Example 1 with DelegatingMethodSecurityMetadataSource
use of org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource in project spring-boot by spring-projects.
the class OAuth2AutoConfigurationTests method testMethodSecurityBackingOff.
@Test
public void testMethodSecurityBackingOff() {
this.context = new AnnotationConfigServletWebServerApplicationContext();
this.context.register(CustomMethodSecurity.class, TestSecurityConfiguration.class, MinimalSecureWebApplication.class);
this.context.refresh();
DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
assertThat(sources.size()).isEqualTo(1);
assertThat(sources.get(0).getClass().getName()).isEqualTo(PrePostAnnotationSecurityMetadataSource.class.getName());
}
Also used :
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Test(org.junit.Test)
Example 2 with DelegatingMethodSecurityMetadataSource
use of org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource in project spring-boot by spring-projects.
the class OAuth2AutoConfigurationTests method testJsr250SecurityAnnotationOverride.
@Test
public void testJsr250SecurityAnnotationOverride() {
this.context = new AnnotationConfigServletWebServerApplicationContext();
this.context.register(Jsr250EnabledConfiguration.class, MinimalSecureWebApplication.class);
this.context.refresh();
this.context.getBean(OAuth2MethodSecurityConfiguration.class);
ClientDetails config = this.context.getBean(ClientDetails.class);
DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
assertThat(sources.size()).isEqualTo(1);
assertThat(sources.get(0).getClass().getName()).isEqualTo(Jsr250MethodSecurityMetadataSource.class.getName());
verifyAuthentication(config, HttpStatus.OK);
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
Test(org.junit.Test)
Example 3 with DelegatingMethodSecurityMetadataSource
use of org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource in project spring-boot by spring-projects.
the class OAuth2AutoConfigurationTests method testClassicSecurityAnnotationOverride.
@Test
public void testClassicSecurityAnnotationOverride() {
this.context = new AnnotationConfigServletWebServerApplicationContext();
this.context.register(SecuredEnabledConfiguration.class, MinimalSecureWebApplication.class);
this.context.refresh();
this.context.getBean(OAuth2MethodSecurityConfiguration.class);
ClientDetails config = this.context.getBean(ClientDetails.class);
DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
assertThat(sources.size()).isEqualTo(1);
assertThat(sources.get(0).getClass().getName()).isEqualTo(SecuredAnnotationSecurityMetadataSource.class.getName());
verifyAuthentication(config, HttpStatus.OK);
}
Also used :
SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
Test(org.junit.Test)
Example 4 with DelegatingMethodSecurityMetadataSource
use of org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method methodSecurityMetadataSource.
/**
* Provides the default {@link MethodSecurityMetadataSource} that will be used. It
* creates a {@link DelegatingMethodSecurityMetadataSource} based upon
* {@link #customMethodSecurityMetadataSource()} and the attributes on
* {@link EnableGlobalMethodSecurity}.
*
* @return
*/
@Bean
public MethodSecurityMetadataSource methodSecurityMetadataSource() {
List<MethodSecurityMetadataSource> sources = new ArrayList<MethodSecurityMetadataSource>();
ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(getExpressionHandler());
MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
if (customMethodSecurityMetadataSource != null) {
sources.add(customMethodSecurityMetadataSource);
}
if (prePostEnabled()) {
sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
}
if (securedEnabled()) {
sources.add(new SecuredAnnotationSecurityMetadataSource());
}
if (jsr250Enabled()) {
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaults != null) {
this.jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
sources.add(jsr250MethodSecurityMetadataSource);
}
return new DelegatingMethodSecurityMetadataSource(sources);
}
Also used :
SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)
ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
ArrayList(java.util.ArrayList)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Bean(org.springframework.context.annotation.Bean)
Example 5 with DelegatingMethodSecurityMetadataSource
use of org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource in project spring-boot by spring-projects.
the class OAuth2AutoConfigurationTests method testDefaultPrePostSecurityAnnotations.
@Test
public void testDefaultPrePostSecurityAnnotations() {
this.context = new AnnotationConfigServletWebServerApplicationContext();
this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class);
this.context.refresh();
this.context.getBean(OAuth2MethodSecurityConfiguration.class);
ClientDetails config = this.context.getBean(ClientDetails.class);
DelegatingMethodSecurityMetadataSource source = this.context.getBean(DelegatingMethodSecurityMetadataSource.class);
List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
assertThat(sources.size()).isEqualTo(1);
assertThat(sources.get(0).getClass().getName()).isEqualTo(PrePostAnnotationSecurityMetadataSource.class.getName());
verifyAuthentication(config);
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
AnnotationConfigServletWebServerApplicationContext(org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Test(org.junit.Test)
Aggregations
Jsr250MethodSecurityMetadataSource (org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)5
DelegatingMethodSecurityMetadataSource (org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)5
MethodSecurityMetadataSource (org.springframework.security.access.method.MethodSecurityMetadataSource)5
Test (org.junit.Test)4
AnnotationConfigServletWebServerApplicationContext (org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)4
PrePostAnnotationSecurityMetadataSource (org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)3
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)3
BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)3
SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)2
ArrayList (java.util.ArrayList)1
Bean (org.springframework.context.annotation.Bean)1
ExpressionBasedAnnotationAttributeFactory (org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)1
GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)1
