A configuration might look like this:
+ * + *
+ * <bean id="daep" class="org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint">
+ * <constructor-arg>
+ * <map>
+ * <entry key="hasIpAddress('192.168.1.0/24') and hasHeader('User-Agent','Mozilla')" value-ref="firstAEP" />
+ * <entry key="hasHeader('User-Agent','MSIE')" value-ref="secondAEP" />
+ * </map>
+ * </constructor-arg>
+ * <property name="defaultEntryPoint" ref="defaultAEP"/>
+ * </bean>
+ *
+ *
+ * This example uses the {@link RequestMatcherEditor} which creates {@link ELRequestMatcher} instances for the map keys.
+ *
+ *
* @author Mike Wiesner
* @since 3.0.2
* @version $Id:$
diff --git a/web/src/main/java/org/springframework/security/web/util/ELRequestMatcher.java b/web/src/main/java/org/springframework/security/web/util/ELRequestMatcher.java
index 06314acbf5..4ab9b61758 100644
--- a/web/src/main/java/org/springframework/security/web/util/ELRequestMatcher.java
+++ b/web/src/main/java/org/springframework/security/web/util/ELRequestMatcher.java
@@ -23,8 +23,17 @@ import org.springframework.expression.Expression;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.security.access.expression.ExpressionUtils;
+import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint;
/**
+ * A RequestMatcher implementation which uses a SpEL expression
+ *
+ * With the default EvalutationContext ({@link ELRequestMatcherContext}) you can use
+ * hasIpAdress() and hasHeader()
See {@link DelegatingAuthenticationEntryPoint} for a example configuration.
+ * + * * @author Mike Wiesner * @since 3.0.2 * @version $Id:$ diff --git a/web/src/main/java/org/springframework/security/web/util/ELRequestMatcherContext.java b/web/src/main/java/org/springframework/security/web/util/ELRequestMatcherContext.java index f51329ebf9..8c2e6fa8ff 100644 --- a/web/src/main/java/org/springframework/security/web/util/ELRequestMatcherContext.java +++ b/web/src/main/java/org/springframework/security/web/util/ELRequestMatcherContext.java @@ -16,8 +16,6 @@ package org.springframework.security.web.util; -import java.util.List; - import javax.servlet.http.HttpServletRequest; import org.springframework.util.StringUtils; diff --git a/web/src/main/java/org/springframework/security/web/util/RequestMatcherEditor.java b/web/src/main/java/org/springframework/security/web/util/RequestMatcherEditor.java new file mode 100644 index 0000000000..dbd6b76cf8 --- /dev/null +++ b/web/src/main/java/org/springframework/security/web/util/RequestMatcherEditor.java @@ -0,0 +1,39 @@ +/* + * Copyright 2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.web.util; + +import java.beans.PropertyEditorSupport; + +import org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint; + +/** + * PropertyEditor which creates ELRequestMatcher instances from Strings + * + * This allows to use a String in a BeanDefinition instead of an (inner) bean + * if a RequestMatcher is required, e.g. in {@link DelegatingAuthenticationEntryPoint} + * + * @author Mike Wiesner + * @since 3.0.2 + */ +public class RequestMatcherEditor extends PropertyEditorSupport { + + @Override + public void setAsText(String text) throws IllegalArgumentException { + setValue(new ELRequestMatcher(text)); + } + +} diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatinAuthenticationEntryPointContextTest.java b/web/src/test/java/org/springframework/security/web/authentication/DelegatinAuthenticationEntryPointContextTest.java new file mode 100644 index 0000000000..4d7cd7f144 --- /dev/null +++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatinAuthenticationEntryPointContextTest.java @@ -0,0 +1,62 @@ +package org.springframework.security.web.authentication; + +import static org.junit.Assert.*; +import static org.mockito.Mockito.*; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = "classpath:org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTest-context.xml") +public class DelegatinAuthenticationEntryPointContextTest { + + @Autowired + private DelegatingAuthenticationEntryPoint daep; + + @Autowired + @Qualifier("firstAEP") + private AuthenticationEntryPoint firstAEP; + + @Autowired + @Qualifier("defaultAEP") + private AuthenticationEntryPoint defaultAEP; + + @Test + @DirtiesContext + public void testFirstAEP() throws Exception { + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setRemoteAddr("192.168.1.10"); + request.addHeader("User-Agent", "Mozilla/5.0"); + daep.commence(request, null, null); + verify(firstAEP).commence(request, null, null); + verify(defaultAEP, never()).commence(any(HttpServletRequest.class), + any(HttpServletResponse.class), + any(AuthenticationException.class)); + + } + + @Test + @DirtiesContext + public void testDefaultAEP() throws Exception { + MockHttpServletRequest request = new MockHttpServletRequest(); + request.setRemoteAddr("192.168.1.10"); + daep.commence(request, null, null); + verify(defaultAEP).commence(request, null, null); + verify(firstAEP, never()).commence(any(HttpServletRequest.class), + any(HttpServletResponse.class), + any(AuthenticationException.class)); + + } + +} diff --git a/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTest-context.xml b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTest-context.xml new file mode 100644 index 0000000000..5c52ebd913 --- /dev/null +++ b/web/src/test/java/org/springframework/security/web/authentication/DelegatingAuthenticationEntryPointTest-context.xml @@ -0,0 +1,25 @@ + +