Examples with SecurityFilterChain org.springframework.security.web.SecurityFilterChain used on opensource projects

Search in sources :

Example 1 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project motech by motech.

the class SecurityRuleBuilderTest method testMinimalRequirements.

@Test
public void testMinimalRequirements() {
    MotechURLSecurityRule securityRule = new MotechURLSecurityRule();
    securityRule.setPattern("pattern");
    securityRule.setProtocol(HTTP);
    securityRule.setSupportedSchemes(Arrays.asList(USERNAME_PASSWORD));
    securityRule.setMethodsRequired(Arrays.asList(ANY));
    SecurityFilterChain filterChain = securityBuilder.buildSecurityChain(securityRule, GET);
    assertNotNull(filterChain);
    assertEquals(10, filterChain.getFilters().size());
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) MotechURLSecurityRule(org.motechproject.security.domain.MotechURLSecurityRule) Test(org.junit.Test)

Example 2 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project spring-security by spring-projects.

the class DefaultFilterChainValidator method validate.

@Override
public void validate(FilterChainProxy fcp) {
    for (SecurityFilterChain filterChain : fcp.getFilterChains()) {
        checkLoginPageIsntProtected(fcp, filterChain.getFilters());
        checkFilterStack(filterChain.getFilters());
    }
    checkPathOrder(new ArrayList<>(fcp.getFilterChains()));
    checkForDuplicateMatchers(new ArrayList<>(fcp.getFilterChains()));
}
Also used : DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)

Example 3 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project spring-security by spring-projects.

the class FilterChainProxyConfigTests method mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues.

// SEC-1235
@Test
public void mixingPatternsAndPlaceholdersDoesntCauseOrderingIssues() {
    FilterChainProxy fcp = this.appCtx.getBean("sec1235FilterChainProxy", FilterChainProxy.class);
    List<SecurityFilterChain> chains = fcp.getFilterChains();
    assertThat(getPattern(chains.get(0))).isEqualTo("/login*");
    assertThat(getPattern(chains.get(1))).isEqualTo("/logout");
    assertThat(((DefaultSecurityFilterChain) chains.get(2)).getRequestMatcher() instanceof AnyRequestMatcher).isTrue();
}
Also used : DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher) Test(org.junit.jupiter.api.Test)

Example 4 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project spring-security by spring-projects.

the class DefaultFiltersTests method filterChainProxyBuilderIgnoringResources.

@Test
public void filterChainProxyBuilderIgnoringResources() {
    this.spring.register(FilterChainProxyBuilderIgnoringConfig.class, UserDetailsServiceConfig.class);
    List<SecurityFilterChain> filterChains = this.spring.getContext().getBean(FilterChainProxy.class).getFilterChains();
    assertThat(filterChains.size()).isEqualTo(2);
    DefaultSecurityFilterChain firstFilter = (DefaultSecurityFilterChain) filterChains.get(0);
    DefaultSecurityFilterChain secondFilter = (DefaultSecurityFilterChain) filterChains.get(1);
    assertThat(firstFilter.getFilters().isEmpty()).isEqualTo(true);
    assertThat(secondFilter.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class);
    List<? extends Class<? extends Filter>> classes = secondFilter.getFilters().stream().map(Filter::getClass).collect(Collectors.toList());
    assertThat(classes.contains(WebAsyncManagerIntegrationFilter.class)).isTrue();
    assertThat(classes.contains(SecurityContextPersistenceFilter.class)).isTrue();
    assertThat(classes.contains(HeaderWriterFilter.class)).isTrue();
    assertThat(classes.contains(LogoutFilter.class)).isTrue();
    assertThat(classes.contains(CsrfFilter.class)).isTrue();
    assertThat(classes.contains(RequestCacheAwareFilter.class)).isTrue();
    assertThat(classes.contains(SecurityContextHolderAwareRequestFilter.class)).isTrue();
    assertThat(classes.contains(AnonymousAuthenticationFilter.class)).isTrue();
    assertThat(classes.contains(SessionManagementFilter.class)).isTrue();
    assertThat(classes.contains(ExceptionTranslationFilter.class)).isTrue();
    assertThat(classes.contains(FilterSecurityInterceptor.class)).isTrue();
}
Also used : DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) Test(org.junit.jupiter.api.Test)

Example 5 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project spring-security by spring-projects.

the class DefaultFiltersTests method nullWebInvocationPrivilegeEvaluator.

@Test
public void nullWebInvocationPrivilegeEvaluator() {
    this.spring.register(NullWebInvocationPrivilegeEvaluatorConfig.class, UserDetailsServiceConfig.class);
    List<SecurityFilterChain> filterChains = this.spring.getContext().getBean(FilterChainProxy.class).getFilterChains();
    assertThat(filterChains.size()).isEqualTo(1);
    DefaultSecurityFilterChain filterChain = (DefaultSecurityFilterChain) filterChains.get(0);
    assertThat(filterChain.getRequestMatcher()).isInstanceOf(AnyRequestMatcher.class);
    assertThat(filterChain.getFilters().size()).isEqualTo(1);
    long filter = filterChain.getFilters().stream().filter((it) -> it instanceof UsernamePasswordAuthenticationFilter).count();
    assertThat(filter).isEqualTo(1);
}
Also used : MockFilterChain(org.springframework.mock.web.MockFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) UserDetailsService(org.springframework.security.core.userdetails.UserDetailsService) Autowired(org.springframework.beans.factory.annotation.Autowired) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) SecurityContextPersistenceFilter(org.springframework.security.web.context.SecurityContextPersistenceFilter) ServletException(jakarta.servlet.ServletException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Filter(jakarta.servlet.Filter) WebSecurityConfigurerAdapter(org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter) AuthenticationManagerBuilder(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder) FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) InMemoryUserDetailsManager(org.springframework.security.provisioning.InMemoryUserDetailsManager) SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter) LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter) AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter) PasswordEncodedUser(org.springframework.security.core.userdetails.PasswordEncodedUser) HttpSessionCsrfTokenRepository(org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository) WebSecurity(org.springframework.security.config.annotation.web.builders.WebSecurity) CsrfFilter(org.springframework.security.web.csrf.CsrfFilter) SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter) IOException(java.io.IOException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Collectors(java.util.stream.Collectors) ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) DefaultCsrfToken(org.springframework.security.web.csrf.DefaultCsrfToken) Test(org.junit.jupiter.api.Test) Configuration(org.springframework.context.annotation.Configuration) List(java.util.List) RequestCacheAwareFilter(org.springframework.security.web.savedrequest.RequestCacheAwareFilter) UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter) EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity) SpringTestContext(org.springframework.security.config.test.SpringTestContext) SpringTestContextExtension(org.springframework.security.config.test.SpringTestContextExtension) HeaderWriterFilter(org.springframework.security.web.header.HeaderWriterFilter) AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher) WebAsyncManagerIntegrationFilter(org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter) Bean(org.springframework.context.annotation.Bean) CsrfToken(org.springframework.security.web.csrf.CsrfToken) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) Test(org.junit.jupiter.api.Test)

Aggregations

SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)35 FilterChainProxy (org.springframework.security.web.FilterChainProxy)22 Test (org.junit.jupiter.api.Test)15 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11 HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)8 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)7 DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)7 Filter (jakarta.servlet.Filter)6 ArrayList (java.util.ArrayList)4 Bean (org.springframework.context.annotation.Bean)4 Filter (javax.servlet.Filter)3 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)3 Test (org.junit.Test)2 MotechURLSecurityRule (org.motechproject.security.domain.MotechURLSecurityRule)2 AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2 ModuleWebSecurityConfiguration (com.evolveum.midpoint.authentication.api.ModuleWebSecurityConfiguration)1 MidpointFilterChainProxy (com.evolveum.midpoint.authentication.impl.filter.MidpointFilterChainProxy)1 OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)1 RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)1 Saml2ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial