Vector(java.util.Vector)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
ConfigAttribute (org.springframework.security.access.ConfigAttribute)113
Test (org.junit.jupiter.api.Test)45
SecurityConfig (org.springframework.security.access.SecurityConfig)29
Test (org.junit.Test)21
ArrayList (java.util.ArrayList)19
FilterInvocation (org.springframework.security.web.FilterInvocation)16
AccessDeniedException (org.springframework.security.access.AccessDeniedException)12
MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)12
Authentication (org.springframework.security.core.Authentication)11
LinkedHashMap (java.util.LinkedHashMap)10
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10
GrantedAuthority (org.springframework.security.core.GrantedAuthority)10
Collection (java.util.Collection)9
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)8
List (java.util.List)7
RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)7
MethodInvocation (org.aopalliance.intercept.MethodInvocation)6
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)6
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)6
Method (java.lang.reflect.Method)5
