Search in sources :

Example 1 with AffirmativeBased

use of org.springframework.security.access.vote.AffirmativeBased in project spring-security by spring-projects.

the class PrePostSecured method setUp.

@Before
public final void setUp() throws Exception {
    MockitoAnnotations.initMocks(this);
    interceptor = new AspectJMethodSecurityInterceptor();
    AccessDecisionVoter[] voters = new AccessDecisionVoter[] { new RoleVoter(), new PreInvocationAuthorizationAdviceVoter(new ExpressionBasedPreInvocationAdvice()) };
    adm = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(voters));
    interceptor.setAccessDecisionManager(adm);
    interceptor.setAuthenticationManager(authman);
    interceptor.setSecurityMetadataSource(new SecuredAnnotationSecurityMetadataSource());
    AnnotationSecurityAspect secAspect = AnnotationSecurityAspect.aspectOf();
    secAspect.setSecurityInterceptor(interceptor);
}
Also used : SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource) AspectJMethodSecurityInterceptor(org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor) AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) RoleVoter(org.springframework.security.access.vote.RoleVoter) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter) ExpressionBasedPreInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice) PreInvocationAuthorizationAdviceVoter(org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter) Before(org.junit.Before)

Example 2 with AffirmativeBased

use of org.springframework.security.access.vote.AffirmativeBased in project faf-java-server by FAForever.

the class IntegrationSecurityConfig method channelSecurityInterceptor.

@Bean
public ChannelSecurityInterceptor channelSecurityInterceptor(AuthenticationManager authenticationManager) {
    ChannelSecurityInterceptor channelSecurityInterceptor = new ChannelSecurityInterceptor();
    channelSecurityInterceptor.setAuthenticationManager(authenticationManager);
    channelSecurityInterceptor.setAccessDecisionManager(new AffirmativeBased(Collections.singletonList(new RoleVoter())));
    return channelSecurityInterceptor;
}
Also used : AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) RoleVoter(org.springframework.security.access.vote.RoleVoter) ChannelSecurityInterceptor(org.springframework.integration.security.channel.ChannelSecurityInterceptor) Bean(org.springframework.context.annotation.Bean)

Example 3 with AffirmativeBased

use of org.springframework.security.access.vote.AffirmativeBased in project tutorials by eugenp.

the class SecurityConfig method customAccessDecisionManager.

@Bean
public AccessDecisionManager customAccessDecisionManager() {
    List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>();
    decisionVoters.add(new RoleVoter());
    decisionVoters.add(new UsernameAccessDecisionVoter());
    AccessDecisionManager accessDecisionManager = new AffirmativeBased(decisionVoters);
    return accessDecisionManager;
}
Also used : AccessDecisionManager(org.springframework.security.access.AccessDecisionManager) AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) ArrayList(java.util.ArrayList) RoleVoter(org.springframework.security.access.vote.RoleVoter) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter) Bean(org.springframework.context.annotation.Bean)

Example 4 with AffirmativeBased

use of org.springframework.security.access.vote.AffirmativeBased in project motech by motech.

the class SecurityRuleBuilder method addFilterSecurityInterceptor.

private void addFilterSecurityInterceptor(List<Filter> filters, MotechURLSecurityRule securityRule) {
    Map<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
    List<AccessDecisionVoter> voters = new ArrayList<>();
    Collection<ConfigAttribute> configAtts = new ArrayList<>();
    if (CollectionUtils.isEmpty(securityRule.getPermissionAccess()) && CollectionUtils.isEmpty(securityRule.getUserAccess())) {
        configAtts.add(new SecurityConfig("IS_AUTHENTICATED_FULLY"));
        AuthenticatedVoter authVoter = new AuthenticatedVoter();
        voters.add(authVoter);
    } else {
        if (!CollectionUtils.isEmpty(securityRule.getPermissionAccess())) {
            for (String permission : securityRule.getPermissionAccess()) {
                configAtts.add(new SecurityConfig(permission));
            }
        }
        if (!CollectionUtils.isEmpty(securityRule.getUserAccess())) {
            for (String userAccess : securityRule.getUserAccess()) {
                configAtts.add(new SecurityConfig(SecurityConfigConstants.USER_ACCESS_PREFIX + userAccess));
            }
        }
    }
    buildRequestMap(requestMap, configAtts, securityRule);
    FilterInvocationSecurityMetadataSource metadataSource = new DefaultFilterInvocationSecurityMetadataSource((LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>) requestMap);
    FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
    interceptor.setSecurityMetadataSource(metadataSource);
    RoleVoter roleVoter = new RoleVoter();
    roleVoter.setRolePrefix(SecurityConfigConstants.ROLE_ACCESS_PREFIX);
    voters.add(roleVoter);
    voters.add(new MotechAccessVoter());
    AccessDecisionManager decisionManager = new AffirmativeBased(voters);
    interceptor.setAccessDecisionManager(decisionManager);
    interceptor.setAuthenticationManager(authenticationManager);
    filters.add(interceptor);
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) AccessDecisionManager(org.springframework.security.access.AccessDecisionManager) ConfigAttribute(org.springframework.security.access.ConfigAttribute) FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor) ArrayList(java.util.ArrayList) RoleVoter(org.springframework.security.access.vote.RoleVoter) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter) DefaultFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource) FilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource) LinkedHashMap(java.util.LinkedHashMap) AuthenticatedVoter(org.springframework.security.access.vote.AuthenticatedVoter) SecurityConfig(org.springframework.security.access.SecurityConfig) MotechAccessVoter(org.motechproject.security.authentication.MotechAccessVoter) AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) Collection(java.util.Collection) DefaultFilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource)

Example 5 with AffirmativeBased

use of org.springframework.security.access.vote.AffirmativeBased in project molgenis by molgenis.

the class WebAppSecurityConfig method configureUrlAuthorization.

// TODO automate URL authorization configuration (ticket #2133)
@Override
protected void configureUrlAuthorization(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) {
    List<AccessDecisionVoter<?>> listOfVoters = new ArrayList<>();
    listOfVoters.add(new WebExpressionVoter());
    listOfVoters.add(new MolgenisAccessDecisionVoter());
    expressionInterceptUrlRegistry.accessDecisionManager(new AffirmativeBased(listOfVoters));
    expressionInterceptUrlRegistry.antMatchers("/").permitAll().antMatchers("/fdp/**").permitAll().antMatchers("/annotators/**").authenticated();
}
Also used : MolgenisAccessDecisionVoter(org.molgenis.core.ui.security.MolgenisAccessDecisionVoter) AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) ArrayList(java.util.ArrayList) MolgenisAccessDecisionVoter(org.molgenis.core.ui.security.MolgenisAccessDecisionVoter) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter) WebExpressionVoter(org.springframework.security.web.access.expression.WebExpressionVoter)

Aggregations

AffirmativeBased (org.springframework.security.access.vote.AffirmativeBased)14 ArrayList (java.util.ArrayList)9 AccessDecisionVoter (org.springframework.security.access.AccessDecisionVoter)9 RoleVoter (org.springframework.security.access.vote.RoleVoter)8 Bean (org.springframework.context.annotation.Bean)4 PreInvocationAuthorizationAdviceVoter (org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)4 ExpressionBasedPreInvocationAdvice (org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice)3 List (java.util.List)2 AccessDecisionManager (org.springframework.security.access.AccessDecisionManager)2 ConfigAttribute (org.springframework.security.access.ConfigAttribute)2 SecurityConfig (org.springframework.security.access.SecurityConfig)2 SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)2 AspectJMethodSecurityInterceptor (org.springframework.security.access.intercept.aspectj.AspectJMethodSecurityInterceptor)2 AuthenticatedVoter (org.springframework.security.access.vote.AuthenticatedVoter)2 MessageExpressionVoter (org.springframework.security.messaging.access.expression.MessageExpressionVoter)2 ChannelSecurityInterceptor (org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor)2 WebExpressionVoter (org.springframework.security.web.access.expression.WebExpressionVoter)2 InetAddress (java.net.InetAddress)1 Collection (java.util.Collection)1 LinkedHashMap (java.util.LinkedHashMap)1