Example 1 with LoginUrlAuthenticationEntryPoint
use of org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint in project spring-security by spring-projects.
the class OAuth2LoginBeanDefinitionParser method getLoginEntryPoint.
private Map<RequestMatcher, AuthenticationEntryPoint> getLoginEntryPoint(Element element) {
Map<RequestMatcher, AuthenticationEntryPoint> entryPoints = null;
Element clientRegsElt = DomUtils.getChildElementByTagName(element.getOwnerDocument().getDocumentElement(), Elements.CLIENT_REGISTRATIONS);
if (clientRegsElt != null) {
List<Element> clientRegList = DomUtils.getChildElementsByTagName(clientRegsElt, ELT_CLIENT_REGISTRATION);
if (clientRegList.size() == 1) {
RequestMatcher loginPageMatcher = new AntPathRequestMatcher(DEFAULT_LOGIN_URI);
RequestMatcher faviconMatcher = new AntPathRequestMatcher("/favicon.ico");
RequestMatcher defaultEntryPointMatcher = this.getAuthenticationEntryPointMatcher();
RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher(new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher);
RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
Element clientRegElt = clientRegList.get(0);
entryPoints = new LinkedHashMap<>();
entryPoints.put(new AndRequestMatcher(notXRequestedWith, new NegatedRequestMatcher(defaultLoginPageMatcher)), new LoginUrlAuthenticationEntryPoint(DEFAULT_AUTHORIZATION_REQUEST_BASE_URI + "/" + clientRegElt.getAttribute(ATT_REGISTRATION_ID)));
}
}
return entryPoints;
}
Also used :
NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher)
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher)
AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)
NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher)
MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
BeanMetadataElement(org.springframework.beans.BeanMetadataElement)
Element(org.w3c.dom.Element)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)
AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)
OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
Example 2 with LoginUrlAuthenticationEntryPoint
use of org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint in project spring-security by spring-projects.
the class DefaultFilterChainValidatorTests method setUp.
@BeforeEach
public void setUp() {
AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous");
this.fsi = new FilterSecurityInterceptor();
this.fsi.setAccessDecisionManager(this.accessDecisionManager);
this.fsi.setSecurityMetadataSource(this.metadataSource);
AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf, this.fsi);
this.fcp = new FilterChainProxy(securityChain);
this.validator = new DefaultFilterChainValidator();
ReflectionTestUtils.setField(this.validator, "logger", this.logger);
}
Also used :
FilterChainProxy(org.springframework.security.web.FilterChainProxy)
AnonymousAuthenticationFilter(org.springframework.security.web.authentication.AnonymousAuthenticationFilter)
FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor)
AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
ExceptionTranslationFilter(org.springframework.security.web.access.ExceptionTranslationFilter)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 3 with LoginUrlAuthenticationEntryPoint
use of org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint in project spring-boot by spring-projects.
the class SsoSecurityConfigurer method addAuthenticationEntryPoint.
private void addAuthenticationEntryPoint(HttpSecurity http, OAuth2SsoProperties sso) throws Exception {
ExceptionHandlingConfigurer<HttpSecurity> exceptions = http.exceptionHandling();
ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
if (contentNegotiationStrategy == null) {
contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
}
MediaTypeRequestMatcher preferredMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
preferredMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
exceptions.defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(sso.getLoginPath()), preferredMatcher);
// When multiple entry points are provided the default is the first one
exceptions.defaultAuthenticationEntryPointFor(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
}
Also used :
HttpStatusEntryPoint(org.springframework.security.web.authentication.HttpStatusEntryPoint)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
MediaType(org.springframework.http.MediaType)
HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy)
MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)
ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy)
HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy)
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
Example 4 with LoginUrlAuthenticationEntryPoint
use of org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint in project spring-security by spring-projects.
the class OAuth2LoginConfigurer method getLoginEntryPoint.
private AuthenticationEntryPoint getLoginEntryPoint(B http, String providerLoginPage) {
RequestMatcher loginPageMatcher = new AntPathRequestMatcher(this.getLoginPage());
RequestMatcher faviconMatcher = new AntPathRequestMatcher("/favicon.ico");
RequestMatcher defaultEntryPointMatcher = this.getAuthenticationEntryPointMatcher(http);
RequestMatcher defaultLoginPageMatcher = new AndRequestMatcher(new OrRequestMatcher(loginPageMatcher, faviconMatcher), defaultEntryPointMatcher);
RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
entryPoints.put(new AndRequestMatcher(notXRequestedWith, new NegatedRequestMatcher(defaultLoginPageMatcher)), new LoginUrlAuthenticationEntryPoint(providerLoginPage));
DelegatingAuthenticationEntryPoint loginEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);
loginEntryPoint.setDefaultEntryPoint(this.getAuthenticationEntryPoint());
return loginEntryPoint;
}
Also used :
NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher)
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher)
AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)
NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)
AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)
AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)
OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
LinkedHashMap(java.util.LinkedHashMap)
Example 5 with LoginUrlAuthenticationEntryPoint
use of org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint in project spring-security by spring-projects.
the class Saml2LoginConfigurer method init.
/**
* {@inheritDoc}
* <p>
* Initializes this filter chain for SAML 2 Login. The following actions are taken:
* <ul>
* <li>The WebSSO endpoint has CSRF disabled, typically {@code /login/saml2/sso}</li>
* <li>A {@link Saml2WebSsoAuthenticationFilter is configured}</li>
* <li>The {@code loginProcessingUrl} is set</li>
* <li>A custom login page is configured, <b>or</b></li>
* <li>A default login page with all SAML 2.0 Identity Providers is configured</li>
* <li>An {@link AuthenticationProvider} is configured</li>
* </ul>
*/
@Override
public void init(B http) throws Exception {
registerDefaultCsrfOverride(http);
relyingPartyRegistrationRepository(http);
this.saml2WebSsoAuthenticationFilter = new Saml2WebSsoAuthenticationFilter(getAuthenticationConverter(http), this.loginProcessingUrl);
setAuthenticationRequestRepository(http, this.saml2WebSsoAuthenticationFilter);
setAuthenticationFilter(this.saml2WebSsoAuthenticationFilter);
super.loginProcessingUrl(this.loginProcessingUrl);
if (StringUtils.hasText(this.loginPage)) {
// Set custom login page
super.loginPage(this.loginPage);
super.init(http);
} else {
Map<String, String> providerUrlMap = getIdentityProviderUrlMap(this.authenticationRequestUri, this.relyingPartyRegistrationRepository);
boolean singleProvider = providerUrlMap.size() == 1;
if (singleProvider) {
// Setup auto-redirect to provider login page
// when only 1 IDP is configured
this.updateAuthenticationDefaults();
this.updateAccessDefaults(http);
String loginUrl = providerUrlMap.entrySet().iterator().next().getKey();
final LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint(loginUrl);
registerAuthenticationEntryPoint(http, entryPoint);
} else {
super.init(http);
}
}
this.initDefaultLoginFilter(http);
}
Also used :
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
Saml2WebSsoAuthenticationFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter)
Aggregations
LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)11
AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)4
RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)4
LinkedHashMap (java.util.LinkedHashMap)3
HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)3
DelegatingAuthenticationEntryPoint (org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)3
AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)3
AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)3
MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)3
NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)3
OrRequestMatcher (org.springframework.security.web.util.matcher.OrRequestMatcher)3
RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)3
Map (java.util.Map)2
BeanMetadataElement (org.springframework.beans.BeanMetadataElement)2
ExceptionTranslationFilter (org.springframework.security.web.access.ExceptionTranslationFilter)2
FilterSecurityInterceptor (org.springframework.security.web.access.intercept.FilterSecurityInterceptor)2
AnonymousAuthenticationFilter (org.springframework.security.web.authentication.AnonymousAuthenticationFilter)2
Route (com.vaadin.flow.router.Route)1
Filter (jakarta.servlet.Filter)1
HashMap (java.util.HashMap)1
