Examples with RequestMatcher org.springframework.security.web.util.matcher.RequestMatcher used on opensource projects

Example 71 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class OAuth2LoginBeanDefinitionParser method parse.

@Override
public BeanDefinition parse(Element element, ParserContext parserContext) {
    // register magic bean
    BeanDefinition oauth2LoginBeanConfig = BeanDefinitionBuilder.rootBeanDefinition(OAuth2LoginBeanConfig.class).getBeanDefinition();
    String oauth2LoginBeanConfigId = parserContext.getReaderContext().generateBeanName(oauth2LoginBeanConfig);
    parserContext.registerBeanComponent(new BeanComponentDefinition(oauth2LoginBeanConfig, oauth2LoginBeanConfigId));
    // configure filter
    BeanMetadataElement clientRegistrationRepository = OAuth2ClientBeanDefinitionParserUtils.getClientRegistrationRepository(element);
    BeanMetadataElement authorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientRepository(element);
    if (authorizedClientRepository == null) {
        BeanMetadataElement authorizedClientService = OAuth2ClientBeanDefinitionParserUtils.getAuthorizedClientService(element);
        this.defaultAuthorizedClientRepository = OAuth2ClientBeanDefinitionParserUtils.createDefaultAuthorizedClientRepository(clientRegistrationRepository, authorizedClientService);
        authorizedClientRepository = new RuntimeBeanReference(OAuth2AuthorizedClientRepository.class);
    }
    BeanMetadataElement accessTokenResponseClient = getAccessTokenResponseClient(element);
    BeanMetadataElement oauth2UserService = getOAuth2UserService(element);
    BeanMetadataElement authorizationRequestRepository = getAuthorizationRequestRepository(element);
    BeanDefinitionBuilder oauth2LoginAuthenticationFilterBuilder = BeanDefinitionBuilder.rootBeanDefinition(OAuth2LoginAuthenticationFilter.class).addConstructorArgValue(clientRegistrationRepository).addConstructorArgValue(authorizedClientRepository).addPropertyValue("authorizationRequestRepository", authorizationRequestRepository);
    if (this.sessionStrategy != null) {
        oauth2LoginAuthenticationFilterBuilder.addPropertyValue("sessionAuthenticationStrategy", this.sessionStrategy);
    }
    Object source = parserContext.extractSource(element);
    String loginProcessingUrl = element.getAttribute(ATT_LOGIN_PROCESSING_URL);
    if (!StringUtils.isEmpty(loginProcessingUrl)) {
        WebConfigUtils.validateHttpRedirect(loginProcessingUrl, parserContext, source);
        oauth2LoginAuthenticationFilterBuilder.addConstructorArgValue(loginProcessingUrl);
    } else {
        oauth2LoginAuthenticationFilterBuilder.addConstructorArgValue(OAuth2LoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI);
    }
    BeanDefinitionBuilder oauth2LoginAuthenticationProviderBuilder = BeanDefinitionBuilder.rootBeanDefinition(OAuth2LoginAuthenticationProvider.class).addConstructorArgValue(accessTokenResponseClient).addConstructorArgValue(oauth2UserService);
    String userAuthoritiesMapperRef = element.getAttribute(ATT_USER_AUTHORITIES_MAPPER_REF);
    if (!StringUtils.isEmpty(userAuthoritiesMapperRef)) {
        oauth2LoginAuthenticationProviderBuilder.addPropertyReference("authoritiesMapper", userAuthoritiesMapperRef);
    }
    this.oauth2LoginAuthenticationProvider = oauth2LoginAuthenticationProviderBuilder.getBeanDefinition();
    this.oauth2LoginOidcAuthenticationProvider = getOidcAuthProvider(element, accessTokenResponseClient, userAuthoritiesMapperRef);
    BeanDefinitionBuilder oauth2AuthorizationRequestRedirectFilterBuilder = BeanDefinitionBuilder.rootBeanDefinition(OAuth2AuthorizationRequestRedirectFilter.class);
    String authorizationRequestResolverRef = element.getAttribute(ATT_AUTHORIZATION_REQUEST_RESOLVER_REF);
    if (!StringUtils.isEmpty(authorizationRequestResolverRef)) {
        oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgReference(authorizationRequestResolverRef);
    } else {
        oauth2AuthorizationRequestRedirectFilterBuilder.addConstructorArgValue(clientRegistrationRepository);
    }
    oauth2AuthorizationRequestRedirectFilterBuilder.addPropertyValue("authorizationRequestRepository", authorizationRequestRepository).addPropertyValue("requestCache", this.requestCache);
    this.oauth2AuthorizationRequestRedirectFilter = oauth2AuthorizationRequestRedirectFilterBuilder.getBeanDefinition();
    String authenticationSuccessHandlerRef = element.getAttribute(ATT_AUTHENTICATION_SUCCESS_HANDLER_REF);
    if (!StringUtils.isEmpty(authenticationSuccessHandlerRef)) {
        oauth2LoginAuthenticationFilterBuilder.addPropertyReference("authenticationSuccessHandler", authenticationSuccessHandlerRef);
    } else {
        BeanDefinitionBuilder successHandlerBuilder = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler").addPropertyValue("requestCache", this.requestCache);
        oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationSuccessHandler", successHandlerBuilder.getBeanDefinition());
    }
    String loginPage = element.getAttribute(ATT_LOGIN_PAGE);
    if (!StringUtils.isEmpty(loginPage)) {
        WebConfigUtils.validateHttpRedirect(loginPage, parserContext, source);
        this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class).addConstructorArgValue(loginPage).addPropertyValue("portMapper", this.portMapper).addPropertyValue("portResolver", this.portResolver).getBeanDefinition();
    } else {
        Map<RequestMatcher, AuthenticationEntryPoint> entryPoint = getLoginEntryPoint(element);
        if (entryPoint != null) {
            this.oauth2LoginAuthenticationEntryPoint = BeanDefinitionBuilder.rootBeanDefinition(DelegatingAuthenticationEntryPoint.class).addConstructorArgValue(entryPoint).addPropertyValue("defaultEntryPoint", new LoginUrlAuthenticationEntryPoint(DEFAULT_LOGIN_URI)).getBeanDefinition();
        }
    }
    String authenticationFailureHandlerRef = element.getAttribute(ATT_AUTHENTICATION_FAILURE_HANDLER_REF);
    if (!StringUtils.isEmpty(authenticationFailureHandlerRef)) {
        oauth2LoginAuthenticationFilterBuilder.addPropertyReference("authenticationFailureHandler", authenticationFailureHandlerRef);
    } else {
        BeanDefinitionBuilder failureHandlerBuilder = BeanDefinitionBuilder.rootBeanDefinition("org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler");
        failureHandlerBuilder.addConstructorArgValue(DEFAULT_LOGIN_URI + "?" + DefaultLoginPageGeneratingFilter.ERROR_PARAMETER_NAME);
        failureHandlerBuilder.addPropertyValue("allowSessionCreation", this.allowSessionCreation);
        oauth2LoginAuthenticationFilterBuilder.addPropertyValue("authenticationFailureHandler", failureHandlerBuilder.getBeanDefinition());
    }
    // prepare loginlinks
    this.oauth2LoginLinks = BeanDefinitionBuilder.rootBeanDefinition(Map.class).setFactoryMethodOnBean("getLoginLinks", oauth2LoginBeanConfigId).getBeanDefinition();
    return oauth2LoginAuthenticationFilterBuilder.getBeanDefinition();
}

Example 72 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class OAuth2LoginBeanDefinitionParser method getAuthenticationEntryPointMatcher.

private RequestMatcher getAuthenticationEntryPointMatcher() {
    ContentNegotiationStrategy contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
    mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
    return new AndRequestMatcher(Arrays.asList(notXRequestedWith, mediaMatcher));
}

Example 73 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class AbstractRequestMatcherRegistry method dispatcherTypeMatchers.

/**
 * Maps a {@link List} of
 * {@link org.springframework.security.web.util.matcher.DispatcherTypeRequestMatcher}
 * instances.
 * @param method the {@link HttpMethod} to use or {@code null} for any
 * {@link HttpMethod}.
 * @param dispatcherTypes the dispatcher types to match against
 * @return the object that is chained after creating the {@link RequestMatcher}
 */
public C dispatcherTypeMatchers(@Nullable HttpMethod method, DispatcherType... dispatcherTypes) {
    Assert.state(!this.anyRequestConfigured, "Can't configure dispatcherTypeMatchers after anyRequest");
    List<RequestMatcher> matchers = new ArrayList<>();
    for (DispatcherType dispatcherType : dispatcherTypes) {
        matchers.add(new DispatcherTypeRequestMatcher(dispatcherType, method));
    }
    return chainRequestMatchers(matchers);
}

Example 74 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project pivotal-cla by pivotalsoftware.

the class SecurityConfig method entryPoint.

private AuthenticationEntryPoint entryPoint() {
    LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
    entryPoints.put(new AntPathRequestMatcher("/github/hooks/**"), new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
    entryPoints.put(new AntPathRequestMatcher("/admin/**"), new GitHubAuthenticationEntryPoint(oauthConfig.getMain(), "user:email,repo:status,admin:repo_hook,admin:org_hook,read:org"));
    BasicAuthenticationEntryPoint basicEntryPoint = new BasicAuthenticationEntryPoint();
    basicEntryPoint.setRealmName("Pivotal CLA");
    entryPoints.put(new AntPathRequestMatcher("/manage/**"), basicEntryPoint);
    DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);
    entryPoint.setDefaultEntryPoint(new GitHubAuthenticationEntryPoint(oauthConfig.getMain(), "user:email"));
    return entryPoint;
}

Example 75 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class DelegatingAuthenticationEntryPointTests method testFirstEntryPoint.

@Test
public void testFirstEntryPoint() throws Exception {
    AuthenticationEntryPoint firstAEP = mock(AuthenticationEntryPoint.class);
    RequestMatcher firstRM = mock(RequestMatcher.class);
    AuthenticationEntryPoint secondAEP = mock(AuthenticationEntryPoint.class);
    RequestMatcher secondRM = mock(RequestMatcher.class);
    given(firstRM.matches(this.request)).willReturn(true);
    this.entryPoints.put(firstRM, firstAEP);
    this.entryPoints.put(secondRM, secondAEP);
    this.daep.commence(this.request, null, null);
    verify(firstAEP).commence(this.request, null, null);
    verify(secondAEP, never()).commence(this.request, null, null);
    verify(this.defaultEntryPoint, never()).commence(this.request, null, null);
    verify(secondRM, never()).matches(this.request);
}