Examples with RequestMatcher org.springframework.security.web.util.matcher.RequestMatcher used on opensource projects

Search in sources :

Example 66 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class Saml2LogoutConfigurer method createLogoutMatcher.

private RequestMatcher createLogoutMatcher() {
    RequestMatcher logout = new AntPathRequestMatcher(this.logoutUrl, "POST");
    RequestMatcher saml2 = new Saml2RequestMatcher();
    return new AndRequestMatcher(logout, saml2);
}
Also used : AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)

Example 67 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class WebSecurity method performBuild.

@Override
protected Filter performBuild() throws Exception {
    Assert.state(!this.securityFilterChainBuilders.isEmpty(), () -> "At least one SecurityBuilder<? extends SecurityFilterChain> needs to be specified. " + "Typically this is done by exposing a SecurityFilterChain bean " + "or by adding a @Configuration that extends WebSecurityConfigurerAdapter. " + "More advanced users can invoke " + WebSecurity.class.getSimpleName() + ".addSecurityFilterChainBuilder directly");
    int chainSize = this.ignoredRequests.size() + this.securityFilterChainBuilders.size();
    List<SecurityFilterChain> securityFilterChains = new ArrayList<>(chainSize);
    List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>> requestMatcherPrivilegeEvaluatorsEntries = new ArrayList<>();
    for (RequestMatcher ignoredRequest : this.ignoredRequests) {
        WebSecurity.this.logger.warn("You are asking Spring Security to ignore " + ignoredRequest + ". This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.");
        SecurityFilterChain securityFilterChain = new DefaultSecurityFilterChain(ignoredRequest);
        securityFilterChains.add(securityFilterChain);
        requestMatcherPrivilegeEvaluatorsEntries.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
    }
    for (SecurityBuilder<? extends SecurityFilterChain> securityFilterChainBuilder : this.securityFilterChainBuilders) {
        SecurityFilterChain securityFilterChain = securityFilterChainBuilder.build();
        securityFilterChains.add(securityFilterChain);
        requestMatcherPrivilegeEvaluatorsEntries.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
    }
    if (this.privilegeEvaluator == null) {
        this.privilegeEvaluator = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(requestMatcherPrivilegeEvaluatorsEntries);
    }
    FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);
    if (this.httpFirewall != null) {
        filterChainProxy.setFirewall(this.httpFirewall);
    }
    if (this.requestRejectedHandler != null) {
        filterChainProxy.setRequestRejectedHandler(this.requestRejectedHandler);
    }
    filterChainProxy.afterPropertiesSet();
    Filter result = filterChainProxy;
    if (this.debugEnabled) {
        this.logger.warn("\n\n" + "********************************************************************\n" + "**********        Security debugging is enabled.       *************\n" + "**********    This may include sensitive information.  *************\n" + "**********      Do not use in a production system!     *************\n" + "********************************************************************\n\n");
        result = new DebugFilter(filterChainProxy);
    }
    this.postBuildAction.run();
    return result;
}
Also used : WebInvocationPrivilegeEvaluator(org.springframework.security.web.access.WebInvocationPrivilegeEvaluator) RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator) AuthorizationManagerWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.AuthorizationManagerWebInvocationPrivilegeEvaluator) DefaultWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher) EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity) ArrayList(java.util.ArrayList) RequestMatcherEntry(org.springframework.security.web.util.matcher.RequestMatcherEntry) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) DebugFilter(org.springframework.security.web.debug.DebugFilter) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(org.springframework.security.web.access.RequestMatcherDelegatingWebInvocationPrivilegeEvaluator) Filter(jakarta.servlet.Filter) DebugFilter(org.springframework.security.web.debug.DebugFilter) AuthorizationFilter(org.springframework.security.web.access.intercept.AuthorizationFilter)

Example 68 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class AbstractAuthenticationFilterConfigurer method getAuthenticationEntryPointMatcher.

protected final RequestMatcher getAuthenticationEntryPointMatcher(B http) {
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
    mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
    return new AndRequestMatcher(Arrays.asList(notXRequestedWith, mediaMatcher));
}
Also used : NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) MediaType(org.springframework.http.MediaType) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)

Example 69 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class ChannelSecurityConfigurer method addAttribute.

private ChannelRequestMatcherRegistry addAttribute(String attribute, List<? extends RequestMatcher> matchers) {
    for (RequestMatcher matcher : matchers) {
        Collection<ConfigAttribute> attrs = Arrays.asList(new SecurityConfig(attribute));
        this.requestMap.put(matcher, attrs);
    }
    return this.REGISTRY;
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher) ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig)

Example 70 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class HttpBasicConfigurer method registerDefaults.

private void registerDefaults(B http) {
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher restMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
    restMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    MediaTypeRequestMatcher allMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.ALL);
    allMatcher.setUseEquals(true);
    RequestMatcher notHtmlMatcher = new NegatedRequestMatcher(new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.TEXT_HTML));
    RequestMatcher restNotHtmlMatcher = new AndRequestMatcher(Arrays.<RequestMatcher>asList(notHtmlMatcher, restMatcher));
    RequestMatcher preferredMatcher = new OrRequestMatcher(Arrays.asList(X_REQUESTED_WITH, restNotHtmlMatcher, allMatcher));
    registerDefaultEntryPoint(http, preferredMatcher);
    registerDefaultLogoutSuccessHandler(http, preferredMatcher);
}
Also used : NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher)

Aggregations

RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)85 Test (org.junit.jupiter.api.Test)40 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)27 LinkedHashMap (java.util.LinkedHashMap)16 AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)14 NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)12 RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)12 ArrayList (java.util.ArrayList)11 AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)10 OrRequestMatcher (org.springframework.security.web.util.matcher.OrRequestMatcher)10 MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)9 Collection (java.util.Collection)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)7 ConfigAttribute (org.springframework.security.access.ConfigAttribute)7 AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)7 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6 DelegatingAuthenticationEntryPoint (org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)6 ContentNegotiationStrategy (org.springframework.web.accept.ContentNegotiationStrategy)6 HeaderContentNegotiationStrategy (org.springframework.web.accept.HeaderContentNegotiationStrategy)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial