Search in sources :

Example 1 with SecurityMetadataSource

use of org.springframework.security.access.SecurityMetadataSource in project dhis2-core by dhis2.

the class SpringSecurityActionAccessResolver method hasAccess.

// -------------------------------------------------------------------------
// ActionAccessResolver implementation
// -------------------------------------------------------------------------
@Override
public boolean hasAccess(String module, String name) {
    // ---------------------------------------------------------------------
    // Get ObjectDefinitionSource
    // ---------------------------------------------------------------------
    Configuration config = Dispatcher.getInstance().getConfigurationManager().getConfiguration();
    PackageConfig packageConfig = config.getPackageConfig(module);
    if (packageConfig == null) {
        throw new IllegalArgumentException("Module doesn't exist: '" + module + "'");
    }
    ActionConfig actionConfig = packageConfig.getActionConfigs().get(name);
    if (actionConfig == null) {
        throw new IllegalArgumentException("Module " + module + " doesn't have an action named: '" + name + "'");
    }
    SecurityMetadataSource securityMetadataSource = requiredAuthoritiesProvider.createSecurityMetadataSource(actionConfig);
    // ---------------------------------------------------------------------
    // Test access
    // ---------------------------------------------------------------------
    SecurityContext securityContext = SecurityContextHolder.getContext();
    Authentication authentication = securityContext.getAuthentication();
    try {
        if (securityMetadataSource.getAttributes(actionConfig) != null) {
            if (authentication == null || !authentication.isAuthenticated()) {
                return false;
            }
            accessDecisionManager.decide(authentication, actionConfig, securityMetadataSource.getAttributes(actionConfig));
        }
        log.debug("Access to [" + module + ", " + name + "]: TRUE");
        return true;
    } catch (AccessDeniedException e) {
        log.debug("Access to [" + module + ", " + name + "]: FALSE (access denied)");
        return false;
    } catch (InsufficientAuthenticationException e) {
        log.debug("Access to [" + module + ", " + name + "]: FALSE (insufficient authentication)");
        return false;
    }
}
Also used : ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig) AccessDeniedException(org.springframework.security.access.AccessDeniedException) Configuration(com.opensymphony.xwork2.config.Configuration) SecurityMetadataSource(org.springframework.security.access.SecurityMetadataSource) Authentication(org.springframework.security.core.Authentication) SecurityContext(org.springframework.security.core.context.SecurityContext) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) PackageConfig(com.opensymphony.xwork2.config.entities.PackageConfig)

Example 2 with SecurityMetadataSource

use of org.springframework.security.access.SecurityMetadataSource in project engine by craftercms.

the class ConfigAwareSecurityMetadataSource method getAttributes.

@Override
@SuppressWarnings("unchecked")
public Collection<ConfigAttribute> getAttributes(final Object object) throws IllegalArgumentException {
    Callback<SecurityMetadataSource> callback = () -> {
        HierarchicalConfiguration siteConfig = ConfigUtils.getCurrentConfig();
        if (siteConfig != null) {
            List<HierarchicalConfiguration> restrictionsConfig = siteConfig.configurationsAt(URL_RESTRICTION_KEY);
            if (CollectionUtils.isNotEmpty(restrictionsConfig)) {
                LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> map = new LinkedHashMap<>();
                for (HierarchicalConfiguration restrictionConfig : restrictionsConfig) {
                    String url = restrictionConfig.getString(URL_RESTRICTION_URL_KEY);
                    String expression = restrictionConfig.getString(URL_RESTRICTION_EXPRESSION_KEY);
                    if (StringUtils.isNotEmpty(url) && StringUtils.isNotEmpty(expression)) {
                        AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
                        map.put(matcher, singleton(new SecurityConfig(expression)));
                    }
                }
                return new ExpressionBasedFilterInvocationSecurityMetadataSource(map, new DefaultWebSecurityExpressionHandler());
            }
        }
        return new DefaultFilterInvocationSecurityMetadataSource(new LinkedHashMap<>());
    };
    SiteContext siteContext = SiteContext.getCurrent();
    if (siteContext != null) {
        SecurityMetadataSource metadataSource = cacheTemplate.getObject(siteContext.getContext(), callback, URL_RESTRICTIONS_CACHE_KEY);
        return metadataSource.getAttributes(object);
    }
    return null;
}
Also used : ConfigAttribute(org.springframework.security.access.ConfigAttribute) SiteContext(org.craftercms.engine.service.context.SiteContext) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) HierarchicalConfiguration(org.apache.commons.configuration2.HierarchicalConfiguration) ExpressionBasedFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource) LinkedHashMap(java.util.LinkedHashMap) DefaultWebSecurityExpressionHandler(org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler) DefaultFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource) SecurityMetadataSource(org.springframework.security.access.SecurityMetadataSource) FilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource) ExpressionBasedFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource) SecurityConfig(org.springframework.security.access.SecurityConfig) List(java.util.List) DefaultFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource)

Aggregations

SecurityMetadataSource (org.springframework.security.access.SecurityMetadataSource)2 Configuration (com.opensymphony.xwork2.config.Configuration)1 ActionConfig (com.opensymphony.xwork2.config.entities.ActionConfig)1 PackageConfig (com.opensymphony.xwork2.config.entities.PackageConfig)1 LinkedHashMap (java.util.LinkedHashMap)1 List (java.util.List)1 HierarchicalConfiguration (org.apache.commons.configuration2.HierarchicalConfiguration)1 SiteContext (org.craftercms.engine.service.context.SiteContext)1 AccessDeniedException (org.springframework.security.access.AccessDeniedException)1 ConfigAttribute (org.springframework.security.access.ConfigAttribute)1 SecurityConfig (org.springframework.security.access.SecurityConfig)1 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)1 Authentication (org.springframework.security.core.Authentication)1 SecurityContext (org.springframework.security.core.context.SecurityContext)1 DefaultWebSecurityExpressionHandler (org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler)1 ExpressionBasedFilterInvocationSecurityMetadataSource (org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource)1 DefaultFilterInvocationSecurityMetadataSource (org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource)1 FilterInvocationSecurityMetadataSource (org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource)1 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)1