Search in sources :

Example 11 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project spring-boot by spring-projects.

the class OAuth2WebSecurityConfigurationTests method getFilters.

private List<Filter> getFilters(AssertableApplicationContext context, Class<? extends Filter> filter) {
    FilterChainProxy filterChain = (FilterChainProxy) context.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
    List<SecurityFilterChain> filterChains = filterChain.getFilterChains();
    List<Filter> filters = filterChains.get(0).getFilters();
    return filters.stream().filter(filter::isInstance).collect(Collectors.toList());
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) OAuth2LoginAuthenticationFilter(org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter) Filter(jakarta.servlet.Filter) OAuth2AuthorizationCodeGrantFilter(org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter)

Example 12 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project spring-boot by spring-projects.

the class Saml2RelyingPartyAutoConfigurationTests method hasFilter.

private boolean hasFilter(AssertableWebApplicationContext context, Class<? extends Filter> filter) {
    FilterChainProxy filterChain = (FilterChainProxy) context.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
    List<SecurityFilterChain> filterChains = filterChain.getFilterChains();
    List<Filter> filters = filterChains.get(0).getFilters();
    return filters.stream().anyMatch(filter::isInstance);
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) Filter(jakarta.servlet.Filter) Saml2WebSsoAuthenticationFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter)

Example 13 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project midpoint by Evolveum.

the class OidcClientModuleFactory method createModuleFilter.

@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
    if (!(moduleType instanceof OidcAuthenticationModuleType)) {
        LOGGER.error("This factory support only OidcAuthenticationModuleType, but modelType is " + moduleType);
        return null;
    }
    if (((OidcAuthenticationModuleType) moduleType).getClient().isEmpty()) {
        LOGGER.error("Client configuration of OidcAuthenticationModuleType is null");
        return null;
    }
    isSupportedChannel(authenticationChannel);
    OidcClientModuleWebSecurityConfiguration.setProtector(getProtector());
    OidcClientModuleWebSecurityConfiguration configuration = OidcClientModuleWebSecurityConfiguration.build((OidcAuthenticationModuleType) moduleType, sequenceSuffix, getPublicUrlPrefix(request), request);
    configuration.setSequenceSuffix(sequenceSuffix);
    configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new OidcClientProvider(configuration.getAdditionalConfiguration())));
    OidcClientModuleWebSecurityConfigurer<OidcClientModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new OidcClientModuleWebSecurityConfigurer<>(configuration));
    module.setObjectPostProcessor(getObjectObjectPostProcessor());
    HttpSecurity http = module.getNewHttpSecurity();
    setSharedObjects(http, sharedObjects);
    ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration, request);
    moduleAuthentication.setFocusType(moduleType.getFocusType());
    SecurityFilterChain filter = http.build();
    return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Also used : OidcClientModuleWebSecurityConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.OidcClientModuleWebSecurityConfiguration) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl) OidcClientModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) OidcClientProvider(com.evolveum.midpoint.authentication.impl.provider.OidcClientProvider)

Example 14 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project midpoint by Evolveum.

the class Saml2ModuleFactory method createModuleFilter.

@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
    if (!(moduleType instanceof Saml2AuthenticationModuleType)) {
        LOGGER.error("This factory support only Saml2AuthenticationModuleType, but modelType is " + moduleType);
        return null;
    }
    isSupportedChannel(authenticationChannel);
    SamlModuleWebSecurityConfiguration.setProtector(getProtector());
    SamlModuleWebSecurityConfiguration configuration = SamlModuleWebSecurityConfiguration.build((Saml2AuthenticationModuleType) moduleType, sequenceSuffix, getPublicUrlPrefix(request), request);
    configuration.setSequenceSuffix(sequenceSuffix);
    configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new Saml2Provider()));
    SamlModuleWebSecurityConfigurer<SamlModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new SamlModuleWebSecurityConfigurer<>(configuration));
    HttpSecurity http = getNewHttpSecurity(module);
    setSharedObjects(http, sharedObjects);
    ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration, request);
    moduleAuthentication.setFocusType(moduleType.getFocusType());
    SecurityFilterChain filter = http.build();
    for (Filter f : filter.getFilters()) {
        if (f instanceof Saml2WebSsoAuthenticationRequestFilter) {
            ((Saml2WebSsoAuthenticationRequestFilter) f).setRedirectMatcher(new AntPathRequestMatcher(module.getPrefix() + RemoteModuleAuthenticationImpl.AUTHENTICATION_REQUEST_PROCESSING_URL_SUFFIX_WITH_REG_ID));
            break;
        }
    }
    return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) Saml2ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl) ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl) RemoteModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl) Saml2WebSsoAuthenticationRequestFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter) Saml2Provider(com.evolveum.midpoint.authentication.impl.provider.Saml2Provider) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) Saml2WebSsoAuthenticationRequestFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter) Filter(javax.servlet.Filter) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) SamlModuleWebSecurityConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.SamlModuleWebSecurityConfiguration)

Example 15 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project midpoint by Evolveum.

the class HttpHeaderModuleFactory method createModuleFilter.

@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
    if (!(moduleType instanceof HttpHeaderAuthenticationModuleType)) {
        LOGGER.error("This factory support only HttpHeaderAuthenticationModuleType, but modelType is " + moduleType);
        return null;
    }
    isSupportedChannel(authenticationChannel);
    HttpHeaderAuthenticationModuleType httpModuleType = (HttpHeaderAuthenticationModuleType) moduleType;
    HttpHeaderModuleWebSecurityConfiguration configuration = HttpHeaderModuleWebSecurityConfiguration.build(httpModuleType, sequenceSuffix);
    configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new PasswordProvider()));
    HttpHeaderModuleWebSecurityConfigurer<HttpHeaderModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new HttpHeaderModuleWebSecurityConfigurer<>(configuration));
    HttpSecurity http = getNewHttpSecurity(module);
    setSharedObjects(http, sharedObjects);
    ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration);
    moduleAuthentication.setFocusType(httpModuleType.getFocusType());
    SecurityFilterChain filter = http.build();
    return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl) HttpHeaderModuleWebSecurityConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.HttpHeaderModuleWebSecurityConfiguration) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) HttpHeaderAuthenticationModuleType(com.evolveum.midpoint.xml.ns._public.common.common_3.HttpHeaderAuthenticationModuleType) PasswordProvider(com.evolveum.midpoint.authentication.impl.provider.PasswordProvider)

Aggregations

SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)35 FilterChainProxy (org.springframework.security.web.FilterChainProxy)22 Test (org.junit.jupiter.api.Test)15 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11 HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)8 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)7 DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)7 Filter (jakarta.servlet.Filter)6 ArrayList (java.util.ArrayList)4 Bean (org.springframework.context.annotation.Bean)4 Filter (javax.servlet.Filter)3 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)3 Test (org.junit.Test)2 MotechURLSecurityRule (org.motechproject.security.domain.MotechURLSecurityRule)2 AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2 ModuleWebSecurityConfiguration (com.evolveum.midpoint.authentication.api.ModuleWebSecurityConfiguration)1 MidpointFilterChainProxy (com.evolveum.midpoint.authentication.impl.filter.MidpointFilterChainProxy)1 OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)1 RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)1 Saml2ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)1