Example 1 with MvcRequestMatcher
use of org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher in project spring-security by spring-projects.
the class AbstractRequestMatcherRegistry method createMvcMatchers.
/**
* Creates {@link MvcRequestMatcher} instances for the method and patterns passed in
* @param method the HTTP method to use or null if any should be used
* @param mvcPatterns the Spring MVC patterns to match on
* @return a List of {@link MvcRequestMatcher} instances
*/
protected final List<MvcRequestMatcher> createMvcMatchers(HttpMethod method, String... mvcPatterns) {
Assert.state(!this.anyRequestConfigured, "Can't configure mvcMatchers after anyRequest");
ObjectPostProcessor<Object> opp = this.context.getBean(ObjectPostProcessor.class);
if (!this.context.containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) {
throw new NoSuchBeanDefinitionException("A Bean named " + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME + " of type " + HandlerMappingIntrospector.class.getName() + " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
}
HandlerMappingIntrospector introspector = this.context.getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME, HandlerMappingIntrospector.class);
List<MvcRequestMatcher> matchers = new ArrayList<>(mvcPatterns.length);
for (String mvcPattern : mvcPatterns) {
MvcRequestMatcher matcher = new MvcRequestMatcher(introspector, mvcPattern);
opp.postProcess(matcher);
if (method != null) {
matcher.setMethod(method);
}
matchers.add(matcher);
}
return matchers;
}
Also used :
HandlerMappingIntrospector(org.springframework.web.servlet.handler.HandlerMappingIntrospector)
ArrayList(java.util.ArrayList)
NoSuchBeanDefinitionException(org.springframework.beans.factory.NoSuchBeanDefinitionException)
MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)
Example 2 with MvcRequestMatcher
use of org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher in project spring-security by spring-projects.
the class HttpSecurity method mvcMatcher.
/**
* Allows configuring the {@link HttpSecurity} to only be invoked when matching the
* provided Spring MVC pattern. If more advanced configuration is necessary, consider
* using {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}.
*
* <p>
* Invoking {@link #mvcMatcher(String)} will override previous invocations of
* {@link #mvcMatcher(String)}}, {@link #requestMatchers()},
* {@link #antMatcher(String)}, {@link #regexMatcher(String)}, and
* {@link #requestMatcher(RequestMatcher)}.
* </p>
* @param mvcPattern the Spring MVC Pattern to match on (i.e. "/admin/**")
* @return the {@link HttpSecurity} for further customizations
* @see MvcRequestMatcher
*/
public HttpSecurity mvcMatcher(String mvcPattern) {
HandlerMappingIntrospector introspector = new HandlerMappingIntrospector();
introspector.setApplicationContext(getContext());
introspector.afterPropertiesSet();
return requestMatcher(new MvcRequestMatcher(introspector, mvcPattern));
}
Also used :
HandlerMappingIntrospector(org.springframework.web.servlet.handler.HandlerMappingIntrospector)
MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)
Example 3 with MvcRequestMatcher
use of org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher in project spring-security by spring-projects.
the class RequestMatcherDelegatingAuthorizationManagerTests method checkWhenMultipleMappingsConfiguredWithConsumerThenDelegatesMatchingManager.
@Test
public void checkWhenMultipleMappingsConfiguredWithConsumerThenDelegatesMatchingManager() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder().mappings((m) -> {
m.put(new MvcRequestMatcher(null, "/grant"), (a, o) -> new AuthorizationDecision(true));
m.put(AnyRequestMatcher.INSTANCE, AuthorityAuthorizationManager.hasRole("ADMIN"));
m.put(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false));
m.put(new MvcRequestMatcher(null, "/afterAny"), (a, o) -> new AuthorizationDecision(true));
}).build();
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
AuthorizationDecision grant = manager.check(authentication, new MockHttpServletRequest(null, "/grant"));
assertThat(grant).isNotNull();
assertThat(grant.isGranted()).isTrue();
AuthorizationDecision deny = manager.check(authentication, new MockHttpServletRequest(null, "/deny"));
assertThat(deny).isNotNull();
assertThat(deny.isGranted()).isFalse();
AuthorizationDecision afterAny = manager.check(authentication, new MockHttpServletRequest(null, "/afterAny"));
assertThat(afterAny).isNotNull();
assertThat(afterAny.isGranted()).isFalse();
AuthorizationDecision unmapped = manager.check(authentication, new MockHttpServletRequest(null, "/unmapped"));
assertThat(unmapped).isNotNull();
assertThat(unmapped.isGranted()).isFalse();
}
Also used :
Test(org.junit.jupiter.api.Test)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AuthorityAuthorizationManager(org.springframework.security.authorization.AuthorityAuthorizationManager)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException)
AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Authentication(org.springframework.security.core.Authentication)
Supplier(java.util.function.Supplier)
AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision)
MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)
AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision)
Authentication(org.springframework.security.core.Authentication)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)
Test(org.junit.jupiter.api.Test)
Example 4 with MvcRequestMatcher
use of org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher in project spring-security by spring-projects.
the class RequestMatcherDelegatingAuthorizationManagerTests method checkWhenMultipleMappingsConfiguredThenDelegatesMatchingManager.
@Test
public void checkWhenMultipleMappingsConfiguredThenDelegatesMatchingManager() {
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder().add(new MvcRequestMatcher(null, "/grant"), (a, o) -> new AuthorizationDecision(true)).add(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false)).add(new MvcRequestMatcher(null, "/neutral"), (a, o) -> null).build();
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
AuthorizationDecision grant = manager.check(authentication, new MockHttpServletRequest(null, "/grant"));
assertThat(grant).isNotNull();
assertThat(grant.isGranted()).isTrue();
AuthorizationDecision deny = manager.check(authentication, new MockHttpServletRequest(null, "/deny"));
assertThat(deny).isNotNull();
assertThat(deny.isGranted()).isFalse();
AuthorizationDecision neutral = manager.check(authentication, new MockHttpServletRequest(null, "/neutral"));
assertThat(neutral).isNull();
AuthorizationDecision abstain = manager.check(authentication, new MockHttpServletRequest(null, "/abstain"));
assertThat(abstain).isNull();
}
Also used :
Test(org.junit.jupiter.api.Test)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
AuthorityAuthorizationManager(org.springframework.security.authorization.AuthorityAuthorizationManager)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException)
AnyRequestMatcher(org.springframework.security.web.util.matcher.AnyRequestMatcher)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Authentication(org.springframework.security.core.Authentication)
Supplier(java.util.function.Supplier)
AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision)
MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)
AuthorizationDecision(org.springframework.security.authorization.AuthorizationDecision)
Authentication(org.springframework.security.core.Authentication)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)
Test(org.junit.jupiter.api.Test)
Aggregations
MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)4
Supplier (java.util.function.Supplier)2
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2
Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)2
Test (org.junit.jupiter.api.Test)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)2
AuthorityAuthorizationManager (org.springframework.security.authorization.AuthorityAuthorizationManager)2
AuthorizationDecision (org.springframework.security.authorization.AuthorizationDecision)2
Authentication (org.springframework.security.core.Authentication)2
AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)2
HandlerMappingIntrospector (org.springframework.web.servlet.handler.HandlerMappingIntrospector)2
ArrayList (java.util.ArrayList)1
NoSuchBeanDefinitionException (org.springframework.beans.factory.NoSuchBeanDefinitionException)1
