Examples with DefaultSecurityFilterChain org.springframework.security.web.DefaultSecurityFilterChain used on opensource projects

Search in sources :

Example 1 with DefaultSecurityFilterChain

use of org.springframework.security.web.DefaultSecurityFilterChain in project spring-security by spring-projects.

the class FilterChainProxyConfigTests method mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues.

// SEC-1235
@Test
public void mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues() {
    FilterChainProxy fcp = this.appCtx.getBean("sec1235FilterChainProxy", FilterChainProxy.class);
    List<SecurityFilterChain> chains = fcp.getFilterChains();
    assertThat(getPattern(chains.get(0))).isEqualTo("/login*");
    assertThat(getPattern(chains.get(1))).isEqualTo("/logout");
    assertThat(((DefaultSecurityFilterChain) chains.get(2)).getRequestMatcher() instanceof AnyRequestMatcher).isTrue();
}
Also used : DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher) Test(org.junit.jupiter.api.Test)

Example 2 with DefaultSecurityFilterChain

use of org.springframework.security.web.DefaultSecurityFilterChain in project spring-security by spring-projects.

the class DefaultFilterChainValidatorTests method setUp.

@BeforeEach
public void setUp() {
    AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous");
    this.fsi = new FilterSecurityInterceptor();
    this.fsi.setAccessDecisionManager(this.accessDecisionManager);
    this.fsi.setSecurityMetadataSource(this.metadataSource);
    AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
    ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
    DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf, this.fsi);
    this.fcp = new FilterChainProxy(securityChain);
    this.validator = new DefaultFilterChainValidator();
    ReflectionTestUtils.setField(this.validator, "logger", this.logger);
}
Also used : FilterChainProxy(org.springframework.security.web.FilterChainProxy) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint) ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 3 with DefaultSecurityFilterChain

use of org.springframework.security.web.DefaultSecurityFilterChain in project spring-security by spring-projects.

the class DefaultFiltersTests method filterChainProxyBuilderIgnoringResources.

@Test
public void filterChainProxyBuilderIgnoringResources() {
    this.spring.register(FilterChainProxyBuilderIgnoringConfig.class, UserDetailsServiceConfig.class);
    List<SecurityFilterChain> filterChains = this.spring.getContext().getBean(FilterChainProxy.class).getFilterChains();
    assertThat(filterChains.size()).isEqualTo(2);
    DefaultSecurityFilterChain firstFilter = (DefaultSecurityFilterChain) filterChains.get(0);
    DefaultSecurityFilterChain secondFilter = (DefaultSecurityFilterChain) filterChains.get(1);
    assertThat(firstFilter.getFilters().isEmpty()).isEqualTo(true);
    assertThat(secondFilter.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class);
    List<? extends Class<? extends Filter>> classes = secondFilter.getFilters().stream().map(Filter::getClass).collect(Collectors.toList());
    assertThat(classes.contains(WebAsyncManagerIntegrationFilter.class)).isTrue();
    assertThat(classes.contains(SecurityContextPersistenceFilter.class)).isTrue();
    assertThat(classes.contains(HeaderWriterFilter.class)).isTrue();
    assertThat(classes.contains(LogoutFilter.class)).isTrue();
    assertThat(classes.contains(CsrfFilter.class)).isTrue();
    assertThat(classes.contains(RequestCacheAwareFilter.class)).isTrue();
    assertThat(classes.contains(SecurityContextHolderAwareRequestFilter.class)).isTrue();
    assertThat(classes.contains(AnonymousAuthenticationFilter.class)).isTrue();
    assertThat(classes.contains(SessionManagementFilter.class)).isTrue();
    assertThat(classes.contains(ExceptionTranslationFilter.class)).isTrue();
    assertThat(classes.contains(FilterSecurityInterceptor.class)).isTrue();
}
Also used : DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) Test(org.junit.jupiter.api.Test)

Example 4 with DefaultSecurityFilterChain

use of org.springframework.security.web.DefaultSecurityFilterChain in project spring-security by spring-projects.

the class DefaultFiltersTests method nullWebInvocationPrivilegeEvaluator.

@Test
public void nullWebInvocationPrivilegeEvaluator() {
    this.spring.register(NullWebInvocationPrivilegeEvaluatorConfig.class, UserDetailsServiceConfig.class);
    List<SecurityFilterChain> filterChains = this.spring.getContext().getBean(FilterChainProxy.class).getFilterChains();
    assertThat(filterChains.size()).isEqualTo(1);
    DefaultSecurityFilterChain filterChain = (DefaultSecurityFilterChain) filterChains.get(0);
    assertThat(filterChain.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class);
    assertThat(filterChain.getFilters().size()).isEqualTo(1);
    long filter = filterChain.getFilters().stream().filter((it) -> it instanceof UsernamePasswordAuthenticationFilter).count();
    assertThat(filter).isEqualTo(1);
}
Also used : MockFilterChain(org.springframework.mock.web.MockFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) UserDetailsService(org.springframework.security.core.userdetails.UserDetailsService) Autowired(org.springframework.beans.factory.annotation.Autowired) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) SecurityContextPersistenceFilter(org.springframework.security.web.context.SecurityContextPersistenceFilter) ServletException(jakarta.servlet.ServletException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Filter(jakarta.servlet.Filter) WebSecurityConfigurerAdapter(org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter) AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder) FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) InMemoryUserDetailsManager(org.springframework.security.provisioning.InMemoryUserDetailsManager) SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter) LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) PasswordEncodedUser(org.springframework.security.core.userdetails.PasswordEncodedUser) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) WebSecurity(org.springframework.security.config.annotation.web.builders.WebSecurity) CsrfFilter(org.springframework.security.web.csrf.CsrfFilter) SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter) IOException(java.io.IOException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Collectors(java.util.stream.Collectors) ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) Test(org.junit.jupiter.api.Test) Configuration(org.springframework.context.annotation.Configuration) List(java.util.List) RequestCacheAwareFilter(org.springframework.security.web.savedrequest.RequestCacheAwareFilter) UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter) EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity) SpringTestContext(org.springframework.security.config.test.SpringTestContext) SpringTestContextExtension(org.springframework.security.config.test.SpringTestContextExtension) HeaderWriterFilter(org.springframework.security.web.header.HeaderWriterFilter) AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher) WebAsyncManagerIntegrationFilter(org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter) Bean(org.springframework.context.annotation.Bean) CsrfToken(org.springframework.security.web.csrf.CsrfToken) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) Test(org.junit.jupiter.api.Test)

Example 5 with DefaultSecurityFilterChain

use of org.springframework.security.web.DefaultSecurityFilterChain in project spring-security by spring-projects.

the class NamespaceHttpTests method configureWhenIgnoredAntPatternsThenAntPathRequestMatcherUsedWithNoFilters.

// http@security=none
@Test
public void configureWhenIgnoredAntPatternsThenAntPathRequestMatcherUsedWithNoFilters() {
    this.spring.register(SecurityNoneConfig.class).autowire();
    FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
    assertThat(filterChainProxy.getFilterChains().get(0)).isInstanceOf(DefaultSecurityFilterChain.class);
    DefaultSecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(0);
    assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
    assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern()).isEqualTo("/resources/**");
    assertThat(securityFilterChain.getFilters()).isEmpty();
    assertThat(filterChainProxy.getFilterChains().get(1)).isInstanceOf(DefaultSecurityFilterChain.class);
    securityFilterChain = (DefaultSecurityFilterChain) filterChainProxy.getFilterChains().get(1);
    assertThat(securityFilterChain.getRequestMatcher()).isInstanceOf(AntPathRequestMatcher.class);
    assertThat(((AntPathRequestMatcher) securityFilterChain.getRequestMatcher()).getPattern()).isEqualTo("/public/**");
    assertThat(securityFilterChain.getFilters()).isEmpty();
}
Also used : FilterChainProxy(org.springframework.security.web.FilterChainProxy) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) Test(org.junit.jupiter.api.Test)

Aggregations

DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)15 FilterChainProxy (org.springframework.security.web.FilterChainProxy)13 Test (org.junit.jupiter.api.Test)9 SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)6 ArrayList (java.util.ArrayList)4 Filter (jakarta.servlet.Filter)3 Bean (org.springframework.context.annotation.Bean)3 CsrfFilter (org.springframework.security.web.csrf.CsrfFilter)3 HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)3 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)3 BeforeEach (org.junit.jupiter.api.BeforeEach)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 EnableWebSecurity (org.springframework.security.config.annotation.web.configuration.EnableWebSecurity)2 ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)2 FilterSecurityInterceptor (org.springframework.security.web.access.intercept.FilterSecurityInterceptor)2 AnonymousAuthenticationFilter (org.springframework.security.web.authentication.AnonymousAuthenticationFilter)2 UsernamePasswordAuthenticationFilter (org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter)2 AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2 AlertFilterChainProxy (com.synopsys.integration.alert.component.authentication.security.saml.AlertFilterChainProxy)1 ServletException (jakarta.servlet.ServletException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial