use of org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler in project oc-explorer by devgateway.
the class WebSecurityConfig method webExpressionHandler.
/**
* Instantiates {@see DefaultWebSecurityExpressionHandler} and assigns to it role hierarchy.
*
* @return
*/
private SecurityExpressionHandler<FilterInvocation> webExpressionHandler() {
DefaultWebSecurityExpressionHandler handler = new DefaultWebSecurityExpressionHandler();
handler.setRoleHierarchy(roleHierarchy());
return handler;
}
use of org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler in project CzechIdMng by bcvsolutions.
the class WebSecurityConfig method expressionHandler.
/**
* Inject role hierarchy to HttpSecurity expressions
*
* @return
*/
private SecurityExpressionHandler<FilterInvocation> expressionHandler() {
DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
defaultWebSecurityExpressionHandler.setRoleHierarchy(roleHierarchy);
return defaultWebSecurityExpressionHandler;
}
use of org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler in project engine by craftercms.
the class ConfigAwareSecurityMetadataSource method getAttributes.
@Override
@SuppressWarnings("unchecked")
public Collection<ConfigAttribute> getAttributes(final Object object) throws IllegalArgumentException {
Callback<SecurityMetadataSource> callback = () -> {
HierarchicalConfiguration siteConfig = ConfigUtils.getCurrentConfig();
if (siteConfig != null) {
List<HierarchicalConfiguration> restrictionsConfig = siteConfig.configurationsAt(URL_RESTRICTION_KEY);
if (CollectionUtils.isNotEmpty(restrictionsConfig)) {
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> map = new LinkedHashMap<>();
for (HierarchicalConfiguration restrictionConfig : restrictionsConfig) {
String url = restrictionConfig.getString(URL_RESTRICTION_URL_KEY);
String expression = restrictionConfig.getString(URL_RESTRICTION_EXPRESSION_KEY);
if (StringUtils.isNotEmpty(url) && StringUtils.isNotEmpty(expression)) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
map.put(matcher, singleton(new SecurityConfig(expression)));
}
}
return new ExpressionBasedFilterInvocationSecurityMetadataSource(map, new DefaultWebSecurityExpressionHandler());
}
}
return new DefaultFilterInvocationSecurityMetadataSource(new LinkedHashMap<>());
};
SiteContext siteContext = SiteContext.getCurrent();
if (siteContext != null) {
SecurityMetadataSource metadataSource = cacheTemplate.getObject(siteContext.getContext(), callback, URL_RESTRICTIONS_CACHE_KEY);
return metadataSource.getAttributes(object);
}
return null;
}
use of org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler in project zhcet-web by zhcet-amu.
the class SecurityBeans method webExpressionHandler.
@Bean
protected DefaultWebSecurityExpressionHandler webExpressionHandler(RoleHierarchy roleHierarchy) {
DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
defaultWebSecurityExpressionHandler.setRoleHierarchy(roleHierarchy);
return defaultWebSecurityExpressionHandler;
}
Aggregations