Example 6 with MethodSecurityMetadataSource
use of org.springframework.security.access.method.MethodSecurityMetadataSource in project spring-security by spring-projects.
the class MethodSecurityMetadataSourceAdvisorTests method testAdvisorReturnsFalseWhenMethodInvocationNotDefined.
@Test
public void testAdvisorReturnsFalseWhenMethodInvocationNotDefined() throws Exception {
Class<TargetObject> clazz = TargetObject.class;
Method method = clazz.getMethod("makeLowerCase", new Class[] { String.class });
MethodSecurityMetadataSource mds = mock(MethodSecurityMetadataSource.class);
given(mds.getAttributes(method, clazz)).willReturn(null);
MethodSecurityMetadataSourceAdvisor advisor = new MethodSecurityMetadataSourceAdvisor("", mds, "");
assertThat(advisor.getPointcut().getMethodMatcher().matches(method, clazz)).isFalse();
}
Also used :
Method(java.lang.reflect.Method)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
TargetObject(org.springframework.security.TargetObject)
Test(org.junit.jupiter.api.Test)
Example 7 with MethodSecurityMetadataSource
use of org.springframework.security.access.method.MethodSecurityMetadataSource in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method methodSecurityMetadataSource.
/**
* Provides the default {@link MethodSecurityMetadataSource} that will be used. It
* creates a {@link DelegatingMethodSecurityMetadataSource} based upon
* {@link #customMethodSecurityMetadataSource()} and the attributes on
* {@link EnableGlobalMethodSecurity}.
* @return the {@link MethodSecurityMetadataSource}
*/
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public MethodSecurityMetadataSource methodSecurityMetadataSource() {
List<MethodSecurityMetadataSource> sources = new ArrayList<>();
ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(getExpressionHandler());
MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
if (customMethodSecurityMetadataSource != null) {
sources.add(customMethodSecurityMetadataSource);
}
boolean hasCustom = customMethodSecurityMetadataSource != null;
boolean isPrePostEnabled = prePostEnabled();
boolean isSecuredEnabled = securedEnabled();
boolean isJsr250Enabled = jsr250Enabled();
Assert.state(isPrePostEnabled || isSecuredEnabled || isJsr250Enabled || hasCustom, "In the composition of all global method configuration, " + "no annotation support was actually activated");
if (isPrePostEnabled) {
sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
}
if (isSecuredEnabled) {
sources.add(new SecuredAnnotationSecurityMetadataSource());
}
if (isJsr250Enabled) {
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource = this.context.getBean(Jsr250MethodSecurityMetadataSource.class);
if (grantedAuthorityDefaults != null) {
jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
sources.add(jsr250MethodSecurityMetadataSource);
}
return new DelegatingMethodSecurityMetadataSource(sources);
}
Also used :
SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)
ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
ArrayList(java.util.ArrayList)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Role(org.springframework.context.annotation.Role)
Bean(org.springframework.context.annotation.Bean)
Example 8 with MethodSecurityMetadataSource
use of org.springframework.security.access.method.MethodSecurityMetadataSource in project spring-security by spring-projects.
the class GlobalMethodSecurityConfigurationTests method methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled.
@Test
public void methodSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() {
this.spring.register(CustomMetadataSourceBeanProxyEnabledConfig.class).autowire();
MethodSecurityInterceptor methodInterceptor = (MethodSecurityInterceptor) this.spring.getContext().getBean(MethodInterceptor.class);
MethodSecurityMetadataSource methodSecurityMetadataSource = this.spring.getContext().getBean(MethodSecurityMetadataSource.class);
assertThat(methodInterceptor.getSecurityMetadataSource()).isSameAs(methodSecurityMetadataSource);
}
Also used :
MethodInterceptor(org.aopalliance.intercept.MethodInterceptor)
MethodSecurityInterceptor(org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Test(org.junit.jupiter.api.Test)
Aggregations
MethodSecurityMetadataSource (org.springframework.security.access.method.MethodSecurityMetadataSource)8
Jsr250MethodSecurityMetadataSource (org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)5
DelegatingMethodSecurityMetadataSource (org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)5
Test (org.junit.Test)4
AnnotationConfigServletWebServerApplicationContext (org.springframework.boot.web.servlet.context.AnnotationConfigServletWebServerApplicationContext)4
Test (org.junit.jupiter.api.Test)3
PrePostAnnotationSecurityMetadataSource (org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)3
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)3
BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)3
Method (java.lang.reflect.Method)2
TargetObject (org.springframework.security.TargetObject)2
SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)2
ArrayList (java.util.ArrayList)1
MethodInterceptor (org.aopalliance.intercept.MethodInterceptor)1
Bean (org.springframework.context.annotation.Bean)1
Role (org.springframework.context.annotation.Role)1
ExpressionBasedAnnotationAttributeFactory (org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)1
MethodSecurityInterceptor (org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor)1
GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)1
