Josh Cummings
parent
7d3302f52b
commit
75e7e099ab
|
|
@ -1,804 +0,0 @@
|
|||
/*
|
||||
* Copyright 2002-2012 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.http
|
||||
|
||||
import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter
|
||||
import org.springframework.security.web.csrf.CsrfFilter
|
||||
import org.springframework.security.web.header.HeaderWriterFilter
|
||||
|
||||
import java.security.Principal
|
||||
import javax.servlet.Filter
|
||||
import org.springframework.beans.BeansException
|
||||
import org.springframework.beans.factory.BeanCreationException
|
||||
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer
|
||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException
|
||||
import org.springframework.mock.web.MockFilterChain
|
||||
import org.springframework.mock.web.MockHttpServletRequest
|
||||
import org.springframework.mock.web.MockHttpServletResponse
|
||||
import org.springframework.security.access.AccessDeniedException
|
||||
import org.springframework.security.access.SecurityConfig
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationProvider;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken
|
||||
import org.springframework.security.config.BeanIds
|
||||
import org.springframework.security.config.MockUserServiceBeanPostProcessor
|
||||
import org.springframework.security.config.PostProcessedMockUserDetailsService
|
||||
import org.springframework.security.config.util.InMemoryXmlApplicationContext
|
||||
import org.springframework.security.core.authority.AuthorityUtils
|
||||
import org.springframework.security.core.context.SecurityContext
|
||||
import org.springframework.security.core.context.SecurityContextHolder
|
||||
import org.springframework.security.openid.OpenIDAuthenticationFilter
|
||||
import org.springframework.security.util.FieldUtils
|
||||
import org.springframework.security.web.FilterChainProxy
|
||||
import org.springframework.security.web.PortMapperImpl
|
||||
import org.springframework.security.web.access.ExceptionTranslationFilter
|
||||
import org.springframework.security.web.access.channel.ChannelProcessingFilter
|
||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor
|
||||
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter
|
||||
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
|
||||
import org.springframework.security.web.authentication.logout.LogoutFilter
|
||||
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
|
||||
import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter
|
||||
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter
|
||||
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||
import org.springframework.security.web.debug.DebugFilter;
|
||||
import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter
|
||||
import org.springframework.security.web.savedrequest.HttpSessionRequestCache
|
||||
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter
|
||||
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
|
||||
import org.springframework.security.web.session.SessionManagementFilter
|
||||
import org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler
|
||||
import org.springframework.security.web.firewall.DefaultHttpFirewall
|
||||
import org.springframework.security.BeanNameCollectingPostProcessor
|
||||
import org.springframework.security.authentication.dao.DaoAuthenticationProvider
|
||||
import org.springframework.security.access.vote.RoleVoter
|
||||
import org.springframework.security.web.access.expression.WebExpressionVoter
|
||||
import org.springframework.security.access.vote.AffirmativeBased
|
||||
import org.springframework.security.access.PermissionEvaluator
|
||||
import org.springframework.security.core.Authentication
|
||||
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher
|
||||
import org.springframework.security.authentication.AuthenticationManager
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @author Rob Winch
|
||||
*/
|
||||
class MiscHttpConfigTests extends AbstractHttpConfigTests {
|
||||
|
||||
def 'Minimal configuration parses'() {
|
||||
setup:
|
||||
xml.http {
|
||||
'http-basic'()
|
||||
}
|
||||
createAppContext()
|
||||
}
|
||||
|
||||
def httpAutoConfigSetsUpCorrectFilterList() {
|
||||
when:
|
||||
xml.http('auto-config': 'true')
|
||||
createAppContext()
|
||||
|
||||
then:
|
||||
filtersMatchExpectedAutoConfigList('/anyurl');
|
||||
}
|
||||
|
||||
void filtersMatchExpectedAutoConfigList(String url) {
|
||||
def filterList = getFilters(url);
|
||||
Iterator<Filter> filters = filterList.iterator();
|
||||
|
||||
assert filters.next() instanceof SecurityContextPersistenceFilter
|
||||
assert filters.next() instanceof WebAsyncManagerIntegrationFilter
|
||||
assert filters.next() instanceof HeaderWriterFilter
|
||||
assert filters.next() instanceof CsrfFilter
|
||||
assert filters.next() instanceof LogoutFilter
|
||||
Object authProcFilter = filters.next();
|
||||
assert authProcFilter instanceof UsernamePasswordAuthenticationFilter
|
||||
assert filters.next() instanceof DefaultLoginPageGeneratingFilter
|
||||
assert filters.next() instanceof DefaultLogoutPageGeneratingFilter
|
||||
assert filters.next() instanceof BasicAuthenticationFilter
|
||||
assert filters.next() instanceof RequestCacheAwareFilter
|
||||
assert filters.next() instanceof SecurityContextHolderAwareRequestFilter
|
||||
assert filters.next() instanceof AnonymousAuthenticationFilter
|
||||
assert filters.next() instanceof SessionManagementFilter
|
||||
assert filters.next() instanceof ExceptionTranslationFilter
|
||||
Object fsiObj = filters.next();
|
||||
assert fsiObj instanceof FilterSecurityInterceptor
|
||||
def fsi = (FilterSecurityInterceptor) fsiObj;
|
||||
assert fsi.isObserveOncePerRequest()
|
||||
}
|
||||
|
||||
def filterListShouldBeEmptyForPatternWithNoFilters() {
|
||||
xml.debug()
|
||||
xml.http(pattern: '/unprotected', security: 'none')
|
||||
httpAutoConfig() {}
|
||||
createAppContext()
|
||||
|
||||
expect:
|
||||
getFilters("/unprotected").size() == 0
|
||||
}
|
||||
|
||||
def debugFilterHandlesMissingAndEmptyFilterChains() {
|
||||
when:
|
||||
xml.debug()
|
||||
xml.http(pattern: '/unprotected', security: 'none')
|
||||
createAppContext()
|
||||
then:
|
||||
Filter debugFilter = appContext.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "")
|
||||
request.setServletPath("/unprotected");
|
||||
debugFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
|
||||
request.setServletPath("/nomatch");
|
||||
debugFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
|
||||
}
|
||||
|
||||
def regexPathsWorkCorrectly() {
|
||||
xml.http(pattern: '\\A\\/[a-z]+', security: 'none', 'request-matcher': 'regex')
|
||||
httpAutoConfig() {}
|
||||
createAppContext()
|
||||
|
||||
expect:
|
||||
getFilters('/imlowercase').size() == 0
|
||||
filtersMatchExpectedAutoConfigList('/MixedCase');
|
||||
}
|
||||
|
||||
def ciRegexPathsWorkCorrectly() {
|
||||
when:
|
||||
xml.http(pattern: '\\A\\/[a-z]+', security: 'none', 'request-matcher': 'ciRegex')
|
||||
httpAutoConfig() {}
|
||||
createAppContext()
|
||||
|
||||
then:
|
||||
getFilters('/imMixedCase').size() == 0
|
||||
filtersMatchExpectedAutoConfigList('/Im_caught_by_the_Universal_Match');
|
||||
}
|
||||
|
||||
def requestMatcherRefWorksCorrectly() {
|
||||
xml.http('request-matcher-ref': 'matcher', security: 'none')
|
||||
bean('matcher', AntPathRequestMatcher.class.name, ['/nofilters'])
|
||||
httpAutoConfig() {}
|
||||
createAppContext()
|
||||
|
||||
expect:
|
||||
getFilters('/nofilters').size() == 0
|
||||
filtersMatchExpectedAutoConfigList('/somethingElse');
|
||||
}
|
||||
|
||||
// SEC-1152
|
||||
def anonymousFilterIsAddedByDefault() {
|
||||
xml.http {
|
||||
'form-login'()
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
expect:
|
||||
getFilters("/anything")[9] instanceof AnonymousAuthenticationFilter
|
||||
}
|
||||
|
||||
def anonymousFilterIsRemovedIfDisabledFlagSet() {
|
||||
xml.http {
|
||||
'form-login'()
|
||||
'anonymous'(enabled: 'false')
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
expect:
|
||||
!(getFilters("/anything").get(9) instanceof AnonymousAuthenticationFilter)
|
||||
}
|
||||
|
||||
def anonymousCustomAttributesAreSetCorrectly() {
|
||||
xml.http {
|
||||
'form-login'()
|
||||
'anonymous'(username: 'joe', 'granted-authority':'anonymity', key: 'customKey')
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
AnonymousAuthenticationFilter filter = getFilter(AnonymousAuthenticationFilter);
|
||||
def providers = appContext.getBeansOfType(AuthenticationManager).values()*.providers.flatten()
|
||||
|
||||
expect:
|
||||
'customKey' == providers.find { it instanceof AnonymousAuthenticationProvider }.key
|
||||
'customKey' == filter.key
|
||||
'joe' == filter.principal
|
||||
'anonymity' == filter.authorities[0].authority
|
||||
}
|
||||
|
||||
def anonymousSupportsMultipleGrantedAuthorities() {
|
||||
xml.http {
|
||||
'form-login'()
|
||||
'anonymous'(username: 'joe', 'granted-authority':'ROLE_INVITADO,ROLE_PROFILE_INVITADO,ROLE_GRUPO_PUBLICO', key: 'customKey')
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
AnonymousAuthenticationFilter filter = getFilter(AnonymousAuthenticationFilter);
|
||||
def providers = appContext.getBeansOfType(AuthenticationManager).values()*.providers.flatten()
|
||||
|
||||
expect:
|
||||
'customKey' == providers.find { it instanceof AnonymousAuthenticationProvider }.key
|
||||
'customKey' == filter.key
|
||||
'joe' == filter.principal
|
||||
['ROLE_INVITADO','ROLE_PROFILE_INVITADO','ROLE_GRUPO_PUBLICO'] == filter.authorities*.authority
|
||||
}
|
||||
|
||||
def httpMethodMatchIsSupported() {
|
||||
httpAutoConfig {
|
||||
interceptUrl '/secure*', 'DELETE', 'ROLE_SUPERVISOR'
|
||||
interceptUrl '/secure*', 'POST', 'ROLE_A,ROLE_B'
|
||||
interceptUrl '/**', 'ROLE_C'
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
def fids = getFilter(FilterSecurityInterceptor).getSecurityMetadataSource();
|
||||
def attrs = fids.getAttributes(createFilterinvocation("/secure", "POST"));
|
||||
|
||||
expect:
|
||||
attrs.size() == 2
|
||||
attrs.contains(new SecurityConfig("ROLE_A"))
|
||||
attrs.contains(new SecurityConfig("ROLE_B"))
|
||||
}
|
||||
|
||||
def httpMethodMatchIsSupportedForRequiresChannel() {
|
||||
httpAutoConfig {
|
||||
'intercept-url'(pattern: '/anyurl')
|
||||
'intercept-url'(pattern: '/anyurl', 'method':'GET',access: 'ROLE_ADMIN', 'requires-channel': 'https')
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
def fids = getFilter(ChannelProcessingFilter).getSecurityMetadataSource();
|
||||
def attrs = fids.getAttributes(createFilterinvocation("/anyurl", "GET"));
|
||||
def attrsPost = fids.getAttributes(createFilterinvocation("/anyurl", "POST"));
|
||||
|
||||
expect:
|
||||
attrs.size() == 1
|
||||
attrs.contains(new SecurityConfig("REQUIRES_SECURE_CHANNEL"))
|
||||
attrsPost == null
|
||||
}
|
||||
|
||||
def httpMethodMatchIsSupportedForRequiresChannelAny() {
|
||||
httpAutoConfig {
|
||||
'intercept-url'(pattern: '/**')
|
||||
'intercept-url'(pattern: '/**', 'method':'GET',access: 'ROLE_ADMIN', 'requires-channel': 'https')
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
def fids = getFilter(ChannelProcessingFilter).getSecurityMetadataSource();
|
||||
def attrs = fids.getAttributes(createFilterinvocation("/anyurl", "GET"));
|
||||
def attrsPost = fids.getAttributes(createFilterinvocation("/anyurl", "POST"));
|
||||
|
||||
expect:
|
||||
attrs.size() == 1
|
||||
attrs.contains(new SecurityConfig("REQUIRES_SECURE_CHANNEL"))
|
||||
attrsPost == null
|
||||
}
|
||||
|
||||
def oncePerRequestAttributeIsSupported() {
|
||||
xml.http('once-per-request': 'false') {
|
||||
'http-basic'()
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
expect:
|
||||
!getFilter(FilterSecurityInterceptor).isObserveOncePerRequest()
|
||||
}
|
||||
|
||||
def httpBasicSupportsSeparateEntryPoint() {
|
||||
xml.http() {
|
||||
'http-basic'('entry-point-ref': 'ep')
|
||||
}
|
||||
bean('ep', BasicAuthenticationEntryPoint.class.name, ['realmName':'whocares'],[:])
|
||||
createAppContext();
|
||||
|
||||
def baf = getFilter(BasicAuthenticationFilter)
|
||||
def etf = getFilter(ExceptionTranslationFilter)
|
||||
def ep = appContext.getBean("ep")
|
||||
|
||||
expect:
|
||||
baf.authenticationEntryPoint == ep
|
||||
// Since no other authentication system is in use, this should also end up on the ETF
|
||||
etf.authenticationEntryPoint == ep
|
||||
}
|
||||
|
||||
def interceptUrlWithRequiresChannelAddsChannelFilterToStack() {
|
||||
httpAutoConfig {
|
||||
'intercept-url'(pattern: '/**', 'requires-channel': 'https')
|
||||
}
|
||||
createAppContext();
|
||||
List filters = getFilters("/someurl");
|
||||
|
||||
expect:
|
||||
filters.size() == AUTO_CONFIG_FILTERS + 1
|
||||
filters[0] instanceof ChannelProcessingFilter
|
||||
}
|
||||
|
||||
def portMappingsAreParsedCorrectly() {
|
||||
httpAutoConfig {
|
||||
'port-mappings'() {
|
||||
'port-mapping'(http: '9080', https: '9443')
|
||||
}
|
||||
}
|
||||
createAppContext();
|
||||
|
||||
def pm = (appContext.getBeansOfType(PortMapperImpl).values() as List)[0];
|
||||
|
||||
expect:
|
||||
pm.getTranslatedPortMappings().size() == 1
|
||||
pm.lookupHttpPort(9443) == 9080
|
||||
pm.lookupHttpsPort(9080) == 9443
|
||||
}
|
||||
|
||||
def externalFiltersAreTreatedCorrectly() {
|
||||
httpAutoConfig {
|
||||
'custom-filter'(position: 'FIRST', ref: '${customFilterRef}')
|
||||
'custom-filter'(after: 'LOGOUT_FILTER', ref: 'userFilter')
|
||||
'custom-filter'(before: 'SECURITY_CONTEXT_FILTER', ref: 'userFilter1')
|
||||
}
|
||||
bean('phc', PropertyPlaceholderConfigurer)
|
||||
bean('userFilter', SecurityContextHolderAwareRequestFilter)
|
||||
bean('userFilter1', SecurityContextPersistenceFilter)
|
||||
|
||||
System.setProperty('customFilterRef', 'userFilter')
|
||||
createAppContext();
|
||||
|
||||
def filters = getFilters("/someurl");
|
||||
|
||||
expect:
|
||||
AUTO_CONFIG_FILTERS + 3 == filters.size();
|
||||
filters[0] instanceof SecurityContextHolderAwareRequestFilter
|
||||
filters[1] instanceof SecurityContextPersistenceFilter
|
||||
filters[7] instanceof SecurityContextHolderAwareRequestFilter
|
||||
filters[1] instanceof SecurityContextPersistenceFilter
|
||||
}
|
||||
|
||||
def twoFiltersWithSameOrderAreRejected() {
|
||||
when:
|
||||
httpAutoConfig {
|
||||
'custom-filter'(position: 'LOGOUT_FILTER', ref: 'userFilter')
|
||||
}
|
||||
bean('userFilter', SecurityContextHolderAwareRequestFilter)
|
||||
createAppContext();
|
||||
|
||||
then:
|
||||
thrown(BeanDefinitionParsingException)
|
||||
}
|
||||
|
||||
def x509SupportAddsFilterAtExpectedPosition() {
|
||||
httpAutoConfig {
|
||||
x509()
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
expect:
|
||||
getFilters("/someurl")[5] instanceof X509AuthenticationFilter
|
||||
}
|
||||
|
||||
def x509SubjectPrincipalRegexCanBeSetUsingPropertyPlaceholder() {
|
||||
httpAutoConfig {
|
||||
x509('subject-principal-regex':'${subject-principal-regex}')
|
||||
}
|
||||
bean('phc', PropertyPlaceholderConfigurer.class.name)
|
||||
System.setProperty("subject-principal-regex", "uid=(.*),");
|
||||
createAppContext()
|
||||
def filter = getFilter(X509AuthenticationFilter)
|
||||
|
||||
expect:
|
||||
filter.principalExtractor.subjectDnPattern.pattern() == "uid=(.*),"
|
||||
}
|
||||
|
||||
def invalidLogoutSuccessUrlIsDetected() {
|
||||
when:
|
||||
xml.http {
|
||||
'form-login'()
|
||||
'logout'('logout-success-url': 'noLeadingSlash')
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
then:
|
||||
BeanCreationException e = thrown()
|
||||
}
|
||||
|
||||
def cookiesToDeleteOnLogoutUrlAddsCorrectLogoutHandler() {
|
||||
xml.http {
|
||||
'logout'('delete-cookies': 'JSESSIONID, mycookie')
|
||||
'form-login'()
|
||||
}
|
||||
createAppContext()
|
||||
def handlers = getFilter(LogoutFilter).handler.logoutHandlers
|
||||
|
||||
expect:
|
||||
handlers[2] instanceof CookieClearingLogoutHandler
|
||||
handlers[2].cookiesToClear[0] == 'JSESSIONID'
|
||||
handlers[2].cookiesToClear[1] == 'mycookie'
|
||||
}
|
||||
|
||||
def logoutSuccessHandlerIsSetCorrectly() {
|
||||
xml.http {
|
||||
'form-login'()
|
||||
'logout'('success-handler-ref': 'logoutHandler')
|
||||
}
|
||||
bean('logoutHandler', SimpleUrlLogoutSuccessHandler)
|
||||
createAppContext()
|
||||
|
||||
LogoutFilter filter = getFilter(LogoutFilter);
|
||||
|
||||
expect:
|
||||
FieldUtils.getFieldValue(filter, "logoutSuccessHandler") == appContext.getBean("logoutHandler")
|
||||
}
|
||||
|
||||
def externalRequestCacheIsConfiguredCorrectly() {
|
||||
httpAutoConfig {
|
||||
'request-cache'(ref: 'cache')
|
||||
}
|
||||
bean('cache', HttpSessionRequestCache.class.name)
|
||||
createAppContext()
|
||||
|
||||
expect:
|
||||
appContext.getBean("cache") == getFilter(ExceptionTranslationFilter.class).requestCache
|
||||
}
|
||||
|
||||
def customEntryPointIsSupported() {
|
||||
xml.http('auto-config': 'true', 'entry-point-ref': 'entryPoint') {}
|
||||
bean('entryPoint', MockEntryPoint.class.name)
|
||||
createAppContext()
|
||||
|
||||
expect:
|
||||
getFilter(ExceptionTranslationFilter).getAuthenticationEntryPoint() instanceof MockEntryPoint
|
||||
}
|
||||
|
||||
/**
|
||||
* See SEC-750. If the http security post processor causes beans to be instantiated too eagerly, they way miss
|
||||
* additional processing. In this method we have a UserDetailsService which is referenced from the namespace
|
||||
* and also has a post processor registered which will modify it.
|
||||
*/
|
||||
def httpElementDoesntInterfereWithBeanPostProcessing() {
|
||||
xml.http('auto-config': 'true', 'entry-point-ref': 'entryPoint') {}
|
||||
xml.'authentication-manager'() {
|
||||
'authentication-provider'('user-service-ref': 'myUserService')
|
||||
'authentication-provider'('ref': 'authProvider')
|
||||
}
|
||||
bean('authProvider', DaoAuthenticationProvider.class.name, [:], [userDetailsService: 'myUserService'])
|
||||
bean('entryPoint', MockEntryPoint.class.name)
|
||||
bean('myUserService', PostProcessedMockUserDetailsService)
|
||||
bean('userServicePostProcessor', MockUserServiceBeanPostProcessor)
|
||||
bean('nameCollectingPostProcessor', BeanNameCollectingPostProcessor)
|
||||
createAppContext("")
|
||||
def beanPP = appContext.getBean("nameCollectingPostProcessor")
|
||||
Set preInitPPBeans = beanPP.beforeInitPostProcessedBeans
|
||||
Set postInitPPBeans = beanPP.afterInitPostProcessedBeans
|
||||
Set expectedBeans = ['authProvider', 'entryPoint', 'myUserService'] as Set
|
||||
|
||||
expect:
|
||||
appContext.getBean("myUserService").getPostProcessorWasHere() == "Hello from the post processor!"
|
||||
preInitPPBeans.containsAll(expectedBeans)
|
||||
postInitPPBeans.containsAll(expectedBeans)
|
||||
}
|
||||
|
||||
/* SEC-934 */
|
||||
def supportsTwoIdenticalInterceptUrls() {
|
||||
httpAutoConfig {
|
||||
interceptUrl ('/someUrl', 'ROLE_A')
|
||||
interceptUrl ('/someUrl', 'ROLE_B')
|
||||
}
|
||||
createAppContext()
|
||||
def fis = getFilter(FilterSecurityInterceptor)
|
||||
def fids = fis.securityMetadataSource
|
||||
Collection attrs = fids.getAttributes(createFilterinvocation("/someUrl", null));
|
||||
|
||||
expect:
|
||||
attrs.size() == 1
|
||||
attrs.contains(new SecurityConfig("ROLE_B"))
|
||||
}
|
||||
|
||||
def supportsExternallyDefinedSecurityContextRepository() {
|
||||
xml.http('create-session': 'always', 'security-context-repository-ref': 'repo') {
|
||||
'http-basic'()
|
||||
}
|
||||
bean('repo', HttpSessionSecurityContextRepository)
|
||||
createAppContext()
|
||||
|
||||
def filter = getFilter(SecurityContextPersistenceFilter)
|
||||
|
||||
expect:
|
||||
filter.repo == appContext.getBean('repo')
|
||||
filter.forceEagerSessionCreation
|
||||
}
|
||||
|
||||
def expressionBasedAccessAllowsAndDeniesAccessAsExpected() {
|
||||
setup:
|
||||
xml.http('auto-config': 'true', 'use-expressions': 'true') {
|
||||
interceptUrl('/secure*', "hasAnyRole('ROLE_A','ROLE_C')")
|
||||
interceptUrl('/**', 'permitAll')
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
def fis = getFilter(FilterSecurityInterceptor)
|
||||
def fids = fis.getSecurityMetadataSource()
|
||||
Collection attrs = fids.getAttributes(createFilterinvocation("/secure", null));
|
||||
assert 1 == attrs.size()
|
||||
|
||||
when: "Unprotected URL"
|
||||
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("joe", "", "ROLE_A"));
|
||||
fis.invoke(createFilterinvocation("/permitallurl", null));
|
||||
then:
|
||||
notThrown(AccessDeniedException)
|
||||
|
||||
when: "Invoking secure Url as a valid user"
|
||||
fis.invoke(createFilterinvocation("/secure", null));
|
||||
then:
|
||||
notThrown(AccessDeniedException)
|
||||
|
||||
when: "User does not have the required role"
|
||||
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("joe", "", "ROLE_B"));
|
||||
fis.invoke(createFilterinvocation("/secure", null));
|
||||
then:
|
||||
thrown(AccessDeniedException)
|
||||
}
|
||||
|
||||
def expressionBasedAccessSupportsExternalExpressionHandler() {
|
||||
setup:
|
||||
xml.http('auto-config': 'true', 'use-expressions': 'true') {
|
||||
interceptUrl('/**', "hasPermission('AnyObject','R')")
|
||||
'expression-handler'(ref: 'expressionHandler')
|
||||
}
|
||||
bean('expressionHandler', DefaultWebSecurityExpressionHandler.class.name, [:], [permissionEvaluator: 'pe'])
|
||||
bean('pe', MockPermissionEvaluator)
|
||||
createAppContext()
|
||||
|
||||
def fis = getFilter(FilterSecurityInterceptor)
|
||||
|
||||
when: "Invoking allowed URL protected by hasPermission() expression succeeds"
|
||||
SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("joe", "", "ANY"));
|
||||
fis.invoke(createFilterinvocation("/secure", null));
|
||||
then:
|
||||
notThrown(AccessDeniedException)
|
||||
}
|
||||
|
||||
def protectedLoginPageReportsWarning() {
|
||||
when:
|
||||
xml.http('use-expressions': 'true') {
|
||||
'form-login'('login-page': '/login')
|
||||
interceptUrl('/login*', "hasRole('ROLE_A')")
|
||||
}
|
||||
createAppContext()
|
||||
then:
|
||||
notThrown(BeansException)
|
||||
}
|
||||
|
||||
def disablingUrlRewritingThroughTheNamespaceSetsCorrectPropertyOnContextRepo() {
|
||||
xml.http('auto-config': 'true', 'disable-url-rewriting': 'true')
|
||||
createAppContext()
|
||||
|
||||
expect:
|
||||
getFilter(SecurityContextPersistenceFilter).repo.disableUrlRewriting
|
||||
}
|
||||
|
||||
def userDetailsServiceInParentContextIsLocatedSuccessfully() {
|
||||
when:
|
||||
createAppContext()
|
||||
httpAutoConfig {
|
||||
'remember-me'
|
||||
}
|
||||
appContext = new InMemoryXmlApplicationContext(writer.toString(), appContext)
|
||||
|
||||
then:
|
||||
notThrown(BeansException)
|
||||
}
|
||||
|
||||
def httpConfigWithNoAuthProvidersWorksOk() {
|
||||
when: "Http config has no internal authentication providers"
|
||||
xml.debug()
|
||||
xml.http() {
|
||||
'form-login'()
|
||||
csrf(disabled:true)
|
||||
anonymous(enabled: 'false')
|
||||
}
|
||||
createAppContext()
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("POST", "/login");
|
||||
request.setServletPath("/login");
|
||||
request.addParameter("username", "bob");
|
||||
request.addParameter("password", "bobspassword");
|
||||
then: "App context creation and login request succeed"
|
||||
DebugFilter debugFilter = appContext.getBean(BeanIds.SPRING_SECURITY_FILTER_CHAIN);
|
||||
debugFilter.doFilter(request, new MockHttpServletResponse(), new MockFilterChain());
|
||||
appListener.events.size() == 2
|
||||
appListener.authenticationEvents.size() == 2
|
||||
}
|
||||
|
||||
def eraseCredentialsDefaultsToTrue() {
|
||||
xml.http() {
|
||||
'form-login'()
|
||||
}
|
||||
createAppContext()
|
||||
expect:
|
||||
getFilter(UsernamePasswordAuthenticationFilter).authenticationManager.eraseCredentialsAfterAuthentication
|
||||
}
|
||||
|
||||
def eraseCredentialsIsSetFromParentAuthenticationManager() {
|
||||
xml.http() {
|
||||
'form-login'()
|
||||
}
|
||||
createAppContext("<authentication-manager erase-credentials='false' />");
|
||||
expect:
|
||||
!getFilter(UsernamePasswordAuthenticationFilter).authenticationManager.eraseCredentialsAfterAuthentication
|
||||
}
|
||||
|
||||
def 'SEC-2020 authentication-manager@erase-credentials with http@authentication-manager-ref'() {
|
||||
xml.http('authentication-manager-ref':'authMgr') {
|
||||
'form-login'()
|
||||
}
|
||||
createAppContext("<authentication-manager id='authMgr' erase-credentials='false' />");
|
||||
expect:
|
||||
def authManager = getFilter(UsernamePasswordAuthenticationFilter).authenticationManager
|
||||
!authManager.eraseCredentialsAfterAuthentication
|
||||
!authManager.parent.eraseCredentialsAfterAuthentication
|
||||
}
|
||||
|
||||
def 'authentication-manager@erase-credentials with http@authentication-manager-ref not ProviderManager'() {
|
||||
xml.http('authentication-manager-ref':'authMgr') {
|
||||
'form-login'()
|
||||
}
|
||||
xml.'b:bean'(id: 'authMgr', 'class': MockAuthenticationManager.class.name)
|
||||
createAppContext()
|
||||
expect:
|
||||
def authManager = getFilter(UsernamePasswordAuthenticationFilter).authenticationManager
|
||||
!authManager.eraseCredentialsAfterAuthentication
|
||||
authManager.parent instanceof MockAuthenticationManager
|
||||
}
|
||||
|
||||
def jeeFilterExtractsExpectedRoles() {
|
||||
xml.http() {
|
||||
jee('mappable-roles': 'admin,user,a,b,c')
|
||||
}
|
||||
createAppContext()
|
||||
FilterChainProxy fcp = appContext.getBean(BeanIds.FILTER_CHAIN_PROXY)
|
||||
Principal p = Mock(Principal)
|
||||
p.getName() >> 'joe'
|
||||
|
||||
when:
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET","/something")
|
||||
request.setUserPrincipal(p)
|
||||
request.addUserRole('admin')
|
||||
request.addUserRole('user')
|
||||
request.addUserRole('c')
|
||||
request.addUserRole('notmapped')
|
||||
fcp.doFilter(request, new MockHttpServletResponse(), new MockFilterChain())
|
||||
SecurityContext ctx = request.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
|
||||
Set<String> roles = AuthorityUtils.authorityListToSet(ctx.getAuthentication().getAuthorities());
|
||||
|
||||
then:
|
||||
roles.size() == 3
|
||||
roles.contains 'ROLE_admin'
|
||||
roles.contains 'ROLE_user'
|
||||
roles.contains 'ROLE_c'
|
||||
}
|
||||
|
||||
def authenticationDetailsSourceInjectionSucceeds() {
|
||||
xml.http() {
|
||||
'form-login'('authentication-details-source-ref' : 'adsr')
|
||||
'openid-login' ('authentication-details-source-ref' : 'adsr')
|
||||
'http-basic' ('authentication-details-source-ref' : 'adsr')
|
||||
'x509' ('authentication-details-source-ref' : 'adsr')
|
||||
}
|
||||
bean('adsr', 'org.springframework.security.web.authentication.WebAuthenticationDetailsSource')
|
||||
createAppContext()
|
||||
def adsr = appContext.getBean('adsr')
|
||||
expect:
|
||||
getFilter(UsernamePasswordAuthenticationFilter).authenticationDetailsSource == adsr
|
||||
getFilter(OpenIDAuthenticationFilter).authenticationDetailsSource == adsr
|
||||
getFilter(BasicAuthenticationFilter).authenticationDetailsSource == adsr
|
||||
getFilter(X509AuthenticationFilter).authenticationDetailsSource == adsr
|
||||
}
|
||||
|
||||
def includeJaasApiIntegrationFilter() {
|
||||
xml.http(['auto-config':'true','jaas-api-provision':'true'])
|
||||
createAppContext()
|
||||
expect:
|
||||
getFilter(JaasApiIntegrationFilter.class) != null
|
||||
}
|
||||
|
||||
def httpFirewallInjectionIsSupported() {
|
||||
xml.'http-firewall'(ref: 'fw')
|
||||
xml.http() {
|
||||
'form-login'()
|
||||
}
|
||||
bean('fw', DefaultHttpFirewall)
|
||||
createAppContext()
|
||||
FilterChainProxy fcp = appContext.getBean(BeanIds.FILTER_CHAIN_PROXY)
|
||||
expect:
|
||||
fcp.firewall == appContext.getBean('fw')
|
||||
}
|
||||
|
||||
def customAccessDecisionManagerIsSupported() {
|
||||
xml.http('auto-config': 'true', 'access-decision-manager-ref': 'adm')
|
||||
xml.'b:bean'(id: 'adm', 'class': AffirmativeBased.class.name) {
|
||||
'b:constructor-arg' {
|
||||
'b:list'() {
|
||||
'b:bean'('class': RoleVoter.class.name)
|
||||
'b:bean'('class': RoleVoter.class.name)
|
||||
'b:bean'('class': RoleVoter.class.name)
|
||||
'b:bean'('class': WebExpressionVoter.class.name)
|
||||
}
|
||||
}
|
||||
}
|
||||
createAppContext()
|
||||
expect:
|
||||
getFilter(FilterSecurityInterceptor.class).accessDecisionManager.decisionVoters[3] instanceof WebExpressionVoter
|
||||
}
|
||||
|
||||
def customAuthenticationManagerIsSupported() {
|
||||
xml.http('auto-config': 'true', 'authentication-manager-ref': 'am')
|
||||
xml.'b:bean'(id: 'am', 'class': MockAuthenticationManager.class.name)
|
||||
createAppContext("")
|
||||
expect:
|
||||
getFilter(UsernamePasswordAuthenticationFilter.class).authenticationManager.parent instanceof MockAuthenticationManager
|
||||
}
|
||||
|
||||
// SEC-1893
|
||||
def customPortMappings() {
|
||||
when: 'A custom port-mappings is registered'
|
||||
def expectedHttpsPortMappings = [8443:8080]
|
||||
xml.http('auto-config': 'true') {
|
||||
'intercept-url'('pattern':'/**','requires-channel':'https')
|
||||
'port-mappings' {
|
||||
'port-mapping'(http:'8443',https:'8080')
|
||||
}
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
then: 'All the components created by the namespace use that port mapping'
|
||||
getFilter(RequestCacheAwareFilter.class).requestCache.portResolver.portMapper.httpsPortMappings == expectedHttpsPortMappings
|
||||
|
||||
def channelProcessors = getFilter(ChannelProcessingFilter.class).channelDecisionManager.channelProcessors
|
||||
channelProcessors.size() == 2
|
||||
channelProcessors.each { cp->
|
||||
cp.entryPoint.portMapper.httpsPortMappings == expectedHttpsPortMappings
|
||||
cp.entryPoint.portResolver.portMapper.httpsPortMappings == expectedHttpsPortMappings
|
||||
}
|
||||
|
||||
def authEntryPoint = getFilter(ExceptionTranslationFilter.class).authenticationEntryPoint
|
||||
authEntryPoint.portMapper.httpsPortMappings == expectedHttpsPortMappings
|
||||
authEntryPoint.portResolver.portMapper.httpsPortMappings == expectedHttpsPortMappings
|
||||
}
|
||||
}
|
||||
|
||||
class MockAuthenticationManager implements AuthenticationManager {
|
||||
Authentication authenticate(Authentication authentication) {
|
||||
return null
|
||||
}
|
||||
}
|
||||
|
||||
class MockPermissionEvaluator implements PermissionEvaluator {
|
||||
boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
|
||||
return true
|
||||
}
|
||||
|
||||
boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
|
||||
return true
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
class MockEntryPoint extends LoginUrlAuthenticationEntryPoint {
|
||||
public MockEntryPoint() {
|
||||
super("/notused");
|
||||
}
|
||||
}
|
||||
|
|
@ -15,11 +15,12 @@
|
|||
*/
|
||||
package org.springframework.security;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.config.BeanPostProcessor;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
|
|
@ -42,4 +43,12 @@ public class BeanNameCollectingPostProcessor implements BeanPostProcessor {
|
|||
}
|
||||
return bean;
|
||||
}
|
||||
|
||||
public Set<String> getBeforeInitPostProcessedBeans() {
|
||||
return beforeInitPostProcessedBeans;
|
||||
}
|
||||
|
||||
public Set<String> getAfterInitPostProcessedBeans() {
|
||||
return afterInitPostProcessedBeans;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,987 @@
|
|||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.config.http;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.security.AccessController;
|
||||
import java.security.Principal;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
import javax.security.auth.Subject;
|
||||
import javax.security.auth.callback.CallbackHandler;
|
||||
import javax.security.auth.login.LoginException;
|
||||
import javax.security.auth.spi.LoginModule;
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpServletResponseWrapper;
|
||||
|
||||
import ch.qos.logback.classic.Logger;
|
||||
import ch.qos.logback.classic.spi.ILoggingEvent;
|
||||
import ch.qos.logback.core.Appender;
|
||||
import org.apache.http.HttpStatus;
|
||||
import org.assertj.core.api.iterable.Extractor;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.mockito.stubbing.Answer;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.BeanCreationException;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.mock.web.MockHttpSession;
|
||||
import org.springframework.security.BeanNameCollectingPostProcessor;
|
||||
import org.springframework.security.access.AccessDecisionManager;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.ConfigAttribute;
|
||||
import org.springframework.security.access.PermissionEvaluator;
|
||||
import org.springframework.security.authentication.AnonymousAuthenticationToken;
|
||||
import org.springframework.security.authentication.AuthenticationDetailsSource;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.authentication.InsufficientAuthenticationException;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken;
|
||||
import org.springframework.security.authentication.jaas.AuthorityGranter;
|
||||
import org.springframework.security.config.test.SpringTestRule;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.core.authority.AuthorityUtils;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.core.context.SecurityContextImpl;
|
||||
import org.springframework.security.openid.OpenIDAuthenticationFilter;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.FilterChainProxy;
|
||||
import org.springframework.security.web.access.ExceptionTranslationFilter;
|
||||
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
|
||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
||||
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.security.web.authentication.logout.LogoutFilter;
|
||||
import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
|
||||
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||
import org.springframework.security.web.context.HttpRequestResponseHolder;
|
||||
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
|
||||
import org.springframework.security.web.context.SecurityContextRepository;
|
||||
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
|
||||
import org.springframework.security.web.csrf.CsrfFilter;
|
||||
import org.springframework.security.web.firewall.FirewalledRequest;
|
||||
import org.springframework.security.web.firewall.HttpFirewall;
|
||||
import org.springframework.security.web.header.HeaderWriterFilter;
|
||||
import org.springframework.security.web.savedrequest.RequestCache;
|
||||
import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
|
||||
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
|
||||
import org.springframework.security.web.session.SessionManagementFilter;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.MvcResult;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.context.support.XmlWebApplicationContext;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatCode;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.Mockito.atLeastOnce;
|
||||
import static org.mockito.Mockito.doAnswer;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.x509;
|
||||
import static org.springframework.test.util.ReflectionTestUtils.getField;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Luke Taylor
|
||||
* @author Rob Winch
|
||||
*/
|
||||
public class MiscHttpConfigTests {
|
||||
private static final String CONFIG_LOCATION_PREFIX =
|
||||
"classpath:org/springframework/security/config/http/MiscHttpConfigTests";
|
||||
|
||||
@Autowired
|
||||
MockMvc mvc;
|
||||
|
||||
@Rule
|
||||
public final SpringTestRule spring = new SpringTestRule();
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingMinimalConfigurationThenParses() {
|
||||
this.spring.configLocations(xml("MinimalConfiguration")).autowire();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingAutoConfigThenSetsUpCorrectFilterList() {
|
||||
this.spring.configLocations(xml("AutoConfig")).autowire();
|
||||
assertThatFiltersMatchExpectedAutoConfigList();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingSecurityNoneThenNoFiltersAreSetUp() {
|
||||
this.spring.configLocations(xml("NoSecurityForPattern")).autowire();
|
||||
assertThat(getFilters("/unprotected")).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenUsingDebugFilterAndPatternIsNotConfigureForSecurityThenRespondsOk()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("NoSecurityForPattern")).autowire();
|
||||
|
||||
this.mvc.perform(get("/unprotected"))
|
||||
.andExpect(status().isNotFound());
|
||||
|
||||
this.mvc.perform(get("/nomatch"))
|
||||
.andExpect(status().isNotFound());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenHttpPatternUsesRegexMatchingThenMatchesAccordingly()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("RegexSecurityPattern")).autowire();
|
||||
|
||||
this.mvc.perform(get("/protected"))
|
||||
.andExpect(status().isUnauthorized());
|
||||
|
||||
this.mvc.perform(get("/unprotected"))
|
||||
.andExpect(status().isNotFound());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenHttpPatternUsesCiRegexMatchingThenMatchesAccordingly()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("CiRegexSecurityPattern")).autowire();
|
||||
|
||||
this.mvc.perform(get("/ProTectEd"))
|
||||
.andExpect(status().isUnauthorized());
|
||||
|
||||
this.mvc.perform(get("/UnProTectEd"))
|
||||
.andExpect(status().isNotFound());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenHttpPatternUsesCustomRequestMatcherThenMatchesAccordingly()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("CustomRequestMatcher")).autowire();
|
||||
|
||||
this.mvc.perform(get("/protected"))
|
||||
.andExpect(status().isUnauthorized());
|
||||
|
||||
this.mvc.perform(get("/unprotected"))
|
||||
.andExpect(status().isNotFound());
|
||||
}
|
||||
|
||||
/**
|
||||
* SEC-1152
|
||||
*/
|
||||
@Test
|
||||
public void requestWhenUsingMinimalConfigurationThenHonorsAnonymousEndpoints()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("AnonymousEndpoints")).autowire();
|
||||
|
||||
this.mvc.perform(get("/protected"))
|
||||
.andExpect(status().isUnauthorized());
|
||||
|
||||
this.mvc.perform(get("/unprotected"))
|
||||
.andExpect(status().isNotFound());
|
||||
|
||||
assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNotNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenAnonymousIsDisabledThenRejectsAnonymousEndpoints()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("AnonymousDisabled")).autowire();
|
||||
|
||||
this.mvc.perform(get("/protected"))
|
||||
.andExpect(status().isUnauthorized());
|
||||
|
||||
this.mvc.perform(get("/unprotected"))
|
||||
.andExpect(status().isUnauthorized());
|
||||
|
||||
assertThat(getFilter(AnonymousAuthenticationFilter.class)).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenAnonymousUsesCustomAttributesThenRespondsWithThoseAttributes()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("AnonymousCustomAttributes")).autowire();
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
this.mvc.perform(get("/protected"))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(content().string("josh"));
|
||||
|
||||
this.mvc.perform(get("/customKey"))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(content().string(String.valueOf("myCustomKey".hashCode())));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenAnonymousUsesMultipleGrantedAuthoritiesThenRespondsWithThoseAttributes()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("AnonymousMultipleAuthorities")).autowire();
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
this.mvc.perform(get("/protected"))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(content().string("josh"));
|
||||
|
||||
this.mvc.perform(get("/customKey"))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(content().string(String.valueOf("myCustomKey".hashCode())));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenInterceptUrlMatchesMethodThenSecuresAccordingly()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("InterceptUrlMethod")).autowire();
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isOk());
|
||||
|
||||
this.mvc.perform(post("/protected")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
this.mvc.perform(post("/protected")
|
||||
.with(httpBasic("poster", "password")))
|
||||
.andExpect(status().isOk());
|
||||
|
||||
this.mvc.perform(delete("/protected")
|
||||
.with(httpBasic("poster", "password")))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
this.mvc.perform(delete("/protected")
|
||||
.with(httpBasic("admin", "password")))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenInterceptUrlMatchesMethodAndRequiresHttpsThenSecuresAccordingly()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("InterceptUrlMethodRequiresHttps")).autowire();
|
||||
|
||||
this.mvc.perform(post("/protected").with(csrf()))
|
||||
.andExpect(status().isOk());
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.secure(true)
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.secure(true)
|
||||
.with(httpBasic("admin", "password")))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenInterceptUrlMatchesAnyPatternAndRequiresHttpsThenSecuresAccordingly()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("InterceptUrlMethodRequiresHttpsAny")).autowire();
|
||||
|
||||
this.mvc.perform(post("/protected").with(csrf()))
|
||||
.andExpect(status().isOk());
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.secure(true)
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.secure(true)
|
||||
.with(httpBasic("admin", "password")))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenOncePerRequestIsFalseThenFilterSecurityInterceptorExercisedForForwards() {
|
||||
this.spring.configLocations(xml("OncePerRequest")).autowire();
|
||||
|
||||
FilterSecurityInterceptor filterSecurityInterceptor = getFilter(FilterSecurityInterceptor.class);
|
||||
assertThat(filterSecurityInterceptor.isObserveOncePerRequest()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenCustomHttpBasicEntryPointRefThenInvokesOnCommence()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("CustomHttpBasicEntryPointRef")).autowire();
|
||||
|
||||
AuthenticationEntryPoint entryPoint = this.spring.getContext().getBean(AuthenticationEntryPoint.class);
|
||||
|
||||
this.mvc.perform(get("/protected"))
|
||||
.andExpect(status().isOk());
|
||||
|
||||
verify(entryPoint).commence(
|
||||
any(HttpServletRequest.class), any(HttpServletResponse.class), any(AuthenticationException.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenInterceptUrlWithRequiresChannelThenAddedChannelFilterToChain() {
|
||||
this.spring.configLocations(xml("InterceptUrlMethodRequiresHttpsAny")).autowire();
|
||||
assertThat(getFilter(ChannelProcessingFilter.class)).isNotNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenPortsMappedThenRedirectedAccordingly() throws Exception {
|
||||
this.spring.configLocations(xml("PortsMappedInterceptUrlMethodRequiresAny")).autowire();
|
||||
|
||||
this.mvc.perform(get("http://localhost:9080/protected"))
|
||||
.andExpect(redirectedUrl("https://localhost:9443/protected"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenCustomFiltersThenAddedToChainInCorrectOrder() {
|
||||
System.setProperty("customFilterRef", "userFilter");
|
||||
this.spring.configLocations(xml("CustomFilters")).autowire();
|
||||
|
||||
List<Filter> filters = getFilters("/");
|
||||
|
||||
Class<?> userFilterClass = this.spring.getContext().getBean("userFilter").getClass();
|
||||
|
||||
assertThat(filters)
|
||||
.extracting((Extractor<Filter, Class<?>>) filter -> filter.getClass())
|
||||
.containsSubsequence(
|
||||
userFilterClass, userFilterClass,
|
||||
SecurityContextPersistenceFilter.class, LogoutFilter.class,
|
||||
userFilterClass);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenTwoFiltersWithSameOrderThenException() {
|
||||
assertThatCode(() -> this.spring.configLocations(xml("CollidingFilters")).autowire())
|
||||
.isInstanceOf(BeanDefinitionParsingException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingX509ThenAddsX509FilterCorrectly() {
|
||||
this.spring.configLocations(xml("X509")).autowire();
|
||||
|
||||
assertThat(getFilters("/"))
|
||||
.extracting((Extractor<Filter, Class<?>>) filter -> filter.getClass())
|
||||
.containsSubsequence(
|
||||
CsrfFilter.class, X509AuthenticationFilter.class, ExceptionTranslationFilter.class);
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void getWhenUsingX509AndPropertyPlaceholderThenSubjectPrincipalRegexIsConfigured() throws Exception {
|
||||
System.setProperty("subject_principal_regex", "OU=(.*?)(?:,|$)");
|
||||
this.spring.configLocations(xml("X509")).autowire();
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem")))
|
||||
.andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingInvalidLogoutSuccessUrlThenThrowsException() {
|
||||
assertThatCode(() -> this.spring.configLocations(xml("InvalidLogoutSuccessUrl")).autowire())
|
||||
.isInstanceOf(BeanCreationException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void logoutWhenSpecifyingCookiesToDeleteThenSetCookieAdded() throws Exception {
|
||||
this.spring.configLocations(xml("DeleteCookies")).autowire();
|
||||
|
||||
MvcResult result =
|
||||
this.mvc.perform(post("/logout").with(csrf())).andReturn();
|
||||
|
||||
List<String> values = result.getResponse().getHeaders("Set-Cookie");
|
||||
assertThat(values.size()).isEqualTo(2);
|
||||
assertThat(values).extracting(value -> value.split("=")[0]).contains("JSESSIONID", "mycookie");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void logoutWhenSpecifyingSuccessHandlerRefThenResponseHandledAccordingly() throws Exception {
|
||||
this.spring.configLocations(xml("LogoutSuccessHandlerRef")).autowire();
|
||||
|
||||
this.mvc.perform(post("/logout").with(csrf()))
|
||||
.andExpect(redirectedUrl("/logoutSuccessEndpoint"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenUnauthenticatedThenUsesConfiguredRequestCache() throws Exception {
|
||||
this.spring.configLocations(xml("RequestCache")).autowire();
|
||||
|
||||
RequestCache requestCache = this.spring.getContext().getBean(RequestCache.class);
|
||||
|
||||
this.mvc.perform(get("/"));
|
||||
|
||||
verify(requestCache).saveRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenUnauthenticatedThenUsesConfiguredAuthenticationEntryPoint() throws Exception {
|
||||
this.spring.configLocations(xml("EntryPoint")).autowire();
|
||||
|
||||
AuthenticationEntryPoint entryPoint = this.spring.getContext().getBean(AuthenticationEntryPoint.class);
|
||||
|
||||
this.mvc.perform(get("/"));
|
||||
|
||||
verify(entryPoint).commence(
|
||||
any(HttpServletRequest.class),
|
||||
any(HttpServletResponse.class),
|
||||
any(AuthenticationException.class));
|
||||
}
|
||||
|
||||
/**
|
||||
* See SEC-750. If the http security post processor causes beans to be instantiated too eagerly, they way miss
|
||||
* additional processing. In this method we have a UserDetailsService which is referenced from the namespace
|
||||
* and also has a post processor registered which will modify it.
|
||||
*/
|
||||
@Test
|
||||
public void configureWhenUsingCustomUserDetailsServiceThenBeanPostProcessorsAreStillApplied() {
|
||||
this.spring.configLocations(xml("Sec750")).autowire();
|
||||
|
||||
BeanNameCollectingPostProcessor postProcessor =
|
||||
this.spring.getContext().getBean(BeanNameCollectingPostProcessor.class);
|
||||
|
||||
assertThat(postProcessor.getBeforeInitPostProcessedBeans())
|
||||
.contains("authenticationProvider", "userService");
|
||||
assertThat(postProcessor.getAfterInitPostProcessedBeans())
|
||||
.contains("authenticationProvider", "userService");
|
||||
|
||||
}
|
||||
|
||||
/* SEC-934 */
|
||||
@Test
|
||||
public void getWhenUsingTwoIdenticalInterceptUrlsThenTheSecondTakesPrecedence() throws Exception {
|
||||
this.spring.configLocations(xml("Sec934")).autowire();
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isOk());
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.with(httpBasic("admin", "password")))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenAuthenticatingThenConsultsCustomSecurityContextRepository() throws Exception {
|
||||
this.spring.configLocations(xml("SecurityContextRepository")).autowire();
|
||||
|
||||
SecurityContextRepository repository = this.spring.getContext().getBean(SecurityContextRepository.class);
|
||||
SecurityContext context = new SecurityContextImpl(new TestingAuthenticationToken("user", "password"));
|
||||
when(repository.loadContext(any(HttpRequestResponseHolder.class))).thenReturn(context);
|
||||
|
||||
MvcResult result =
|
||||
this.mvc.perform(get("/protected")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isOk())
|
||||
.andReturn();
|
||||
|
||||
assertThat(result.getRequest().getSession(false)).isNotNull();
|
||||
|
||||
verify(repository, atLeastOnce()).saveContext(
|
||||
any(SecurityContext.class),
|
||||
any(HttpServletRequest.class),
|
||||
any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenUsingInterceptUrlExpressionsThenAuthorizesAccordingly() throws Exception {
|
||||
this.spring.configLocations(xml("InterceptUrlExpressions")).autowire();
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.with(httpBasic("admin", "password")))
|
||||
.andExpect(status().isOk());
|
||||
|
||||
this.mvc.perform(get("/protected")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
this.mvc.perform(get("/unprotected")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isOk());
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenUsingCustomExpressionHandlerThenAuthorizesAccordingly() throws Exception {
|
||||
this.spring.configLocations(xml("ExpressionHandler")).autowire();
|
||||
|
||||
PermissionEvaluator permissionEvaluator = this.spring.getContext().getBean(PermissionEvaluator.class);
|
||||
when(permissionEvaluator.hasPermission(any(Authentication.class), any(Object.class), any(Object.class)))
|
||||
.thenReturn(false);
|
||||
|
||||
this.mvc.perform(get("/")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
verify(permissionEvaluator).hasPermission(any(Authentication.class), any(Object.class), any(Object.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenProtectingLoginPageThenWarningLogged() {
|
||||
ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
||||
redirectLogsTo(baos, DefaultFilterChainValidator.class);
|
||||
|
||||
this.spring.configLocations(xml("ProtectedLoginPage")).autowire();
|
||||
|
||||
assertThat(baos.toString()).contains("[WARN]");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingDisableUrlRewritingThenRedirectIsNotEncodedByResponse()
|
||||
throws IOException, ServletException {
|
||||
|
||||
this.spring.configLocations(xml("DisableUrlRewriting")).autowire();
|
||||
|
||||
MockHttpServletRequest request = new MockHttpServletRequest("GET", "/");
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
|
||||
|
||||
proxy.doFilter(
|
||||
request,
|
||||
new EncodeUrlDenyingHttpServletResponseWrapper(response),
|
||||
(req, resp) -> {});
|
||||
|
||||
assertThat(response.getStatus()).isEqualTo(HttpStatus.SC_MOVED_TEMPORARILY);
|
||||
assertThat(response.getRedirectedUrl()).isEqualTo("http://localhost/login");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUserDetailsServiceInParentContextThenLocatesSuccessfully() {
|
||||
assertThatCode(() -> this.spring.configLocations(this.xml("MissingUserDetailsService")).autowire())
|
||||
.isInstanceOf(BeansException.class);
|
||||
|
||||
try ( XmlWebApplicationContext parent = new XmlWebApplicationContext() ) {
|
||||
parent.setConfigLocations(this.xml("AutoConfig"));
|
||||
parent.refresh();
|
||||
|
||||
try ( XmlWebApplicationContext child = new XmlWebApplicationContext() ) {
|
||||
child.setParent(parent);
|
||||
child.setConfigLocation(this.xml("MissingUserDetailsService"));
|
||||
child.refresh();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWhenConfiguredWithNoInternalAuthenticationProvidersThenSuccessfullyAuthenticates()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("NoInternalAuthenticationProviders")).autowire();
|
||||
|
||||
this.mvc.perform(post("/login")
|
||||
.param("username", "user")
|
||||
.param("password", "password"))
|
||||
.andExpect(redirectedUrl("/"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWhenUsingDefaultsThenErasesCredentialsAfterAuthentication() throws Exception {
|
||||
this.spring.configLocations(xml("HttpBasic")).autowire();
|
||||
|
||||
this.mvc.perform(get("/password")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(content().string(""));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWhenAuthenticationManagerConfiguredToEraseCredentialsThenErasesCredentialsAfterAuthentication()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("AuthenticationManagerEraseCredentials")).autowire();
|
||||
|
||||
this.mvc.perform(get("/password")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(content().string(""));
|
||||
}
|
||||
|
||||
/**
|
||||
* SEC-2020
|
||||
*/
|
||||
@Test
|
||||
public void loginWhenAuthenticationManagerRefConfiguredToKeepCredentialsThenKeepsCredentialsAfterAuthentication()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("AuthenticationManagerRefKeepCredentials")).autowire();
|
||||
|
||||
this.mvc.perform(get("/password")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(content().string("password"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWhenAuthenticationManagerRefIsNotAProviderManagerThenKeepsCredentialsAccordingly()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("AuthenticationManagerRefNotProviderManager")).autowire();
|
||||
|
||||
this.mvc.perform(get("/password")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(content().string("password"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWhenJeeFilterThenExtractsRoles() throws Exception {
|
||||
this.spring.configLocations(xml("JeeFilter")).autowire();
|
||||
|
||||
Principal user = mock(Principal.class);
|
||||
when(user.getName()).thenReturn("joe");
|
||||
|
||||
this.mvc.perform(get("/roles")
|
||||
.principal(user)
|
||||
.with(request -> {
|
||||
request.addUserRole("admin");
|
||||
request.addUserRole("user");
|
||||
request.addUserRole("unmapped");
|
||||
return request;
|
||||
}))
|
||||
.andExpect(content().string("ROLE_admin,ROLE_user"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWhenUsingCustomAuthenticationDetailsSourceRefThenAuthenticationSourcesDetailsAccordingly()
|
||||
throws Exception {
|
||||
|
||||
this.spring.configLocations(xml("CustomAuthenticationDetailsSourceRef")).autowire();
|
||||
|
||||
Object details = mock(Object.class);
|
||||
AuthenticationDetailsSource source = this.spring.getContext().getBean(AuthenticationDetailsSource.class);
|
||||
when(source.buildDetails(any(Object.class))).thenReturn(details);
|
||||
|
||||
this.mvc.perform(get("/details")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(content().string(details.getClass().getName()));
|
||||
|
||||
this.mvc.perform(get("/details")
|
||||
.with(x509("classpath:org/springframework/security/config/http/MiscHttpConfigTests-certificate.pem")))
|
||||
.andExpect(content().string(details.getClass().getName()));
|
||||
|
||||
MockHttpSession session = (MockHttpSession)
|
||||
this.mvc.perform(post("/login")
|
||||
.param("username", "user")
|
||||
.param("password", "password")
|
||||
.with(csrf()))
|
||||
.andReturn().getRequest().getSession(false);
|
||||
|
||||
this.mvc.perform(get("/details")
|
||||
.session(session))
|
||||
.andExpect(content().string(details.getClass().getName()));
|
||||
|
||||
assertThat(getField(getFilter(OpenIDAuthenticationFilter.class), "authenticationDetailsSource"))
|
||||
.isEqualTo(source);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loginWhenUsingJaasApiProvisionThenJaasSubjectContainsUsername() throws Exception {
|
||||
this.spring.configLocations(xml("Jaas")).autowire();
|
||||
|
||||
AuthorityGranter granter = this.spring.getContext().getBean(AuthorityGranter.class);
|
||||
when(granter.grant(any(Principal.class))).thenReturn(new HashSet<>(Arrays.asList("USER")));
|
||||
|
||||
this.mvc.perform(get("/username")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(content().string("user"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenUsingCustomHttpFirewallThenFirewallIsInvoked() throws Exception {
|
||||
this.spring.configLocations(xml("HttpFirewall")).autowire();
|
||||
|
||||
FirewalledRequest request = new FirewalledRequest(new MockHttpServletRequest()) {
|
||||
@Override
|
||||
public void reset() { }
|
||||
};
|
||||
HttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
HttpFirewall firewall = this.spring.getContext().getBean(HttpFirewall.class);
|
||||
when(firewall.getFirewalledRequest(any(HttpServletRequest.class))).thenReturn(request);
|
||||
when(firewall.getFirewalledResponse(any(HttpServletResponse.class))).thenReturn(response);
|
||||
this.mvc.perform(get("/unprotected"));
|
||||
|
||||
verify(firewall).getFirewalledRequest(any(HttpServletRequest.class));
|
||||
verify(firewall).getFirewalledResponse(any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getWhenUsingCustomAccessDecisionManagerThenAuthorizesAccordingly() throws Exception {
|
||||
this.spring.configLocations(xml("CustomAccessDecisionManager")).autowire();
|
||||
|
||||
this.mvc.perform(get("/unprotected")
|
||||
.with(httpBasic("user", "password")))
|
||||
.andExpect(status().isForbidden());
|
||||
}
|
||||
|
||||
/**
|
||||
* SEC-1893
|
||||
*/
|
||||
@Test
|
||||
public void authenticateWhenUsingPortMapperThenRedirectsAppropriately() throws Exception {
|
||||
this.spring.configLocations(xml("PortsMappedRequiresHttps")).autowire();
|
||||
|
||||
MockHttpSession session = (MockHttpSession)
|
||||
this.mvc.perform(get("https://localhost:9080/protected"))
|
||||
.andExpect(redirectedUrl("https://localhost:9443/login"))
|
||||
.andReturn().getRequest().getSession(false);
|
||||
|
||||
session = (MockHttpSession)
|
||||
this.mvc.perform(post("/login")
|
||||
.param("username", "user")
|
||||
.param("password", "password")
|
||||
.session(session)
|
||||
.with(csrf()))
|
||||
.andExpect(redirectedUrl("https://localhost:9443/protected"))
|
||||
.andReturn().getRequest().getSession(false);
|
||||
|
||||
this.mvc.perform(get("http://localhost:9080/protected")
|
||||
.session(session))
|
||||
.andExpect(redirectedUrl("https://localhost:9443/protected"));
|
||||
}
|
||||
|
||||
@RestController
|
||||
static class BasicController {
|
||||
@RequestMapping("/unprotected")
|
||||
public String unprotected() {
|
||||
return "ok";
|
||||
}
|
||||
|
||||
@RequestMapping("/protected")
|
||||
public String protectedMethod(@AuthenticationPrincipal String name) {
|
||||
return name;
|
||||
}
|
||||
}
|
||||
|
||||
@RestController
|
||||
static class CustomKeyController {
|
||||
@GetMapping("/customKey")
|
||||
public String customKey() {
|
||||
Authentication authentication =
|
||||
SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if ( authentication != null &&
|
||||
authentication instanceof AnonymousAuthenticationToken ) {
|
||||
return String.valueOf(
|
||||
((AnonymousAuthenticationToken) authentication).getKeyHash());
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@RestController
|
||||
static class AuthenticationController {
|
||||
@GetMapping("/password")
|
||||
public String password(@AuthenticationPrincipal Authentication authentication) {
|
||||
return (String) authentication.getCredentials();
|
||||
}
|
||||
|
||||
@GetMapping("/roles")
|
||||
public String roles(@AuthenticationPrincipal Authentication authentication) {
|
||||
return authentication.getAuthorities().stream()
|
||||
.map(GrantedAuthority::getAuthority)
|
||||
.collect(Collectors.joining(","));
|
||||
}
|
||||
|
||||
@GetMapping("/details")
|
||||
public String details(@AuthenticationPrincipal Authentication authentication) {
|
||||
return authentication.getDetails().getClass().getName();
|
||||
}
|
||||
}
|
||||
|
||||
@RestController
|
||||
static class JaasController {
|
||||
@GetMapping("/username")
|
||||
public String username() {
|
||||
Subject subject = Subject.getSubject(AccessController.getContext());
|
||||
return subject.getPrincipals().iterator().next().getName();
|
||||
}
|
||||
}
|
||||
|
||||
public static class JaasLoginModule implements LoginModule {
|
||||
private Subject subject;
|
||||
|
||||
@Override
|
||||
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
|
||||
this.subject = subject;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean login() throws LoginException {
|
||||
return this.subject.getPrincipals().add(() -> "user");
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean commit() throws LoginException {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean abort() throws LoginException {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean logout() throws LoginException {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
static class MockAccessDecisionManager implements AccessDecisionManager {
|
||||
|
||||
@Override
|
||||
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
|
||||
throw new AccessDeniedException("teapot");
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports(ConfigAttribute attribute) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supports(Class<?> clazz) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
static class MockAuthenticationManager implements AuthenticationManager {
|
||||
public Authentication authenticate(Authentication authentication) {
|
||||
return new TestingAuthenticationToken(authentication.getPrincipal(),
|
||||
authentication.getCredentials(),
|
||||
AuthorityUtils.createAuthorityList("ROLE_USER"));
|
||||
}
|
||||
}
|
||||
|
||||
static class EncodeUrlDenyingHttpServletResponseWrapper
|
||||
extends HttpServletResponseWrapper {
|
||||
|
||||
public EncodeUrlDenyingHttpServletResponseWrapper(HttpServletResponse response) {
|
||||
super(response);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encodeURL(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL");
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encodeRedirectURL(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL");
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encodeUrl(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL");
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encodeRedirectUrl(String url) {
|
||||
throw new RuntimeException("Unexpected invocation of encodeURL");
|
||||
}
|
||||
}
|
||||
|
||||
private void redirectLogsTo(OutputStream os, Class<?> clazz) {
|
||||
Logger logger = (Logger) LoggerFactory.getLogger(clazz);
|
||||
Appender<ILoggingEvent> appender = mock(Appender.class);
|
||||
when(appender.isStarted()).thenReturn(true);
|
||||
doAnswer(writeTo(os)).when(appender).doAppend(any(ILoggingEvent.class));
|
||||
logger.addAppender(appender);
|
||||
}
|
||||
|
||||
private Answer<ILoggingEvent> writeTo(OutputStream os) {
|
||||
return invocation -> {
|
||||
os.write(invocation.getArgument(0).toString().getBytes());
|
||||
return null;
|
||||
};
|
||||
}
|
||||
|
||||
private void assertThatFiltersMatchExpectedAutoConfigList() {
|
||||
assertThatFiltersMatchExpectedAutoConfigList("/");
|
||||
}
|
||||
|
||||
private void assertThatFiltersMatchExpectedAutoConfigList(String url) {
|
||||
Iterator<Filter> filters = getFilters(url).iterator();
|
||||
|
||||
assertThat(filters.next()).isInstanceOf(SecurityContextPersistenceFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(WebAsyncManagerIntegrationFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(HeaderWriterFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(CsrfFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(LogoutFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(UsernamePasswordAuthenticationFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(DefaultLoginPageGeneratingFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(DefaultLogoutPageGeneratingFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(BasicAuthenticationFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(RequestCacheAwareFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(SecurityContextHolderAwareRequestFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(AnonymousAuthenticationFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(SessionManagementFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(ExceptionTranslationFilter.class);
|
||||
assertThat(filters.next()).isInstanceOf(FilterSecurityInterceptor.class)
|
||||
.hasFieldOrPropertyWithValue("observeOncePerRequest", true);
|
||||
}
|
||||
|
||||
private <T extends Filter> T getFilter(Class<T> filterClass) {
|
||||
return (T) getFilters("/").stream().filter(filterClass::isInstance).findFirst().orElse(null);
|
||||
}
|
||||
|
||||
private List<Filter> getFilters(String url) {
|
||||
FilterChainProxy proxy = this.spring.getContext().getBean(FilterChainProxy.class);
|
||||
return proxy.getFilters(url);
|
||||
}
|
||||
|
||||
private static String xml(String configName) {
|
||||
return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<anonymous username="josh" granted-authority="ROLE_ANON" key="myCustomKey"/>
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/protected" access="hasRole('ANON')"/>
|
||||
<intercept-url pattern="/customKey" access="anonymous"/>
|
||||
</http>
|
||||
|
||||
<b:bean class="org.springframework.security.config.http.MiscHttpConfigTests.CustomKeyController"/>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<anonymous enabled="false"/>
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/unprotected" access="anonymous"/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/unprotected" access="anonymous"/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<anonymous username="josh" granted-authority="ROLE_ANON,ROLE_KEY" key="myCustomKey"/>
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/protected" access="hasRole('ANON')"/>
|
||||
<intercept-url pattern="/customKey" access="hasRole('KEY')"/>
|
||||
</http>
|
||||
|
||||
<b:bean class="org.springframework.security.config.http.MiscHttpConfigTests.CustomKeyController"/>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
|
||||
<authentication-manager erase-credentials="true">
|
||||
<authentication-provider>
|
||||
<user-service id="us">
|
||||
<user name="user" password="{noop}password" authorities="ROLE_USER"/>
|
||||
<user name="admin" password="{noop}password" authorities="ROLE_ADMIN"/>
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
</authentication-manager>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http authentication-manager-ref="authMgr">
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
|
||||
<authentication-manager id="authMgr" erase-credentials="false">
|
||||
<authentication-provider>
|
||||
<user-service id="us">
|
||||
<user name="user" password="{noop}password" authorities="ROLE_USER"/>
|
||||
<user name="admin" password="{noop}password" authorities="ROLE_ADMIN"/>
|
||||
</user-service>
|
||||
</authentication-provider>
|
||||
</authentication-manager>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http authentication-manager-ref="authMgr">
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<b:bean id="authMgr" class="org.springframework.security.config.http.MiscHttpConfigTests.MockAuthenticationManager"/>
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true"/>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<debug/>
|
||||
|
||||
<http pattern="\A\/[a-z]{10,}" security="none" request-matcher="ciRegex"/>
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<custom-filter ref="userFilter" position="LOGOUT_FILTER"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="userFilter" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="javax.servlet.Filter"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http access-decision-manager-ref="accessDecisionManager">
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/**" access="permitAll"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="accessDecisionManager"
|
||||
class="org.springframework.security.config.http.MiscHttpConfigTests.MockAccessDecisionManager"/>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<http-basic authentication-details-source-ref="authenticationDetailsSource"/>
|
||||
<form-login authentication-details-source-ref="authenticationDetailsSource"/>
|
||||
<x509 subject-principal-regex="OU=(.*?)(?:,|$)" authentication-details-source-ref="authenticationDetailsSource"/>
|
||||
<openid-login authentication-details-source-ref="authenticationDetailsSource"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="authenticationDetailsSource" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.authentication.AuthenticationDetailsSource"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<custom-filter ref="${customFilterRef}" position="FIRST"/>
|
||||
<custom-filter ref="userFilter" before="SECURITY_CONTEXT_FILTER"/>
|
||||
<custom-filter ref="userFilter" after="LOGOUT_FILTER"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
|
||||
|
||||
<b:bean name="userFilter" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="javax.servlet.Filter"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<http-basic entry-point-ref="entryPoint"/>
|
||||
<intercept-url pattern="/protected" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="entryPoint" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.AuthenticationEntryPoint"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<debug/>
|
||||
|
||||
<http request-matcher-ref="matcher" security="none"/>
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<b:bean name="matcher" class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
|
||||
<b:constructor-arg value="/unprotected"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<logout delete-cookies="JSESSIONID, mycookie"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true" disable-url-rewriting="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http entry-point-ref="entryPoint">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="entryPoint" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.AuthenticationEntryPoint"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="hasPermission('AnyObject','R')"/>
|
||||
<expression-handler ref="expressionHandler"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="expressionHandler"
|
||||
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler">
|
||||
<b:property name="permissionEvaluator" ref="permissionEvaluator"/>
|
||||
</b:bean>
|
||||
|
||||
<b:bean name="permissionEvaluator" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.access.PermissionEvaluator"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http-firewall ref="firewall"/>
|
||||
|
||||
<http>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<b:bean name="firewall" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.firewall.HttpFirewall"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/protected" access="hasAnyRole('ROLE_ADMIN', 'ROLE_UNOBTAINIUM')"/>
|
||||
<intercept-url pattern="/**" access="permitAll"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http use-expressions="false">
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/protected*" method="POST" access="ROLE_POST,ROLE_ADMIN"/>
|
||||
<intercept-url pattern="/protected*" method="DELETE" access="ROLE_ADMIN"/>
|
||||
<intercept-url pattern="/**" access="ROLE_USER,ROLE_POST,ROLE_ADMIN"/>
|
||||
<csrf disabled="true"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
|
||||
<user-service>
|
||||
<user name="user" password="{noop}password" authorities="ROLE_USER"/>
|
||||
<user name="admin" password="{noop}password" authorities="ROLE_ADMIN"/>
|
||||
<user name="poster" password="{noop}password" authorities="ROLE_POST"/>
|
||||
</user-service>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/protected" method="GET" access="hasRole('ADMIN')" requires-channel="https"/>
|
||||
<intercept-url pattern="/protected" access="permitAll"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/**" method="GET" access="hasRole('ADMIN')" requires-channel="https"/>
|
||||
<intercept-url pattern="/**" access="permitAll"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<logout logout-success-url="noLeadingSlash"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true" jaas-api-provision="true">
|
||||
</http>
|
||||
|
||||
<b:bean class="org.springframework.security.config.http.MiscHttpConfigTests.JaasController"/>
|
||||
|
||||
<b:bean id="jaasAuthenticationProvider"
|
||||
class="org.springframework.security.authentication.jaas.JaasAuthenticationProvider">
|
||||
<b:property name="loginConfig" value="classpath:org/springframework/security/config/http/jaas-login.conf"/>
|
||||
<b:property name="loginContextName" value="JAASTest"/>
|
||||
<b:property name="callbackHandlers">
|
||||
<b:list>
|
||||
<b:bean class="org.springframework.security.authentication.jaas.JaasNameCallbackHandler"/>
|
||||
<b:bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler"/>
|
||||
</b:list>
|
||||
</b:property>
|
||||
<b:property name="authorityGranters">
|
||||
<b:list>
|
||||
<b:ref bean="jaasAuthorityGranter"/>
|
||||
</b:list>
|
||||
</b:property>
|
||||
</b:bean>
|
||||
|
||||
<b:bean name="jaasAuthorityGranter" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.authentication.jaas.AuthorityGranter"/>
|
||||
</b:bean>
|
||||
|
||||
<authentication-manager id="authenticationManager">
|
||||
<authentication-provider ref="jaasAuthenticationProvider"/>
|
||||
</authentication-manager>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<jee mappable-roles="admin,user"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<logout success-handler-ref="logoutSuccessEndpoint"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="logoutSuccessEndpoint" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
|
||||
<b:property name="defaultTargetUrl" value="/logoutSuccessEndpoint"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<form-login/>
|
||||
<csrf disabled="true"/>
|
||||
<anonymous enabled="false"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<form-login/>
|
||||
<csrf disabled="true"/>
|
||||
<anonymous enabled="false"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<debug/>
|
||||
|
||||
<http pattern="/unprotected" security="none"/>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http once-per-request="false">
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/protected" access="authenticated"/>
|
||||
<intercept-url pattern="/unprotected-forwards-to-protected" access="permitAll"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<http-basic/>
|
||||
<port-mappings>
|
||||
<port-mapping http="9080" https="9443"/>
|
||||
</port-mappings>
|
||||
<intercept-url pattern="/**" method="GET" access="permitAll" requires-channel="https"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<port-mappings>
|
||||
<port-mapping http="9080" https="9443"/>
|
||||
</port-mappings>
|
||||
<intercept-url pattern="/**" method="GET" access="authenticated" requires-channel="https"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<form-login login-page="/login"/>
|
||||
<intercept-url pattern="/login*" access="hasRole('ROLE_A')"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<debug/>
|
||||
|
||||
<http pattern="\A\/[a-z]{10,}" security="none" request-matcher="regex"/>
|
||||
<http>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<http-basic/>
|
||||
</http>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true">
|
||||
<request-cache ref="requestCache"/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="requestCache" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.savedrequest.RequestCache"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http auto-config="true"/>
|
||||
|
||||
<authentication-manager>
|
||||
<authentication-provider user-service-ref="userService"/>
|
||||
<authentication-provider ref="authenticationProvider"/>
|
||||
</authentication-manager>
|
||||
|
||||
<b:bean name="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
|
||||
<b:property name="userDetailsService" ref="userService"/>
|
||||
</b:bean>
|
||||
|
||||
<b:bean name="userService" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.core.userdetails.UserDetailsService"/>
|
||||
</b:bean>
|
||||
|
||||
<b:bean name="beanNameCollectingPostProcessor" class="org.springframework.security.BeanNameCollectingPostProcessor"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/protected" access="hasRole('ROLE_ADMIN')"/>
|
||||
<intercept-url pattern="/protected" access="hasRole('ROLE_USER')"/>
|
||||
</http>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http create-session="always" security-context-repository-ref="repo">
|
||||
<http-basic/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="repo" class="org.mockito.Mockito" factory-method="mock">
|
||||
<b:constructor-arg value="org.springframework.security.web.context.SecurityContextRepository"/>
|
||||
</b:bean>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<http>
|
||||
<x509 subject-principal-regex="${subject_principal_regex:(.*)}"/>
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
</http>
|
||||
|
||||
<b:bean name="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
|
||||
|
||||
<b:import resource="MiscHttpConfigTests-controllers.xml"/>
|
||||
<b:import resource="userservice.xml"/>
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDfTCCAmWgAwIBAgIJAISE1BLq+ZUNMA0GCSqGSIb3DQEBCwUAMFUxCzAJBgNV
|
||||
BAYTAlVTMQ0wCwYDVQQIDARVdGFoMRcwFQYDVQQHDA5TYWx0IExha2UgQ2l0eTEP
|
||||
MA0GA1UECgwGU3ByaW5nMQ0wCwYDVQQLDAR1c2VyMB4XDTE4MTAwNjAwMjMyMVoX
|
||||
DTQ2MDIyMTAwMjMyMVowVTELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxFzAV
|
||||
BgNVBAcMDlNhbHQgTGFrZSBDaXR5MQ8wDQYDVQQKDAZTcHJpbmcxDTALBgNVBAsM
|
||||
BHVzZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1pXMFNiDXHWkl
|
||||
59GMRBW7RsOyqpMzU5PqgLc8josbty4wjvxlM9td00+s94fS/S9a6m/thJi8E4pb
|
||||
MwQgckHhaUyiAYW1N3nv3Tj/3+/vhXGKoclTt2NNgTj8eFNx0x20+q0H8nyx0tJu
|
||||
7I5rFLWXf3uaOg3DPWGxxLWwN8GNDKMeusjx7/mMpoYnxYRWhcekUHxrLY4gsE6E
|
||||
rxJqa0DjmPAeaVMqBsXKBb0JKbyVI4P9t+tIGoNX0hWtudr/R14b+rnAugkfBOUH
|
||||
3GgKXS5RjtwIJsRy7RhzoZBISuNQuZsS2N3kJp6lkmveN+trr6HX0COZA5JNs8FH
|
||||
26+NVjYpAgMBAAGjUDBOMB0GA1UdDgQWBBSV8HXGF2favXivbmNoqPNDvMiwEDAf
|
||||
BgNVHSMEGDAWgBSV8HXGF2favXivbmNoqPNDvMiwEDAMBgNVHRMEBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQCMq2XZR2q7IcKyt6lRD+OabprBQapiwmVokovf9s23
|
||||
lVD2twEpSW27AIa3V2SpZau1lqy7Rk/KepBKfaXa2FJcxhqLtyaPwDxzYichrl4e
|
||||
0zbrpE7sHnTxPtAaefpWZog6Q+HQ4KrJcBsCKwAaol+COzrLebWa9oIn6o1MYmRj
|
||||
cNWM+uClUDmjoIRuwPCnEWHadxUcoKxnKiAmisOuer49DsN4dsskaT3Bc1MXrtqf
|
||||
5+ZzdHjFKAtLMBPikdj6zG4B6r/1Ytdm/dQv56WWbs2L0iz0BRA5ul8bx94ZZeYb
|
||||
oT/9kQxvDGRTykKR5MrQDZXW9Hsg/pQnp0f2aNNhMCw9
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:mvc="http://www.springframework.org/schema/mvc"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
|
||||
|
||||
<mvc:annotation-driven>
|
||||
<mvc:argument-resolvers>
|
||||
<b:bean class="org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver"/>
|
||||
</mvc:argument-resolvers>
|
||||
</mvc:annotation-driven>
|
||||
|
||||
<b:bean class="org.springframework.security.config.http.MiscHttpConfigTests.BasicController"/>
|
||||
<b:bean class="org.springframework.security.config.http.MiscHttpConfigTests.AuthenticationController"/>
|
||||
|
||||
</b:beans>
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
JAASTest {
|
||||
org.springframework.security.config.http.MiscHttpConfigTests$JaasLoginModule required;
|
||||
};
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC1pXMFNiDXHWkl
|
||||
59GMRBW7RsOyqpMzU5PqgLc8josbty4wjvxlM9td00+s94fS/S9a6m/thJi8E4pb
|
||||
MwQgckHhaUyiAYW1N3nv3Tj/3+/vhXGKoclTt2NNgTj8eFNx0x20+q0H8nyx0tJu
|
||||
7I5rFLWXf3uaOg3DPWGxxLWwN8GNDKMeusjx7/mMpoYnxYRWhcekUHxrLY4gsE6E
|
||||
rxJqa0DjmPAeaVMqBsXKBb0JKbyVI4P9t+tIGoNX0hWtudr/R14b+rnAugkfBOUH
|
||||
3GgKXS5RjtwIJsRy7RhzoZBISuNQuZsS2N3kJp6lkmveN+trr6HX0COZA5JNs8FH
|
||||
26+NVjYpAgMBAAECggEAdj9RRBg7gq3jsEhb0krUNsjXRqziDGyhAuxt3F8S0aUK
|
||||
zZOXXK5IZKjV2kx9P+2P8UhiOqWx4+V4kOwCCLk4h+vLdj81coW9vFcv7uoxwKQH
|
||||
CO9PJ09ftqmjlj8iWxvK3/C7yUuivwP19z3JbI3btNbJeNnH8cw4l8ftWtzBA/cW
|
||||
3F87sjM3J59KFMjaNwDmgpCx6xVfk1E+R1e2tcgbjGdy5h14BUkS5kMHSgk13bj4
|
||||
1Pg9QZBeV7L3oui/PPz/wt7MDY7qerI8+gJ1vR3wqbX30F+o+K1rJ4ZEYM3OaxnF
|
||||
cpdvfUGNXApZD3mdSZenDahtGhlVcLUID9IHaKjGTQKBgQDuiwlKLxPBWDpFzXU5
|
||||
WaLRInyULq0E9jj4CcMX509vl6fbRf8vsULDzg9nD3bjWF8dakJBl811iSvHsOQv
|
||||
7SaIS6aTW4cyhEpSGqWyJrv6C5EnWxrgbtED85OVcFi2HIoPpQgke+ORNur4ceZp
|
||||
33BXI2wqYF2FM/4n4MakLnu8JwKBgQDC8HwYnifV/syxhaZXHyq1P61F4C6yYqHP
|
||||
19PsE/NAiYHMz9HVKRWQznX1HuSQPdMCNKtGrmzSO9PAIt0VgOiKNUQa5Wx9s/4f
|
||||
qs8z/6FKHgw96u7T/6erzCyz/TCqJCIZpqiurJh1yibXWcv3S3KxwXHcMxuIM2UO
|
||||
QfHItOfdLwKBgHPIZI/vXcVgz5gF67oUeeTMum8qYKyh3nD2PA2kJnhhwgW6aex6
|
||||
O4/SusMpTGl5AWHDq7kut3kvRWK9x2RD1YoePhIUQQESGQjVCkv4ZREvABt8KwV4
|
||||
hFdIqP/F8ikinRiO3+7le0WGxHImxtHotBx3gw7miz4WSGyOu5wBO+nNAoGAdA8N
|
||||
MvLmMKe0YnR5piDuIl644IMqChZi1AVhLIpsJp43YyLPgKMnLcFdxQQRfDbyq7uD
|
||||
xV8PdtMbrKaVDbpjt/UiiQjSYLyKrXvaRNEKy7+79hkq+5iX0NaMPtSc5o8Apljs
|
||||
0KH9WxNxsIDLyH1o2Z+cFEdxOtOudKCaPK5H5Q0CgYBsCK4rCO3pXU+bWiwn401E
|
||||
i5SaYHGH33eBYgle+CAyzj0dNKogow+5Yfo6AkiXyng/PKY95DRXsSH3z6hGzU65
|
||||
NjbuNK2YdfCem2sdY3PRLJdIu7JK6fW3q3nQLZ6G4QUXH+9mmRDsrh9fNCNfOStl
|
||||
V6tGbgS0ay+H6oMRfUQfNw==
|
||||
-----END PRIVATE KEY-----
|
||||
Loading…
Reference in New Issue