Example 46 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project spring-security-oauth by spring-projects.
the class OAuth2WebSecurityExpressionHandlerTests method testNonOauthClient.
@Test
public void testNonOauthClient() throws Exception {
Authentication clientAuthentication = new UsernamePasswordAuthenticationToken("foo", "bar");
FilterInvocation invocation = new FilterInvocation("/foo", "GET");
Expression expression = handler.getExpressionParser().parseExpression("#oauth2.clientHasAnyRole()");
assertFalse((Boolean) expression.getValue(handler.createEvaluationContext(clientAuthentication, invocation)));
}
Also used :
Expression(org.springframework.expression.Expression)
OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication)
Authentication(org.springframework.security.core.Authentication)
UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Test(org.junit.Test)
Example 47 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project midpoint by Evolveum.
the class SecurityEnforcerImpl method decide.
/**
* Spring security method. It is practically applicable only for simple cases.
*/
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
if (object instanceof MethodInvocation) {
MethodInvocation methodInvocation = (MethodInvocation) object;
// TODO
} else if (object instanceof FilterInvocation) {
FilterInvocation filterInvocation = (FilterInvocation) object;
// TODO
} else {
SecurityUtil.logSecurityDeny(object, ": Unknown type of secure object");
throw new IllegalArgumentException("Unknown type of secure object");
}
Object principalObject = authentication.getPrincipal();
if (!(principalObject instanceof MidPointPrincipal)) {
if (authentication.getPrincipal() instanceof String && "anonymousUser".equals(principalObject)) {
SecurityUtil.logSecurityDeny(object, ": Not logged in");
throw new InsufficientAuthenticationException("Not logged in.");
}
throw new IllegalArgumentException("Expected that spring security principal will be of type " + MidPointPrincipal.class.getName() + " but it was " + principalObject.getClass());
}
Collection<String> configActions = SecurityUtil.getActions(configAttributes);
for (String configAction : configActions) {
boolean isAuthorized;
try {
isAuthorized = isAuthorized(configAction, null, null, null, null, null);
} catch (SchemaException e) {
throw new SystemException(e.getMessage(), e);
}
if (isAuthorized) {
return;
}
}
SecurityUtil.logSecurityDeny(object, ": Not authorized", null, configActions);
// Better message is logged.
throw new AccessDeniedException("Not authorized");
}
Also used :
SchemaException(com.evolveum.midpoint.util.exception.SchemaException)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SystemException(com.evolveum.midpoint.util.exception.SystemException)
MethodInvocation(org.aopalliance.intercept.MethodInvocation)
FilterInvocation(org.springframework.security.web.FilterInvocation)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
Example 48 with FilterInvocation
use of org.springframework.security.web.FilterInvocation in project midpoint by Evolveum.
the class MidPointGuiAuthorizationEvaluator method decide.
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
if (!(object instanceof FilterInvocation)) {
return;
}
FilterInvocation filterInvocation = (FilterInvocation) object;
Collection<ConfigAttribute> guiConfigAttr = new ArrayList<>();
for (PageUrlMapping urlMapping : PageUrlMapping.values()) {
addSecurityConfig(filterInvocation, guiConfigAttr, urlMapping.getUrl(), urlMapping.getAction());
}
Map<String, DisplayableValue<String>[]> actions = DescriptorLoader.getActions();
for (Map.Entry<String, DisplayableValue<String>[]> entry : actions.entrySet()) {
addSecurityConfig(filterInvocation, guiConfigAttr, entry.getKey(), entry.getValue());
}
if (configAttributes == null || guiConfigAttr.isEmpty()) {
return;
}
Collection<ConfigAttribute> configAttributesToUse = guiConfigAttr;
if (guiConfigAttr.isEmpty()) {
configAttributesToUse = configAttributes;
}
try {
securityEnforcer.decide(authentication, object, configAttributesToUse);
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("DECIDE: authentication={}, object={}, configAttributesToUse={}: OK", authentication, object, configAttributesToUse);
}
} catch (AccessDeniedException | InsufficientAuthenticationException e) {
if (LOGGER.isTraceEnabled()) {
LOGGER.trace("DECIDE: authentication={}, object={}, configAttributesToUse={}: {}", authentication, object, configAttributesToUse, e);
}
throw e;
}
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
ArrayList(java.util.ArrayList)
FilterInvocation(org.springframework.security.web.FilterInvocation)
InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException)
Map(java.util.Map)
Aggregations
FilterInvocation (org.springframework.security.web.FilterInvocation)48
Test (org.junit.Test)32
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)20
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)18
FilterChain (javax.servlet.FilterChain)16
ConfigAttribute (org.springframework.security.access.ConfigAttribute)15
Authentication (org.springframework.security.core.Authentication)10
Expression (org.springframework.expression.Expression)7
OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
AccessDeniedException (org.springframework.security.access.AccessDeniedException)4
List (java.util.List)3
Vector (java.util.Vector)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)3
UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3
ArrayList (java.util.ArrayList)2
Collection (java.util.Collection)2
LinkedHashMap (java.util.LinkedHashMap)2
EvaluationContext (org.springframework.expression.EvaluationContext)2
