Search in sources :

Example 6 with AuthenticationTrustResolver

use of org.springframework.security.authentication.AuthenticationTrustResolver in project spring-security by spring-projects.

the class ExpressionUrlAuthorizationConfigurer method getExpressionHandler.

private SecurityExpressionHandler<FilterInvocation> getExpressionHandler(H http) {
    if (expressionHandler == null) {
        DefaultWebSecurityExpressionHandler defaultHandler = new DefaultWebSecurityExpressionHandler();
        AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
        if (trustResolver != null) {
            defaultHandler.setTrustResolver(trustResolver);
        }
        ApplicationContext context = http.getSharedObject(ApplicationContext.class);
        if (context != null) {
            String[] roleHiearchyBeanNames = context.getBeanNamesForType(RoleHierarchy.class);
            if (roleHiearchyBeanNames.length == 1) {
                defaultHandler.setRoleHierarchy(context.getBean(roleHiearchyBeanNames[0], RoleHierarchy.class));
            }
            String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
            if (grantedAuthorityDefaultsBeanNames.length == 1) {
                GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
                defaultHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
            }
        }
        expressionHandler = postProcess(defaultHandler);
    }
    return expressionHandler;
}
Also used : DefaultWebSecurityExpressionHandler(org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler) ApplicationContext(org.springframework.context.ApplicationContext) GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults) RoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)

Example 7 with AuthenticationTrustResolver

use of org.springframework.security.authentication.AuthenticationTrustResolver in project spring-security by spring-projects.

the class ServletApiConfigurer method configure.

@Override
@SuppressWarnings("unchecked")
public void configure(H http) throws Exception {
    securityContextRequestFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
    ExceptionHandlingConfigurer<H> exceptionConf = http.getConfigurer(ExceptionHandlingConfigurer.class);
    AuthenticationEntryPoint authenticationEntryPoint = exceptionConf == null ? null : exceptionConf.getAuthenticationEntryPoint(http);
    securityContextRequestFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
    LogoutConfigurer<H> logoutConf = http.getConfigurer(LogoutConfigurer.class);
    List<LogoutHandler> logoutHandlers = logoutConf == null ? null : logoutConf.getLogoutHandlers();
    securityContextRequestFilter.setLogoutHandlers(logoutHandlers);
    AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
    if (trustResolver != null) {
        securityContextRequestFilter.setTrustResolver(trustResolver);
    }
    ApplicationContext context = http.getSharedObject(ApplicationContext.class);
    if (context != null) {
        String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
        if (grantedAuthorityDefaultsBeanNames.length == 1) {
            GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
            securityContextRequestFilter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
        }
    }
    securityContextRequestFilter = postProcess(securityContextRequestFilter);
    http.addFilter(securityContextRequestFilter);
}
Also used : AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) ApplicationContext(org.springframework.context.ApplicationContext) GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)

Example 8 with AuthenticationTrustResolver

use of org.springframework.security.authentication.AuthenticationTrustResolver in project spring-security by spring-projects.

the class SessionManagementConfigurer method configure.

@Override
public void configure(H http) throws Exception {
    SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class);
    SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(securityContextRepository, getSessionAuthenticationStrategy(http));
    if (this.sessionAuthenticationErrorUrl != null) {
        sessionManagementFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(this.sessionAuthenticationErrorUrl));
    }
    InvalidSessionStrategy strategy = getInvalidSessionStrategy();
    if (strategy != null) {
        sessionManagementFilter.setInvalidSessionStrategy(strategy);
    }
    AuthenticationFailureHandler failureHandler = getSessionAuthenticationFailureHandler();
    if (failureHandler != null) {
        sessionManagementFilter.setAuthenticationFailureHandler(failureHandler);
    }
    AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
    if (trustResolver != null) {
        sessionManagementFilter.setTrustResolver(trustResolver);
    }
    sessionManagementFilter = postProcess(sessionManagementFilter);
    http.addFilter(sessionManagementFilter);
    if (isConcurrentSessionControlEnabled()) {
        ConcurrentSessionFilter concurrentSessionFilter = createConccurencyFilter(http);
        concurrentSessionFilter = postProcess(concurrentSessionFilter);
        http.addFilter(concurrentSessionFilter);
    }
}
Also used : SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter) ConcurrentSessionFilter(org.springframework.security.web.session.ConcurrentSessionFilter) SimpleRedirectInvalidSessionStrategy(org.springframework.security.web.session.SimpleRedirectInvalidSessionStrategy) InvalidSessionStrategy(org.springframework.security.web.session.InvalidSessionStrategy) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver) NullSecurityContextRepository(org.springframework.security.web.context.NullSecurityContextRepository) HttpSessionSecurityContextRepository(org.springframework.security.web.context.HttpSessionSecurityContextRepository) SecurityContextRepository(org.springframework.security.web.context.SecurityContextRepository) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler) AuthenticationFailureHandler(org.springframework.security.web.authentication.AuthenticationFailureHandler) SimpleUrlAuthenticationFailureHandler(org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler)

Aggregations

AuthenticationTrustResolver (org.springframework.security.authentication.AuthenticationTrustResolver)8 Test (org.junit.Test)3 GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)3 SecurityContextRepository (org.springframework.security.web.context.SecurityContextRepository)3 ApplicationContext (org.springframework.context.ApplicationContext)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 RoleHierarchy (org.springframework.security.access.hierarchicalroles.RoleHierarchy)2 HttpSessionSecurityContextRepository (org.springframework.security.web.context.HttpSessionSecurityContextRepository)2 NullSecurityContextRepository (org.springframework.security.web.context.NullSecurityContextRepository)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)1 MockFilterChain (org.springframework.mock.web.MockFilterChain)1 PermissionEvaluator (org.springframework.security.access.PermissionEvaluator)1 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1 Authentication (org.springframework.security.core.Authentication)1 SecurityContext (org.springframework.security.core.context.SecurityContext)1 AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)1 DefaultWebSecurityExpressionHandler (org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler)1 AuthenticationFailureHandler (org.springframework.security.web.authentication.AuthenticationFailureHandler)1