Example 21 with RequestMatcher
use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.
the class RequestMatcherDelegatingWebInvocationPrivilegeEvaluatorTests method isAllowedWhenServletContextIsSetThenPassedFilterInvocationHttpServletRequestHasServletContext.
@Test
void isAllowedWhenServletContextIsSetThenPassedFilterInvocationHttpServletRequestHasServletContext() {
Authentication token = new TestingAuthenticationToken("test", "Password", "MOCK_INDEX");
MockServletContext servletContext = new MockServletContext();
ArgumentCaptor<HttpServletRequest> argumentCaptor = ArgumentCaptor.forClass(HttpServletRequest.class);
RequestMatcher requestMatcher = mock(RequestMatcher.class);
WebInvocationPrivilegeEvaluator wipe = mock(WebInvocationPrivilegeEvaluator.class);
RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>> delegate = new RequestMatcherEntry<>(requestMatcher, Collections.singletonList(wipe));
RequestMatcherDelegatingWebInvocationPrivilegeEvaluator requestMatcherWipe = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(Collections.singletonList(delegate));
requestMatcherWipe.setServletContext(servletContext);
requestMatcherWipe.isAllowed("/foo/index.jsp", token);
verify(requestMatcher).matches(argumentCaptor.capture());
assertThat(argumentCaptor.getValue().getServletContext()).isNotNull();
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
Authentication(org.springframework.security.core.Authentication)
List(java.util.List)
RequestMatcherEntry(org.springframework.security.web.util.matcher.RequestMatcherEntry)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
MockServletContext(org.springframework.mock.web.MockServletContext)
Test(org.junit.jupiter.api.Test)
Example 22 with RequestMatcher
use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.
the class DelegatingAuthenticationEntryPoint method commence.
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
for (RequestMatcher requestMatcher : this.entryPoints.keySet()) {
logger.debug(LogMessage.format("Trying to match using %s", requestMatcher));
if (requestMatcher.matches(request)) {
AuthenticationEntryPoint entryPoint = this.entryPoints.get(requestMatcher);
logger.debug(LogMessage.format("Match found! Executing %s", entryPoint));
entryPoint.commence(request, response, authException);
return;
}
}
logger.debug(LogMessage.format("No match found. Using default entry point %s", this.defaultEntryPoint));
// No EntryPoint matched, use defaultEntryPoint
this.defaultEntryPoint.commence(request, response, authException);
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
ELRequestMatcher(org.springframework.security.web.util.matcher.ELRequestMatcher)
AuthenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)
Example 23 with RequestMatcher
use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.
the class RequestMatcherDelegatingAccessDeniedHandler method handle.
@Override
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
for (Entry<RequestMatcher, AccessDeniedHandler> entry : this.handlers.entrySet()) {
RequestMatcher matcher = entry.getKey();
if (matcher.matches(request)) {
AccessDeniedHandler handler = entry.getValue();
handler.handle(request, response, accessDeniedException);
return;
}
}
this.defaultHandler.handle(request, response, accessDeniedException);
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
Example 24 with RequestMatcher
use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.
the class DelegatingLogoutSuccessHandler method onLogoutSuccess.
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
for (Map.Entry<RequestMatcher, LogoutSuccessHandler> entry : this.matcherToHandler.entrySet()) {
RequestMatcher matcher = entry.getKey();
if (matcher.matches(request)) {
LogoutSuccessHandler handler = entry.getValue();
handler.onLogoutSuccess(request, response, authentication);
return;
}
}
if (this.defaultLogoutSuccessHandler != null) {
this.defaultLogoutSuccessHandler.onLogoutSuccess(request, response, authentication);
}
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Example 25 with RequestMatcher
use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-boot by spring-projects.
the class SecurityRequestMatchersManagementContextConfigurationTests method registersRequestMatcherProviderIfMvcPresent.
@Test
void registersRequestMatcherProviderIfMvcPresent() {
this.contextRunner.withUserConfiguration(TestMvcConfiguration.class).run((context) -> {
AntPathRequestMatcherProvider matcherProvider = context.getBean(AntPathRequestMatcherProvider.class);
RequestMatcher requestMatcher = matcherProvider.getRequestMatcher("/example");
assertThat(requestMatcher).extracting("pattern").isEqualTo("/custom/example");
});
}
Also used :
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcherProvider(org.springframework.boot.autoconfigure.security.servlet.AntPathRequestMatcherProvider)
Test(org.junit.jupiter.api.Test)
Aggregations
RequestMatcher (org.springframework.security.web.util.matcher.RequestMatcher)85
Test (org.junit.jupiter.api.Test)40
AntPathRequestMatcher (org.springframework.security.web.util.matcher.AntPathRequestMatcher)27
LinkedHashMap (java.util.LinkedHashMap)16
AndRequestMatcher (org.springframework.security.web.util.matcher.AndRequestMatcher)14
NegatedRequestMatcher (org.springframework.security.web.util.matcher.NegatedRequestMatcher)12
RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)12
ArrayList (java.util.ArrayList)11
AuthenticationEntryPoint (org.springframework.security.web.AuthenticationEntryPoint)10
OrRequestMatcher (org.springframework.security.web.util.matcher.OrRequestMatcher)10
MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)9
Collection (java.util.Collection)8
HttpServletRequest (javax.servlet.http.HttpServletRequest)7
ConfigAttribute (org.springframework.security.access.ConfigAttribute)7
AnyRequestMatcher (org.springframework.security.web.util.matcher.AnyRequestMatcher)7
HttpServletResponse (javax.servlet.http.HttpServletResponse)6
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6
DelegatingAuthenticationEntryPoint (org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint)6
ContentNegotiationStrategy (org.springframework.web.accept.ContentNegotiationStrategy)6
HeaderContentNegotiationStrategy (org.springframework.web.accept.HeaderContentNegotiationStrategy)6
