use of org.springframework.security.web.SecurityFilterChain in project spring-boot by spring-projects.
the class OAuth2WebSecurityConfigurationTests method getFilters.
private List<Filter> getFilters(AssertableApplicationContext context, Class<? extends Filter> filter) {
FilterChainProxy filterChain = (FilterChainProxy) context.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
List<SecurityFilterChain> filterChains = filterChain.getFilterChains();
List<Filter> filters = filterChains.get(0).getFilters();
return filters.stream().filter(filter::isInstance).collect(Collectors.toList());
}
use of org.springframework.security.web.SecurityFilterChain in project spring-boot by spring-projects.
the class Saml2RelyingPartyAutoConfigurationTests method hasFilter.
private boolean hasFilter(AssertableWebApplicationContext context, Class<? extends Filter> filter) {
FilterChainProxy filterChain = (FilterChainProxy) context.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
List<SecurityFilterChain> filterChains = filterChain.getFilterChains();
List<Filter> filters = filterChains.get(0).getFilters();
return filters.stream().anyMatch(filter::isInstance);
}
use of org.springframework.security.web.SecurityFilterChain in project midpoint by Evolveum.
the class OidcClientModuleFactory method createModuleFilter.
@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
if (!(moduleType instanceof OidcAuthenticationModuleType)) {
LOGGER.error("This factory support only OidcAuthenticationModuleType, but modelType is " + moduleType);
return null;
}
if (((OidcAuthenticationModuleType) moduleType).getClient().isEmpty()) {
LOGGER.error("Client configuration of OidcAuthenticationModuleType is null");
return null;
}
isSupportedChannel(authenticationChannel);
OidcClientModuleWebSecurityConfiguration.setProtector(getProtector());
OidcClientModuleWebSecurityConfiguration configuration = OidcClientModuleWebSecurityConfiguration.build((OidcAuthenticationModuleType) moduleType, sequenceSuffix, getPublicUrlPrefix(request), request);
configuration.setSequenceSuffix(sequenceSuffix);
configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new OidcClientProvider(configuration.getAdditionalConfiguration())));
OidcClientModuleWebSecurityConfigurer<OidcClientModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new OidcClientModuleWebSecurityConfigurer<>(configuration));
module.setObjectPostProcessor(getObjectObjectPostProcessor());
HttpSecurity http = module.getNewHttpSecurity();
setSharedObjects(http, sharedObjects);
ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration, request);
moduleAuthentication.setFocusType(moduleType.getFocusType());
SecurityFilterChain filter = http.build();
return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
use of org.springframework.security.web.SecurityFilterChain in project midpoint by Evolveum.
the class Saml2ModuleFactory method createModuleFilter.
@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
if (!(moduleType instanceof Saml2AuthenticationModuleType)) {
LOGGER.error("This factory support only Saml2AuthenticationModuleType, but modelType is " + moduleType);
return null;
}
isSupportedChannel(authenticationChannel);
SamlModuleWebSecurityConfiguration.setProtector(getProtector());
SamlModuleWebSecurityConfiguration configuration = SamlModuleWebSecurityConfiguration.build((Saml2AuthenticationModuleType) moduleType, sequenceSuffix, getPublicUrlPrefix(request), request);
configuration.setSequenceSuffix(sequenceSuffix);
configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new Saml2Provider()));
SamlModuleWebSecurityConfigurer<SamlModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new SamlModuleWebSecurityConfigurer<>(configuration));
HttpSecurity http = getNewHttpSecurity(module);
setSharedObjects(http, sharedObjects);
ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration, request);
moduleAuthentication.setFocusType(moduleType.getFocusType());
SecurityFilterChain filter = http.build();
for (Filter f : filter.getFilters()) {
if (f instanceof Saml2WebSsoAuthenticationRequestFilter) {
((Saml2WebSsoAuthenticationRequestFilter) f).setRedirectMatcher(new AntPathRequestMatcher(module.getPrefix() + RemoteModuleAuthenticationImpl.AUTHENTICATION_REQUEST_PROCESSING_URL_SUFFIX_WITH_REG_ID));
break;
}
}
return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
use of org.springframework.security.web.SecurityFilterChain in project midpoint by Evolveum.
the class HttpHeaderModuleFactory method createModuleFilter.
@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
if (!(moduleType instanceof HttpHeaderAuthenticationModuleType)) {
LOGGER.error("This factory support only HttpHeaderAuthenticationModuleType, but modelType is " + moduleType);
return null;
}
isSupportedChannel(authenticationChannel);
HttpHeaderAuthenticationModuleType httpModuleType = (HttpHeaderAuthenticationModuleType) moduleType;
HttpHeaderModuleWebSecurityConfiguration configuration = HttpHeaderModuleWebSecurityConfiguration.build(httpModuleType, sequenceSuffix);
configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new PasswordProvider()));
HttpHeaderModuleWebSecurityConfigurer<HttpHeaderModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new HttpHeaderModuleWebSecurityConfigurer<>(configuration));
HttpSecurity http = getNewHttpSecurity(module);
setSharedObjects(http, sharedObjects);
ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration);
moduleAuthentication.setFocusType(httpModuleType.getFocusType());
SecurityFilterChain filter = http.build();
return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Aggregations