Examples with ChannelSecurityInterceptor org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor used on opensource projects

Search in sources :

Example 1 with ChannelSecurityInterceptor

use of org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor in project spring-security by spring-projects.

the class AbstractSecurityWebSocketMessageBrokerConfigurer method configureClientInboundChannel.

@Override
public final void configureClientInboundChannel(ChannelRegistration registration) {
    ChannelSecurityInterceptor inboundChannelSecurity = this.context.getBean(ChannelSecurityInterceptor.class);
    registration.interceptors(this.context.getBean(SecurityContextChannelInterceptor.class));
    if (!sameOriginDisabled()) {
        registration.interceptors(this.context.getBean(CsrfChannelInterceptor.class));
    }
    if (this.inboundRegistry.containsMapping()) {
        registration.interceptors(inboundChannelSecurity);
    }
    customizeClientInboundChannel(registration);
}
Also used : SecurityContextChannelInterceptor(org.springframework.security.messaging.context.SecurityContextChannelInterceptor) CsrfChannelInterceptor(org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor) ChannelSecurityInterceptor(org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor)

Example 2 with ChannelSecurityInterceptor

use of org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor in project spring-security by spring-projects.

the class AbstractSecurityWebSocketMessageBrokerConfigurerTests method inboundChannelSecurityDefinedByBean.

@Test
public void inboundChannelSecurityDefinedByBean() {
    loadConfig(SockJsProxylessSecurityConfig.class);
    MessageChannel messageChannel = clientInboundChannel();
    ChannelSecurityInterceptor inboundChannelSecurity = this.context.getBean(ChannelSecurityInterceptor.class);
    assertThat(((AbstractMessageChannel) messageChannel).getInterceptors()).contains(inboundChannelSecurity);
}
Also used : MessageChannel(org.springframework.messaging.MessageChannel) AbstractMessageChannel(org.springframework.messaging.support.AbstractMessageChannel) AbstractMessageChannel(org.springframework.messaging.support.AbstractMessageChannel) ChannelSecurityInterceptor(org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor) Test(org.junit.jupiter.api.Test)

Example 3 with ChannelSecurityInterceptor

use of org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor in project spring-security by spring-projects.

the class AbstractSecurityWebSocketMessageBrokerConfigurer method inboundChannelSecurity.

@Bean
public ChannelSecurityInterceptor inboundChannelSecurity() {
    ChannelSecurityInterceptor channelSecurityInterceptor = new ChannelSecurityInterceptor(inboundMessageSecurityMetadataSource());
    MessageExpressionVoter<Object> voter = new MessageExpressionVoter<Object>();
    voter.setExpressionHandler(getMessageExpressionHandler());
    List<AccessDecisionVoter<? extends Object>> voters = new ArrayList<AccessDecisionVoter<? extends Object>>();
    voters.add(voter);
    AffirmativeBased manager = new AffirmativeBased(voters);
    channelSecurityInterceptor.setAccessDecisionManager(manager);
    return channelSecurityInterceptor;
}
Also used : MessageExpressionVoter(org.springframework.security.messaging.access.expression.MessageExpressionVoter) AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) ArrayList(java.util.ArrayList) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter) ChannelSecurityInterceptor(org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor) Bean(org.springframework.context.annotation.Bean)

Example 4 with ChannelSecurityInterceptor

use of org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor in project spring-security by spring-projects.

the class AbstractSecurityWebSocketMessageBrokerConfigurer method inboundChannelSecurity.

@Bean
public ChannelSecurityInterceptor inboundChannelSecurity(MessageSecurityMetadataSource messageSecurityMetadataSource) {
    ChannelSecurityInterceptor channelSecurityInterceptor = new ChannelSecurityInterceptor(messageSecurityMetadataSource);
    MessageExpressionVoter<Object> voter = new MessageExpressionVoter<>();
    voter.setExpressionHandler(getMessageExpressionHandler());
    List<AccessDecisionVoter<?>> voters = new ArrayList<>();
    voters.add(voter);
    AffirmativeBased manager = new AffirmativeBased(voters);
    channelSecurityInterceptor.setAccessDecisionManager(manager);
    return channelSecurityInterceptor;
}
Also used : MessageExpressionVoter(org.springframework.security.messaging.access.expression.MessageExpressionVoter) AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) ArrayList(java.util.ArrayList) AccessDecisionVoter(org.springframework.security.access.AccessDecisionVoter) ChannelSecurityInterceptor(org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor) Bean(org.springframework.context.annotation.Bean)

Example 5 with ChannelSecurityInterceptor

use of org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor in project spring-security by spring-projects.

the class AbstractSecurityWebSocketMessageBrokerConfigurerTests method channelSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled.

@Test
public void channelSecurityInterceptorUsesMetadataSourceBeanWhenProxyingDisabled() {
    loadConfig(SockJsProxylessSecurityConfig.class);
    ChannelSecurityInterceptor channelSecurityInterceptor = this.context.getBean(ChannelSecurityInterceptor.class);
    MessageSecurityMetadataSource messageSecurityMetadataSource = this.context.getBean(MessageSecurityMetadataSource.class);
    assertThat(channelSecurityInterceptor.obtainSecurityMetadataSource()).isSameAs(messageSecurityMetadataSource);
}
Also used : MessageSecurityMetadataSource(org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource) ChannelSecurityInterceptor(org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor) Test(org.junit.jupiter.api.Test)

Aggregations

ChannelSecurityInterceptor (org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor)5 ArrayList (java.util.ArrayList)2 Test (org.junit.jupiter.api.Test)2 Bean (org.springframework.context.annotation.Bean)2 AccessDecisionVoter (org.springframework.security.access.AccessDecisionVoter)2 AffirmativeBased (org.springframework.security.access.vote.AffirmativeBased)2 MessageExpressionVoter (org.springframework.security.messaging.access.expression.MessageExpressionVoter)2 MessageChannel (org.springframework.messaging.MessageChannel)1 AbstractMessageChannel (org.springframework.messaging.support.AbstractMessageChannel)1 MessageSecurityMetadataSource (org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource)1 SecurityContextChannelInterceptor (org.springframework.security.messaging.context.SecurityContextChannelInterceptor)1 CsrfChannelInterceptor (org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial