Examples with RequestMatcher org.springframework.security.web.util.matcher.RequestMatcher used on opensource projects

Search in sources :

Example 6 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class DelegatingAuthenticationEntryPointTests method testSecondEntryPoint.

@Test
public void testSecondEntryPoint() throws Exception {
    AuthenticationEntryPoint firstAEP = mock(AuthenticationEntryPoint.class);
    RequestMatcher firstRM = mock(RequestMatcher.class);
    AuthenticationEntryPoint secondAEP = mock(AuthenticationEntryPoint.class);
    RequestMatcher secondRM = mock(RequestMatcher.class);
    when(firstRM.matches(request)).thenReturn(false);
    when(secondRM.matches(request)).thenReturn(true);
    entryPoints.put(firstRM, firstAEP);
    entryPoints.put(secondRM, secondAEP);
    daep.commence(request, null, null);
    verify(secondAEP).commence(request, null, null);
    verify(firstAEP, never()).commence(request, null, null);
    verify(defaultEntryPoint, never()).commence(request, null, null);
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) Test(org.junit.Test)

Example 7 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class RequestCacheConfigurer method createDefaultSavedRequestMatcher.

@SuppressWarnings("unchecked")
private RequestMatcher createDefaultSavedRequestMatcher(H http) {
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    RequestMatcher notFavIcon = new NegatedRequestMatcher(new AntPathRequestMatcher("/**/favicon.ico"));
    MediaTypeRequestMatcher jsonRequest = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_JSON);
    jsonRequest.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    RequestMatcher notJson = new NegatedRequestMatcher(jsonRequest);
    RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
    boolean isCsrfEnabled = http.getConfigurer(CsrfConfigurer.class) != null;
    List<RequestMatcher> matchers = new ArrayList<RequestMatcher>();
    if (isCsrfEnabled) {
        RequestMatcher getRequests = new AntPathRequestMatcher("/**", "GET");
        matchers.add(0, getRequests);
    }
    matchers.add(notFavIcon);
    matchers.add(notJson);
    matchers.add(notXRequestedWith);
    return new AndRequestMatcher(matchers);
}
Also used : NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) ArrayList(java.util.ArrayList) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)

Example 8 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class HttpSessionRequestCacheTests method requestMatcherDefinesCorrectSubsetOfCachedRequests.

@Test
public void requestMatcherDefinesCorrectSubsetOfCachedRequests() throws Exception {
    HttpSessionRequestCache cache = new HttpSessionRequestCache();
    cache.setRequestMatcher(new RequestMatcher() {

        public boolean matches(HttpServletRequest request) {
            return request.getMethod().equals("GET");
        }
    });
    MockHttpServletRequest request = new MockHttpServletRequest("POST", "/destination");
    MockHttpServletResponse response = new MockHttpServletResponse();
    cache.saveRequest(request, response);
    assertThat(cache.getRequest(request, response)).isNull();
    assertThat(cache.getRequest(new MockHttpServletRequest(), new MockHttpServletResponse())).isNull();
    assertThat(cache.getMatchingRequest(request, response)).isNull();
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) HttpServletRequest(javax.servlet.http.HttpServletRequest) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 9 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project incubator-atlas by apache.

the class AtlasSecurityConfig method getDelegatingAuthenticationEntryPoint.

public DelegatingAuthenticationEntryPoint getDelegatingAuthenticationEntryPoint() {
    LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPointMap = new LinkedHashMap<>();
    entryPointMap.put(new RequestHeaderRequestMatcher("User-Agent", "Mozilla"), atlasAuthenticationEntryPoint);
    DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint(entryPointMap);
    entryPoint.setDefaultEntryPoint(getAuthenticationEntryPoint());
    return entryPoint;
}
Also used : RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AtlasAuthenticationEntryPoint(org.apache.atlas.web.filters.AtlasAuthenticationEntryPoint) DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint) BasicAuthenticationEntryPoint(org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint) AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) DelegatingAuthenticationEntryPoint(org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint) LinkedHashMap(java.util.LinkedHashMap)

Example 10 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class WebSecurity method performBuild.

@Override
protected Filter performBuild() throws Exception {
    Assert.state(!securityFilterChainBuilders.isEmpty(), "At least one SecurityBuilder<? extends SecurityFilterChain> needs to be specified. Typically this done by adding a @Configuration that extends WebSecurityConfigurerAdapter. More advanced users can invoke " + WebSecurity.class.getSimpleName() + ".addSecurityFilterChainBuilder directly");
    int chainSize = ignoredRequests.size() + securityFilterChainBuilders.size();
    List<SecurityFilterChain> securityFilterChains = new ArrayList<SecurityFilterChain>(chainSize);
    for (RequestMatcher ignoredRequest : ignoredRequests) {
        securityFilterChains.add(new DefaultSecurityFilterChain(ignoredRequest));
    }
    for (SecurityBuilder<? extends SecurityFilterChain> securityFilterChainBuilder : securityFilterChainBuilders) {
        securityFilterChains.add(securityFilterChainBuilder.build());
    }
    FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);
    if (httpFirewall != null) {
        filterChainProxy.setFirewall(httpFirewall);
    }
    filterChainProxy.afterPropertiesSet();
    Filter result = filterChainProxy;
    if (debugEnabled) {
        logger.warn("\n\n" + "********************************************************************\n" + "**********        Security debugging is enabled.       *************\n" + "**********    This may include sensitive information.  *************\n" + "**********      Do not use in a production system!     *************\n" + "********************************************************************\n\n");
        result = new DebugFilter(filterChainProxy);
    }
    postBuildAction.run();
    return result;
}
Also used : DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher) FilterChainProxy(org.springframework.security.web.FilterChainProxy) EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity) DebugFilter(org.springframework.security.web.debug.DebugFilter) Filter(javax.servlet.Filter) ArrayList(java.util.ArrayList) DefaultSecurityFilterChain(org.springframework.security.web.DefaultSecurityFilterChain) DebugFilter(org.springframework.security.web.debug.DebugFilter)

Aggregations

RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)19 LinkedHashMap (java.util.LinkedHashMap)7 Test (org.junit.Test)7 ConfigAttribute (org.springframework.security.access.ConfigAttribute)6 Collection (java.util.Collection)5 AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)5 AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)4 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)4 NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)4 RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)4 ArrayList (java.util.ArrayList)3 MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)3 MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)3 ContentNegotiationStrategy (org.springframework.web.accept.ContentNegotiationStrategy)3 HeaderContentNegotiationStrategy (org.springframework.web.accept.HeaderContentNegotiationStrategy)3 Map (java.util.Map)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 FilterInvocation (org.springframework.security.web.FilterInvocation)2 OrRequestMatcher (org.springframework.security.web.util.matcher.OrRequestMatcher)2 Filter (javax.servlet.Filter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial