Example 21 with SecurityFilterChain
use of org.springframework.security.web.SecurityFilterChain in project motech by motech.
the class MotechProxyManagerBundleIT method testProxyHasDefaultSecurityChains.
@Test
public void testProxyHasDefaultSecurityChains() {
FilterChainProxy filterChainProxy = proxyManager.getFilterChainProxy();
List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
assertTrue(filterChains.size() > 0);
}
Also used :
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
Test(org.junit.Test)
Example 22 with SecurityFilterChain
use of org.springframework.security.web.SecurityFilterChain in project motech by motech.
the class MotechProxyManager method updateSecurityChain.
/**
* Updates security chain with given {@link org.motechproject.security.domain.MotechURLSecurityRule}
*
* @param securityRules list that contains new security rules
*/
private void updateSecurityChain(List<MotechURLSecurityRule> securityRules) {
LOGGER.debug("Updating security chain");
// sort rules by priority descending
TreeSet<MotechURLSecurityRule> sortedRules = new TreeSet<>(new SecurityRuleComparator());
sortedRules.addAll(securityRules);
List<SecurityFilterChain> newFilterChains = new ArrayList<>();
for (MotechURLSecurityRule securityRule : sortedRules) {
if (securityRule.isActive() && !securityRule.isDeleted()) {
LOGGER.debug("Creating SecurityFilterChain for: {}", securityRule.getPattern());
for (HTTPMethod method : securityRule.getMethodsRequired()) {
newFilterChains.add(securityRuleBuilder.buildSecurityChain(securityRule, method));
}
LOGGER.debug("Created SecurityFilterChain for: {}", securityRule.getPattern());
}
}
proxy = new FilterChainProxy(newFilterChains);
LOGGER.debug("Updated security chain.");
}
Also used :
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
HTTPMethod(org.motechproject.security.constants.HTTPMethod)
MotechURLSecurityRule(org.motechproject.security.domain.MotechURLSecurityRule)
TreeSet(java.util.TreeSet)
ArrayList(java.util.ArrayList)
SecurityRuleComparator(org.motechproject.security.domain.SecurityRuleComparator)
Example 23 with SecurityFilterChain
use of org.springframework.security.web.SecurityFilterChain in project spring-boot by spring-projects.
the class ManagementWebSecurityAutoConfigurationTests method backOffIfRemoteDevToolsSecurityFilterChainIsPresent.
@Test
void backOffIfRemoteDevToolsSecurityFilterChainIsPresent() {
this.contextRunner.withUserConfiguration(TestRemoteDevToolsSecurityFilterChainConfig.class).run((context) -> {
SecurityFilterChain testSecurityFilterChain = context.getBean("testSecurityFilterChain", SecurityFilterChain.class);
SecurityFilterChain testRemoteDevToolsSecurityFilterChain = context.getBean("testRemoteDevToolsSecurityFilterChain", SecurityFilterChain.class);
List<SecurityFilterChain> orderedSecurityFilterChains = context.getBeanProvider(SecurityFilterChain.class).orderedStream().collect(Collectors.toList());
assertThat(orderedSecurityFilterChains).containsExactly(testRemoteDevToolsSecurityFilterChain, testSecurityFilterChain);
assertThat(context).doesNotHaveBean(ManagementWebSecurityAutoConfiguration.class);
});
}
Also used :
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
Test(org.junit.jupiter.api.Test)
Example 24 with SecurityFilterChain
use of org.springframework.security.web.SecurityFilterChain in project spring-boot by spring-projects.
the class OAuth2ResourceServerAutoConfigurationTests method getBearerTokenFilter.
private Filter getBearerTokenFilter(AssertableWebApplicationContext context) {
FilterChainProxy filterChain = (FilterChainProxy) context.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
List<SecurityFilterChain> filterChains = filterChain.getFilterChains();
List<Filter> filters = filterChains.get(0).getFilters();
return filters.stream().filter((f) -> f instanceof BearerTokenAuthenticationFilter).findFirst().orElse(null);
}
Also used :
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
Filter(jakarta.servlet.Filter)
BearerTokenAuthenticationFilter(org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter)
BearerTokenAuthenticationFilter(org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter)
Example 25 with SecurityFilterChain
use of org.springframework.security.web.SecurityFilterChain in project spring-boot by spring-projects.
the class CloudFoundryActuatorAutoConfigurationTests method cloudFoundryPathsIgnoredBySpringSecurity.
@Test
void cloudFoundryPathsIgnoredBySpringSecurity() {
this.contextRunner.withPropertyValues("VCAP_APPLICATION:---", "vcap.application.application_id:my-app-id").run((context) -> {
FilterChainProxy securityFilterChain = (FilterChainProxy) context.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
SecurityFilterChain chain = securityFilterChain.getFilterChains().get(0);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServletPath("/cloudfoundryapplication/my-path");
assertThat(chain.getFilters()).isEmpty();
assertThat(chain.matches(request)).isTrue();
request.setServletPath("/some-other-path");
assertThat(chain.matches(request)).isFalse();
});
}
Also used :
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Test(org.junit.jupiter.api.Test)
Aggregations
SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)35
FilterChainProxy (org.springframework.security.web.FilterChainProxy)22
Test (org.junit.jupiter.api.Test)15
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11
HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)8
ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)7
DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)7
Filter (jakarta.servlet.Filter)6
ArrayList (java.util.ArrayList)4
Bean (org.springframework.context.annotation.Bean)4
Filter (javax.servlet.Filter)3
AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)3
Test (org.junit.Test)2
MotechURLSecurityRule (org.motechproject.security.domain.MotechURLSecurityRule)2
AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2
ModuleWebSecurityConfiguration (com.evolveum.midpoint.authentication.api.ModuleWebSecurityConfiguration)1
MidpointFilterChainProxy (com.evolveum.midpoint.authentication.impl.filter.MidpointFilterChainProxy)1
OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)1
RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)1
Saml2ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)1
