Example 1 with AntPathRequestMatcher
use of org.springframework.security.web.util.matcher.AntPathRequestMatcher in project spring-security by spring-projects.
the class RequestCacheConfigurer method createDefaultSavedRequestMatcher.
@SuppressWarnings("unchecked")
private RequestMatcher createDefaultSavedRequestMatcher(H http) {
ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
if (contentNegotiationStrategy == null) {
contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
}
RequestMatcher notFavIcon = new NegatedRequestMatcher(new AntPathRequestMatcher("/**/favicon.ico"));
MediaTypeRequestMatcher jsonRequest = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_JSON);
jsonRequest.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
RequestMatcher notJson = new NegatedRequestMatcher(jsonRequest);
RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
boolean isCsrfEnabled = http.getConfigurer(CsrfConfigurer.class) != null;
List<RequestMatcher> matchers = new ArrayList<RequestMatcher>();
if (isCsrfEnabled) {
RequestMatcher getRequests = new AntPathRequestMatcher("/**", "GET");
matchers.add(0, getRequests);
}
matchers.add(notFavIcon);
matchers.add(notJson);
matchers.add(notXRequestedWith);
return new AndRequestMatcher(matchers);
}
Also used :
NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher)
AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)
NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
ArrayList(java.util.ArrayList)
HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy)
MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)
ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy)
HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy)
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)
Example 2 with AntPathRequestMatcher
use of org.springframework.security.web.util.matcher.AntPathRequestMatcher in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method mixingPatternsWithAndWithoutHttpMethodsIsSupported.
// SEC-1236
@Test
public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() throws Exception {
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
Collection<ConfigAttribute> userAttrs = SecurityConfig.createList("A");
requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs);
requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"), SecurityConfig.createList("B"));
this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
FilterInvocation fi = createFilterInvocation("/user", null, null, "GET");
Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
assertThat(attrs).isEqualTo(userAttrs);
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Collection(java.util.Collection)
FilterInvocation(org.springframework.security.web.FilterInvocation)
LinkedHashMap(java.util.LinkedHashMap)
Test(org.junit.Test)
Example 3 with AntPathRequestMatcher
use of org.springframework.security.web.util.matcher.AntPathRequestMatcher in project spring-security by spring-projects.
the class DefaultFilterInvocationSecurityMetadataSourceTests method createFids.
// ~ Methods
// ========================================================================================================
private void createFids(String pattern, String method) {
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
requestMap.put(new AntPathRequestMatcher(pattern, method), this.def);
this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
ConfigAttribute(org.springframework.security.access.ConfigAttribute)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Collection(java.util.Collection)
LinkedHashMap(java.util.LinkedHashMap)
Example 4 with AntPathRequestMatcher
use of org.springframework.security.web.util.matcher.AntPathRequestMatcher in project midpoint by Evolveum.
the class MidPointGuiAuthorizationEvaluator method addSecurityConfig.
private void addSecurityConfig(FilterInvocation filterInvocation, Collection<ConfigAttribute> guiConfigAttr, String url, DisplayableValue<String>[] actions) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
if (!matcher.matches(filterInvocation.getRequest()) || actions == null) {
return;
}
for (DisplayableValue<String> action : actions) {
String actionUri = action.getValue();
if (StringUtils.isBlank(actionUri)) {
continue;
}
//all users has permission to access these resources
if (action.equals(AuthorizationConstants.AUTZ_UI_PERMIT_ALL_URL)) {
return;
}
SecurityConfig config = new SecurityConfig(actionUri);
if (!guiConfigAttr.contains(config)) {
guiConfigAttr.add(config);
}
}
}
Also used :
SecurityConfig(org.springframework.security.access.SecurityConfig)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Aggregations
AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)4
RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)3
Collection (java.util.Collection)2
LinkedHashMap (java.util.LinkedHashMap)2
ConfigAttribute (org.springframework.security.access.ConfigAttribute)2
ArrayList (java.util.ArrayList)1
Test (org.junit.Test)1
SecurityConfig (org.springframework.security.access.SecurityConfig)1
FilterInvocation (org.springframework.security.web.FilterInvocation)1
AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)1
MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)1
NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)1
RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)1
ContentNegotiationStrategy (org.springframework.web.accept.ContentNegotiationStrategy)1
HeaderContentNegotiationStrategy (org.springframework.web.accept.HeaderContentNegotiationStrategy)1
