Package org.springframework.security.web.access.intercept

Examples of org.springframework.security.web.access.intercept.FilterSecurityInterceptor

184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
    public static HttpServletRequestFilter buildFilterSecurityInterceptor(
            @SpringSecurityServices final AccessDecisionManager accessDecisionManager,
            @SpringSecurityServices final AuthenticationManager manager,
            final Collection<RequestInvocationDefinition> contributions ) throws Exception {

        FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
        LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = convertCollectionToLinkedHashMap( contributions );
        DefaultFilterInvocationSecurityMetadataSource source =
                new DefaultFilterInvocationSecurityMetadataSource(requestMap);
        interceptor.setAccessDecisionManager( accessDecisionManager );
        interceptor.setAlwaysReauthenticate( false );
        interceptor.setAuthenticationManager( manager );
        interceptor.setSecurityMetadataSource(source);
        interceptor.setValidateConfigAttributes( true );
        interceptor.afterPropertiesSet();
        return new HttpServletRequestFilterWrapper( interceptor );
    }
View Full Code Here
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
    public static HttpServletRequestFilter buildFilterSecurityInterceptor(
            @SpringSecurityServices final AccessDecisionManager accessDecisionManager,
            @SpringSecurityServices final AuthenticationManager manager,
            final Collection<RequestInvocationDefinition> contributions ) throws Exception {

        FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
        LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = convertCollectionToLinkedHashMap( contributions );
        DefaultFilterInvocationSecurityMetadataSource source =
                new DefaultFilterInvocationSecurityMetadataSource(requestMap);
        interceptor.setAccessDecisionManager( accessDecisionManager );
        interceptor.setAlwaysReauthenticate( false );
        interceptor.setAuthenticationManager( manager );
        interceptor.setSecurityMetadataSource(source);
        interceptor.setValidateConfigAttributes( true );
        interceptor.afterPropertiesSet();
        return new HttpServletRequestFilterWrapper( interceptor );
    }
View Full Code Here
58
59
60
61
62
63
64
65
66
67
68
    private FilterSecurityInterceptor fsi;

    @Before
    public void setUp() throws Exception {
        AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous");
        fsi = new FilterSecurityInterceptor();
        fsi.setAccessDecisionManager(accessDecisionManager);
        fsi.setSecurityMetadataSource(metadataSource);
        AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
        ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint);
        DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf, fsi);
View Full Code Here
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
        if (getFilter(DefaultLoginPageGeneratingFilter.class, filters) != null) {
            logger.debug("Default generated login page is in use");
            return;
        }

        FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters);
        FilterInvocationSecurityMetadataSource fids =
                fsi.getSecurityMetadataSource();

        Collection<ConfigAttribute> attributes = fids.getAttributes(loginRequest);

        if (attributes == null) {
            logger.debug("No access attributes defined for login page URL");
            if (fsi.isRejectPublicInvocations()) {
                logger.warn("FilterSecurityInterceptor is configured to reject public invocations." +
                        " Your login page may not be accessible.");
            }
            return;
        }

        AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters);
        if (anonPF == null) {
            logger.warn("The login page is being protected by the filter chain, but you don't appear to have" +
                    " anonymous authentication enabled. This is almost certainly an error.");
            return;
        }

        // Simulate an anonymous access with the supplied attributes.
        AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonPF.getPrincipal(),
                        anonPF.getAuthorities());
        try {
            fsi.getAccessDecisionManager().decide(token, loginRequest, attributes);
        } catch (AccessDeniedException e) {
            logger.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly " +
                    "an error. Please check your configuration allows unauthenticated access to the configured " +
                    "login page. (Simulated access was rejected: " + e + ")");
        } catch (Exception e) {
View Full Code Here
71
72
73
74
75
76
77
78
79
80
81
82
83
    public void configure(H http) throws Exception {
        FilterInvocationSecurityMetadataSource metadataSource = createMetadataSource(http);
        if(metadataSource == null) {
            return;
        }
        FilterSecurityInterceptor securityInterceptor = createFilterSecurityInterceptor(http, metadataSource, http.getSharedObject(AuthenticationManager.class));
        if(filterSecurityInterceptorOncePerRequest != null) {
            securityInterceptor.setObserveOncePerRequest(filterSecurityInterceptorOncePerRequest);
        }
        securityInterceptor = postProcess(securityInterceptor);
        http.addFilter(securityInterceptor);
        http.setSharedObject(FilterSecurityInterceptor.class, securityInterceptor);
    }
View Full Code Here
178
179
180
181
182
183
184
185
186
187
188
189
     * @return the {@link FilterSecurityInterceptor}
     * @throws Exception
     */
    private FilterSecurityInterceptor createFilterSecurityInterceptor(H http, FilterInvocationSecurityMetadataSource metadataSource,
                                                                      AuthenticationManager authenticationManager) throws Exception {
        FilterSecurityInterceptor securityInterceptor = new FilterSecurityInterceptor();
        securityInterceptor.setSecurityMetadataSource(metadataSource);
        securityInterceptor.setAccessDecisionManager(getAccessDecisionManager(http));
        securityInterceptor.setAuthenticationManager(authenticationManager);
        securityInterceptor.afterPropertiesSet();
        return securityInterceptor;
    }
View Full Code Here
283
284
285
286
287
288
289
290
291
292
        final HttpSecurity http = getHttp();
        web
            .addSecurityFilterChainBuilder(http)
            .postBuildAction(new Runnable() {
                public void run() {
                    FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
                    web.securityInterceptor(securityInterceptor);
                }
            });
    }
View Full Code Here
46
47
48
49
50
51
52
53
54
55
56
    //~ Methods ========================================================================================================

    @Before
    public final void setUp() {
        interceptor = new FilterSecurityInterceptor();
        ods = mock(FilterInvocationSecurityMetadataSource.class);
        adm = mock(AccessDecisionManager.class);
        ram = mock(RunAsManager.class);
        interceptor.setAuthenticationManager(mock(AuthenticationManager.class));
        interceptor.setSecurityMetadataSource(ods);
View Full Code Here
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
    }
    return SUCCESS;
  }
 
  public String checkAuthority(){
    FilterSecurityInterceptor filterSecurityInterceptor = (FilterSecurityInterceptor)StorageService.ctx.getBean("filterSecurityInterceptor");

    try {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

            if (authentication.isAuthenticated() && !filterSecurityInterceptor.isAlwaysReauthenticate()) {
//                if (logger.isDebugEnabled()) {
//                    logger.debug("Previously Authenticated: " + authentication);
//                }
//                return authentication;
            }else{
View Full Code Here
124
125
126
127
128
129
130
131
132
133
134
135
 
 
  public String printInterceptUrl(){
    resultInfo = new OperResult();
    resultInfo.setSucceed();
    FilterSecurityInterceptor filterSecurityInterceptor = (FilterSecurityInterceptor)StorageService.ctx.getBean("filterSecurityInterceptor");
    FilterInvocationSecurityMetadataSource fisms = filterSecurityInterceptor.getSecurityMetadataSource();
    if(fisms instanceof ExpressionBasedFilterInvocationSecurityMetadataSource){
      ExpressionBasedFilterInvocationSecurityMetadataSource ebfisms = (ExpressionBasedFilterInvocationSecurityMetadataSource)fisms;
      Collection<ConfigAttribute> attrS = ebfisms.getAllConfigAttributes();
      for(ConfigAttribute attr:attrS){
        System.out.println(attr.getAttribute());
View Full Code Here
TOP

Related Classes of org.springframework.security.web.access.intercept.FilterSecurityInterceptor

  • com.narirelays.ems.struts2.actions.security.AuthenticationManagement
  • jeeves.server.overrides.ConfigurationOverridesTest
  • nu.localhost.tapestry5.springsecurity.services.SecurityModule
  • org.geoserver.security.filter.GeoServerSecurityInterceptorFilter
  • org.lightadmin.core.config.context.LightAdminSecurityConfiguration
  • org.springframework.security.access.intercept.InterceptorStatusToken
  • org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
  • org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer
  • org.springframework.security.config.http.DefaultFilterChainValidator
  • org.springframework.security.config.http.DefaultFilterChainValidatorTests
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.