Examples with SecurityExpressionRoot org.springframework.security.access.expression.SecurityExpressionRoot used on opensource projects

Search in sources :

Example 1 with SecurityExpressionRoot

use of org.springframework.security.access.expression.SecurityExpressionRoot in project CzechIdMng by bcvsolutions.

the class WebSecurityConfig method securityExtension.

/**
 * Support hasAuthority etc. in search queries
 *
 * @return
 */
@Bean
public EvaluationContextExtension securityExtension() {
    return new EvaluationContextExtension() {

        @Override
        public String getExtensionId() {
            return "security";
        }

        @Override
        public SecurityExpressionRoot getRootObject() {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication == null) {
                // not authenticated
                return null;
            }
            SecurityExpressionRoot root = new SecurityExpressionRoot(authentication) {
            };
            root.setRoleHierarchy(roleHierarchy);
            return root;
        }
    };
}
Also used : EvaluationContextExtension(org.springframework.data.spel.spi.EvaluationContextExtension) Authentication(org.springframework.security.core.Authentication) SecurityExpressionRoot(org.springframework.security.access.expression.SecurityExpressionRoot) MethodInvokingFactoryBean(org.springframework.beans.factory.config.MethodInvokingFactoryBean) Bean(org.springframework.context.annotation.Bean)

Example 2 with SecurityExpressionRoot

use of org.springframework.security.access.expression.SecurityExpressionRoot in project spring-security by spring-projects.

the class ReactiveMethodSecurityConfigurationTests method rolePrefixWithDefaultConfig.

@Test
public void rolePrefixWithDefaultConfig() throws NoSuchMethodException {
    this.spring.register(ReactiveMethodSecurityConfiguration.class).autowire();
    TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", "ROLE_ABC");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
    EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation);
    SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue();
    assertThat(root.hasRole("ROLE_ABC")).isTrue();
    assertThat(root.hasRole("ABC")).isTrue();
}
Also used : MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) SecurityExpressionRoot(org.springframework.security.access.expression.SecurityExpressionRoot) Test(org.junit.jupiter.api.Test)

Example 3 with SecurityExpressionRoot

use of org.springframework.security.access.expression.SecurityExpressionRoot in project spring-security by spring-projects.

the class ReactiveMethodSecurityConfigurationTests method rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled.

@Test
public void rolePrefixWithGrantedAuthorityDefaultsAndSubclassWithProxyingEnabled() throws NoSuchMethodException {
    this.spring.register(SubclassConfig.class).autowire();
    TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", "ROLE_ABC");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
    EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation);
    SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue();
    assertThat(root.hasRole("ROLE_ABC")).isTrue();
    assertThat(root.hasRole("ABC")).isTrue();
}
Also used : MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) SecurityExpressionRoot(org.springframework.security.access.expression.SecurityExpressionRoot) Test(org.junit.jupiter.api.Test)

Example 4 with SecurityExpressionRoot

use of org.springframework.security.access.expression.SecurityExpressionRoot in project spring-security by spring-projects.

the class ReactiveMethodSecurityConfigurationTests method rolePrefixWithGrantedAuthorityDefaults.

@Test
public void rolePrefixWithGrantedAuthorityDefaults() throws NoSuchMethodException {
    this.spring.register(WithRolePrefixConfiguration.class).autowire();
    TestingAuthenticationToken authentication = new TestingAuthenticationToken("principal", "credential", "CUSTOM_ABC");
    MockMethodInvocation methodInvocation = new MockMethodInvocation(new Foo(), Foo.class, "bar", String.class);
    EvaluationContext context = this.methodSecurityExpressionHandler.createEvaluationContext(authentication, methodInvocation);
    SecurityExpressionRoot root = (SecurityExpressionRoot) context.getRootObject().getValue();
    assertThat(root.hasRole("ROLE_ABC")).isFalse();
    assertThat(root.hasRole("ROLE_CUSTOM_ABC")).isFalse();
    assertThat(root.hasRole("CUSTOM_ABC")).isTrue();
    assertThat(root.hasRole("ABC")).isTrue();
}
Also used : MockMethodInvocation(org.springframework.security.access.intercept.method.MockMethodInvocation) EvaluationContext(org.springframework.expression.EvaluationContext) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) SecurityExpressionRoot(org.springframework.security.access.expression.SecurityExpressionRoot) Test(org.junit.jupiter.api.Test)

Aggregations

SecurityExpressionRoot (org.springframework.security.access.expression.SecurityExpressionRoot)4 Test (org.junit.jupiter.api.Test)3 EvaluationContext (org.springframework.expression.EvaluationContext)3 MockMethodInvocation (org.springframework.security.access.intercept.method.MockMethodInvocation)3 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3 MethodInvokingFactoryBean (org.springframework.beans.factory.config.MethodInvokingFactoryBean)1 Bean (org.springframework.context.annotation.Bean)1 EvaluationContextExtension (org.springframework.data.spel.spi.EvaluationContextExtension)1 Authentication (org.springframework.security.core.Authentication)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial