Examples with RequestMatcher org.springframework.security.web.util.matcher.RequestMatcher used on opensource projects

Example 41 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-boot by spring-projects.

the class CloudFoundryActuatorAutoConfigurationTests method cloudFoundryPathsIgnoredBySpringSecurity.

@Test
public void cloudFoundryPathsIgnoredBySpringSecurity() throws Exception {
    EnvironmentTestUtils.addEnvironment(this.context, "VCAP_APPLICATION:---", "vcap.application.application_id:my-app-id");
    this.context.refresh();
    IgnoredRequestCustomizer customizer = (IgnoredRequestCustomizer) this.context.getBean("cloudFoundryIgnoredRequestCustomizer");
    IgnoredRequestConfigurer configurer = mock(IgnoredRequestConfigurer.class);
    customizer.customize(configurer);
    ArgumentCaptor<RequestMatcher> requestMatcher = ArgumentCaptor.forClass(RequestMatcher.class);
    verify(configurer).requestMatchers(requestMatcher.capture());
    RequestMatcher matcher = requestMatcher.getValue();
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setServletPath("/cloudfoundryapplication/my-path");
    assertThat(matcher.matches(request)).isTrue();
    request.setServletPath("/some-other-path");
    assertThat(matcher.matches(request)).isFalse();
}

Example 42 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class AbstractAuthenticationFilterConfigurer method registerDefaultAuthenticationEntryPoint.

@SuppressWarnings("unchecked")
private void registerDefaultAuthenticationEntryPoint(B http) {
    ExceptionHandlingConfigurer<B> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
    if (exceptionHandling == null) {
        return;
    }
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher mediaMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
    mediaMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
    RequestMatcher preferredMatcher = new AndRequestMatcher(Arrays.asList(notXRequestedWith, mediaMatcher));
    exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(authenticationEntryPoint), preferredMatcher);
}

Example 43 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project spring-security by spring-projects.

the class ExpressionBasedFilterInvocationSecurityMetadataSource method processMap.

private static LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> processMap(LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap, ExpressionParser parser) {
    Assert.notNull(parser, "SecurityExpressionHandler returned a null parser object");
    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestToExpressionAttributesMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>(requestMap);
    for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
        RequestMatcher request = entry.getKey();
        Assert.isTrue(entry.getValue().size() == 1, "Expected a single expression attribute for " + request);
        ArrayList<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(1);
        String expression = entry.getValue().toArray(new ConfigAttribute[1])[0].getAttribute();
        logger.debug("Adding web access control expression '" + expression + "', for " + request);
        AbstractVariableEvaluationContextPostProcessor postProcessor = createPostProcessor(request);
        try {
            attributes.add(new WebExpressionConfigAttribute(parser.parseExpression(expression), postProcessor));
        } catch (ParseException e) {
            throw new IllegalArgumentException("Failed to parse expression '" + expression + "'");
        }
        requestToExpressionAttributesMap.put(request, attributes);
    }
    return requestToExpressionAttributesMap;
}

Example 44 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project perry by ca-cwds.

the class TestLoginServiceValidatorFilter method testLoginUrlNotMatchesAndInvalidCallback.

@Test
public void testLoginUrlNotMatchesAndInvalidCallback() throws IOException, ServletException {
    LoginServiceValidatorFilter validatorFilter = new LoginServiceValidatorFilter();
    RequestMatcher requestMatcher = Mockito.mock(RequestMatcher.class);
    validatorFilter.setRequestMatcher(requestMatcher);
    HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse httpServletResponse = Mockito.mock(HttpServletResponse.class);
    Mockito.when(requestMatcher.matches(httpServletRequest)).thenReturn(false);
    Mockito.when(httpServletRequest.getRequestURI()).thenReturn("requestUrl");
    Mockito.when(httpServletRequest.getParameter("callback")).thenReturn("invalidCallbackUrl");
    WhiteList whiteList = new WhiteList();
    PerryProperties perryProperties = new PerryProperties();
    perryProperties.setWhiteList("callbackUrl");
    whiteList.setConfiguration(perryProperties);
    validatorFilter.setWhiteList(whiteList);
    validatorFilter.doFilter(httpServletRequest, httpServletResponse, Mockito.mock(FilterChain.class));
}

Example 45 with RequestMatcher

use of org.springframework.security.web.util.matcher.RequestMatcher in project perry by ca-cwds.

the class TestLoginServiceValidatorFilter method testLoginUrlMatchesAndValidCallback.

@Test
public void testLoginUrlMatchesAndValidCallback() throws IOException, ServletException {
    LoginServiceValidatorFilter validatorFilter = new LoginServiceValidatorFilter();
    RequestMatcher requestMatcher = Mockito.mock(RequestMatcher.class);
    validatorFilter.setRequestMatcher(requestMatcher);
    HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse httpServletResponse = Mockito.mock(HttpServletResponse.class);
    Mockito.when(requestMatcher.matches(httpServletRequest)).thenReturn(true);
    Mockito.when(httpServletRequest.getRequestURI()).thenReturn("requestUrl");
    Mockito.when(httpServletRequest.getParameter("callback")).thenReturn("callbackUrl");
    WhiteList whiteList = new WhiteList();
    PerryProperties perryProperties = new PerryProperties();
    perryProperties.setWhiteList("callbackUrl");
    whiteList.setConfiguration(perryProperties);
    validatorFilter.setWhiteList(whiteList);
    validatorFilter.doFilter(httpServletRequest, httpServletResponse, Mockito.mock(FilterChain.class));
}