Example 1 with GrantedAuthorityDefaults
use of org.springframework.security.config.core.GrantedAuthorityDefaults in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method afterSingletonsInstantiated.
@Override
public void afterSingletonsInstantiated() {
try {
initializeMethodSecurityInterceptor();
} catch (Exception ex) {
throw new RuntimeException(ex);
}
PermissionEvaluator permissionEvaluator = getSingleBeanOrNull(PermissionEvaluator.class);
if (permissionEvaluator != null) {
this.defaultMethodExpressionHandler.setPermissionEvaluator(permissionEvaluator);
}
RoleHierarchy roleHierarchy = getSingleBeanOrNull(RoleHierarchy.class);
if (roleHierarchy != null) {
this.defaultMethodExpressionHandler.setRoleHierarchy(roleHierarchy);
}
AuthenticationTrustResolver trustResolver = getSingleBeanOrNull(AuthenticationTrustResolver.class);
if (trustResolver != null) {
this.defaultMethodExpressionHandler.setTrustResolver(trustResolver);
}
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaults != null) {
this.defaultMethodExpressionHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
this.defaultMethodExpressionHandler = this.objectPostProcessor.postProcess(this.defaultMethodExpressionHandler);
}
Also used :
PermissionEvaluator(org.springframework.security.access.PermissionEvaluator)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
RoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
BeansException(org.springframework.beans.BeansException)
NoSuchBeanDefinitionException(org.springframework.beans.factory.NoSuchBeanDefinitionException)
Example 2 with GrantedAuthorityDefaults
use of org.springframework.security.config.core.GrantedAuthorityDefaults in project spring-security by spring-projects.
the class ServletApiConfigurer method configure.
@Override
@SuppressWarnings("unchecked")
public void configure(H http) {
this.securityContextRequestFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
ExceptionHandlingConfigurer<H> exceptionConf = http.getConfigurer(ExceptionHandlingConfigurer.class);
AuthenticationEntryPoint authenticationEntryPoint = (exceptionConf != null) ? exceptionConf.getAuthenticationEntryPoint(http) : null;
this.securityContextRequestFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
LogoutConfigurer<H> logoutConf = http.getConfigurer(LogoutConfigurer.class);
List<LogoutHandler> logoutHandlers = (logoutConf != null) ? logoutConf.getLogoutHandlers() : null;
this.securityContextRequestFilter.setLogoutHandlers(logoutHandlers);
AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
if (trustResolver != null) {
this.securityContextRequestFilter.setTrustResolver(trustResolver);
}
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
if (context != null) {
String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaultsBeanNames.length == 1) {
GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
this.securityContextRequestFilter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
}
this.securityContextRequestFilter = postProcess(this.securityContextRequestFilter);
http.addFilter(this.securityContextRequestFilter);
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
ApplicationContext(org.springframework.context.ApplicationContext)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)
LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
Example 3 with GrantedAuthorityDefaults
use of org.springframework.security.config.core.GrantedAuthorityDefaults in project spring-security by spring-projects.
the class ExpressionUrlAuthorizationConfigurer method getExpressionHandler.
private SecurityExpressionHandler<FilterInvocation> getExpressionHandler(H http) {
if (this.expressionHandler != null) {
return this.expressionHandler;
}
DefaultWebSecurityExpressionHandler defaultHandler = new DefaultWebSecurityExpressionHandler();
AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
if (trustResolver != null) {
defaultHandler.setTrustResolver(trustResolver);
}
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
if (context != null) {
String[] roleHiearchyBeanNames = context.getBeanNamesForType(RoleHierarchy.class);
if (roleHiearchyBeanNames.length == 1) {
defaultHandler.setRoleHierarchy(context.getBean(roleHiearchyBeanNames[0], RoleHierarchy.class));
}
String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaultsBeanNames.length == 1) {
GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
defaultHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
String[] permissionEvaluatorBeanNames = context.getBeanNamesForType(PermissionEvaluator.class);
if (permissionEvaluatorBeanNames.length == 1) {
PermissionEvaluator permissionEvaluator = context.getBean(permissionEvaluatorBeanNames[0], PermissionEvaluator.class);
defaultHandler.setPermissionEvaluator(permissionEvaluator);
}
}
this.expressionHandler = postProcess(defaultHandler);
return this.expressionHandler;
}
Also used :
DefaultWebSecurityExpressionHandler(org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler)
PermissionEvaluator(org.springframework.security.access.PermissionEvaluator)
ApplicationContext(org.springframework.context.ApplicationContext)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
RoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy)
AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)
Example 4 with GrantedAuthorityDefaults
use of org.springframework.security.config.core.GrantedAuthorityDefaults in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method methodSecurityMetadataSource.
/**
* Provides the default {@link MethodSecurityMetadataSource} that will be used. It
* creates a {@link DelegatingMethodSecurityMetadataSource} based upon
* {@link #customMethodSecurityMetadataSource()} and the attributes on
* {@link EnableGlobalMethodSecurity}.
* @return the {@link MethodSecurityMetadataSource}
*/
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public MethodSecurityMetadataSource methodSecurityMetadataSource() {
List<MethodSecurityMetadataSource> sources = new ArrayList<>();
ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(getExpressionHandler());
MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
if (customMethodSecurityMetadataSource != null) {
sources.add(customMethodSecurityMetadataSource);
}
boolean hasCustom = customMethodSecurityMetadataSource != null;
boolean isPrePostEnabled = prePostEnabled();
boolean isSecuredEnabled = securedEnabled();
boolean isJsr250Enabled = jsr250Enabled();
Assert.state(isPrePostEnabled || isSecuredEnabled || isJsr250Enabled || hasCustom, "In the composition of all global method configuration, " + "no annotation support was actually activated");
if (isPrePostEnabled) {
sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
}
if (isSecuredEnabled) {
sources.add(new SecuredAnnotationSecurityMetadataSource());
}
if (isJsr250Enabled) {
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource = this.context.getBean(Jsr250MethodSecurityMetadataSource.class);
if (grantedAuthorityDefaults != null) {
jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
sources.add(jsr250MethodSecurityMetadataSource);
}
return new DelegatingMethodSecurityMetadataSource(sources);
}
Also used :
SecuredAnnotationSecurityMetadataSource(org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)
ExpressionBasedAnnotationAttributeFactory(org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
ArrayList(java.util.ArrayList)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
MethodSecurityMetadataSource(org.springframework.security.access.method.MethodSecurityMetadataSource)
Jsr250MethodSecurityMetadataSource(org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)
DelegatingMethodSecurityMetadataSource(org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)
PrePostAnnotationSecurityMetadataSource(org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)
Role(org.springframework.context.annotation.Role)
Bean(org.springframework.context.annotation.Bean)
Example 5 with GrantedAuthorityDefaults
use of org.springframework.security.config.core.GrantedAuthorityDefaults in project spring-security by spring-projects.
the class GlobalMethodSecurityConfiguration method accessDecisionManager.
/**
* Allows subclasses to provide a custom {@link AccessDecisionManager}. The default is
* a {@link AffirmativeBased} with the following voters:
*
* <ul>
* <li>{@link PreInvocationAuthorizationAdviceVoter}</li>
* <li>{@link RoleVoter}</li>
* <li>{@link AuthenticatedVoter}</li>
* </ul>
* @return the {@link AccessDecisionManager} to use
*/
protected AccessDecisionManager accessDecisionManager() {
List<AccessDecisionVoter<?>> decisionVoters = new ArrayList<>();
if (prePostEnabled()) {
ExpressionBasedPreInvocationAdvice expressionAdvice = new ExpressionBasedPreInvocationAdvice();
expressionAdvice.setExpressionHandler(getExpressionHandler());
decisionVoters.add(new PreInvocationAuthorizationAdviceVoter(expressionAdvice));
}
if (jsr250Enabled()) {
decisionVoters.add(new Jsr250Voter());
}
RoleVoter roleVoter = new RoleVoter();
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
if (grantedAuthorityDefaults != null) {
roleVoter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
}
decisionVoters.add(roleVoter);
decisionVoters.add(new AuthenticatedVoter());
return new AffirmativeBased(decisionVoters);
}
Also used :
AuthenticatedVoter(org.springframework.security.access.vote.AuthenticatedVoter)
Jsr250Voter(org.springframework.security.access.annotation.Jsr250Voter)
GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults)
AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased)
ArrayList(java.util.ArrayList)
RoleVoter(org.springframework.security.access.vote.RoleVoter)
AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter)
ExpressionBasedPreInvocationAdvice(org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice)
PreInvocationAuthorizationAdviceVoter(org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)
Aggregations
GrantedAuthorityDefaults (org.springframework.security.config.core.GrantedAuthorityDefaults)5
AuthenticationTrustResolver (org.springframework.security.authentication.AuthenticationTrustResolver)3
ArrayList (java.util.ArrayList)2
ApplicationContext (org.springframework.context.ApplicationContext)2
PermissionEvaluator (org.springframework.security.access.PermissionEvaluator)2
RoleHierarchy (org.springframework.security.access.hierarchicalroles.RoleHierarchy)2
BeansException (org.springframework.beans.BeansException)1
NoSuchBeanDefinitionException (org.springframework.beans.factory.NoSuchBeanDefinitionException)1
Bean (org.springframework.context.annotation.Bean)1
Role (org.springframework.context.annotation.Role)1
AccessDecisionVoter (org.springframework.security.access.AccessDecisionVoter)1
Jsr250MethodSecurityMetadataSource (org.springframework.security.access.annotation.Jsr250MethodSecurityMetadataSource)1
Jsr250Voter (org.springframework.security.access.annotation.Jsr250Voter)1
SecuredAnnotationSecurityMetadataSource (org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource)1
ExpressionBasedAnnotationAttributeFactory (org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory)1
ExpressionBasedPreInvocationAdvice (org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice)1
DelegatingMethodSecurityMetadataSource (org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource)1
MethodSecurityMetadataSource (org.springframework.security.access.method.MethodSecurityMetadataSource)1
PreInvocationAuthorizationAdviceVoter (org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter)1
PrePostAnnotationSecurityMetadataSource (org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource)1
