Marcus Da Coregio
parent
401058d5ff
commit
8efdc5c926
|
|
@ -63,22 +63,13 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
|
||||||
|
|
||||||
private final Supplier<RoleHierarchy> roleHierarchy;
|
private final Supplier<RoleHierarchy> roleHierarchy;
|
||||||
|
|
||||||
private final String rolePrefix;
|
private String rolePrefix = "ROLE_";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates an instance.
|
* Creates an instance.
|
||||||
* @param context the {@link ApplicationContext} to use
|
* @param context the {@link ApplicationContext} to use
|
||||||
*/
|
*/
|
||||||
public AuthorizeHttpRequestsConfigurer(ApplicationContext context) {
|
public AuthorizeHttpRequestsConfigurer(ApplicationContext context) {
|
||||||
String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
|
|
||||||
if (grantedAuthorityDefaultsBeanNames.length == 1) {
|
|
||||||
GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(grantedAuthorityDefaultsBeanNames[0],
|
|
||||||
GrantedAuthorityDefaults.class);
|
|
||||||
this.rolePrefix = grantedAuthorityDefaults.getRolePrefix();
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
this.rolePrefix = "ROLE_";
|
|
||||||
}
|
|
||||||
this.registry = new AuthorizationManagerRequestMatcherRegistry(context);
|
this.registry = new AuthorizationManagerRequestMatcherRegistry(context);
|
||||||
if (context.getBeanNamesForType(AuthorizationEventPublisher.class).length > 0) {
|
if (context.getBeanNamesForType(AuthorizationEventPublisher.class).length > 0) {
|
||||||
this.publisher = context.getBean(AuthorizationEventPublisher.class);
|
this.publisher = context.getBean(AuthorizationEventPublisher.class);
|
||||||
|
|
@ -88,6 +79,11 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
|
||||||
}
|
}
|
||||||
this.roleHierarchy = SingletonSupplier.of(() -> (context.getBeanNamesForType(RoleHierarchy.class).length > 0)
|
this.roleHierarchy = SingletonSupplier.of(() -> (context.getBeanNamesForType(RoleHierarchy.class).length > 0)
|
||||||
? context.getBean(RoleHierarchy.class) : new NullRoleHierarchy());
|
? context.getBean(RoleHierarchy.class) : new NullRoleHierarchy());
|
||||||
|
String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
|
||||||
|
if (grantedAuthorityDefaultsBeanNames.length > 0) {
|
||||||
|
GrantedAuthorityDefaults grantedAuthorityDefaults = context.getBean(GrantedAuthorityDefaults.class);
|
||||||
|
this.rolePrefix = grantedAuthorityDefaults.getRolePrefix();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -292,7 +288,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
|
||||||
*/
|
*/
|
||||||
public AuthorizationManagerRequestMatcherRegistry hasRole(String role) {
|
public AuthorizationManagerRequestMatcherRegistry hasRole(String role) {
|
||||||
return access(withRoleHierarchy(AuthorityAuthorizationManager
|
return access(withRoleHierarchy(AuthorityAuthorizationManager
|
||||||
.hasAuthority(AuthorizeHttpRequestsConfigurer.this.rolePrefix + role)));
|
.hasAnyRole(AuthorizeHttpRequestsConfigurer.this.rolePrefix, new String[] { role })));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -304,7 +300,8 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
|
||||||
* customizations
|
* customizations
|
||||||
*/
|
*/
|
||||||
public AuthorizationManagerRequestMatcherRegistry hasAnyRole(String... roles) {
|
public AuthorizationManagerRequestMatcherRegistry hasAnyRole(String... roles) {
|
||||||
return access(withRoleHierarchy(AuthorityAuthorizationManager.hasAnyRole(roles)));
|
return access(withRoleHierarchy(
|
||||||
|
AuthorityAuthorizationManager.hasAnyRole(AuthorizeHttpRequestsConfigurer.this.rolePrefix, roles)));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -477,8 +477,19 @@ public class AuthorizeHttpRequestsConfigurerTests {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getWhenRoleUserConfiguredAsGrantedAuthorityDefaultThenRespondsWithOk() throws Exception {
|
public void getWhenCustomRolePrefixAndRoleHasDifferentPrefixThenRespondsWithForbidden() throws Exception {
|
||||||
this.spring.register(GrantedAuthorityDefaultConfig.class, BasicController.class).autowire();
|
this.spring.register(GrantedAuthorityDefaultHasRoleConfig.class, BasicController.class).autowire();
|
||||||
|
// @formatter:off
|
||||||
|
MockHttpServletRequestBuilder requestWithUser = get("/")
|
||||||
|
.with(user("user")
|
||||||
|
.authorities(new SimpleGrantedAuthority("ROLE_USER")));
|
||||||
|
// @formatter:on
|
||||||
|
this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getWhenCustomRolePrefixAndHasRoleThenRespondsWithOk() throws Exception {
|
||||||
|
this.spring.register(GrantedAuthorityDefaultHasRoleConfig.class, BasicController.class).autowire();
|
||||||
// @formatter:off
|
// @formatter:off
|
||||||
MockHttpServletRequestBuilder requestWithUser = get("/")
|
MockHttpServletRequestBuilder requestWithUser = get("/")
|
||||||
.with(user("user")
|
.with(user("user")
|
||||||
|
|
@ -487,6 +498,21 @@ public class AuthorizeHttpRequestsConfigurerTests {
|
||||||
this.mvc.perform(requestWithUser).andExpect(status().isOk());
|
this.mvc.perform(requestWithUser).andExpect(status().isOk());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getWhenCustomRolePrefixAndHasAnyRoleThenRespondsWithOk() throws Exception {
|
||||||
|
this.spring.register(GrantedAuthorityDefaultHasAnyRoleConfig.class, BasicController.class).autowire();
|
||||||
|
// @formatter:off
|
||||||
|
MockHttpServletRequestBuilder requestWithUser = get("/")
|
||||||
|
.with(user("user")
|
||||||
|
.authorities(new SimpleGrantedAuthority("CUSTOM_PREFIX_USER")));
|
||||||
|
MockHttpServletRequestBuilder requestWithAdmin = get("/")
|
||||||
|
.with(user("user")
|
||||||
|
.authorities(new SimpleGrantedAuthority("CUSTOM_PREFIX_ADMIN")));
|
||||||
|
// @formatter:on
|
||||||
|
this.mvc.perform(requestWithUser).andExpect(status().isOk());
|
||||||
|
this.mvc.perform(requestWithAdmin).andExpect(status().isOk());
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void getWhenExpressionHasIpAddressLocalhostConfiguredIpAddressIsLocalhostThenRespondsWithOk()
|
public void getWhenExpressionHasIpAddressLocalhostConfiguredIpAddressIsLocalhostThenRespondsWithOk()
|
||||||
throws Exception {
|
throws Exception {
|
||||||
|
|
@ -571,7 +597,7 @@ public class AuthorizeHttpRequestsConfigurerTests {
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
static class GrantedAuthorityDefaultConfig {
|
static class GrantedAuthorityDefaultHasRoleConfig {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
GrantedAuthorityDefaults grantedAuthorityDefaults() {
|
GrantedAuthorityDefaults grantedAuthorityDefaults() {
|
||||||
|
|
@ -585,6 +611,22 @@ public class AuthorizeHttpRequestsConfigurerTests {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Configuration
|
||||||
|
@EnableWebSecurity
|
||||||
|
static class GrantedAuthorityDefaultHasAnyRoleConfig {
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
GrantedAuthorityDefaults grantedAuthorityDefaults() {
|
||||||
|
return new GrantedAuthorityDefaults("CUSTOM_PREFIX_");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
SecurityFilterChain myFilterChain(HttpSecurity http) throws Exception {
|
||||||
|
return http.authorizeHttpRequests((c) -> c.anyRequest().hasAnyRole("USER", "ADMIN")).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
@EnableWebSecurity
|
@EnableWebSecurity
|
||||||
static class NoRequestsConfig {
|
static class NoRequestsConfig {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue