Examples with RequestMatcher org.springframework.security.web.util.matcher.RequestMatcher used on opensource projects

Search in sources :

Example 81 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class DefaultFilterInvocationSecurityMetadataSourceTests method createFids.

private void createFids(String pattern, String method) {
    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
    requestMap.put(new AntPathRequestMatcher(pattern, method), this.def);
    this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) Collection(java.util.Collection) LinkedHashMap(java.util.LinkedHashMap)

Example 82 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class RequestMatcherDelegatingAccessDeniedHandlerTests method handleWhenFirstMatchesThenOnlyFirstInvoked.

@Test
public void handleWhenFirstMatchesThenOnlyFirstInvoked() throws Exception {
    AccessDeniedHandler firstHandler = mock(AccessDeniedHandler.class);
    RequestMatcher firstMatcher = mock(RequestMatcher.class);
    AccessDeniedHandler secondHandler = mock(AccessDeniedHandler.class);
    RequestMatcher secondMatcher = mock(RequestMatcher.class);
    given(firstMatcher.matches(this.request)).willReturn(true);
    this.deniedHandlers.put(firstMatcher, firstHandler);
    this.deniedHandlers.put(secondMatcher, secondHandler);
    this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler);
    this.delegator.handle(this.request, null, null);
    verify(firstHandler).handle(this.request, null, null);
    verify(secondHandler, never()).handle(this.request, null, null);
    verify(this.accessDeniedHandler, never()).handle(this.request, null, null);
    verify(secondMatcher, never()).matches(this.request);
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) Test(org.junit.jupiter.api.Test)

Example 83 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class RequestMatcherDelegatingAccessDeniedHandlerTests method handleWhenNothingMatchesThenOnlyDefaultHandlerInvoked.

@Test
public void handleWhenNothingMatchesThenOnlyDefaultHandlerInvoked() throws Exception {
    AccessDeniedHandler handler = mock(AccessDeniedHandler.class);
    RequestMatcher matcher = mock(RequestMatcher.class);
    given(matcher.matches(this.request)).willReturn(false);
    this.deniedHandlers.put(matcher, handler);
    this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler);
    this.delegator.handle(this.request, null, null);
    verify(this.accessDeniedHandler).handle(this.request, null, null);
    verify(handler, never()).handle(this.request, null, null);
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) Test(org.junit.jupiter.api.Test)

Example 84 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class RequestMatcherDelegatingAccessDeniedHandlerTests method handleWhenSecondMatchesThenOnlySecondInvoked.

@Test
public void handleWhenSecondMatchesThenOnlySecondInvoked() throws Exception {
    AccessDeniedHandler firstHandler = mock(AccessDeniedHandler.class);
    RequestMatcher firstMatcher = mock(RequestMatcher.class);
    AccessDeniedHandler secondHandler = mock(AccessDeniedHandler.class);
    RequestMatcher secondMatcher = mock(RequestMatcher.class);
    given(firstMatcher.matches(this.request)).willReturn(false);
    given(secondMatcher.matches(this.request)).willReturn(true);
    this.deniedHandlers.put(firstMatcher, firstHandler);
    this.deniedHandlers.put(secondMatcher, secondHandler);
    this.delegator = new RequestMatcherDelegatingAccessDeniedHandler(this.deniedHandlers, this.accessDeniedHandler);
    this.delegator.handle(this.request, null, null);
    verify(secondHandler).handle(this.request, null, null);
    verify(firstHandler, never()).handle(this.request, null, null);
    verify(this.accessDeniedHandler, never()).handle(this.request, null, null);
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) Test(org.junit.jupiter.api.Test)

Example 85 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project OsmAnd-tools by osmandapp.

the class WebSecurityConfiguration method configure.

@Override
protected void configure(HttpSecurity http) throws Exception {
    // http.csrf().disable().antMatcher("/**");
    // 1. CSRF
    Set<String> enabledMethods = new TreeSet<>(Arrays.asList("GET", "HEAD", "TRACE", "OPTIONS", "POST", "DELETE"));
    http.csrf().requireCsrfProtectionMatcher(new RequestMatcher() {

        @Override
        public boolean matches(HttpServletRequest request) {
            String method = request.getMethod();
            if (method != null && !enabledMethods.contains(method)) {
                String url = request.getServletPath();
                if (request.getPathInfo() != null) {
                    url += request.getPathInfo();
                }
                if (url.startsWith("/api/") || url.startsWith("/subscription/")) {
                    return false;
                }
                return true;
            }
            return false;
        }
    }).csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    http.cors().configurationSource(corsConfigurationSource());
    http.authorizeRequests().antMatchers("/actuator/**", "/admin/**").hasAuthority(ROLE_ADMIN).antMatchers("/mapapi/auth/**").permitAll().antMatchers("/mapapi/**").hasAuthority(ROLE_PRO_USER).anyRequest().permitAll();
    http.oauth2Login().userInfoEndpoint().userService(oauthGithubUserService());
    // SEE MapApiController.loginForm to test form
    // http.formLogin().loginPage("/mapapi/auth/loginForm").
    // loginProcessingUrl("/mapapi/auth/loginProcess").defaultSuccessUrl("/map/loginSuccess");
    LoginUrlAuthenticationEntryPoint mapLogin = new LoginUrlAuthenticationEntryPoint("/map/loginForm");
    if (getApplicationContext().getEnvironment().acceptsProfiles(Profiles.of("production"))) {
        mapLogin.setForceHttps(true);
    }
    http.exceptionHandling().defaultAuthenticationEntryPointFor(mapLogin, new AntPathRequestMatcher("/mapapi/**"));
    http.rememberMe().tokenValiditySeconds(3600 * 24 * 14);
    http.logout().deleteCookies("JSESSIONID").logoutSuccessUrl("/").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll();
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) TreeSet(java.util.TreeSet) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)

Aggregations

RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)85 Test (org.junit.jupiter.api.Test)40 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)27 LinkedHashMap (java.util.LinkedHashMap)16 AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)14 NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)12 RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)12 ArrayList (java.util.ArrayList)11 AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)10 OrRequestMatcher (org.springframework.security.web.util.matcher.OrRequestMatcher)10 MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)9 Collection (java.util.Collection)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)7 ConfigAttribute (org.springframework.security.access.ConfigAttribute)7 AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)7 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6 DelegatingAuthenticationEntryPoint (org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)6 ContentNegotiationStrategy (org.springframework.web.accept.ContentNegotiationStrategy)6 HeaderContentNegotiationStrategy (org.springframework.web.accept.HeaderContentNegotiationStrategy)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial