RequestMatcherDelegatingAuthorizationManager defaults to deny
Closes gh-11958
This commit is contained in:
parent
d0653afec3
commit
753e113a13
|
@ -34,7 +34,6 @@ import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
|
|||
import org.springframework.beans.factory.xml.BeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.beans.factory.xml.XmlReaderContext;
|
||||
import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
|
||||
import org.springframework.security.authorization.AuthorizationManager;
|
||||
import org.springframework.security.authorization.ObservationAuthorizationManager;
|
||||
import org.springframework.security.config.Elements;
|
||||
|
@ -43,7 +42,6 @@ import org.springframework.security.web.access.expression.WebExpressionAuthoriza
|
|||
import org.springframework.security.web.access.intercept.AuthorizationFilter;
|
||||
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
|
||||
import org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager;
|
||||
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
|
@ -197,8 +195,7 @@ class AuthorizationFilterParser implements BeanDefinitionParser {
|
|||
.entrySet()) {
|
||||
builder.add(entry.getKey(), entry.getValue());
|
||||
}
|
||||
AuthorizationManager<HttpServletRequest> manager = builder
|
||||
.add(AnyRequestMatcher.INSTANCE, AuthenticatedAuthorizationManager.authenticated()).build();
|
||||
AuthorizationManager<HttpServletRequest> manager = builder.build();
|
||||
if (!this.observationRegistry.isNoop()) {
|
||||
return new ObservationAuthorizationManager<>(this.observationRegistry, manager);
|
||||
}
|
||||
|
|
|
@ -358,7 +358,7 @@ public class AuthorizeHttpRequestsConfigurerTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void getWhenServletPathRoleAdminConfiguredAndRoleIsUserAndWithoutServletPathThenRespondsWithOk()
|
||||
public void getWhenServletPathRoleAdminConfiguredAndRoleIsUserAndWithoutServletPathThenRespondsWithForbidden()
|
||||
throws Exception {
|
||||
this.spring.register(ServletPathConfig.class, BasicController.class).autowire();
|
||||
// @formatter:off
|
||||
|
@ -366,7 +366,7 @@ public class AuthorizeHttpRequestsConfigurerTests {
|
|||
.with(user("user")
|
||||
.roles("USER"));
|
||||
// @formatter:on
|
||||
this.mvc.perform(requestWithUser).andExpect(status().isOk());
|
||||
this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -139,7 +139,10 @@ public class AuthenticationManagerBeanDefinitionParserTests {
|
|||
+ "<user-service>"
|
||||
+ " <user name='user' password='password' authorities='ROLE_A,ROLE_B' />"
|
||||
+ "</user-service>"
|
||||
+ "<http/>")
|
||||
+ "<http>"
|
||||
+ " <intercept-url pattern=\"/**\" access=\"authenticated\"/>"
|
||||
+ " <http-basic />"
|
||||
+ "</http>")
|
||||
.mockMvcAfterSpringSecurityOk()
|
||||
.autowire();
|
||||
this.mockMvc.perform(get("/").with(httpBasic("user", "password")))
|
||||
|
|
|
@ -120,7 +120,7 @@ public class InterceptUrlConfigTests {
|
|||
this.spring.configLocations(this.xml("PatchMethodAuthorizationManager")).autowire();
|
||||
// @formatter:off
|
||||
this.mvc.perform(get("/path").with(userCredentials()))
|
||||
.andExpect(status().isOk());
|
||||
.andExpect(status().isForbidden());
|
||||
this.mvc.perform(patch("/path").with(userCredentials()))
|
||||
.andExpect(status().isForbidden());
|
||||
this.mvc.perform(patch("/path").with(adminCredentials()))
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -85,6 +85,7 @@ public class SessionManagementConfigServlet31Tests {
|
|||
String id = request.getSession().getId();
|
||||
// @formatter:off
|
||||
loadContext("<http>\n"
|
||||
+ " <intercept-url pattern=\"/**\" access=\"authenticated\"/>\n"
|
||||
+ " <form-login/>\n"
|
||||
+ " <session-management/>\n"
|
||||
+ " <csrf disabled='true'/>\n"
|
||||
|
@ -107,6 +108,7 @@ public class SessionManagementConfigServlet31Tests {
|
|||
String id = request.getSession().getId();
|
||||
// @formatter:off
|
||||
loadContext("<http>\n"
|
||||
+ " <intercept-url pattern=\"/**\" access=\"authenticated\"/>\n"
|
||||
+ " <form-login/>\n"
|
||||
+ " <session-management session-fixation-protection='changeSessionId'/>\n"
|
||||
+ " <csrf disabled='true'/>\n"
|
||||
|
|
|
@ -512,7 +512,7 @@ class AuthorizeHttpRequestsDslTests {
|
|||
request.servletPath = "/other"
|
||||
request
|
||||
})
|
||||
.andExpect(status().isOk)
|
||||
.andExpect(status().isForbidden)
|
||||
}
|
||||
|
||||
@Configuration
|
||||
|
@ -602,7 +602,7 @@ class AuthorizeHttpRequestsDslTests {
|
|||
servletPath = "/other"
|
||||
}
|
||||
})
|
||||
.andExpect(status().isOk)
|
||||
.andExpect(status().isForbidden)
|
||||
}
|
||||
|
||||
@Configuration
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<!--
|
||||
~ Copyright 2002-2017 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -22,7 +22,10 @@
|
|||
|
||||
<b:bean id="passwordEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder" factory-method="getInstance"/>
|
||||
|
||||
<http />
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic />
|
||||
</http>
|
||||
|
||||
<authentication-manager>
|
||||
<authentication-provider>
|
||||
|
|
|
@ -3,7 +3,10 @@
|
|||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
|
||||
<http />
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic />
|
||||
</http>
|
||||
|
||||
<authentication-manager>
|
||||
<authentication-provider>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,7 +25,9 @@
|
|||
|
||||
<debug/>
|
||||
|
||||
<http/>
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<authentication-manager>
|
||||
<authentication-provider ref="authProvider"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -24,6 +24,7 @@
|
|||
<http auto-config="true">
|
||||
<access-denied-handler ref="accessDeniedHandler"/>
|
||||
<csrf/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="CsrfConfigTests-shared-userservice.xml"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -24,6 +24,7 @@
|
|||
|
||||
<http auto-config="true">
|
||||
<csrf request-handler-ref="requestHandler"/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:bean id="requestHandler" class="org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -26,6 +26,7 @@
|
|||
|
||||
<http auto-config="true">
|
||||
<csrf disabled="true"/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -29,6 +29,7 @@
|
|||
authentication-failure-forward-url="/failure_forward_url"/>
|
||||
|
||||
<csrf disabled="true"/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -29,6 +29,7 @@
|
|||
authentication-success-forward-url="/success_forward_url"/>
|
||||
|
||||
<csrf disabled="true"/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -31,6 +31,7 @@
|
|||
password-parameter="custom_pass"/>
|
||||
|
||||
<csrf disabled="true"/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http authentication-manager-ref="authMgr">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http authentication-manager-ref="authMgr">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -24,7 +24,9 @@
|
|||
http://www.springframework.org/schema/beans
|
||||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true"/>
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic authentication-details-source-ref="authenticationDetailsSource"/>
|
||||
<form-login authentication-details-source-ref="authenticationDetailsSource"/>
|
||||
<x509 subject-principal-regex="OU=(.*?)(?:,|$)" authentication-details-source-ref="authenticationDetailsSource"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<custom-filter ref="${customFilterRef}" position="FIRST"/>
|
||||
<custom-filter ref="userFilter" before="SECURITY_CONTEXT_FILTER"/>
|
||||
<custom-filter ref="userFilter" after="LOGOUT_FILTER"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<logout delete-cookies="JSESSIONID, mycookie"/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -27,6 +27,7 @@
|
|||
<http-firewall ref="firewall"/>
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true" jaas-api-provision="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:bean class="org.springframework.security.config.http.MiscHttpConfigTests.JaasController"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<jee mappable-roles="admin,user"/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<logout success-handler-ref="logoutSuccessEndpoint"/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -24,5 +24,7 @@
|
|||
http://www.springframework.org/schema/beans
|
||||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true"/>
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
</b:beans>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<form-login/>
|
||||
<csrf disabled="true"/>
|
||||
<anonymous enabled="false"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -24,7 +24,9 @@
|
|||
http://www.springframework.org/schema/beans
|
||||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true"/>
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<authentication-manager>
|
||||
<authentication-provider user-service-ref="userService"/>
|
||||
|
|
|
@ -23,10 +23,12 @@
|
|||
http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http pattern="/first/**" create-session="stateless">
|
||||
<intercept-url pattern="/first/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<http pattern="/second/**">
|
||||
<intercept-url pattern="/second/**" access="authenticated"/>
|
||||
<form-login login-processing-url="/second/login"/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -23,10 +23,12 @@
|
|||
http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http create-session="stateless">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<form-login/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -23,10 +23,12 @@
|
|||
http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http pattern="/first/**" create-session="stateless">
|
||||
<intercept-url pattern="/first/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<http pattern="/first/**">
|
||||
<intercept-url pattern="/first/**" access="authenticated"/>
|
||||
<form-login/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -23,10 +23,12 @@
|
|||
http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http authentication-manager-ref="firstAuthenticationManager" pattern="/first/**" create-session="stateless">
|
||||
<intercept-url pattern="/first/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<http authentication-manager-ref="secondAuthenticationManager" pattern="/second/**">
|
||||
<intercept-url pattern="/second/**" access="authenticated"/>
|
||||
<form-login login-processing-url="/second/login"/>
|
||||
</http>
|
||||
|
||||
|
@ -47,6 +49,6 @@
|
|||
</user-service>
|
||||
</authentication-provider>
|
||||
</authentication-manager>
|
||||
|
||||
|
||||
<b:import resource="handlermappingintrospector.xml"/>
|
||||
</b:beans>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2020 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -29,6 +29,7 @@
|
|||
|
||||
<http auto-config="true">
|
||||
<oauth2-client authorized-client-repository-ref="authorizedClientRepository" />
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<mvc:annotation-driven />
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
<authorization-code-grant
|
||||
authorization-redirect-strategy-ref="authorizationRedirectStrategy"/>
|
||||
</oauth2-client>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:bean id="authorizationRedirectStrategy" class="org.mockito.Mockito" factory-method="mock">
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2020 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -32,6 +32,7 @@
|
|||
authorization-request-resolver-ref="authorizationRequestResolver"
|
||||
access-token-response-client-ref="accessTokenResponseClient"/>
|
||||
</oauth2-client>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<client-registrations>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2020 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -26,6 +26,7 @@
|
|||
|
||||
<http auto-config="true">
|
||||
<oauth2-client client-registration-repository-ref="clientRegistrationRepository"/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:bean id="clientRegistrationRepository" class="org.mockito.Mockito" factory-method="mock">
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2020 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -32,6 +32,7 @@
|
|||
authorization-request-resolver-ref="authorizationRequestResolver"
|
||||
access-token-response-client-ref="accessTokenResponseClient"/>
|
||||
</oauth2-client>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<client-registrations>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2020 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -26,6 +26,7 @@
|
|||
|
||||
<http auto-config="true">
|
||||
<oauth2-client/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<client-registrations>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<session-management session-authentication-error-url="/max-exceeded">
|
||||
<concurrency-control max-sessions="2" error-if-maximum-exceeded="true"/>
|
||||
</session-management>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2021 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -24,6 +24,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<session-management
|
||||
session-authentication-error-url="/max-exceeded">
|
||||
<concurrency-control
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<session-management
|
||||
authentication-strategy-explicit-invocation="false">
|
||||
<concurrency-control session-registry-ref="sessionRegistry"/>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true" create-session="always">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<csrf disabled="true"/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<csrf disabled="true"/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2021 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<password-management change-password-page="/custom-change-password-page"/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2021 the original author or authors.
|
||||
~ Copyright 2002-2022 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
|
@ -25,6 +25,7 @@
|
|||
https://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<password-management/>
|
||||
</http>
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -44,6 +44,8 @@ import org.springframework.util.Assert;
|
|||
*/
|
||||
public final class RequestMatcherDelegatingAuthorizationManager implements AuthorizationManager<HttpServletRequest> {
|
||||
|
||||
private static final AuthorizationDecision DENY = new AuthorizationDecision(false);
|
||||
|
||||
private final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
private final List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings;
|
||||
|
@ -81,8 +83,10 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
|
|||
new RequestAuthorizationContext(request, matchResult.getVariables()));
|
||||
}
|
||||
}
|
||||
this.logger.trace("Abstaining since did not find matching RequestMatcher");
|
||||
return null;
|
||||
if (this.logger.isTraceEnabled()) {
|
||||
this.logger.trace(LogMessage.of(() -> "Denying request since did not find matching RequestMatcher"));
|
||||
}
|
||||
return DENY;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2021 the original author or authors.
|
||||
* Copyright 2002-2022 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -67,8 +67,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
|
|||
public void checkWhenMultipleMappingsConfiguredThenDelegatesMatchingManager() {
|
||||
RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
|
||||
.add(new MvcRequestMatcher(null, "/grant"), (a, o) -> new AuthorizationDecision(true))
|
||||
.add(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false))
|
||||
.add(new MvcRequestMatcher(null, "/neutral"), (a, o) -> null).build();
|
||||
.add(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false)).build();
|
||||
|
||||
Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
|
||||
|
||||
|
@ -80,11 +79,10 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
|
|||
assertThat(deny).isNotNull();
|
||||
assertThat(deny.isGranted()).isFalse();
|
||||
|
||||
AuthorizationDecision neutral = manager.check(authentication, new MockHttpServletRequest(null, "/neutral"));
|
||||
assertThat(neutral).isNull();
|
||||
|
||||
AuthorizationDecision abstain = manager.check(authentication, new MockHttpServletRequest(null, "/abstain"));
|
||||
assertThat(abstain).isNull();
|
||||
AuthorizationDecision defaultDeny = manager.check(authentication,
|
||||
new MockHttpServletRequest(null, "/unmapped"));
|
||||
assertThat(defaultDeny).isNotNull();
|
||||
assertThat(defaultDeny.isGranted()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
Loading…
Reference in New Issue