Example 1 with MatcherType
use of org.springframework.security.config.http.MatcherType in project spring-security-oauth by spring-projects.
the class ConfigUtils method createSecurityMetadataSource.
public static BeanDefinition createSecurityMetadataSource(Element element, ParserContext pc) {
List<Element> filterPatterns = DomUtils.getChildElementsByTagName(element, "url");
if (filterPatterns.isEmpty()) {
return null;
}
String patternType = element.getAttribute("path-type");
if (!StringUtils.hasText(patternType)) {
patternType = "ant";
}
MatcherType matcherType = MatcherType.valueOf(patternType);
ManagedMap<BeanDefinition, BeanDefinition> invocationDefinitionMap = new ManagedMap<BeanDefinition, BeanDefinition>();
for (Element filterPattern : filterPatterns) {
String path = filterPattern.getAttribute("pattern");
if (!StringUtils.hasText(path)) {
pc.getReaderContext().error("pattern attribute cannot be empty or null", filterPattern);
}
String method = filterPattern.getAttribute("httpMethod");
if (!StringUtils.hasText(method)) {
method = null;
}
String access = filterPattern.getAttribute("resources");
if (StringUtils.hasText(access)) {
BeanDefinition matcher = matcherType.createMatcher(path, method);
if (access.equals("none")) {
invocationDefinitionMap.put(matcher, BeanDefinitionBuilder.rootBeanDefinition(Collections.class).setFactoryMethod("emptyList").getBeanDefinition());
} else {
BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
attributeBuilder.addConstructorArgValue(access);
attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
if (invocationDefinitionMap.containsKey(matcher)) {
pc.getReaderContext().warning("Duplicate URL defined: " + path + ". The original attribute values will be overwritten", pc.extractSource(filterPattern));
}
invocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
}
}
}
BeanDefinitionBuilder fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
fidsBuilder.addConstructorArgValue(invocationDefinitionMap);
fidsBuilder.getRawBeanDefinition().setSource(pc.extractSource(element));
return fidsBuilder.getBeanDefinition();
}
Also used :
BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder)
BeanMetadataElement(org.springframework.beans.BeanMetadataElement)
Element(org.w3c.dom.Element)
MatcherType(org.springframework.security.config.http.MatcherType)
BeanDefinition(org.springframework.beans.factory.config.BeanDefinition)
Collections(java.util.Collections)
ManagedMap(org.springframework.beans.factory.support.ManagedMap)
Example 2 with MatcherType
use of org.springframework.security.config.http.MatcherType in project spring-security-oauth by spring-projects.
the class ConfigUtils method createSecurityMetadataSource.
public static BeanDefinition createSecurityMetadataSource(Element element, ParserContext pc) {
List<Element> filterPatterns = DomUtils.getChildElementsByTagName(element, "url");
if (filterPatterns.isEmpty()) {
return null;
}
// TODO : add support for lowercase-comparisons
String patternType = element.getAttribute("path-type");
if (!StringUtils.hasText(patternType)) {
patternType = "ant";
}
MatcherType matcherType = MatcherType.valueOf(patternType);
ManagedMap<BeanDefinition, BeanDefinition> invocationDefinitionMap = new ManagedMap<BeanDefinition, BeanDefinition>();
for (Element filterPattern : filterPatterns) {
String path = filterPattern.getAttribute("pattern");
if (!StringUtils.hasText(path)) {
pc.getReaderContext().error("pattern attribute cannot be empty or null", filterPattern);
}
String method = filterPattern.getAttribute("httpMethod");
if (!StringUtils.hasText(method)) {
method = null;
}
String access = filterPattern.getAttribute("resources");
if (StringUtils.hasText(access)) {
BeanDefinition matcher = matcherType.createMatcher(path, method);
if (access.equals("none")) {
invocationDefinitionMap.put(matcher, BeanDefinitionBuilder.rootBeanDefinition(Collections.class).setFactoryMethod("emptyList").getBeanDefinition());
} else {
BeanDefinitionBuilder attributeBuilder = BeanDefinitionBuilder.rootBeanDefinition(SecurityConfig.class);
attributeBuilder.addConstructorArgValue(access);
attributeBuilder.setFactoryMethod("createListFromCommaDelimitedString");
if (invocationDefinitionMap.containsKey(matcher)) {
pc.getReaderContext().warning("Duplicate URL defined: " + path + ". The original attribute values will be overwritten", pc.extractSource(filterPattern));
}
invocationDefinitionMap.put(matcher, attributeBuilder.getBeanDefinition());
}
}
}
BeanDefinitionBuilder fidsBuilder = BeanDefinitionBuilder.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
fidsBuilder.addConstructorArgValue(invocationDefinitionMap);
fidsBuilder.getRawBeanDefinition().setSource(pc.extractSource(element));
return fidsBuilder.getBeanDefinition();
}
Also used :
BeanDefinitionBuilder(org.springframework.beans.factory.support.BeanDefinitionBuilder)
BeanMetadataElement(org.springframework.beans.BeanMetadataElement)
Element(org.w3c.dom.Element)
MatcherType(org.springframework.security.config.http.MatcherType)
BeanDefinition(org.springframework.beans.factory.config.BeanDefinition)
Collections(java.util.Collections)
ManagedMap(org.springframework.beans.factory.support.ManagedMap)
Aggregations
Collections (java.util.Collections)2
BeanMetadataElement (org.springframework.beans.BeanMetadataElement)2
BeanDefinition (org.springframework.beans.factory.config.BeanDefinition)2
BeanDefinitionBuilder (org.springframework.beans.factory.support.BeanDefinitionBuilder)2
ManagedMap (org.springframework.beans.factory.support.ManagedMap)2
MatcherType (org.springframework.security.config.http.MatcherType)2
Element (org.w3c.dom.Element)2
