Search in sources :

Example 1 with DefaultWebSecurityExpressionHandler

use of org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler in project ocvn by devgateway.

the class WebSecurityConfig method webExpressionHandler.

/**
 * Instantiates {@see DefaultWebSecurityExpressionHandler} and assigns to it role hierarchy.
 *
 * @return
 */
private SecurityExpressionHandler<FilterInvocation> webExpressionHandler() {
    DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
    handler.setRoleHierarchy(roleHierarchy());
    return handler;
}
Also used : DefaultWebSecurityExpressionHandler(org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler)

Example 2 with DefaultWebSecurityExpressionHandler

use of org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler in project hub-alert by blackducksoftware.

the class AuthenticationHandler method createRoleProcessor.

private ObjectPostProcessor<AffirmativeBased> createRoleProcessor() {
    return new ObjectPostProcessor<>() {

        @Override
        public <O extends AffirmativeBased> O postProcess(O affirmativeBased) {
            WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
            DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
            expressionHandler.setRoleHierarchy(authorities -> {
                String[] allAlertRoles = retrieveAllowedRoles();
                return AuthorityUtils.createAuthorityList(allAlertRoles);
            });
            webExpressionVoter.setExpressionHandler(expressionHandler);
            affirmativeBased.getDecisionVoters().add(webExpressionVoter);
            return affirmativeBased;
        }
    };
}
Also used : DefaultWebSecurityExpressionHandler(org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler) ObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor) AffirmativeBased(org.springframework.security.access.vote.AffirmativeBased) WebExpressionVoter(org.springframework.security.web.access.expression.WebExpressionVoter)

Example 3 with DefaultWebSecurityExpressionHandler

use of org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler in project syncope by apache.

the class DefaultRolesPrefixPostProcessor method postProcessAfterInitialization.

@Override
public Object postProcessAfterInitialization(final Object bean, final String beanName) {
    if (bean instanceof DefaultMethodSecurityExpressionHandler) {
        ((DefaultMethodSecurityExpressionHandler) bean).setDefaultRolePrefix(null);
    }
    if (bean instanceof DefaultWebSecurityExpressionHandler) {
        ((DefaultWebSecurityExpressionHandler) bean).setDefaultRolePrefix(null);
    }
    if (bean instanceof SecurityContextHolderAwareRequestFilter) {
        SecurityContextHolderAwareRequestFilter filter = (SecurityContextHolderAwareRequestFilter) bean;
        filter.setRolePrefix(StringUtils.EMPTY);
        try {
            filter.afterPropertiesSet();
        } catch (ServletException e) {
            throw new FatalBeanException(e.getMessage(), e);
        }
    }
    return bean;
}
Also used : DefaultWebSecurityExpressionHandler(org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler) ServletException(javax.servlet.ServletException) FatalBeanException(org.springframework.beans.FatalBeanException) SecurityContextHolderAwareRequestFilter(org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter) DefaultMethodSecurityExpressionHandler(org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler)

Example 4 with DefaultWebSecurityExpressionHandler

use of org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler in project spring-security by spring-projects.

the class ExpressionUrlAuthorizationConfigurer method getExpressionHandler.

private SecurityExpressionHandler<FilterInvocation> getExpressionHandler(H http) {
    if (this.expressionHandler != null) {
        return this.expressionHandler;
    }
    DefaultWebSecurityExpressionHandler defaultHandler = new DefaultWebSecurityExpressionHandler();
    AuthenticationTrustResolver trustResolver = http.getSharedObject(AuthenticationTrustResolver.class);
    if (trustResolver != null) {
        defaultHandler.setTrustResolver(trustResolver);
    }
    ApplicationContext context = http.getSharedObject(ApplicationContext.class);
    if (context != null) {
        String[] roleHiearchyBeanNames = context.getBeanNamesForType(RoleHierarchy.class);
        if (roleHiearchyBeanNames.length == 1) {
            defaultHandler.setRoleHierarchy(context.getBean(roleHiearchyBeanNames[0], RoleHierarchy.class));
        }
        String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
        if (grantedAuthorityDefaultsBeanNames.length == 1) {
            GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
            defaultHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
        }
        String[] permissionEvaluatorBeanNames = context.getBeanNamesForType(PermissionEvaluator.class);
        if (permissionEvaluatorBeanNames.length == 1) {
            PermissionEvaluator permissionEvaluator = context.getBean(permissionEvaluatorBeanNames[0], PermissionEvaluator.class);
            defaultHandler.setPermissionEvaluator(permissionEvaluator);
        }
    }
    this.expressionHandler = postProcess(defaultHandler);
    return this.expressionHandler;
}
Also used : DefaultWebSecurityExpressionHandler(org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler) PermissionEvaluator(org.springframework.security.access.PermissionEvaluator) ApplicationContext(org.springframework.context.ApplicationContext) GrantedAuthorityDefaults(org.springframework.security.config.core.GrantedAuthorityDefaults) RoleHierarchy(org.springframework.security.access.hierarchicalroles.RoleHierarchy) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver)

Example 5 with DefaultWebSecurityExpressionHandler

use of org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler in project spring-security by spring-projects.

the class AbstractAuthorizeTagTests method expressionFromChildContext.

@Test
@SuppressWarnings("rawtypes")
public void expressionFromChildContext() throws IOException {
    SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("user", "pass", "USER"));
    DefaultWebSecurityExpressionHandler expected = new DefaultWebSecurityExpressionHandler();
    this.tag.setAccess("permitAll");
    WebApplicationContext wac = mock(WebApplicationContext.class);
    given(wac.getBeansOfType(SecurityExpressionHandler.class)).willReturn(Collections.<String, SecurityExpressionHandler>singletonMap("wipe", expected));
    this.servletContext.setAttribute("org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcher", wac);
    assertThat(this.tag.authorize()).isTrue();
}
Also used : DefaultWebSecurityExpressionHandler(org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) WebApplicationContext(org.springframework.web.context.WebApplicationContext) Test(org.junit.jupiter.api.Test)

Aggregations

DefaultWebSecurityExpressionHandler (org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler)9 LinkedHashMap (java.util.LinkedHashMap)1 List (java.util.List)1 ServletException (javax.servlet.ServletException)1 HierarchicalConfiguration (org.apache.commons.configuration2.HierarchicalConfiguration)1 SiteContext (org.craftercms.engine.service.context.SiteContext)1 Test (org.junit.jupiter.api.Test)1 FatalBeanException (org.springframework.beans.FatalBeanException)1 MethodInvokingFactoryBean (org.springframework.beans.factory.config.MethodInvokingFactoryBean)1 ApplicationContext (org.springframework.context.ApplicationContext)1 Bean (org.springframework.context.annotation.Bean)1 ConfigAttribute (org.springframework.security.access.ConfigAttribute)1 PermissionEvaluator (org.springframework.security.access.PermissionEvaluator)1 SecurityConfig (org.springframework.security.access.SecurityConfig)1 SecurityMetadataSource (org.springframework.security.access.SecurityMetadataSource)1 DefaultMethodSecurityExpressionHandler (org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler)1 RoleHierarchy (org.springframework.security.access.hierarchicalroles.RoleHierarchy)1 AffirmativeBased (org.springframework.security.access.vote.AffirmativeBased)1 AuthenticationTrustResolver (org.springframework.security.authentication.AuthenticationTrustResolver)1 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)1