Examples with ConfigAttribute org.springframework.security.access.ConfigAttribute used on opensource projects

Search in sources :

Example 41 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project dhis2-core by dhis2.

the class ActionAccessVoter method anyAuthority.

private int anyAuthority(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
    int supported = 0;
    boolean found = false;
    for (ConfigAttribute attribute : attributes) {
        if (supports(attribute)) {
            ++supported;
            for (GrantedAuthority authority : authentication.getAuthorities()) {
                if (authority.getAuthority().equals(attribute.getAttribute())) {
                    found = true;
                    break;
                }
            }
        }
    }
    if (!found && supported > 0) {
        LOG.debug("ACCESS_DENIED [" + object.toString() + "]");
        return ACCESS_DENIED;
    }
    if (supported > 0) {
        LOG.debug("ACCESS_GRANTED [" + object.toString() + "]");
        return ACCESS_GRANTED;
    }
    LOG.debug("ACCESS_ABSTAIN [" + object.toString() + "]: No supported attributes.");
    return ACCESS_ABSTAIN;
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) GrantedAuthority(org.springframework.security.core.GrantedAuthority)

Example 42 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project dhis2-core by dhis2.

the class AllRequiredRoleVoter method vote.

@Override
public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
    int supported = 0;
    for (ConfigAttribute attribute : attributes) {
        if (this.supports(attribute)) {
            ++supported;
            boolean found = false;
            for (GrantedAuthority authority : authentication.getAuthorities()) {
                if (attribute.getAttribute().equals(authority.getAuthority())) {
                    found = true;
                    break;
                }
            }
            if (!found) {
                return ACCESS_DENIED;
            }
        }
    }
    if (supported > 0) {
        return ACCESS_GRANTED;
    }
    return ACCESS_ABSTAIN;
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) GrantedAuthority(org.springframework.security.core.GrantedAuthority)

Example 43 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security by spring-projects.

the class ChannelDecisionManagerImplTests method testDecideIsOperational.

@Test
public void testDecideIsOperational() throws Exception {
    ChannelDecisionManagerImpl cdm = new ChannelDecisionManagerImpl();
    MockChannelProcessor cpXyz = new MockChannelProcessor("xyz", false);
    MockChannelProcessor cpAbc = new MockChannelProcessor("abc", true);
    List list = new Vector();
    list.add(cpXyz);
    list.add(cpAbc);
    cdm.setChannelProcessors(list);
    cdm.afterPropertiesSet();
    MockHttpServletRequest request = new MockHttpServletRequest();
    MockHttpServletResponse response = new MockHttpServletResponse();
    FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));
    List<ConfigAttribute> cad = SecurityConfig.createList("xyz");
    cdm.decide(fi, cad);
    assertThat(fi.getResponse().isCommitted()).isTrue();
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) FilterChain(javax.servlet.FilterChain) List(java.util.List) FilterInvocation(org.springframework.security.web.FilterInvocation) Vector(java.util.Vector) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 44 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security-oauth by spring-projects.

the class ClientScopeVoterTests method testAccessDenied.

@Test(expected = AccessDeniedException.class)
public void testAccessDenied() {
    client.setScope(Arrays.asList("none"));
    assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(authentication, null, Arrays.<ConfigAttribute>asList(new SecurityConfig("CLIENT_HAS_SCOPE"))));
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) Test(org.junit.Test)

Example 45 with ConfigAttribute

use of org.springframework.security.access.ConfigAttribute in project spring-security-oauth by spring-projects.

the class ScopeVoterTests method testAbstainIfNotOAuth2.

@Test
public void testAbstainIfNotOAuth2() throws Exception {
    Authentication clientAuthentication = new UsernamePasswordAuthenticationToken("foo", "bar");
    assertEquals(AccessDecisionVoter.ACCESS_ABSTAIN, voter.vote(clientAuthentication, null, Collections.<ConfigAttribute>singleton(new SecurityConfig("SCOPE_READ"))));
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Authentication(org.springframework.security.core.Authentication) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Test(org.junit.Test)

Aggregations

ConfigAttribute (org.springframework.security.access.ConfigAttribute)88 Test (org.junit.Test)54 SecurityConfig (org.springframework.security.access.SecurityConfig)21 FilterInvocation (org.springframework.security.web.FilterInvocation)15 AccessDeniedException (org.springframework.security.access.AccessDeniedException)13 MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)12 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10 ArrayList (java.util.ArrayList)9 LinkedHashMap (java.util.LinkedHashMap)8 Authentication (org.springframework.security.core.Authentication)8 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)8 Collection (java.util.Collection)6 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)6 Method (java.lang.reflect.Method)5 List (java.util.List)5 MethodInvocation (org.aopalliance.intercept.MethodInvocation)5 GrantedAuthority (org.springframework.security.core.GrantedAuthority)5 RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)5 AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)4 SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial