Examples with SecurityFilterChain org.springframework.security.web.SecurityFilterChain used on opensource projects

Search in sources :

Example 31 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project spring-security by spring-projects.

the class WebSecurityConfigurationTests method loadConfigWhenWebSecurityCustomizerAndWebSecurityConfigurerAdapterThenFilterChainsOrdered.

@Test
public void loadConfigWhenWebSecurityCustomizerAndWebSecurityConfigurerAdapterThenFilterChainsOrdered() {
    this.spring.register(CustomizerAndAdapterConfig.class).autowire();
    FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
    List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
    assertThat(filterChains).hasSize(3);
    MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
    request.setServletPath("/ignore1");
    assertThat(filterChains.get(0).matches(request)).isTrue();
    assertThat(filterChains.get(0).getFilters()).isEmpty();
    request.setServletPath("/ignore2");
    assertThat(filterChains.get(1).matches(request)).isTrue();
    assertThat(filterChains.get(1).getFilters()).isEmpty();
    request.setServletPath("/role1/**");
    assertThat(filterChains.get(2).matches(request)).isTrue();
    request.setServletPath("/test/**");
    assertThat(filterChains.get(2).matches(request)).isFalse();
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Test(org.junit.jupiter.api.Test)

Example 32 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project spring-security by spring-projects.

the class WebSecurityConfigurationTests method loadConfigWhenOnlyWebSecurityCustomizerThenDefaultFilterChainCreated.

@Test
public void loadConfigWhenOnlyWebSecurityCustomizerThenDefaultFilterChainCreated() {
    this.spring.register(WebSecurityCustomizerConfig.class).autowire();
    FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
    List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
    assertThat(filterChains).hasSize(3);
    MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
    request.setServletPath("/ignore1");
    assertThat(filterChains.get(0).matches(request)).isTrue();
    assertThat(filterChains.get(0).getFilters()).isEmpty();
    request.setServletPath("/ignore2");
    assertThat(filterChains.get(1).matches(request)).isTrue();
    assertThat(filterChains.get(1).getFilters()).isEmpty();
    request.setServletPath("/test/**");
    assertThat(filterChains.get(2).matches(request)).isTrue();
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Test(org.junit.jupiter.api.Test)

Example 33 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project spring-security by spring-projects.

the class WebSecurityConfigurationTests method loadConfigWhenSecurityFilterChainsHaveOrderThenFilterChainsOrdered.

@Test
public void loadConfigWhenSecurityFilterChainsHaveOrderThenFilterChainsOrdered() {
    this.spring.register(SortedSecurityFilterChainConfig.class).autowire();
    FilterChainProxy filterChainProxy = this.spring.getContext().getBean(FilterChainProxy.class);
    List<SecurityFilterChain> filterChains = filterChainProxy.getFilterChains();
    assertThat(filterChains).hasSize(4);
    MockHttpServletRequest request = new MockHttpServletRequest("GET", "");
    request.setServletPath("/role1/**");
    assertThat(filterChains.get(0).matches(request)).isTrue();
    request.setServletPath("/role2/**");
    assertThat(filterChains.get(1).matches(request)).isTrue();
    request.setServletPath("/role3/**");
    assertThat(filterChains.get(2).matches(request)).isTrue();
    request.setServletPath("/**");
    assertThat(filterChains.get(3).matches(request)).isTrue();
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Test(org.junit.jupiter.api.Test)

Example 34 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project midpoint by Evolveum.

the class MidpointWebSecurityConfiguration method springSecurityFilterChain.

@Override
public Filter springSecurityFilterChain() throws Exception {
    Filter filter = super.springSecurityFilterChain();
    if (filter instanceof FilterChainProxy) {
        List<SecurityFilterChain> filters;
        if (!((FilterChainProxy) filter).getFilterChains().isEmpty()) {
            filters = new ArrayList<SecurityFilterChain>();
            filters.addAll(((FilterChainProxy) filter).getFilterChains());
        // filters.remove(filters.size() - 1);
        } else {
            filters = ((FilterChainProxy) filter).getFilterChains();
        }
        MidpointFilterChainProxy mpFilter = objectObjectPostProcessor.postProcess(new MidpointFilterChainProxy(filters));
        if (firewall != null) {
            mpFilter.setFirewall(firewall);
        }
        mpFilter.afterPropertiesSet();
        return mpFilter;
    }
    return filter;
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) MidpointFilterChainProxy(com.evolveum.midpoint.authentication.impl.filter.MidpointFilterChainProxy) Filter(javax.servlet.Filter) MidpointFilterChainProxy(com.evolveum.midpoint.authentication.impl.filter.MidpointFilterChainProxy)

Example 35 with SecurityFilterChain

use of org.springframework.security.web.SecurityFilterChain in project midpoint by Evolveum.

the class OidcResourceServerModuleFactory method createModuleFilter.

@Override
public AuthModule createModuleFilter(AbstractAuthenticationModuleType moduleType, String sequenceSuffix, ServletRequest request, Map<Class<?>, Object> sharedObjects, AuthenticationModulesType authenticationsPolicy, CredentialsPolicyType credentialPolicy, AuthenticationChannel authenticationChannel) throws Exception {
    if (!(moduleType instanceof OidcAuthenticationModuleType)) {
        LOGGER.error("This factory support only OidcAuthenticationModuleType, but modelType is " + moduleType);
        return null;
    }
    if (((OidcAuthenticationModuleType) moduleType).getResourceServer() == null) {
        LOGGER.error("Resource configuration of OidcAuthenticationModuleType is null");
        return null;
    }
    isSupportedChannel(authenticationChannel);
    OidcResourceServerModuleWebSecurityConfiguration.setProtector(getProtector());
    OidcResourceServerModuleWebSecurityConfiguration configuration = OidcResourceServerModuleWebSecurityConfiguration.build((OidcAuthenticationModuleType) moduleType, sequenceSuffix);
    configuration.setSequenceSuffix(sequenceSuffix);
    OidcResourceServerAuthenticationModuleType resourceServer = ((OidcAuthenticationModuleType) moduleType).getResourceServer();
    JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
    if (resourceServer.getNameOfUsernameClaim() != null) {
        jwtAuthenticationConverter.setPrincipalClaimName(resourceServer.getNameOfUsernameClaim());
    }
    configuration.addAuthenticationProvider(getObjectObjectPostProcessor().postProcess(new OidcResourceServerProvider(configuration.getDecoder(), jwtAuthenticationConverter)));
    OidcResourceServerModuleWebSecurityConfigurer<OidcResourceServerModuleWebSecurityConfiguration> module = getObjectObjectPostProcessor().postProcess(new OidcResourceServerModuleWebSecurityConfigurer<>(configuration));
    module.setObjectPostProcessor(getObjectObjectPostProcessor());
    HttpSecurity http = module.getNewHttpSecurity();
    setSharedObjects(http, sharedObjects);
    ModuleAuthenticationImpl moduleAuthentication = createEmptyModuleAuthentication(configuration, resourceServer);
    moduleAuthentication.setFocusType(moduleType.getFocusType());
    SecurityFilterChain filter = http.build();
    return AuthModuleImpl.build(filter, configuration, moduleAuthentication);
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) OidcResourceServerProvider(com.evolveum.midpoint.authentication.impl.provider.OidcResourceServerProvider) ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) JwtAuthenticationConverter(org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter) OidcResourceServerModuleWebSecurityConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.OidcResourceServerModuleWebSecurityConfiguration)

Aggregations

SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)35 FilterChainProxy (org.springframework.security.web.FilterChainProxy)22 Test (org.junit.jupiter.api.Test)15 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11 HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)8 ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl)7 DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)7 Filter (jakarta.servlet.Filter)6 ArrayList (java.util.ArrayList)4 Bean (org.springframework.context.annotation.Bean)4 Filter (javax.servlet.Filter)3 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)3 Test (org.junit.Test)2 MotechURLSecurityRule (org.motechproject.security.domain.MotechURLSecurityRule)2 AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2 ModuleWebSecurityConfiguration (com.evolveum.midpoint.authentication.api.ModuleWebSecurityConfiguration)1 MidpointFilterChainProxy (com.evolveum.midpoint.authentication.impl.filter.MidpointFilterChainProxy)1 OidcClientModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.OidcClientModuleAuthenticationImpl)1 RemoteModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl)1 Saml2ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial