Search in sources :

Example 26 with MediaTypeRequestMatcher

use of org.springframework.security.web.util.matcher.MediaTypeRequestMatcher in project spring-security-oauth by spring-projects.

the class AuthorizationServerSecurityConfigurer method registerDefaultAuthenticationEntryPoint.

@SuppressWarnings("unchecked")
private void registerDefaultAuthenticationEntryPoint(HttpSecurity http) {
    ExceptionHandlingConfigurer<HttpSecurity> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
    if (exceptionHandling == null) {
        return;
    }
    if (authenticationEntryPoint == null) {
        BasicAuthenticationEntryPoint basicEntryPoint = new BasicAuthenticationEntryPoint();
        basicEntryPoint.setRealmName(realm);
        authenticationEntryPoint = basicEntryPoint;
    }
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher preferredMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
    preferredMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(authenticationEntryPoint), preferredMatcher);
}
Also used : BasicAuthenticationEntryPoint(org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy)

Example 27 with MediaTypeRequestMatcher

use of org.springframework.security.web.util.matcher.MediaTypeRequestMatcher in project spring-security-oauth by spring-projects.

the class ResourceServerSecurityConfigurer method registerDefaultAuthenticationEntryPoint.

@SuppressWarnings("unchecked")
private void registerDefaultAuthenticationEntryPoint(HttpSecurity http) {
    ExceptionHandlingConfigurer<HttpSecurity> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
    if (exceptionHandling == null) {
        return;
    }
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher preferredMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
    preferredMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(authenticationEntryPoint), preferredMatcher);
}
Also used : HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy)

Example 28 with MediaTypeRequestMatcher

use of org.springframework.security.web.util.matcher.MediaTypeRequestMatcher in project spring-security by spring-projects.

the class AbstractAuthenticationFilterConfigurer method registerDefaultAuthenticationEntryPoint.

@SuppressWarnings("unchecked")
private void registerDefaultAuthenticationEntryPoint(B http) {
    ExceptionHandlingConfigurer<B> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
    if (exceptionHandling == null) {
        return;
    }
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
    mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
    RequestMatcher preferredMatcher = new AndRequestMatcher(Arrays.asList(notXRequestedWith, mediaMatcher));
    exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(authenticationEntryPoint), preferredMatcher);
}
Also used : NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) MediaType(org.springframework.http.MediaType) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)

Example 29 with MediaTypeRequestMatcher

use of org.springframework.security.web.util.matcher.MediaTypeRequestMatcher in project spring-boot by spring-projects.

the class SsoSecurityConfigurer method addAuthenticationEntryPoint.

private void addAuthenticationEntryPoint(HttpSecurity http, OAuth2SsoProperties sso) throws Exception {
    ExceptionHandlingConfigurer<HttpSecurity> exceptions = http.exceptionHandling();
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher preferredMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
    preferredMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    exceptions.defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(sso.getLoginPath()), preferredMatcher);
    // When multiple entry points are provided the default is the first one
    exceptions.defaultAuthenticationEntryPointFor(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
}
Also used : HttpStatusEntryPoint(org.springframework.security.web.authentication.HttpStatusEntryPoint) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) MediaType(org.springframework.http.MediaType) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)

Example 30 with MediaTypeRequestMatcher

use of org.springframework.security.web.util.matcher.MediaTypeRequestMatcher in project spring-security by spring-projects.

the class RequestCacheConfigurer method notMatchingMediaType.

private RequestMatcher notMatchingMediaType(H http, MediaType mediaType) {
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher mediaRequest = new MediaTypeRequestMatcher(contentNegotiationStrategy, mediaType);
    mediaRequest.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    return new NegatedRequestMatcher(mediaRequest);
}
Also used : NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy)

Aggregations

MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)33 Test (org.junit.Test)21 ContentNegotiationStrategy (org.springframework.web.accept.ContentNegotiationStrategy)12 HeaderContentNegotiationStrategy (org.springframework.web.accept.HeaderContentNegotiationStrategy)12 MediaType (org.springframework.http.MediaType)11 NativeWebRequest (org.springframework.web.context.request.NativeWebRequest)11 NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)7 RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)7 AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)6 RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)6 HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)3 OrRequestMatcher (org.springframework.security.web.util.matcher.OrRequestMatcher)3 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)2 HttpStatusEntryPoint (org.springframework.security.web.authentication.HttpStatusEntryPoint)1 LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)1 BasicAuthenticationEntryPoint (org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint)1