Example 6 with RequestHeaderRequestMatcher
use of org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher in project spring-security by spring-projects.
the class AbstractAuthenticationFilterConfigurer method registerDefaultAuthenticationEntryPoint.
@SuppressWarnings("unchecked")
private void registerDefaultAuthenticationEntryPoint(B http) {
ExceptionHandlingConfigurer<B> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
if (exceptionHandling == null) {
return;
}
ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
if (contentNegotiationStrategy == null) {
contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
}
MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
RequestMatcher preferredMatcher = new AndRequestMatcher(Arrays.asList(notXRequestedWith, mediaMatcher));
exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(authenticationEntryPoint), preferredMatcher);
}
Also used :
NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher)
AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)
NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher)
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)
MediaType(org.springframework.http.MediaType)
HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy)
MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)
HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy)
ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy)
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)
Example 7 with RequestHeaderRequestMatcher
use of org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher in project spring-security by spring-projects.
the class RequestHeaderRequestMatcherTests method matchesHeaderNameValueMatches.
@Test
public void matchesHeaderNameValueMatches() {
request.addHeader(headerName, headerValue);
assertThat(new RequestHeaderRequestMatcher(headerName, headerValue).matches(request)).isTrue();
}
Also used :
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
Test(org.junit.Test)
Example 8 with RequestHeaderRequestMatcher
use of org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher in project spring-security by spring-projects.
the class RequestHeaderRequestMatcherTests method matchesHeaderNameValueHeaderValueMultiNotMatch.
@Test
public void matchesHeaderNameValueHeaderValueMultiNotMatch() {
request.addHeader(headerName, headerValue + "notMatch");
request.addHeader(headerName, headerValue);
assertThat(new RequestHeaderRequestMatcher(headerName, headerValue).matches(request)).isFalse();
}
Also used :
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
Test(org.junit.Test)
Example 9 with RequestHeaderRequestMatcher
use of org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher in project spring-security by spring-projects.
the class RequestHeaderRequestMatcherTests method matchesHeaderNameMatches.
@Test
public void matchesHeaderNameMatches() {
request.addHeader(headerName, headerValue);
assertThat(new RequestHeaderRequestMatcher(headerName).matches(request)).isTrue();
}
Also used :
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
Test(org.junit.Test)
Example 10 with RequestHeaderRequestMatcher
use of org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher in project spring-boot by spring-projects.
the class SsoSecurityConfigurer method addAuthenticationEntryPoint.
private void addAuthenticationEntryPoint(HttpSecurity http, OAuth2SsoProperties sso) throws Exception {
ExceptionHandlingConfigurer<HttpSecurity> exceptions = http.exceptionHandling();
ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
if (contentNegotiationStrategy == null) {
contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
}
MediaTypeRequestMatcher preferredMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
preferredMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
exceptions.defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(sso.getLoginPath()), preferredMatcher);
// When multiple entry points are provided the default is the first one
exceptions.defaultAuthenticationEntryPointFor(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
}
Also used :
HttpStatusEntryPoint(org.springframework.security.web.authentication.HttpStatusEntryPoint)
HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity)
MediaType(org.springframework.http.MediaType)
HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy)
MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)
ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy)
HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy)
RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
Aggregations
RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)10
Test (org.junit.Test)6
MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)3
RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)3
ContentNegotiationStrategy (org.springframework.web.accept.ContentNegotiationStrategy)3
HeaderContentNegotiationStrategy (org.springframework.web.accept.HeaderContentNegotiationStrategy)3
MediaType (org.springframework.http.MediaType)2
AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)2
NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)2
ArrayList (java.util.ArrayList)1
LinkedHashMap (java.util.LinkedHashMap)1
AtlasAuthenticationEntryPoint (org.apache.atlas.web.filters.AtlasAuthenticationEntryPoint)1
HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)1
AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)1
DelegatingAuthenticationEntryPoint (org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)1
HttpStatusEntryPoint (org.springframework.security.web.authentication.HttpStatusEntryPoint)1
LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)1
BasicAuthenticationEntryPoint (org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint)1
AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)1
