Example 1 with RequestMatcherDelegatingWebInvocationPrivilegeEvaluator
use of org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator in project spring-security by spring-projects.
the class WebSecurity method performBuild.
@Override
protected Filter performBuild() throws Exception {
Assert.state(!this.securityFilterChainBuilders.isEmpty(), () -> "At least one SecurityBuilder<? extends SecurityFilterChain> needs to be specified. " + "Typically this is done by exposing a SecurityFilterChain bean " + "or by adding a @Configuration that extends WebSecurityConfigurerAdapter. " + "More advanced users can invoke " + WebSecurity.class.getSimpleName() + ".addSecurityFilterChainBuilder directly");
int chainSize = this.ignoredRequests.size() + this.securityFilterChainBuilders.size();
List<SecurityFilterChain> securityFilterChains = new ArrayList<>(chainSize);
List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>> requestMatcherPrivilegeEvaluatorsEntries = new ArrayList<>();
for (RequestMatcher ignoredRequest : this.ignoredRequests) {
WebSecurity.this.logger.warn("You are asking Spring Security to ignore " + ignoredRequest + ". This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.");
SecurityFilterChain securityFilterChain = new DefaultSecurityFilterChain(ignoredRequest);
securityFilterChains.add(securityFilterChain);
requestMatcherPrivilegeEvaluatorsEntries.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
}
for (SecurityBuilder<? extends SecurityFilterChain> securityFilterChainBuilder : this.securityFilterChainBuilders) {
SecurityFilterChain securityFilterChain = securityFilterChainBuilder.build();
securityFilterChains.add(securityFilterChain);
requestMatcherPrivilegeEvaluatorsEntries.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
}
if (this.privilegeEvaluator == null) {
this.privilegeEvaluator = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(requestMatcherPrivilegeEvaluatorsEntries);
}
FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);
if (this.httpFirewall != null) {
filterChainProxy.setFirewall(this.httpFirewall);
}
if (this.requestRejectedHandler != null) {
filterChainProxy.setRequestRejectedHandler(this.requestRejectedHandler);
}
filterChainProxy.afterPropertiesSet();
Filter result = filterChainProxy;
if (this.debugEnabled) {
this.logger.warn("\n\n" + "********************************************************************\n" + "********** Security debugging is enabled. *************\n" + "********** This may include sensitive information. *************\n" + "********** Do not use in a production system! *************\n" + "********************************************************************\n\n");
result = new DebugFilter(filterChainProxy);
}
this.postBuildAction.run();
return result;
}
Also used :
WebInvocationPrivilegeEvaluator(org.springframework.security.web.access.WebInvocationPrivilegeEvaluator)
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator)
AuthorizationManagerWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator)
DefaultWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)
EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity)
ArrayList(java.util.ArrayList)
RequestMatcherEntry(org.springframework.security.web.util.matcher.RequestMatcherEntry)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
DebugFilter(org.springframework.security.web.debug.DebugFilter)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
SecurityFilterChain(org.springframework.security.web.SecurityFilterChain)
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator)
Filter(jakarta.servlet.Filter)
DebugFilter(org.springframework.security.web.debug.DebugFilter)
AuthorizationFilter(org.springframework.security.web.access.intercept.AuthorizationFilter)
Aggregations
Filter (jakarta.servlet.Filter)1
ArrayList (java.util.ArrayList)1
EnableWebSecurity (org.springframework.security.config.annotation.web.configuration.EnableWebSecurity)1
DefaultSecurityFilterChain (org.springframework.security.web.DefaultSecurityFilterChain)1
FilterChainProxy (org.springframework.security.web.FilterChainProxy)1
SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)1
AuthorizationManagerWebInvocationPrivilegeEvaluator (org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator)1
DefaultWebInvocationPrivilegeEvaluator (org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator)1
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator (org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator)1
WebInvocationPrivilegeEvaluator (org.springframework.security.web.access.WebInvocationPrivilegeEvaluator)1
AuthorizationFilter (org.springframework.security.web.access.intercept.AuthorizationFilter)1
DebugFilter (org.springframework.security.web.debug.DebugFilter)1
MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)1
RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)1
RequestMatcherEntry (org.springframework.security.web.util.matcher.RequestMatcherEntry)1
