Example 6 with DefaultSecurityFilterChain
use of org.springframework.security.web.DefaultSecurityFilterChain in project spring-security by spring-projects.
the class WebTestUtilsTests method findFilterNoSpringSecurityFilterChainInContext.
@Test
public void findFilterNoSpringSecurityFilterChainInContext() {
loadConfig(NoSecurityConfig.class);
CsrfFilter toFind = new CsrfFilter(new HttpSessionCsrfTokenRepository());
FilterChainProxy springSecurityFilterChain = new FilterChainProxy(new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, toFind));
this.request.getServletContext().setAttribute(BeanIds.SPRING_SECURITY_FILTER_CHAIN, springSecurityFilterChain);
assertThat(WebTestUtils.findFilter(this.request, toFind.getClass())).isEqualTo(toFind);
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
CsrfFilter(org.springframework.security.web.csrf.CsrfFilter)
HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
Test(org.junit.jupiter.api.Test)
Example 7 with DefaultSecurityFilterChain
use of org.springframework.security.web.DefaultSecurityFilterChain in project open-kilda by telstra.
the class SecurityConfig method samlFilter.
@Bean
public FilterChainProxy samlFilter() throws Exception {
List<SecurityFilterChain> chains = new ArrayList<>();
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher(contextPath + SamlUrl.SAML_METADATA), metadataDisplayFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher(contextPath + SamlUrl.SAML_LOGIN), samlEntryPoint()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher(contextPath + SamlUrl.SAML_SSO), samlWebSsoProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher(contextPath + SamlUrl.SAML_LOGOUT), samlLogoutFilter()));
return new FilterChainProxy(chains);
}
Also used :
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
ArrayList(java.util.ArrayList)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
Bean(org.springframework.context.annotation.Bean)
Example 8 with DefaultSecurityFilterChain
use of org.springframework.security.web.DefaultSecurityFilterChain in project hub-alert by blackducksoftware.
the class AuthenticationHandler method samlFilter.
@Bean
public FilterChainProxy samlFilter() throws Exception {
List<SecurityFilterChain> chains = new ArrayList<>();
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), samlEntryPoint()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), samlWebSSOProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), samlLogoutFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"), samlLogoutProcessingFilter()));
return new AlertFilterChainProxy(chains, samlContext());
}
Also used :
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
ArrayList(java.util.ArrayList)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
AlertFilterChainProxy(com.synopsys.integration.alert.component.authentication.security.saml.AlertFilterChainProxy)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
Bean(org.springframework.context.annotation.Bean)
Example 9 with DefaultSecurityFilterChain
use of org.springframework.security.web.DefaultSecurityFilterChain in project spring-security by spring-projects.
the class WebSecurity method performBuild.
@Override
protected Filter performBuild() throws Exception {
Assert.state(!this.securityFilterChainBuilders.isEmpty(), () -> "At least one SecurityBuilder<? extends SecurityFilterChain> needs to be specified. " + "Typically this is done by exposing a SecurityFilterChain bean " + "or by adding a @Configuration that extends WebSecurityConfigurerAdapter. " + "More advanced users can invoke " + WebSecurity.class.getSimpleName() + ".addSecurityFilterChainBuilder directly");
int chainSize = this.ignoredRequests.size() + this.securityFilterChainBuilders.size();
List<SecurityFilterChain> securityFilterChains = new ArrayList<>(chainSize);
List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>> requestMatcherPrivilegeEvaluatorsEntries = new ArrayList<>();
for (RequestMatcher ignoredRequest : this.ignoredRequests) {
WebSecurity.this.logger.warn("You are asking Spring Security to ignore " + ignoredRequest + ". This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.");
SecurityFilterChain securityFilterChain = new DefaultSecurityFilterChain(ignoredRequest);
securityFilterChains.add(securityFilterChain);
requestMatcherPrivilegeEvaluatorsEntries.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
}
for (SecurityBuilder<? extends SecurityFilterChain> securityFilterChainBuilder : this.securityFilterChainBuilders) {
SecurityFilterChain securityFilterChain = securityFilterChainBuilder.build();
securityFilterChains.add(securityFilterChain);
requestMatcherPrivilegeEvaluatorsEntries.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
}
if (this.privilegeEvaluator == null) {
this.privilegeEvaluator = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(requestMatcherPrivilegeEvaluatorsEntries);
}
FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);
if (this.httpFirewall != null) {
filterChainProxy.setFirewall(this.httpFirewall);
}
if (this.requestRejectedHandler != null) {
filterChainProxy.setRequestRejectedHandler(this.requestRejectedHandler);
}
filterChainProxy.afterPropertiesSet();
Filter result = filterChainProxy;
if (this.debugEnabled) {
this.logger.warn("\n\n" + "********************************************************************\n" + "********** Security debugging is enabled. *************\n" + "********** This may include sensitive information. *************\n" + "********** Do not use in a production system! *************\n" + "********************************************************************\n\n");
result = new DebugFilter(filterChainProxy);
}
this.postBuildAction.run();
return result;
}
Also used :
WebInvocationPrivilegeEvaluator(org.springframework.security.web.access.WebInvocationPrivilegeEvaluator)
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator)
AuthorizationManagerWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator)
DefaultWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)
EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity)
ArrayList(java.util.ArrayList)
RequestMatcherEntry(org.springframework.security.web.util.matcher.RequestMatcherEntry)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
DebugFilter(org.springframework.security.web.debug.DebugFilter)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator)
Filter(jakarta.servlet.Filter)
DebugFilter(org.springframework.security.web.debug.DebugFilter)
AuthorizationFilter(org.springframework.security.web.access.intercept.AuthorizationFilter)
Example 10 with DefaultSecurityFilterChain
use of org.springframework.security.web.DefaultSecurityFilterChain in project spring-security by spring-projects.
the class HttpSecurity method performBuild.
@SuppressWarnings("unchecked")
@Override
protected DefaultSecurityFilterChain performBuild() {
ExpressionUrlAuthorizationConfigurer<?> expressionConfigurer = getConfigurer(ExpressionUrlAuthorizationConfigurer.class);
AuthorizeHttpRequestsConfigurer<?> httpConfigurer = getConfigurer(AuthorizeHttpRequestsConfigurer.class);
boolean oneConfigurerPresent = expressionConfigurer == null ^ httpConfigurer == null;
Assert.state((expressionConfigurer == null && httpConfigurer == null) || oneConfigurerPresent, "authorizeHttpRequests cannot be used in conjunction with authorizeRequests. Please select just one.");
this.filters.sort(OrderComparator.INSTANCE);
List<Filter> sortedFilters = new ArrayList<>(this.filters.size());
for (Filter filter : this.filters) {
sortedFilters.add(((OrderedFilter) filter).filter);
}
return new DefaultSecurityFilterChain(this.requestMatcher, sortedFilters);
}
Also used :
Filter(jakarta.servlet.Filter)
UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter)
CorsFilter(org.springframework.web.filter.CorsFilter)
ArrayList(java.util.ArrayList)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
Aggregations
DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)15
FilterChainProxy (org.springframework.security.web.FilterChainProxy)13
Test (org.junit.jupiter.api.Test)9
SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)6
ArrayList (java.util.ArrayList)4
Filter (jakarta.servlet.Filter)3
Bean (org.springframework.context.annotation.Bean)3
CsrfFilter (org.springframework.security.web.csrf.CsrfFilter)3
HttpSessionCsrfTokenRepository (org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository)3
AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)3
BeforeEach (org.junit.jupiter.api.BeforeEach)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
EnableWebSecurity (org.springframework.security.config.annotation.web.configuration.EnableWebSecurity)2
ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)2
FilterSecurityInterceptor (org.springframework.security.web.access.intercept.FilterSecurityInterceptor)2
AnonymousAuthenticationFilter (org.springframework.security.web.authentication.AnonymousAuthenticationFilter)2
UsernamePasswordAuthenticationFilter (org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter)2
AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2
AlertFilterChainProxy (com.synopsys.integration.alert.component.authentication.security.saml.AlertFilterChainProxy)1
ServletException (jakarta.servlet.ServletException)1
