Examples with RequestMatcher org.springframework.security.web.util.matcher.RequestMatcher used on opensource projects

Search in sources :

Example 11 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class AbstractAuthenticationFilterConfigurer method registerDefaultAuthenticationEntryPoint.

@SuppressWarnings("unchecked")
private void registerDefaultAuthenticationEntryPoint(B http) {
    ExceptionHandlingConfigurer<B> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
    if (exceptionHandling == null) {
        return;
    }
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
    mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
    RequestMatcher preferredMatcher = new AndRequestMatcher(Arrays.asList(notXRequestedWith, mediaMatcher));
    exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(authenticationEntryPoint), preferredMatcher);
}
Also used : NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) MediaType(org.springframework.http.MediaType) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher)

Example 12 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class ChannelSecurityConfigurer method addAttribute.

private ChannelRequestMatcherRegistry addAttribute(String attribute, List<? extends RequestMatcher> matchers) {
    for (RequestMatcher matcher : matchers) {
        Collection<ConfigAttribute> attrs = Arrays.<ConfigAttribute>asList(new SecurityConfig(attribute));
        requestMap.put(matcher, attrs);
    }
    return REGISTRY;
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) MvcRequestMatcher(org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher) ConfigAttribute(org.springframework.security.access.ConfigAttribute) SecurityConfig(org.springframework.security.access.SecurityConfig)

Example 13 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class HttpBasicConfigurer method registerDefaults.

private void registerDefaults(B http) {
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher restMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
    restMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    RequestMatcher notHtmlMatcher = new NegatedRequestMatcher(new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.TEXT_HTML));
    RequestMatcher restNotHtmlMatcher = new AndRequestMatcher(Arrays.<RequestMatcher>asList(notHtmlMatcher, restMatcher));
    RequestMatcher preferredMatcher = new OrRequestMatcher(Arrays.asList(X_REQUESTED_WITH, restNotHtmlMatcher));
    registerDefaultEntryPoint(http, preferredMatcher);
    registerDefaultLogoutSuccessHandler(http, preferredMatcher);
}
Also used : NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) NegatedRequestMatcher(org.springframework.security.web.util.matcher.NegatedRequestMatcher) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy) AndRequestMatcher(org.springframework.security.web.util.matcher.AndRequestMatcher) OrRequestMatcher(org.springframework.security.web.util.matcher.OrRequestMatcher)

Example 14 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class ExpressionBasedFilterInvocationSecurityMetadataSource method processMap.

private static LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> processMap(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap, ExpressionParser parser) {
    Assert.notNull(parser, "SecurityExpressionHandler returned a null parser object");
    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestToExpressionAttributesMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>(requestMap);
    for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
        RequestMatcher request = entry.getKey();
        Assert.isTrue(entry.getValue().size() == 1, "Expected a single expression attribute for " + request);
        ArrayList<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(1);
        String expression = entry.getValue().toArray(new ConfigAttribute[1])[0].getAttribute();
        logger.debug("Adding web access control expression '" + expression + "', for " + request);
        AbstractVariableEvaluationContextPostProcessor postProcessor = createPostProcessor(request);
        try {
            attributes.add(new WebExpressionConfigAttribute(parser.parseExpression(expression), postProcessor));
        } catch (ParseException e) {
            throw new IllegalArgumentException("Failed to parse expression '" + expression + "'");
        }
        requestToExpressionAttributesMap.put(request, attributes);
    }
    return requestToExpressionAttributesMap;
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) ConfigAttribute(org.springframework.security.access.ConfigAttribute) ArrayList(java.util.ArrayList) LinkedHashMap(java.util.LinkedHashMap) Collection(java.util.Collection) ParseException(org.springframework.expression.ParseException) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Example 15 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class DefaultFilterInvocationSecurityMetadataSourceTests method mixingPatternsWithAndWithoutHttpMethodsIsSupported.

// SEC-1236
@Test
public void mixingPatternsWithAndWithoutHttpMethodsIsSupported() throws Exception {
    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
    Collection<ConfigAttribute> userAttrs = SecurityConfig.createList("A");
    requestMap.put(new AntPathRequestMatcher("/user/**", null), userAttrs);
    requestMap.put(new AntPathRequestMatcher("/teller/**", "GET"), SecurityConfig.createList("B"));
    this.fids = new DefaultFilterInvocationSecurityMetadataSource(requestMap);
    FilterInvocation fi = createFilterInvocation("/user", null, null, "GET");
    Collection<ConfigAttribute> attrs = this.fids.getAttributes(fi);
    assertThat(attrs).isEqualTo(userAttrs);
}
Also used : RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) ConfigAttribute(org.springframework.security.access.ConfigAttribute) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) Collection(java.util.Collection) FilterInvocation(org.springframework.security.web.FilterInvocation) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.Test)

Aggregations

RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)19 LinkedHashMap (java.util.LinkedHashMap)7 Test (org.junit.Test)7 ConfigAttribute (org.springframework.security.access.ConfigAttribute)6 Collection (java.util.Collection)5 AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)5 AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)4 AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)4 NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)4 RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)4 ArrayList (java.util.ArrayList)3 MvcRequestMatcher (org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher)3 MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)3 ContentNegotiationStrategy (org.springframework.web.accept.ContentNegotiationStrategy)3 HeaderContentNegotiationStrategy (org.springframework.web.accept.HeaderContentNegotiationStrategy)3 Map (java.util.Map)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 FilterInvocation (org.springframework.security.web.FilterInvocation)2 OrRequestMatcher (org.springframework.security.web.util.matcher.OrRequestMatcher)2 Filter (javax.servlet.Filter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial