Example 1 with ExceptionTranslationFilter
use of org.springframework.security.web.access.ExceptionTranslationFilter in project spring-security by spring-projects.
the class DefaultFilterChainValidatorTests method setUp.
@Before
public void setUp() throws Exception {
AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous");
fsi = new FilterSecurityInterceptor();
fsi.setAccessDecisionManager(accessDecisionManager);
fsi.setSecurityMetadataSource(metadataSource);
AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf, fsi);
fcp = new FilterChainProxy(securityChain);
validator = new DefaultFilterChainValidator();
Whitebox.setInternalState(validator, "logger", logger);
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter)
FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor)
AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
Before(org.junit.Before)
Example 2 with ExceptionTranslationFilter
use of org.springframework.security.web.access.ExceptionTranslationFilter in project spring-security by spring-projects.
the class ExceptionHandlingConfigurer method configure.
@Override
public void configure(H http) throws Exception {
AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint(http);
ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter(entryPoint, getRequestCache(http));
if (accessDeniedHandler != null) {
exceptionTranslationFilter.setAccessDeniedHandler(accessDeniedHandler);
}
exceptionTranslationFilter = postProcess(exceptionTranslationFilter);
http.addFilter(exceptionTranslationFilter);
}
Also used :
DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)
AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)
ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter)
Example 3 with ExceptionTranslationFilter
use of org.springframework.security.web.access.ExceptionTranslationFilter in project spring-security by spring-projects.
the class DefaultFilterChainValidator method checkLoginPageIsntProtected.
/*
* Checks for the common error of having a login page URL protected by the security
* interceptor
*/
private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> filterStack) {
ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class, filterStack);
if (etf == null || !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) {
return;
}
String loginPage = ((LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint()).getLoginFormUrl();
logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
List<Filter> filters = null;
try {
filters = fcp.getFilters(loginPage);
} catch (Exception e) {
// May happen legitimately if a filter-chain request matcher requires more
// request data than that provided
// by the dummy request used when creating the filter invocation.
logger.info("Failed to obtain filter chain information for the login page. Unable to complete check.");
}
if (filters == null || filters.isEmpty()) {
logger.debug("Filter chain is empty for the login page");
return;
}
if (getFilter(DefaultLoginPageGeneratingFilter.class, filters) != null) {
logger.debug("Default generated login page is in use");
return;
}
FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters);
FilterInvocationSecurityMetadataSource fids = fsi.getSecurityMetadataSource();
Collection<ConfigAttribute> attributes = fids.getAttributes(loginRequest);
if (attributes == null) {
logger.debug("No access attributes defined for login page URL");
if (fsi.isRejectPublicInvocations()) {
logger.warn("FilterSecurityInterceptor is configured to reject public invocations." + " Your login page may not be accessible.");
}
return;
}
AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters);
if (anonPF == null) {
logger.warn("The login page is being protected by the filter chain, but you don't appear to have" + " anonymous authentication enabled. This is almost certainly an error.");
return;
}
// Simulate an anonymous access with the supplied attributes.
AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonPF.getPrincipal(), anonPF.getAuthorities());
try {
fsi.getAccessDecisionManager().decide(token, loginRequest, attributes);
} catch (AccessDeniedException e) {
logger.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly " + "an error. Please check your configuration allows unauthenticated access to the configured " + "login page. (Simulated access was rejected: " + e + ")");
} catch (Exception e) {
// May happen legitimately if a filter-chain request matcher requires more
// request data than that provided
// by the dummy request used when creating the filter invocation. See SEC-1878
logger.info("Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.", e);
}
}
Also used :
DefaultLoginPageGeneratingFilter(org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor)
ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
FilterInvocationSecurityMetadataSource(org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource)
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
SecurityContextPersistenceFilter(org.springframework.security.web.context.SecurityContextPersistenceFilter)
DefaultLoginPageGeneratingFilter(org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter)
SessionManagementFilter(org.springframework.security.web.session.SessionManagementFilter)
Filter(javax.servlet.Filter)
JaasApiIntegrationFilter(org.springframework.security.web.jaasapi.JaasApiIntegrationFilter)
AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter)
BasicAuthenticationFilter(org.springframework.security.web.authentication.www.BasicAuthenticationFilter)
SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter)
ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter)
UsernamePasswordAuthenticationFilter(org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter)
AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter)
FilterInvocation(org.springframework.security.web.FilterInvocation)
Aggregations
ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)3
AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)2
FilterSecurityInterceptor (org.springframework.security.web.access.intercept.FilterSecurityInterceptor)2
AnonymousAuthenticationFilter (org.springframework.security.web.authentication.AnonymousAuthenticationFilter)2
LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)2
Filter (javax.servlet.Filter)1
Before (org.junit.Before)1
AccessDeniedException (org.springframework.security.access.AccessDeniedException)1
ConfigAttribute (org.springframework.security.access.ConfigAttribute)1
AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)1
DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)1
FilterChainProxy (org.springframework.security.web.FilterChainProxy)1
FilterInvocation (org.springframework.security.web.FilterInvocation)1
FilterInvocationSecurityMetadataSource (org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource)1
DelegatingAuthenticationEntryPoint (org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)1
UsernamePasswordAuthenticationFilter (org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter)1
DefaultLoginPageGeneratingFilter (org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter)1
BasicAuthenticationFilter (org.springframework.security.web.authentication.www.BasicAuthenticationFilter)1
SecurityContextPersistenceFilter (org.springframework.security.web.context.SecurityContextPersistenceFilter)1
JaasApiIntegrationFilter (org.springframework.security.web.jaasapi.JaasApiIntegrationFilter)1
