Example 36 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-security-oauth by spring-projects.
the class ScopeVoterTests method testAbstainIfNotOAuth2.
@Test
public void testAbstainIfNotOAuth2() throws Exception {
Authentication clientAuthentication = new UsernamePasswordAuthenticationToken("foo", "bar");
assertEquals(AccessDecisionVoter.ACCESS_ABSTAIN, voter.vote(clientAuthentication, null, Collections.<ConfigAttribute>singleton(new SecurityConfig("SCOPE_READ"))));
}
Also used :
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
SecurityConfig(org.springframework.security.access.SecurityConfig)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
Test(org.junit.Test)
Example 37 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-security-oauth by spring-projects.
the class ScopeVoterTests method testDenyIfOAuth2AndExplictlyDenied.
@Test
public void testDenyIfOAuth2AndExplictlyDenied() throws Exception {
OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false, Collections.singleton("read"));
Authentication userAuthentication = null;
OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
assertEquals(AccessDecisionVoter.ACCESS_DENIED, voter.vote(oAuth2Authentication, null, Collections.<ConfigAttribute>singleton(new SecurityConfig("DENY_OAUTH"))));
}
Also used :
OAuth2Request(org.springframework.security.oauth2.provider.OAuth2Request)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
SecurityConfig(org.springframework.security.access.SecurityConfig)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Test(org.junit.Test)
Example 38 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project spring-boot by spring-projects.
the class AuthorizationAuditListenerTests method testDetailsAreIncludedInAuditEvent.
@Test
public void testDetailsAreIncludedInAuditEvent() throws Exception {
Object details = new Object();
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("user", "password");
authentication.setDetails(details);
AuditApplicationEvent event = handleAuthorizationEvent(new AuthorizationFailureEvent(this, Collections.<ConfigAttribute>singletonList(new SecurityConfig("USER")), authentication, new AccessDeniedException("Bad user")));
assertThat(event.getAuditEvent().getType()).isEqualTo(AuthorizationAuditListener.AUTHORIZATION_FAILURE);
assertThat(event.getAuditEvent().getData()).containsEntry("details", details);
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
SecurityConfig(org.springframework.security.access.SecurityConfig)
AuditApplicationEvent(org.springframework.boot.actuate.audit.listener.AuditApplicationEvent)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
AuthorizationFailureEvent(org.springframework.security.access.event.AuthorizationFailureEvent)
Test(org.junit.Test)
Example 39 with SecurityConfig
use of org.springframework.security.access.SecurityConfig in project midpoint by Evolveum.
the class MidPointGuiAuthorizationEvaluator method addSecurityConfig.
private void addSecurityConfig(FilterInvocation filterInvocation, Collection<ConfigAttribute> guiConfigAttr, String url, DisplayableValue<String>[] actions) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
if (!matcher.matches(filterInvocation.getRequest()) || actions == null) {
return;
}
for (DisplayableValue<String> action : actions) {
String actionUri = action.getValue();
if (StringUtils.isBlank(actionUri)) {
continue;
}
//all users has permission to access these resources
if (action.equals(AuthorizationConstants.AUTZ_UI_PERMIT_ALL_URL)) {
return;
}
SecurityConfig config = new SecurityConfig(actionUri);
if (!guiConfigAttr.contains(config)) {
guiConfigAttr.add(config);
}
}
}
Also used :
SecurityConfig(org.springframework.security.access.SecurityConfig)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Aggregations
SecurityConfig (org.springframework.security.access.SecurityConfig)39
Test (org.junit.Test)33
ConfigAttribute (org.springframework.security.access.ConfigAttribute)21
List (java.util.List)7
Vector (java.util.Vector)6
Authentication (org.springframework.security.core.Authentication)6
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)6
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)5
OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)5
MethodInvocation (org.aopalliance.intercept.MethodInvocation)4
AccessDeniedException (org.springframework.security.access.AccessDeniedException)4
SimpleMethodInvocation (org.springframework.security.util.SimpleMethodInvocation)4
AuditApplicationEvent (org.springframework.boot.actuate.audit.listener.AuditApplicationEvent)3
ArrayList (java.util.ArrayList)2
AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)2
DefaultFilterInvocationSecurityMetadataSource (org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource)2
Method (java.lang.reflect.Method)1
LinkedHashMap (java.util.LinkedHashMap)1
Before (org.junit.Before)1
BeanMetadataElement (org.springframework.beans.BeanMetadataElement)1
