Marcus Da Coregio
commit
92c82191c9
|
|
@ -49,7 +49,7 @@ import org.springframework.util.Assert;
|
|||
public class AclAuthorizationStrategyImpl implements AclAuthorizationStrategy {
|
||||
|
||||
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||
.getContextHolderStrategy();
|
||||
.getContextHolderStrategy();
|
||||
|
||||
private final GrantedAuthority gaGeneralChanges;
|
||||
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ public class SidRetrievalStrategyImpl implements SidRetrievalStrategy {
|
|||
@Override
|
||||
public List<Sid> getSids(Authentication authentication) {
|
||||
Collection<? extends GrantedAuthority> authorities = this.roleHierarchy
|
||||
.getReachableGrantedAuthorities(authentication.getAuthorities());
|
||||
.getReachableGrantedAuthorities(authentication.getAuthorities());
|
||||
List<Sid> sids = new ArrayList<>(authorities.size() + 1);
|
||||
sids.add(new PrincipalSid(authentication));
|
||||
for (GrantedAuthority authority : authorities) {
|
||||
|
|
|
|||
|
|
@ -579,7 +579,7 @@ public class BasicLookupStrategy implements LookupStrategy {
|
|||
Serializable identifier = (Serializable) rs.getObject("object_id_identity");
|
||||
identifier = BasicLookupStrategy.this.aclClassIdUtils.identifierFrom(identifier, rs);
|
||||
ObjectIdentity objectIdentity = BasicLookupStrategy.this.objectIdentityGenerator
|
||||
.createObjectIdentity(identifier, rs.getString("class"));
|
||||
.createObjectIdentity(identifier, rs.getString("class"));
|
||||
|
||||
Acl parentAcl = null;
|
||||
long parentAclId = rs.getLong("parent_object");
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ public class JdbcMutableAclService extends JdbcAclService implements MutableAclS
|
|||
private static final String DEFAULT_INSERT_INTO_ACL_CLASS_WITH_ID = "insert into acl_class (class, class_id_type) values (?, ?)";
|
||||
|
||||
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||
.getContextHolderStrategy();
|
||||
.getContextHolderStrategy();
|
||||
|
||||
private boolean foreignKeysInDatabase = true;
|
||||
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ public class AclFormattingUtilsTests {
|
|||
assertThatIllegalArgumentException().isThrownBy(() -> AclFormattingUtils.demergePatterns(null, "SOME STRING"));
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> AclFormattingUtils.demergePatterns("SOME STRING", null));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> AclFormattingUtils.demergePatterns("SOME STRING", "LONGER SOME STRING"));
|
||||
.isThrownBy(() -> AclFormattingUtils.demergePatterns("SOME STRING", "LONGER SOME STRING"));
|
||||
assertThatNoException().isThrownBy(() -> AclFormattingUtils.demergePatterns("SOME STRING", "SAME LENGTH"));
|
||||
}
|
||||
|
||||
|
|
@ -46,7 +46,7 @@ public class AclFormattingUtilsTests {
|
|||
String original = "...........................A...R";
|
||||
String removeBits = "...............................R";
|
||||
assertThat(AclFormattingUtils.demergePatterns(original, removeBits))
|
||||
.isEqualTo("...........................A....");
|
||||
.isEqualTo("...........................A....");
|
||||
assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "......")).isEqualTo("ABCDEF");
|
||||
assertThat(AclFormattingUtils.demergePatterns("ABCDEF", "GHIJKL")).isEqualTo("......");
|
||||
}
|
||||
|
|
@ -56,7 +56,7 @@ public class AclFormattingUtilsTests {
|
|||
assertThatIllegalArgumentException().isThrownBy(() -> AclFormattingUtils.mergePatterns(null, "SOME STRING"));
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> AclFormattingUtils.mergePatterns("SOME STRING", null));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> AclFormattingUtils.mergePatterns("SOME STRING", "LONGER SOME STRING"));
|
||||
.isThrownBy(() -> AclFormattingUtils.mergePatterns("SOME STRING", "LONGER SOME STRING"));
|
||||
assertThatNoException().isThrownBy(() -> AclFormattingUtils.mergePatterns("SOME STRING", "SAME LENGTH"));
|
||||
}
|
||||
|
||||
|
|
@ -73,9 +73,9 @@ public class AclFormattingUtilsTests {
|
|||
public final void testBinaryPrints() {
|
||||
assertThat(AclFormattingUtils.printBinary(15)).isEqualTo("............................****");
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> AclFormattingUtils.printBinary(15, Permission.RESERVED_ON));
|
||||
.isThrownBy(() -> AclFormattingUtils.printBinary(15, Permission.RESERVED_ON));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> AclFormattingUtils.printBinary(15, Permission.RESERVED_OFF));
|
||||
.isThrownBy(() -> AclFormattingUtils.printBinary(15, Permission.RESERVED_OFF));
|
||||
assertThat(AclFormattingUtils.printBinary(15, 'x')).isEqualTo("............................xxxx");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -85,7 +85,8 @@ public class AclEntryAfterInvocationCollectionFilteringProviderTests {
|
|||
AclEntryAfterInvocationCollectionFilteringProvider provider = new AclEntryAfterInvocationCollectionFilteringProvider(
|
||||
service, Arrays.asList(mock(Permission.class)));
|
||||
assertThat(provider.decide(mock(Authentication.class), new Object(),
|
||||
SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull();
|
||||
SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null))
|
||||
.isNull();
|
||||
verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ public class AclEntryAfterInvocationProviderTests {
|
|||
@Test
|
||||
public void rejectsMissingPermissions() {
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> new AclEntryAfterInvocationProvider(mock(AclService.class), null));
|
||||
.isThrownBy(() -> new AclEntryAfterInvocationProvider(mock(AclService.class), null));
|
||||
assertThatIllegalArgumentException().isThrownBy(
|
||||
() -> new AclEntryAfterInvocationProvider(mock(AclService.class), Collections.<Permission>emptyList()));
|
||||
}
|
||||
|
|
@ -112,12 +112,12 @@ public class AclEntryAfterInvocationProviderTests {
|
|||
provider.setProcessDomainObjectClass(Object.class);
|
||||
provider.setSidRetrievalStrategy(mock(SidRetrievalStrategy.class));
|
||||
assertThatExceptionOfType(AccessDeniedException.class)
|
||||
.isThrownBy(() -> provider.decide(mock(Authentication.class), new Object(),
|
||||
SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object()));
|
||||
.isThrownBy(() -> provider.decide(mock(Authentication.class), new Object(),
|
||||
SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object()));
|
||||
// Second scenario with no acls found
|
||||
assertThatExceptionOfType(AccessDeniedException.class)
|
||||
.isThrownBy(() -> provider.decide(mock(Authentication.class), new Object(),
|
||||
SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object()));
|
||||
.isThrownBy(() -> provider.decide(mock(Authentication.class), new Object(),
|
||||
SecurityConfig.createList("UNSUPPORTED", "MY_ATTRIBUTE"), new Object()));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -126,7 +126,8 @@ public class AclEntryAfterInvocationProviderTests {
|
|||
AclEntryAfterInvocationProvider provider = new AclEntryAfterInvocationProvider(service,
|
||||
Arrays.asList(mock(Permission.class)));
|
||||
assertThat(provider.decide(mock(Authentication.class), new Object(),
|
||||
SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null)).isNull();
|
||||
SecurityConfig.createList("AFTER_ACL_COLLECTION_READ"), null))
|
||||
.isNull();
|
||||
verify(service, never()).readAclById(any(ObjectIdentity.class), any(List.class));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -77,14 +77,14 @@ public class AccessControlImplEntryTests {
|
|||
assertThat(ace).isNotNull();
|
||||
assertThat(ace).isNotEqualTo(100L);
|
||||
assertThat(ace).isEqualTo(ace);
|
||||
assertThat(ace).isEqualTo(
|
||||
new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true));
|
||||
assertThat(ace)
|
||||
.isEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true));
|
||||
assertThat(ace).isNotEqualTo(
|
||||
new AccessControlEntryImpl(2L, mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true));
|
||||
assertThat(ace).isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, new PrincipalSid("scott"),
|
||||
BasePermission.ADMINISTRATION, true, true, true));
|
||||
assertThat(ace)
|
||||
.isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.WRITE, true, true, true));
|
||||
.isNotEqualTo(new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.WRITE, true, true, true));
|
||||
assertThat(ace).isNotEqualTo(
|
||||
new AccessControlEntryImpl(1L, mockAcl, sid, BasePermission.ADMINISTRATION, false, true, true));
|
||||
assertThat(ace).isNotEqualTo(
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ public class AclImplTests {
|
|||
assertThatIllegalArgumentException().isThrownBy(
|
||||
() -> new AclImpl(null, 1, this.authzStrategy, this.pgs, null, null, true, new PrincipalSid("joe")));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> new AclImpl(null, 1, this.authzStrategy, this.mockAuditLogger));
|
||||
.isThrownBy(() -> new AclImpl(null, 1, this.authzStrategy, this.mockAuditLogger));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -111,7 +111,7 @@ public class AclImplTests {
|
|||
assertThatIllegalArgumentException().isThrownBy(() -> new AclImpl(this.objectIdentity, null, this.authzStrategy,
|
||||
this.pgs, null, null, true, new PrincipalSid("joe")));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> new AclImpl(this.objectIdentity, null, this.authzStrategy, this.mockAuditLogger));
|
||||
.isThrownBy(() -> new AclImpl(this.objectIdentity, null, this.authzStrategy, this.mockAuditLogger));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -120,7 +120,7 @@ public class AclImplTests {
|
|||
new DefaultPermissionGrantingStrategy(this.mockAuditLogger), null, null, true,
|
||||
new PrincipalSid("joe")));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> new AclImpl(this.objectIdentity, 1, null, this.mockAuditLogger));
|
||||
.isThrownBy(() -> new AclImpl(this.objectIdentity, 1, null, this.mockAuditLogger));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -128,7 +128,7 @@ public class AclImplTests {
|
|||
MutableAcl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
|
||||
new PrincipalSid("joe"));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> acl.insertAce(0, null, new GrantedAuthoritySid("ROLE_IGNORED"), true));
|
||||
.isThrownBy(() -> acl.insertAce(0, null, new GrantedAuthoritySid("ROLE_IGNORED"), true));
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> acl.insertAce(0, BasePermission.READ, null, true));
|
||||
}
|
||||
|
||||
|
|
@ -175,7 +175,7 @@ public class AclImplTests {
|
|||
acl.insertAce(0, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST1"), true);
|
||||
service.updateAcl(acl);
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true));
|
||||
.isThrownBy(() -> acl.insertAce(55, BasePermission.READ, new GrantedAuthoritySid("ROLE_TEST2"), true));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -223,7 +223,7 @@ public class AclImplTests {
|
|||
new PrincipalSid("joe"));
|
||||
Sid ben = new PrincipalSid("ben");
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> acl.isGranted(new ArrayList<>(0), Arrays.asList(ben), false));
|
||||
.isThrownBy(() -> acl.isGranted(new ArrayList<>(0), Arrays.asList(ben), false));
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> acl.isGranted(READ, new ArrayList<>(0), false));
|
||||
}
|
||||
|
||||
|
|
@ -246,12 +246,14 @@ public class AclImplTests {
|
|||
List<Sid> sids = Arrays.asList(new PrincipalSid("ben"), new GrantedAuthoritySid("ROLE_GUEST"));
|
||||
assertThat(rootAcl.isGranted(permissions, sids, false)).isFalse();
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> rootAcl.isGranted(permissions, SCOTT, false));
|
||||
.isThrownBy(() -> rootAcl.isGranted(permissions, SCOTT, false));
|
||||
assertThat(rootAcl.isGranted(WRITE, SCOTT, false)).isTrue();
|
||||
assertThat(rootAcl.isGranted(WRITE,
|
||||
Arrays.asList(new PrincipalSid("rod"), new GrantedAuthoritySid("WRITE_ACCESS_ROLE")), false)).isFalse();
|
||||
Arrays.asList(new PrincipalSid("rod"), new GrantedAuthoritySid("WRITE_ACCESS_ROLE")), false))
|
||||
.isFalse();
|
||||
assertThat(rootAcl.isGranted(WRITE,
|
||||
Arrays.asList(new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), new PrincipalSid("rod")), false)).isTrue();
|
||||
Arrays.asList(new GrantedAuthoritySid("WRITE_ACCESS_ROLE"), new PrincipalSid("rod")), false))
|
||||
.isTrue();
|
||||
// Change the type of the Sid and check the granting process
|
||||
assertThatExceptionOfType(NotFoundException.class).isThrownBy(() -> rootAcl.isGranted(WRITE,
|
||||
Arrays.asList(new GrantedAuthoritySid("rod"), new PrincipalSid("WRITE_ACCESS_ROLE")), false));
|
||||
|
|
@ -292,7 +294,7 @@ public class AclImplTests {
|
|||
// Check granting process for parent1
|
||||
assertThat(parentAcl1.isGranted(READ, SCOTT, false)).isTrue();
|
||||
assertThat(parentAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false))
|
||||
.isTrue();
|
||||
.isTrue();
|
||||
assertThat(parentAcl1.isGranted(WRITE, BEN, false)).isTrue();
|
||||
assertThat(parentAcl1.isGranted(DELETE, BEN, false)).isFalse();
|
||||
assertThat(parentAcl1.isGranted(DELETE, SCOTT, false)).isFalse();
|
||||
|
|
@ -303,13 +305,13 @@ public class AclImplTests {
|
|||
// Check granting process for child1
|
||||
assertThat(childAcl1.isGranted(CREATE, SCOTT, false)).isTrue();
|
||||
assertThat(childAcl1.isGranted(READ, Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_USER_READ")), false))
|
||||
.isTrue();
|
||||
.isTrue();
|
||||
assertThat(childAcl1.isGranted(DELETE, BEN, false)).isFalse();
|
||||
// Check granting process for child2 (doesn't inherit the permissions from its
|
||||
// parent)
|
||||
assertThatExceptionOfType(NotFoundException.class).isThrownBy(() -> childAcl2.isGranted(CREATE, SCOTT, false));
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> childAcl2.isGranted(CREATE, Arrays.asList((Sid) new PrincipalSid("joe")), false));
|
||||
.isThrownBy(() -> childAcl2.isGranted(CREATE, Arrays.asList((Sid) new PrincipalSid("joe")), false));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -396,20 +398,20 @@ public class AclImplTests {
|
|||
new PrincipalSid("joe"));
|
||||
assertThat(acl.isSidLoaded(loadedSids)).isTrue();
|
||||
assertThat(acl.isSidLoaded(Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new PrincipalSid("ben"))))
|
||||
.isTrue();
|
||||
.isTrue();
|
||||
assertThat(acl.isSidLoaded(Arrays.asList((Sid) new GrantedAuthoritySid("ROLE_IGNORED")))).isTrue();
|
||||
assertThat(acl.isSidLoaded(BEN)).isTrue();
|
||||
assertThat(acl.isSidLoaded(null)).isTrue();
|
||||
assertThat(acl.isSidLoaded(new ArrayList<>(0))).isTrue();
|
||||
assertThat(acl.isSidLoaded(
|
||||
Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_IGNORED"))))
|
||||
.isTrue();
|
||||
.isTrue();
|
||||
assertThat(acl.isSidLoaded(
|
||||
Arrays.asList(new GrantedAuthoritySid("ROLE_GENERAL"), new GrantedAuthoritySid("ROLE_IGNORED"))))
|
||||
.isFalse();
|
||||
.isFalse();
|
||||
assertThat(acl.isSidLoaded(
|
||||
Arrays.asList(new GrantedAuthoritySid("ROLE_IGNORED"), new GrantedAuthoritySid("ROLE_GENERAL"))))
|
||||
.isFalse();
|
||||
.isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -417,7 +419,7 @@ public class AclImplTests {
|
|||
AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, this.pgs, null, null, true,
|
||||
new PrincipalSid("joe"));
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true));
|
||||
.isThrownBy(() -> acl.insertAce(-1, mock(Permission.class), mock(Sid.class), true));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -435,7 +437,7 @@ public class AclImplTests {
|
|||
acl.insertAce(0, mock(Permission.class), mock(Sid.class), true);
|
||||
// Size is now 1
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> acl.insertAce(2, mock(Permission.class), mock(Sid.class), true));
|
||||
.isThrownBy(() -> acl.insertAce(2, mock(Permission.class), mock(Sid.class), true));
|
||||
}
|
||||
|
||||
// SEC-1151
|
||||
|
|
@ -466,7 +468,7 @@ public class AclImplTests {
|
|||
AclImpl acl = new AclImpl(this.objectIdentity, 1, this.authzStrategy, maskPgs, null, null, true,
|
||||
new PrincipalSid("joe"));
|
||||
Permission permission = this.permissionFactory
|
||||
.buildFromMask(BasePermission.READ.getMask() | BasePermission.WRITE.getMask());
|
||||
.buildFromMask(BasePermission.READ.getMask() | BasePermission.WRITE.getMask());
|
||||
Sid sid = new PrincipalSid("ben");
|
||||
acl.insertAce(0, permission, sid, true);
|
||||
service.updateAcl(acl);
|
||||
|
|
|
|||
|
|
@ -73,12 +73,12 @@ public class AclImplementationSecurityCheckTests {
|
|||
new SimpleGrantedAuthority("ROLE_THREE"));
|
||||
Acl acl2 = new AclImpl(identity, 1L, aclAuthorizationStrategy2, new ConsoleAuditLogger());
|
||||
// Check access in case the principal has no authorization rights
|
||||
assertThatExceptionOfType(NotFoundException.class).isThrownBy(
|
||||
() -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL));
|
||||
assertThatExceptionOfType(NotFoundException.class).isThrownBy(
|
||||
() -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_AUDITING));
|
||||
assertThatExceptionOfType(NotFoundException.class).isThrownBy(
|
||||
() -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_OWNERSHIP));
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_GENERAL));
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_AUDITING));
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> aclAuthorizationStrategy2.securityCheck(acl2, AclAuthorizationStrategy.CHANGE_OWNERSHIP));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -181,11 +181,11 @@ public class AclImplementationSecurityCheckTests {
|
|||
new DefaultPermissionGrantingStrategy(new ConsoleAuditLogger()), null, null, false,
|
||||
new PrincipalSid(auth));
|
||||
assertThatNoException()
|
||||
.isThrownBy(() -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL));
|
||||
assertThatExceptionOfType(NotFoundException.class).isThrownBy(
|
||||
() -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING));
|
||||
assertThatNoException().isThrownBy(
|
||||
() -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP));
|
||||
.isThrownBy(() -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_GENERAL));
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_AUDITING));
|
||||
assertThatNoException()
|
||||
.isThrownBy(() -> aclAuthorizationStrategy.securityCheck(acl, AclAuthorizationStrategy.CHANGE_OWNERSHIP));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ public class ObjectIdentityImplTests {
|
|||
public void testGetIdMethodConstraints() {
|
||||
// Check the getId() method is present
|
||||
assertThatExceptionOfType(IdentityUnavailableException.class)
|
||||
.isThrownBy(() -> new ObjectIdentityImpl("A_STRING_OBJECT"));
|
||||
.isThrownBy(() -> new ObjectIdentityImpl("A_STRING_OBJECT"));
|
||||
// getId() should return a non-null value
|
||||
MockIdDomainObject mockId = new MockIdDomainObject();
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> new ObjectIdentityImpl(mockId));
|
||||
|
|
|
|||
|
|
@ -47,10 +47,12 @@ public class PermissionTests {
|
|||
public void expectedIntegerValues() {
|
||||
assertThat(BasePermission.READ.getMask()).isEqualTo(1);
|
||||
assertThat(BasePermission.ADMINISTRATION.getMask()).isEqualTo(16);
|
||||
assertThat(new CumulativePermission().set(BasePermission.READ).set(BasePermission.WRITE)
|
||||
.set(BasePermission.CREATE).getMask()).isEqualTo(7);
|
||||
assertThat(new CumulativePermission().set(BasePermission.READ)
|
||||
.set(BasePermission.WRITE)
|
||||
.set(BasePermission.CREATE)
|
||||
.getMask()).isEqualTo(7);
|
||||
assertThat(new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION).getMask())
|
||||
.isEqualTo(17);
|
||||
.isEqualTo(17);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -64,20 +66,23 @@ public class PermissionTests {
|
|||
this.permissionFactory.registerPublicPermissions(SpecialPermission.class);
|
||||
assertThat(BasePermission.READ.toString()).isEqualTo("BasePermission[...............................R=1]");
|
||||
assertThat(BasePermission.ADMINISTRATION.toString())
|
||||
.isEqualTo("BasePermission[...........................A....=16]");
|
||||
.isEqualTo("BasePermission[...........................A....=16]");
|
||||
assertThat(new CumulativePermission().set(BasePermission.READ).toString())
|
||||
.isEqualTo("CumulativePermission[...............................R=1]");
|
||||
.isEqualTo("CumulativePermission[...............................R=1]");
|
||||
assertThat(
|
||||
new CumulativePermission().set(SpecialPermission.ENTER).set(BasePermission.ADMINISTRATION).toString())
|
||||
.isEqualTo("CumulativePermission[..........................EA....=48]");
|
||||
.isEqualTo("CumulativePermission[..........................EA....=48]");
|
||||
assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ).toString())
|
||||
.isEqualTo("CumulativePermission[...........................A...R=17]");
|
||||
assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ)
|
||||
.clear(BasePermission.ADMINISTRATION).toString())
|
||||
.isEqualTo("CumulativePermission[...............................R=1]");
|
||||
assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION).set(BasePermission.READ)
|
||||
.clear(BasePermission.ADMINISTRATION).clear(BasePermission.READ).toString())
|
||||
.isEqualTo("CumulativePermission[................................=0]");
|
||||
.isEqualTo("CumulativePermission[...........................A...R=17]");
|
||||
assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION)
|
||||
.set(BasePermission.READ)
|
||||
.clear(BasePermission.ADMINISTRATION)
|
||||
.toString()).isEqualTo("CumulativePermission[...............................R=1]");
|
||||
assertThat(new CumulativePermission().set(BasePermission.ADMINISTRATION)
|
||||
.set(BasePermission.READ)
|
||||
.clear(BasePermission.ADMINISTRATION)
|
||||
.clear(BasePermission.READ)
|
||||
.toString()).isEqualTo("CumulativePermission[................................=0]");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -149,7 +149,7 @@ public abstract class AbstractBasicLookupStrategyTests {
|
|||
// Deliberately use an integer for the child, to reproduce bug report in SEC-819
|
||||
ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102);
|
||||
Map<ObjectIdentity, Acl> map = this.strategy
|
||||
.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
|
||||
.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
|
||||
checkEntries(topParentOid, middleParentOid, childOid, map);
|
||||
}
|
||||
|
||||
|
|
@ -163,7 +163,7 @@ public abstract class AbstractBasicLookupStrategyTests {
|
|||
// Let's empty the database to force acls retrieval from cache
|
||||
emptyDatabase();
|
||||
Map<ObjectIdentity, Acl> map = this.strategy
|
||||
.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
|
||||
.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
|
||||
checkEntries(topParentOid, middleParentOid, childOid, map);
|
||||
}
|
||||
|
||||
|
|
@ -176,7 +176,7 @@ public abstract class AbstractBasicLookupStrategyTests {
|
|||
// acls
|
||||
this.strategy.setBatchSize(1);
|
||||
Map<ObjectIdentity, Acl> map = this.strategy
|
||||
.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
|
||||
.readAclsById(Arrays.asList(topParentOid, middleParentOid, childOid), null);
|
||||
checkEntries(topParentOid, middleParentOid, childOid, map);
|
||||
}
|
||||
|
||||
|
|
@ -303,7 +303,7 @@ public abstract class AbstractBasicLookupStrategyTests {
|
|||
getJdbcTemplate().execute(query);
|
||||
ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS, 104L);
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> this.strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID)));
|
||||
.isThrownBy(() -> this.strategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID)));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@ public class BasicLookupStrategyWithAclClassTypeTests extends AbstractBasicLooku
|
|||
public void testReadObjectIdentityUsingNonUuidInDatabase() {
|
||||
ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, OBJECT_IDENTITY_LONG_AS_UUID);
|
||||
assertThatExceptionOfType(ConversionFailedException.class)
|
||||
.isThrownBy(() -> this.uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID)));
|
||||
.isThrownBy(() -> this.uuidEnabledStrategy.readAclsById(Arrays.asList(oid), Arrays.asList(BEN_SID)));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ public class JdbcAclServiceTests {
|
|||
ObjectIdentity objectIdentity = new ObjectIdentityImpl(Object.class, 1);
|
||||
List<Sid> sids = Arrays.<Sid>asList(new PrincipalSid("user"));
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> this.aclService.readAclById(objectIdentity, sids));
|
||||
.isThrownBy(() -> this.aclService.readAclById(objectIdentity, sids));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -168,20 +168,20 @@ public class JdbcAclServiceTests {
|
|||
assertThat(objectIdentities.size()).isEqualTo(1);
|
||||
assertThat(objectIdentities.get(0).getType()).isEqualTo("costcenter");
|
||||
assertThat(objectIdentities.get(0).getIdentifier())
|
||||
.isEqualTo(UUID.fromString("25d93b3f-c3aa-4814-9d5e-c7c96ced7762"));
|
||||
.isEqualTo(UUID.fromString("25d93b3f-c3aa-4814-9d5e-c7c96ced7762"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void setObjectIdentityGeneratorWhenNullThenThrowsIllegalArgumentException() {
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> this.aclServiceIntegration.setObjectIdentityGenerator(null))
|
||||
.withMessage("objectIdentityGenerator cannot be null");
|
||||
.isThrownBy(() -> this.aclServiceIntegration.setObjectIdentityGenerator(null))
|
||||
.withMessage("objectIdentityGenerator cannot be null");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void findChildrenWhenObjectIdentityGeneratorSetThenUsed() {
|
||||
this.aclServiceIntegration
|
||||
.setObjectIdentityGenerator((id, type) -> new ObjectIdentityImpl(type, "prefix:" + id));
|
||||
.setObjectIdentityGenerator((id, type) -> new ObjectIdentityImpl(type, "prefix:" + id));
|
||||
|
||||
ObjectIdentity objectIdentity = new ObjectIdentityImpl("location", "US");
|
||||
this.aclServiceIntegration.setAclClassIdSupported(true);
|
||||
|
|
|
|||
|
|
@ -168,7 +168,7 @@ public class JdbcMutableAclServiceTests {
|
|||
this.jdbcMutableAclService.updateAcl(child);
|
||||
// Let's check if we can read them back correctly
|
||||
Map<ObjectIdentity, Acl> map = this.jdbcMutableAclService
|
||||
.readAclsById(Arrays.asList(getTopParentOid(), getMiddleParentOid(), getChildOid()));
|
||||
.readAclsById(Arrays.asList(getTopParentOid(), getMiddleParentOid(), getChildOid()));
|
||||
assertThat(map).hasSize(3);
|
||||
// Get the retrieved versions
|
||||
MutableAcl retrievedTopParent = (MutableAcl) map.get(getTopParentOid());
|
||||
|
|
@ -196,7 +196,7 @@ public class JdbcMutableAclServiceTests {
|
|||
assertThat(retrievedMiddleParent.isGranted(delete, pSid, false)).isTrue();
|
||||
assertThat(retrievedChild.isGranted(delete, pSid, false)).isFalse();
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> retrievedChild.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), pSid, false));
|
||||
.isThrownBy(() -> retrievedChild.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), pSid, false));
|
||||
// Now check the inherited rights (when not explicitly overridden) also look OK
|
||||
assertThat(retrievedChild.isGranted(read, pSid, false)).isTrue();
|
||||
assertThat(retrievedChild.isGranted(write, pSid, false)).isFalse();
|
||||
|
|
@ -209,9 +209,9 @@ public class JdbcMutableAclServiceTests {
|
|||
// Check the child permissions no longer inherit
|
||||
assertThat(nonInheritingChild.isGranted(delete, pSid, true)).isFalse();
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> nonInheritingChild.isGranted(read, pSid, true));
|
||||
.isThrownBy(() -> nonInheritingChild.isGranted(read, pSid, true));
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> nonInheritingChild.isGranted(write, pSid, true));
|
||||
.isThrownBy(() -> nonInheritingChild.isGranted(write, pSid, true));
|
||||
// Let's add an identical permission to the child, but it'll appear AFTER the
|
||||
// current permission, so has no impact
|
||||
nonInheritingChild.insertAce(1, BasePermission.DELETE, new PrincipalSid(this.auth), true);
|
||||
|
|
@ -266,9 +266,9 @@ public class JdbcMutableAclServiceTests {
|
|||
// Delete the mid-parent and test if the child was deleted, as well
|
||||
this.jdbcMutableAclService.deleteAcl(getMiddleParentOid(), true);
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> this.jdbcMutableAclService.readAclById(getMiddleParentOid()));
|
||||
.isThrownBy(() -> this.jdbcMutableAclService.readAclById(getMiddleParentOid()));
|
||||
assertThatExceptionOfType(NotFoundException.class)
|
||||
.isThrownBy(() -> this.jdbcMutableAclService.readAclById(getChildOid()));
|
||||
.isThrownBy(() -> this.jdbcMutableAclService.readAclById(getChildOid()));
|
||||
Acl acl = this.jdbcMutableAclService.readAclById(getTopParentOid());
|
||||
assertThat(acl).isNotNull();
|
||||
assertThat(getTopParentOid()).isEqualTo(acl.getObjectIdentity());
|
||||
|
|
@ -277,11 +277,11 @@ public class JdbcMutableAclServiceTests {
|
|||
@Test
|
||||
public void constructorRejectsNullParameters() {
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> new JdbcMutableAclService(null, this.lookupStrategy, this.aclCache));
|
||||
.isThrownBy(() -> new JdbcMutableAclService(null, this.lookupStrategy, this.aclCache));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> new JdbcMutableAclService(this.dataSource, null, this.aclCache));
|
||||
.isThrownBy(() -> new JdbcMutableAclService(this.dataSource, null, this.aclCache));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> new JdbcMutableAclService(this.dataSource, this.lookupStrategy, null));
|
||||
.isThrownBy(() -> new JdbcMutableAclService(this.dataSource, this.lookupStrategy, null));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -297,7 +297,7 @@ public class JdbcMutableAclServiceTests {
|
|||
this.jdbcMutableAclService.createAcl(duplicateOid);
|
||||
// Try to add the same object second time
|
||||
assertThatExceptionOfType(AlreadyExistsException.class)
|
||||
.isThrownBy(() -> this.jdbcMutableAclService.createAcl(duplicateOid));
|
||||
.isThrownBy(() -> this.jdbcMutableAclService.createAcl(duplicateOid));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -320,7 +320,7 @@ public class JdbcMutableAclServiceTests {
|
|||
try {
|
||||
// checking in the class, not database
|
||||
assertThatExceptionOfType(ChildrenExistException.class)
|
||||
.isThrownBy(() -> this.jdbcMutableAclService.deleteAcl(getTopParentOid(), false));
|
||||
.isThrownBy(() -> this.jdbcMutableAclService.deleteAcl(getTopParentOid(), false));
|
||||
}
|
||||
finally {
|
||||
// restore to the default
|
||||
|
|
@ -392,7 +392,7 @@ public class JdbcMutableAclServiceTests {
|
|||
child = (MutableAcl) this.jdbcMutableAclService.readAclById(childOid);
|
||||
parent = (MutableAcl) child.getParentAcl();
|
||||
assertThat(parent.getEntries()).hasSize(2)
|
||||
.withFailMessage("Fails because child has a stale reference to its parent");
|
||||
.withFailMessage("Fails because child has a stale reference to its parent");
|
||||
assertThat(parent.getEntries().get(0).getPermission().getMask()).isEqualTo(1);
|
||||
assertThat(parent.getEntries().get(0).getSid()).isEqualTo(new PrincipalSid("ben"));
|
||||
assertThat(parent.getEntries().get(1).getPermission().getMask()).isEqualTo(1);
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ public class JdbcMutableAclServiceTestsWithAclClassId extends JdbcMutableAclServ
|
|||
ObjectIdentity oid = new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id);
|
||||
getJdbcMutableAclService().createAcl(oid);
|
||||
assertThat(getJdbcMutableAclService().readAclById(new ObjectIdentityImpl(TARGET_CLASS_WITH_UUID, id)))
|
||||
.isNotNull();
|
||||
.isNotNull();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,9 +46,9 @@ public class SidTests {
|
|||
// Check one Authentication-argument constructor
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> new PrincipalSid((Authentication) null));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> new PrincipalSid(new TestingAuthenticationToken(null, "password")));
|
||||
.isThrownBy(() -> new PrincipalSid(new TestingAuthenticationToken(null, "password")));
|
||||
assertThatNoException()
|
||||
.isThrownBy(() -> new PrincipalSid(new TestingAuthenticationToken("johndoe", "password")));
|
||||
.isThrownBy(() -> new PrincipalSid(new TestingAuthenticationToken("johndoe", "password")));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -60,7 +60,7 @@ public class SidTests {
|
|||
// Check one GrantedAuthority-argument constructor
|
||||
assertThatIllegalArgumentException().isThrownBy(() -> new GrantedAuthoritySid((GrantedAuthority) null));
|
||||
assertThatIllegalArgumentException()
|
||||
.isThrownBy(() -> new GrantedAuthoritySid(new SimpleGrantedAuthority(null)));
|
||||
.isThrownBy(() -> new GrantedAuthoritySid(new SimpleGrantedAuthority(null)));
|
||||
assertThatNoException().isThrownBy(() -> new GrantedAuthoritySid(new SimpleGrantedAuthority("ROLE_TEST")));
|
||||
}
|
||||
|
||||
|
|
@ -100,7 +100,7 @@ public class SidTests {
|
|||
assertThat(principalSid.hashCode()).isEqualTo(new PrincipalSid("johndoe").hashCode());
|
||||
assertThat(principalSid.hashCode()).isNotEqualTo(new PrincipalSid("scott").hashCode());
|
||||
assertThat(principalSid.hashCode())
|
||||
.isNotEqualTo(new PrincipalSid(new TestingAuthenticationToken("scott", "password")).hashCode());
|
||||
.isNotEqualTo(new PrincipalSid(new TestingAuthenticationToken("scott", "password")).hashCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -111,7 +111,7 @@ public class SidTests {
|
|||
assertThat(gaSid.hashCode()).isEqualTo(new GrantedAuthoritySid("ROLE_TEST").hashCode());
|
||||
assertThat(gaSid.hashCode()).isNotEqualTo(new GrantedAuthoritySid("ROLE_TEST_2").hashCode());
|
||||
assertThat(gaSid.hashCode())
|
||||
.isNotEqualTo(new GrantedAuthoritySid(new SimpleGrantedAuthority("ROLE_TEST_2")).hashCode());
|
||||
.isNotEqualTo(new GrantedAuthoritySid(new SimpleGrantedAuthority("ROLE_TEST_2")).hashCode());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ public class AnnotationSecurityAspectTests {
|
|||
@Test
|
||||
public void securedClassMethodDeniesUnauthenticatedAccess() {
|
||||
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
|
||||
.isThrownBy(() -> this.secured.securedClassMethod());
|
||||
.isThrownBy(() -> this.secured.securedClassMethod());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ public class PostAuthorizeAspectTests {
|
|||
@Test
|
||||
public void securedClassMethodDeniesUnauthenticatedAccess() {
|
||||
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
|
||||
.isThrownBy(() -> this.secured.securedClassMethod());
|
||||
.isThrownBy(() -> this.secured.securedClassMethod());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ public class PreAuthorizeAspectTests {
|
|||
@Test
|
||||
public void securedClassMethodDeniesUnauthenticatedAccess() {
|
||||
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
|
||||
.isThrownBy(() -> this.secured.securedClassMethod());
|
||||
.isThrownBy(() -> this.secured.securedClassMethod());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ public class SecuredAspectTests {
|
|||
@Test
|
||||
public void securedClassMethodDeniesUnauthenticatedAccess() {
|
||||
assertThatExceptionOfType(AuthenticationCredentialsNotFoundException.class)
|
||||
.isThrownBy(() -> this.secured.securedClassMethod());
|
||||
.isThrownBy(() -> this.secured.securedClassMethod());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -74,8 +74,8 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
|
|||
assertThat(authoritiesPopulator).hasFieldOrPropertyWithValue("groupRoleAttribute", "cn");
|
||||
assertThat(authoritiesPopulator).hasFieldOrPropertyWithValue("groupSearchBase", "");
|
||||
assertThat(authoritiesPopulator).hasFieldOrPropertyWithValue("groupSearchFilter", "(uniqueMember={0})");
|
||||
assertThat(authoritiesPopulator).extracting("searchControls").hasFieldOrPropertyWithValue("searchScope",
|
||||
SearchControls.ONELEVEL_SCOPE);
|
||||
assertThat(authoritiesPopulator).extracting("searchControls")
|
||||
.hasFieldOrPropertyWithValue("searchScope", SearchControls.ONELEVEL_SCOPE);
|
||||
assertThat(ReflectionTestUtils.getField(getAuthoritiesMapper(provider), "prefix")).isEqualTo("ROLE_");
|
||||
}
|
||||
|
||||
|
|
@ -85,7 +85,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
|
|||
LdapAuthenticationProvider provider = ldapProvider();
|
||||
|
||||
assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupRoleAttribute"))
|
||||
.isEqualTo("group");
|
||||
.isEqualTo("group");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -94,7 +94,7 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
|
|||
LdapAuthenticationProvider provider = ldapProvider();
|
||||
|
||||
assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "groupSearchFilter"))
|
||||
.isEqualTo("ou=groupName");
|
||||
.isEqualTo("ou=groupName");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -103,7 +103,8 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
|
|||
LdapAuthenticationProvider provider = ldapProvider();
|
||||
|
||||
assertThat(ReflectionTestUtils.getField(getAuthoritiesPopulator(provider), "searchControls"))
|
||||
.extracting("searchScope").isEqualTo(SearchControls.SUBTREE_SCOPE);
|
||||
.extracting("searchScope")
|
||||
.isEqualTo(SearchControls.SUBTREE_SCOPE);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -119,8 +120,8 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
|
|||
this.spring.register(BindAuthenticationConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(authenticated().withUsername("bob")
|
||||
.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
|
||||
.andExpect(authenticated().withUsername("bob")
|
||||
.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
|
||||
}
|
||||
|
||||
// SEC-2472
|
||||
|
|
@ -129,13 +130,14 @@ public class LdapAuthenticationProviderBuilderSecurityBuilderTests {
|
|||
this.spring.register(PasswordEncoderConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bcrypt").password("password"))
|
||||
.andExpect(authenticated().withUsername("bcrypt")
|
||||
.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
|
||||
.andExpect(authenticated().withUsername("bcrypt")
|
||||
.withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_DEVELOPERS"))));
|
||||
}
|
||||
|
||||
private LdapAuthenticationProvider ldapProvider() {
|
||||
return ((List<LdapAuthenticationProvider>) ReflectionTestUtils.getField(this.authenticationManager,
|
||||
"providers")).get(0);
|
||||
"providers"))
|
||||
.get(0);
|
||||
}
|
||||
|
||||
private LdapAuthoritiesPopulator getAuthoritiesPopulator(LdapAuthenticationProvider provider) {
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ public class LdapAuthenticationProviderConfigurerTests {
|
|||
this.spring.register(MultiLdapAuthenticationProvidersConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -122,7 +122,7 @@ public class JwtITests {
|
|||
@Test
|
||||
public void routeWhenAuthenticationBearerThenAuthorized() {
|
||||
MimeType authenticationMimeType = MimeTypeUtils
|
||||
.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
|
||||
.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
|
||||
BearerTokenMetadata credentials = new BearerTokenMetadata("token");
|
||||
given(this.decoder.decode(any())).willReturn(Mono.just(jwt()));
|
||||
// @formatter:off
|
||||
|
|
@ -137,8 +137,11 @@ public class JwtITests {
|
|||
}
|
||||
|
||||
private Jwt jwt() {
|
||||
return TestJwts.jwt().claim(IdTokenClaimNames.ISS, "https://issuer.example.com")
|
||||
.claim(IdTokenClaimNames.SUB, "rob").claim(IdTokenClaimNames.AUD, Arrays.asList("client-id")).build();
|
||||
return TestJwts.jwt()
|
||||
.claim(IdTokenClaimNames.ISS, "https://issuer.example.com")
|
||||
.claim(IdTokenClaimNames.SUB, "rob")
|
||||
.claim(IdTokenClaimNames.AUD, Arrays.asList("client-id"))
|
||||
.build();
|
||||
}
|
||||
|
||||
private RSocketRequester.Builder requester() {
|
||||
|
|
@ -169,7 +172,7 @@ public class JwtITests {
|
|||
@Bean
|
||||
PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
|
||||
rsocket.authorizePayload((authorize) -> authorize.anyRequest().authenticated().anyExchange().permitAll())
|
||||
.jwt(Customizer.withDefaults());
|
||||
.jwt(Customizer.withDefaults());
|
||||
return rsocket.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -195,7 +195,7 @@ public class RSocketMessageHandlerITests {
|
|||
String data = "a";
|
||||
assertThatExceptionOfType(ApplicationErrorException.class).isThrownBy(
|
||||
() -> this.requester.route("secure.hello").data(data).retrieveFlux(String.class).collectList().block())
|
||||
.withMessageContaining("Access Denied");
|
||||
.withMessageContaining("Access Denied");
|
||||
assertThat(this.controller.payloads).isEmpty();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ public class SimpleAuthenticationITests {
|
|||
@Test
|
||||
public void retrieveMonoWhenAuthorizedThenGranted() {
|
||||
MimeType authenticationMimeType = MimeTypeUtils
|
||||
.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
|
||||
.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
|
||||
UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("rob", "password");
|
||||
// @formatter:off
|
||||
this.requester = RSocketRequester.builder()
|
||||
|
|
@ -161,7 +161,7 @@ public class SimpleAuthenticationITests {
|
|||
@Bean
|
||||
PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
|
||||
rsocket.authorizePayload((authorize) -> authorize.anyRequest().authenticated().anyExchange().permitAll())
|
||||
.simpleAuthentication(Customizer.withDefaults());
|
||||
.simpleAuthentication(Customizer.withDefaults());
|
||||
return rsocket.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests {
|
|||
this.spring.register(FromEmbeddedLdapServerConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -56,7 +56,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests {
|
|||
this.spring.register(PortZeroConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -71,15 +71,16 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests {
|
|||
this.spring.register(CustomManagerDnConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void contextSourceFactoryBeanWhenManagerDnAndNoPasswordThenException() {
|
||||
assertThatExceptionOfType(UnsatisfiedDependencyException.class)
|
||||
.isThrownBy(() -> this.spring.register(CustomManagerDnNoPasswordConfig.class).autowire())
|
||||
.havingRootCause().isInstanceOf(IllegalStateException.class)
|
||||
.withMessageContaining("managerPassword is required if managerDn is supplied");
|
||||
.isThrownBy(() -> this.spring.register(CustomManagerDnNoPasswordConfig.class).autowire())
|
||||
.havingRootCause()
|
||||
.isInstanceOf(IllegalStateException.class)
|
||||
.withMessageContaining("managerPassword is required if managerDn is supplied");
|
||||
}
|
||||
|
||||
@Configuration
|
||||
|
|
@ -107,7 +108,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests {
|
|||
@Bean
|
||||
EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
|
||||
EmbeddedLdapServerContextSourceFactoryBean factoryBean = EmbeddedLdapServerContextSourceFactoryBean
|
||||
.fromEmbeddedLdapServer();
|
||||
.fromEmbeddedLdapServer();
|
||||
factoryBean.setPort(0);
|
||||
return factoryBean;
|
||||
}
|
||||
|
|
@ -128,7 +129,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests {
|
|||
@Bean
|
||||
EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
|
||||
EmbeddedLdapServerContextSourceFactoryBean factoryBean = EmbeddedLdapServerContextSourceFactoryBean
|
||||
.fromEmbeddedLdapServer();
|
||||
.fromEmbeddedLdapServer();
|
||||
factoryBean.setLdif("classpath*:test-server2.xldif");
|
||||
factoryBean.setRoot("dc=monkeymachine,dc=co,dc=uk");
|
||||
return factoryBean;
|
||||
|
|
@ -150,7 +151,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests {
|
|||
@Bean
|
||||
EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
|
||||
EmbeddedLdapServerContextSourceFactoryBean factoryBean = EmbeddedLdapServerContextSourceFactoryBean
|
||||
.fromEmbeddedLdapServer();
|
||||
.fromEmbeddedLdapServer();
|
||||
factoryBean.setManagerDn("uid=admin,ou=system");
|
||||
factoryBean.setManagerPassword("secret");
|
||||
return factoryBean;
|
||||
|
|
@ -173,7 +174,7 @@ public class EmbeddedLdapServerContextSourceFactoryBeanITests {
|
|||
@Bean
|
||||
EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
|
||||
EmbeddedLdapServerContextSourceFactoryBean factoryBean = EmbeddedLdapServerContextSourceFactoryBean
|
||||
.fromEmbeddedLdapServer();
|
||||
.fromEmbeddedLdapServer();
|
||||
factoryBean.setManagerDn("uid=admin,ou=system");
|
||||
return factoryBean;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ public class LdapBindAuthenticationManagerFactoryITests {
|
|||
this.spring.register(FromContextSourceConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -81,19 +81,21 @@ public class LdapBindAuthenticationManagerFactoryITests {
|
|||
|
||||
this.spring.register(CustomAuthoritiesPopulatorConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(
|
||||
authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_EXTRA"))));
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(
|
||||
authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_EXTRA"))));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticationManagerFactoryWhenCustomAuthoritiesMapperThenUsed() throws Exception {
|
||||
CustomAuthoritiesMapperConfig.AUTHORITIES_MAPPER = ((authorities) -> AuthorityUtils
|
||||
.createAuthorityList("ROLE_CUSTOM"));
|
||||
.createAuthorityList("ROLE_CUSTOM"));
|
||||
|
||||
this.spring.register(CustomAuthoritiesMapperConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword")).andExpect(
|
||||
authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_CUSTOM"))));
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(
|
||||
authenticated().withAuthorities(Collections.singleton(new SimpleGrantedAuthority("ROLE_CUSTOM"))));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -113,7 +115,7 @@ public class LdapBindAuthenticationManagerFactoryITests {
|
|||
this.spring.register(CustomUserDetailsContextMapperConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(authenticated().withUsername("other"));
|
||||
.andExpect(authenticated().withUsername("other"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -121,7 +123,7 @@ public class LdapBindAuthenticationManagerFactoryITests {
|
|||
this.spring.register(CustomUserDnPatternsConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -129,7 +131,7 @@ public class LdapBindAuthenticationManagerFactoryITests {
|
|||
this.spring.register(CustomUserSearchConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bob").password("bobspassword"))
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
.andExpect(authenticated().withUsername("bob"));
|
||||
}
|
||||
|
||||
@Configuration
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ public class LdapPasswordComparisonAuthenticationManagerFactoryITests {
|
|||
this.spring.register(CustomPasswordEncoderConfig.class).autowire();
|
||||
|
||||
this.mockMvc.perform(formLogin().user("bcrypt").password("password"))
|
||||
.andExpect(authenticated().withUsername("bcrypt"));
|
||||
.andExpect(authenticated().withUsername("bcrypt"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ public class LdapProviderBeanDefinitionParserTests {
|
|||
AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
|
||||
AuthenticationManager.class);
|
||||
Authentication auth = authenticationManager
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "benspassword"));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "benspassword"));
|
||||
UserDetails ben = (UserDetails) auth.getPrincipal();
|
||||
assertThat(ben.getAuthorities()).hasSize(3);
|
||||
}
|
||||
|
|
@ -71,7 +71,7 @@ public class LdapProviderBeanDefinitionParserTests {
|
|||
ProviderManager providerManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
|
||||
assertThat(providerManager.getProviders()).hasSize(2);
|
||||
assertThat(providerManager.getProviders()).extracting("authoritiesPopulator.groupSearchFilter")
|
||||
.containsExactly("member={0}", "uniqueMember={0}");
|
||||
.containsExactly("member={0}", "uniqueMember={0}");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -89,7 +89,7 @@ public class LdapProviderBeanDefinitionParserTests {
|
|||
AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
|
||||
AuthenticationManager.class);
|
||||
Authentication auth = authenticationManager
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "benspassword"));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "benspassword"));
|
||||
|
||||
assertThat(auth).isNotNull();
|
||||
}
|
||||
|
|
@ -105,7 +105,7 @@ public class LdapProviderBeanDefinitionParserTests {
|
|||
AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
|
||||
AuthenticationManager.class);
|
||||
Authentication auth = authenticationManager
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "ben"));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("ben", "ben"));
|
||||
|
||||
assertThat(auth).isNotNull();
|
||||
}
|
||||
|
|
@ -122,7 +122,7 @@ public class LdapProviderBeanDefinitionParserTests {
|
|||
AuthenticationManager authenticationManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER,
|
||||
AuthenticationManager.class);
|
||||
Authentication auth = authenticationManager
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bcrypt", "password"));
|
||||
.authenticate(UsernamePasswordAuthenticationToken.unauthenticated("bcrypt", "password"));
|
||||
|
||||
assertThat(auth).isNotNull();
|
||||
}
|
||||
|
|
@ -137,8 +137,8 @@ public class LdapProviderBeanDefinitionParserTests {
|
|||
|
||||
ProviderManager providerManager = this.appCtx.getBean(BeanIds.AUTHENTICATION_MANAGER, ProviderManager.class);
|
||||
assertThat(providerManager.getProviders()).hasSize(1);
|
||||
assertThat(providerManager.getProviders()).extracting("userDetailsContextMapper").allSatisfy(
|
||||
(contextMapper) -> assertThat(contextMapper).isInstanceOf(InetOrgPersonContextMapper.class));
|
||||
assertThat(providerManager.getProviders()).extracting("userDetailsContextMapper")
|
||||
.allSatisfy((contextMapper) -> assertThat(contextMapper).isInstanceOf(InetOrgPersonContextMapper.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -155,10 +155,10 @@ public class LdapProviderBeanDefinitionParserTests {
|
|||
|
||||
AuthenticationProvider authenticationProvider = providerManager.getProviders().get(0);
|
||||
assertThat(authenticationProvider).extracting("authenticator.userDnFormat")
|
||||
.satisfies((messageFormats) -> assertThat(messageFormats)
|
||||
.isEqualTo(new MessageFormat[] { new MessageFormat("uid={0},ou=people") }));
|
||||
.satisfies((messageFormats) -> assertThat(messageFormats)
|
||||
.isEqualTo(new MessageFormat[] { new MessageFormat("uid={0},ou=people") }));
|
||||
assertThat(authenticationProvider).extracting("authoritiesPopulator.groupSearchFilter")
|
||||
.satisfies((searchFilter) -> assertThat(searchFilter).isEqualTo("member={0}"));
|
||||
.satisfies((searchFilter) -> assertThat(searchFilter).isEqualTo("member={0}"));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ public class LdapServerBeanDefinitionParserTests {
|
|||
this.appCtx = new InMemoryXmlApplicationContext("<ldap-server ldif='classpath:test-server.ldif' port='0'/>");
|
||||
|
||||
DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
|
||||
.getBean(BeanIds.CONTEXT_SOURCE);
|
||||
.getBean(BeanIds.CONTEXT_SOURCE);
|
||||
|
||||
// Check data is loaded
|
||||
LdapTemplate template = new LdapTemplate(contextSource);
|
||||
|
|
@ -71,7 +71,7 @@ public class LdapServerBeanDefinitionParserTests {
|
|||
this.appCtx.getBean(BeanIds.CONTEXT_SOURCE);
|
||||
|
||||
DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
|
||||
.getBean("blah");
|
||||
.getBean("blah");
|
||||
|
||||
// Check data is loaded as before
|
||||
LdapTemplate template = new LdapTemplate(contextSource);
|
||||
|
|
@ -83,7 +83,7 @@ public class LdapServerBeanDefinitionParserTests {
|
|||
this.appCtx = new InMemoryXmlApplicationContext(
|
||||
"<ldap-server ldif='classpath*:test-server2.xldif' root='dc=monkeymachine,dc=co,dc=uk' port='0'/>");
|
||||
DefaultSpringSecurityContextSource contextSource = (DefaultSpringSecurityContextSource) this.appCtx
|
||||
.getBean(BeanIds.CONTEXT_SOURCE);
|
||||
.getBean(BeanIds.CONTEXT_SOURCE);
|
||||
|
||||
LdapTemplate template = new LdapTemplate(contextSource);
|
||||
template.lookup("uid=pg,ou=gorillas");
|
||||
|
|
|
|||
|
|
@ -58,17 +58,17 @@ public class LdapUserServiceBeanDefinitionParserTests {
|
|||
@Test
|
||||
public void beanClassNamesAreCorrect() {
|
||||
assertThat(FilterBasedLdapUserSearch.class.getName())
|
||||
.isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS);
|
||||
.isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_SEARCH_CLASS);
|
||||
assertThat(PersonContextMapper.class.getName())
|
||||
.isEqualTo(LdapUserServiceBeanDefinitionParser.PERSON_MAPPER_CLASS);
|
||||
.isEqualTo(LdapUserServiceBeanDefinitionParser.PERSON_MAPPER_CLASS);
|
||||
assertThat(InetOrgPersonContextMapper.class.getName())
|
||||
.isEqualTo(LdapUserServiceBeanDefinitionParser.INET_ORG_PERSON_MAPPER_CLASS);
|
||||
.isEqualTo(LdapUserServiceBeanDefinitionParser.INET_ORG_PERSON_MAPPER_CLASS);
|
||||
assertThat(LdapUserDetailsMapper.class.getName())
|
||||
.isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_USER_MAPPER_CLASS);
|
||||
.isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_USER_MAPPER_CLASS);
|
||||
assertThat(DefaultLdapAuthoritiesPopulator.class.getName())
|
||||
.isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_AUTHORITIES_POPULATOR_CLASS);
|
||||
.isEqualTo(LdapUserServiceBeanDefinitionParser.LDAP_AUTHORITIES_POPULATOR_CLASS);
|
||||
assertThat(new LdapUserServiceBeanDefinitionParser().getBeanClassName(mock(Element.class)))
|
||||
.isEqualTo(LdapUserDetailsService.class.getName());
|
||||
.isEqualTo(LdapUserDetailsService.class.getName());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -85,17 +85,19 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
|
|||
String version = pkg.getImplementationVersion();
|
||||
this.logger.info("Spring Security 'config' module version is " + version);
|
||||
if (version.compareTo(coreVersion) != 0) {
|
||||
this.logger.error(
|
||||
"You are running with different versions of the Spring Security 'core' and 'config' modules");
|
||||
this.logger
|
||||
.error("You are running with different versions of the Spring Security 'core' and 'config' modules");
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public BeanDefinition parse(Element element, ParserContext pc) {
|
||||
if (!namespaceMatchesVersion(element)) {
|
||||
pc.getReaderContext().fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or "
|
||||
+ "spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
|
||||
+ "with Spring Security 6.0. Please update your schema declarations to the 6.0 schema.", element);
|
||||
pc.getReaderContext()
|
||||
.fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or "
|
||||
+ "spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
|
||||
+ "with Spring Security 6.0. Please update your schema declarations to the 6.0 schema.",
|
||||
element);
|
||||
}
|
||||
String name = pc.getDelegate().getLocalName(element);
|
||||
BeanDefinitionParser parser = this.parsers.get(name);
|
||||
|
|
@ -140,8 +142,9 @@ public final class SecurityNamespaceHandler implements NamespaceHandler {
|
|||
}
|
||||
|
||||
private void reportUnsupportedNodeType(String name, ParserContext pc, Node node) {
|
||||
pc.getReaderContext().fatal("Security namespace does not support decoration of "
|
||||
+ ((node instanceof Element) ? "element" : "attribute") + " [" + name + "]", node);
|
||||
pc.getReaderContext()
|
||||
.fatal("Security namespace does not support decoration of "
|
||||
+ ((node instanceof Element) ? "element" : "attribute") + " [" + name + "]", node);
|
||||
}
|
||||
|
||||
private void reportMissingWebClasses(String nodeName, ParserContext pc, Node node) {
|
||||
|
|
|
|||
|
|
@ -176,7 +176,7 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
|
|||
private <C extends SecurityConfigurer<O, B>> void add(C configurer) {
|
||||
Assert.notNull(configurer, "configurer cannot be null");
|
||||
Class<? extends SecurityConfigurer<O, B>> clazz = (Class<? extends SecurityConfigurer<O, B>>) configurer
|
||||
.getClass();
|
||||
.getClass();
|
||||
synchronized (this.configurers) {
|
||||
if (this.buildState.isConfigured()) {
|
||||
throw new IllegalStateException("Cannot apply " + configurer + " to already built object");
|
||||
|
|
|
|||
|
|
@ -184,8 +184,9 @@ public class AuthenticationConfiguration {
|
|||
return Collections.emptyList();
|
||||
}
|
||||
for (String beanName : beanNamesForType) {
|
||||
if (((ConfigurableApplicationContext) this.applicationContext).getBeanFactory().getBeanDefinition(beanName)
|
||||
.isPrimary()) {
|
||||
if (((ConfigurableApplicationContext) this.applicationContext).getBeanFactory()
|
||||
.getBeanDefinition(beanName)
|
||||
.isPrimary()) {
|
||||
list.add(beanName);
|
||||
}
|
||||
}
|
||||
|
|
@ -218,7 +219,7 @@ public class AuthenticationConfiguration {
|
|||
@Override
|
||||
public void init(AuthenticationManagerBuilder auth) {
|
||||
Map<String, Object> beansWithAnnotation = this.context
|
||||
.getBeansWithAnnotation(EnableGlobalAuthentication.class);
|
||||
.getBeansWithAnnotation(EnableGlobalAuthentication.class);
|
||||
if (logger.isTraceEnabled()) {
|
||||
logger.trace(LogMessage.format("Eagerly initializing %s", beansWithAnnotation));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -97,7 +97,6 @@ import org.springframework.security.config.annotation.web.servlet.configuration.
|
|||
* @see EnableWebMvcSecurity
|
||||
* @see EnableWebSecurity
|
||||
* @see EnableGlobalMethodSecurity
|
||||
*
|
||||
* @author Rob Winch
|
||||
*
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ class InitializeAuthenticationProviderBeanManagerConfigurer extends GlobalAuthen
|
|||
*/
|
||||
private <T> T getBeanOrNull(Class<T> type) {
|
||||
String[] beanNames = InitializeAuthenticationProviderBeanManagerConfigurer.this.context
|
||||
.getBeanNamesForType(type);
|
||||
.getBeanNamesForType(type);
|
||||
if (beanNames.length != 1) {
|
||||
return null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -401,7 +401,7 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
|
|||
*/
|
||||
public PasswordCompareConfigurer passwordCompare() {
|
||||
return new PasswordCompareConfigurer().passwordAttribute("password")
|
||||
.passwordEncoder(NoOpPasswordEncoder.getInstance());
|
||||
.passwordEncoder(NoOpPasswordEncoder.getInstance());
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import org.springframework.security.access.prepost.PreFilter;
|
|||
|
||||
/**
|
||||
* Enables Spring Security Method Security.
|
||||
*
|
||||
* @author Evgeniy Cheban
|
||||
* @author Josh Cummings
|
||||
* @since 5.6
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ import org.springframework.core.Ordered;
|
|||
import org.springframework.security.authorization.ReactiveAuthorizationManager;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 5.0
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
|
|||
};
|
||||
|
||||
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||
.getContextHolderStrategy();
|
||||
.getContextHolderStrategy();
|
||||
|
||||
private DefaultMethodSecurityExpressionHandler defaultMethodExpressionHandler = new DefaultMethodSecurityExpressionHandler();
|
||||
|
||||
|
|
@ -320,7 +320,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
|
|||
protected AuthenticationManager authenticationManager() throws Exception {
|
||||
if (this.authenticationManager == null) {
|
||||
DefaultAuthenticationEventPublisher eventPublisher = this.objectPostProcessor
|
||||
.postProcess(new DefaultAuthenticationEventPublisher());
|
||||
.postProcess(new DefaultAuthenticationEventPublisher());
|
||||
this.auth = new AuthenticationManagerBuilder(this.objectPostProcessor);
|
||||
this.auth.authenticationEventPublisher(eventPublisher);
|
||||
configure(this.auth);
|
||||
|
|
@ -375,7 +375,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
|
|||
if (isJsr250Enabled) {
|
||||
GrantedAuthorityDefaults grantedAuthorityDefaults = getSingleBeanOrNull(GrantedAuthorityDefaults.class);
|
||||
Jsr250MethodSecurityMetadataSource jsr250MethodSecurityMetadataSource = this.context
|
||||
.getBean(Jsr250MethodSecurityMetadataSource.class);
|
||||
.getBean(Jsr250MethodSecurityMetadataSource.class);
|
||||
if (grantedAuthorityDefaults != null) {
|
||||
jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
|
||||
}
|
||||
|
|
@ -403,7 +403,7 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
|
|||
@Override
|
||||
public final void setImportMetadata(AnnotationMetadata importMetadata) {
|
||||
Map<String, Object> annotationAttributes = importMetadata
|
||||
.getAnnotationAttributes(EnableGlobalMethodSecurity.class.getName());
|
||||
.getAnnotationAttributes(EnableGlobalMethodSecurity.class.getName());
|
||||
this.enableMethodSecurity = AnnotationAttributes.fromMap(annotationAttributes);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ final class GlobalMethodSecuritySelector implements ImportSelector {
|
|||
Class<?> importingClass = ClassUtils.resolveClassName(importingClassMetadata.getClassName(),
|
||||
ClassUtils.getDefaultClassLoader());
|
||||
boolean skipMethodSecurityConfiguration = GlobalMethodSecurityConfiguration.class
|
||||
.isAssignableFrom(importingClass);
|
||||
.isAssignableFrom(importingClass);
|
||||
AdviceMode mode = attributes.getEnum("mode");
|
||||
boolean isProxy = AdviceMode.PROXY == mode;
|
||||
String autoProxyClassName = isProxy ? AutoProxyRegistrar.class.getName()
|
||||
|
|
|
|||
|
|
@ -53,11 +53,11 @@ final class Jsr250MethodSecurityConfiguration {
|
|||
Jsr250AuthorizationManager jsr250 = new Jsr250AuthorizationManager();
|
||||
defaultsProvider.ifAvailable((d) -> jsr250.setRolePrefix(d.getRolePrefix()));
|
||||
SecurityContextHolderStrategy strategy = strategyProvider
|
||||
.getIfAvailable(SecurityContextHolder::getContextHolderStrategy);
|
||||
.getIfAvailable(SecurityContextHolder::getContextHolderStrategy);
|
||||
AuthorizationManager<MethodInvocation> manager = new DeferringObservationAuthorizationManager<>(
|
||||
registryProvider, jsr250);
|
||||
AuthorizationManagerBeforeMethodInterceptor interceptor = AuthorizationManagerBeforeMethodInterceptor
|
||||
.jsr250(manager);
|
||||
.jsr250(manager);
|
||||
interceptor.setSecurityContextHolderStrategy(strategy);
|
||||
return interceptor;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -45,13 +45,13 @@ class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefiniti
|
|||
@Override
|
||||
public void registerBeanDefinitions(AnnotationMetadata importingClassMetadata, BeanDefinitionRegistry registry) {
|
||||
BeanDefinitionBuilder advisor = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
|
||||
.rootBeanDefinition(MethodSecurityMetadataSourceAdvisor.class);
|
||||
advisor.setRole(BeanDefinition.ROLE_INFRASTRUCTURE);
|
||||
advisor.addConstructorArgValue("methodSecurityInterceptor");
|
||||
advisor.addConstructorArgReference("methodSecurityMetadataSource");
|
||||
advisor.addConstructorArgValue("methodSecurityMetadataSource");
|
||||
MultiValueMap<String, Object> attributes = importingClassMetadata
|
||||
.getAllAnnotationAttributes(EnableGlobalMethodSecurity.class.getName());
|
||||
.getAllAnnotationAttributes(EnableGlobalMethodSecurity.class.getName());
|
||||
Integer order = (Integer) attributes.getFirst("order");
|
||||
if (order != null) {
|
||||
advisor.addPropertyValue("order", order);
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ final class PrePostMethodSecurityConfiguration {
|
|||
manager.setExpressionHandler(
|
||||
new DeferringMethodSecurityExpressionHandler(expressionHandlerProvider, defaultsProvider, context));
|
||||
AuthorizationManagerBeforeMethodInterceptor preAuthorize = AuthorizationManagerBeforeMethodInterceptor
|
||||
.preAuthorize(manager(manager, registryProvider));
|
||||
.preAuthorize(manager(manager, registryProvider));
|
||||
strategyProvider.ifAvailable(preAuthorize::setSecurityContextHolderStrategy);
|
||||
eventPublisherProvider.ifAvailable(preAuthorize::setAuthorizationEventPublisher);
|
||||
return preAuthorize;
|
||||
|
|
@ -101,7 +101,7 @@ final class PrePostMethodSecurityConfiguration {
|
|||
manager.setExpressionHandler(
|
||||
new DeferringMethodSecurityExpressionHandler(expressionHandlerProvider, defaultsProvider, context));
|
||||
AuthorizationManagerAfterMethodInterceptor postAuthorize = AuthorizationManagerAfterMethodInterceptor
|
||||
.postAuthorize(manager(manager, registryProvider));
|
||||
.postAuthorize(manager(manager, registryProvider));
|
||||
strategyProvider.ifAvailable(postAuthorize::setSecurityContextHolderStrategy);
|
||||
eventPublisherProvider.ifAvailable(postAuthorize::setAuthorizationEventPublisher);
|
||||
return postAuthorize;
|
||||
|
|
@ -141,7 +141,7 @@ final class PrePostMethodSecurityConfiguration {
|
|||
ObjectProvider<MethodSecurityExpressionHandler> expressionHandlerProvider,
|
||||
ObjectProvider<GrantedAuthorityDefaults> defaultsProvider, ApplicationContext applicationContext) {
|
||||
this.expressionHandler = SingletonSupplier.of(() -> expressionHandlerProvider
|
||||
.getIfAvailable(() -> defaultExpressionHandler(defaultsProvider, applicationContext)));
|
||||
.getIfAvailable(() -> defaultExpressionHandler(defaultsProvider, applicationContext)));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -91,7 +91,7 @@ class ReactiveMethodSecurityConfiguration implements ImportAware {
|
|||
@Override
|
||||
public void setImportMetadata(AnnotationMetadata importMetadata) {
|
||||
this.advisorOrder = (int) importMetadata.getAnnotationAttributes(EnableReactiveMethodSecurity.class.getName())
|
||||
.get("order");
|
||||
.get("order");
|
||||
}
|
||||
|
||||
@Autowired(required = false)
|
||||
|
|
|
|||
|
|
@ -42,7 +42,8 @@ class ReactiveMethodSecuritySelector implements ImportSelector {
|
|||
return new String[0];
|
||||
}
|
||||
EnableReactiveMethodSecurity annotation = importMetadata.getAnnotations()
|
||||
.get(EnableReactiveMethodSecurity.class).synthesize();
|
||||
.get(EnableReactiveMethodSecurity.class)
|
||||
.synthesize();
|
||||
List<String> imports = new ArrayList<>(Arrays.asList(this.autoProxy.selectImports(importMetadata)));
|
||||
if (annotation.useAuthorizationManager()) {
|
||||
imports.add(ReactiveAuthorizationManagerMethodSecurityConfiguration.class.getName());
|
||||
|
|
|
|||
|
|
@ -51,11 +51,11 @@ final class SecuredMethodSecurityConfiguration {
|
|||
ObjectProvider<ObservationRegistry> registryProvider) {
|
||||
SecuredAuthorizationManager secured = new SecuredAuthorizationManager();
|
||||
SecurityContextHolderStrategy strategy = strategyProvider
|
||||
.getIfAvailable(SecurityContextHolder::getContextHolderStrategy);
|
||||
.getIfAvailable(SecurityContextHolder::getContextHolderStrategy);
|
||||
AuthorizationManager<MethodInvocation> manager = new DeferringObservationAuthorizationManager<>(
|
||||
registryProvider, secured);
|
||||
AuthorizationManagerBeforeMethodInterceptor interceptor = AuthorizationManagerBeforeMethodInterceptor
|
||||
.secured(manager);
|
||||
.secured(manager);
|
||||
interceptor.setSecurityContextHolderStrategy(strategy);
|
||||
return interceptor;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -353,7 +353,7 @@ public class RSocketSecurity {
|
|||
public class AuthorizePayloadsSpec {
|
||||
|
||||
private PayloadExchangeMatcherReactiveAuthorizationManager.Builder authzBuilder = PayloadExchangeMatcherReactiveAuthorizationManager
|
||||
.builder();
|
||||
.builder();
|
||||
|
||||
public Access setup() {
|
||||
return matcher(PayloadExchangeMatchers.setup());
|
||||
|
|
@ -429,7 +429,7 @@ public class RSocketSecurity {
|
|||
public AuthorizePayloadsSpec access(
|
||||
ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext> authorization) {
|
||||
AuthorizePayloadsSpec.this.authzBuilder
|
||||
.add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization));
|
||||
.add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization));
|
||||
return AuthorizePayloadsSpec.this;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ class SecuritySocketAcceptorInterceptorConfiguration {
|
|||
ObjectProvider<PayloadSocketAcceptorInterceptor> rsocketInterceptor,
|
||||
ObjectProvider<RSocketSecurity> rsocketSecurity) {
|
||||
PayloadSocketAcceptorInterceptor delegate = rsocketInterceptor
|
||||
.getIfAvailable(() -> defaultInterceptor(rsocketSecurity));
|
||||
.getIfAvailable(() -> defaultInterceptor(rsocketSecurity));
|
||||
return new SecuritySocketAcceptorInterceptor(delegate);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -213,7 +213,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
|
|||
private Map<String, ? extends ServletRegistration> mappableServletRegistrations(ServletContext servletContext) {
|
||||
Map<String, ServletRegistration> mappable = new LinkedHashMap<>();
|
||||
for (Map.Entry<String, ? extends ServletRegistration> entry : servletContext.getServletRegistrations()
|
||||
.entrySet()) {
|
||||
.entrySet()) {
|
||||
if (!entry.getValue().getMappings().isEmpty()) {
|
||||
mappable.put(entry.getKey(), entry.getValue());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1194,7 +1194,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
|||
throws Exception {
|
||||
ApplicationContext context = getContext();
|
||||
authorizeRequestsCustomizer
|
||||
.customize(getOrApply(new ExpressionUrlAuthorizationConfigurer<>(context)).getRegistry());
|
||||
.customize(getOrApply(new ExpressionUrlAuthorizationConfigurer<>(context)).getRegistry());
|
||||
return HttpSecurity.this;
|
||||
}
|
||||
|
||||
|
|
@ -1421,7 +1421,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
|||
throws Exception {
|
||||
ApplicationContext context = getContext();
|
||||
authorizeHttpRequestsCustomizer
|
||||
.customize(getOrApply(new AuthorizeHttpRequestsConfigurer<>(context)).getRegistry());
|
||||
.customize(getOrApply(new AuthorizeHttpRequestsConfigurer<>(context)).getRegistry());
|
||||
return HttpSecurity.this;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -291,13 +291,13 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
|
|||
SecurityFilterChain securityFilterChain = new DefaultSecurityFilterChain(ignoredRequest);
|
||||
securityFilterChains.add(securityFilterChain);
|
||||
requestMatcherPrivilegeEvaluatorsEntries
|
||||
.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
|
||||
.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
|
||||
}
|
||||
for (SecurityBuilder<? extends SecurityFilterChain> securityFilterChainBuilder : this.securityFilterChainBuilders) {
|
||||
SecurityFilterChain securityFilterChain = securityFilterChainBuilder.build();
|
||||
securityFilterChains.add(securityFilterChain);
|
||||
requestMatcherPrivilegeEvaluatorsEntries
|
||||
.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
|
||||
.add(getRequestMatcherPrivilegeEvaluatorsEntry(securityFilterChain));
|
||||
}
|
||||
if (this.privilegeEvaluator == null) {
|
||||
this.privilegeEvaluator = new RequestMatcherDelegatingWebInvocationPrivilegeEvaluator(
|
||||
|
|
@ -346,7 +346,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
|
|||
}
|
||||
if (filter instanceof AuthorizationFilter) {
|
||||
AuthorizationManager<HttpServletRequest> authorizationManager = ((AuthorizationFilter) filter)
|
||||
.getAuthorizationManager();
|
||||
.getAuthorizationManager();
|
||||
AuthorizationManagerWebInvocationPrivilegeEvaluator evaluator = new AuthorizationManagerWebInvocationPrivilegeEvaluator(
|
||||
authorizationManager);
|
||||
evaluator.setServletContext(this.servletContext);
|
||||
|
|
@ -366,7 +366,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
|
|||
}
|
||||
try {
|
||||
this.defaultWebSecurityExpressionHandler
|
||||
.setPermissionEvaluator(applicationContext.getBean(PermissionEvaluator.class));
|
||||
.setPermissionEvaluator(applicationContext.getBean(PermissionEvaluator.class));
|
||||
}
|
||||
catch (NoSuchBeanDefinitionException ex) {
|
||||
}
|
||||
|
|
|
|||
|
|
@ -75,7 +75,6 @@ import org.springframework.security.web.SecurityFilterChain;
|
|||
* </pre>
|
||||
*
|
||||
* @see WebSecurityConfigurer
|
||||
*
|
||||
* @author Rob Winch
|
||||
* @since 3.2
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ class HttpSecurityConfiguration {
|
|||
private ApplicationContext context;
|
||||
|
||||
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||
.getContextHolderStrategy();
|
||||
.getContextHolderStrategy();
|
||||
|
||||
private ContentNegotiationStrategy contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
|
||||
|
||||
|
|
@ -142,7 +142,7 @@ class HttpSecurityConfiguration {
|
|||
private void applyDefaultConfigurers(HttpSecurity http) throws Exception {
|
||||
ClassLoader classLoader = this.context.getClassLoader();
|
||||
List<AbstractHttpConfigurer> defaultHttpConfigurers = SpringFactoriesLoader
|
||||
.loadFactories(AbstractHttpConfigurer.class, classLoader);
|
||||
.loadFactories(AbstractHttpConfigurer.class, classLoader);
|
||||
for (AbstractHttpConfigurer configurer : defaultHttpConfigurers) {
|
||||
http.apply(configurer);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,11 +48,11 @@ final class OAuth2ImportSelector implements ImportSelector {
|
|||
Set<String> imports = new LinkedHashSet<>();
|
||||
ClassLoader classLoader = getClass().getClassLoader();
|
||||
boolean oauth2ClientPresent = ClassUtils
|
||||
.isPresent("org.springframework.security.oauth2.client.registration.ClientRegistration", classLoader);
|
||||
.isPresent("org.springframework.security.oauth2.client.registration.ClientRegistration", classLoader);
|
||||
boolean webfluxPresent = ClassUtils
|
||||
.isPresent("org.springframework.web.reactive.function.client.ExchangeFilterFunction", classLoader);
|
||||
.isPresent("org.springframework.web.reactive.function.client.ExchangeFilterFunction", classLoader);
|
||||
boolean oauth2ResourceServerPresent = ClassUtils
|
||||
.isPresent("org.springframework.security.oauth2.server.resource.BearerTokenError", classLoader);
|
||||
.isPresent("org.springframework.security.oauth2.server.resource.BearerTokenError", classLoader);
|
||||
if (oauth2ClientPresent) {
|
||||
imports.add("org.springframework.security.config.annotation.web.configuration.OAuth2ClientConfiguration");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
|
|||
class SecurityReactorContextConfiguration {
|
||||
|
||||
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||
.getContextHolderStrategy();
|
||||
.getContextHolderStrategy();
|
||||
|
||||
@Bean
|
||||
SecurityReactorContextSubscriberRegistrar securityReactorContextSubscriberRegistrar() {
|
||||
|
|
@ -87,7 +87,7 @@ class SecurityReactorContextConfiguration {
|
|||
private final Map<Object, Supplier<Object>> CONTEXT_ATTRIBUTE_VALUE_LOADERS = new HashMap<>();
|
||||
|
||||
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||
.getContextHolderStrategy();
|
||||
.getContextHolderStrategy();
|
||||
|
||||
SecurityReactorContextSubscriberRegistrar() {
|
||||
this.CONTEXT_ATTRIBUTE_VALUE_LOADERS.put(HttpServletRequest.class,
|
||||
|
|
@ -100,7 +100,7 @@ class SecurityReactorContextConfiguration {
|
|||
@Override
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Function<? super Publisher<Object>, ? extends Publisher<Object>> lifter = Operators
|
||||
.liftPublisher((pub, sub) -> createSubscriberIfNecessary(sub));
|
||||
.liftPublisher((pub, sub) -> createSubscriberIfNecessary(sub));
|
||||
Hooks.onLastOperator(SECURITY_REACTOR_CONTEXT_OPERATOR_KEY, lifter::apply);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -39,8 +39,8 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
|
|||
* Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring Security CSRF
|
||||
* integration. This configuration is added whenever {@link EnableWebMvc} is added by
|
||||
* <a href="
|
||||
* {@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a>
|
||||
* and the DispatcherServlet is present on the classpath. It also adds the
|
||||
* {@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a> and
|
||||
* the DispatcherServlet is present on the classpath. It also adds the
|
||||
* {@link AuthenticationPrincipalArgumentResolver} as a
|
||||
* {@link HandlerMethodArgumentResolver}.
|
||||
*
|
||||
|
|
@ -53,7 +53,7 @@ class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContex
|
|||
private BeanResolver beanResolver;
|
||||
|
||||
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||
.getContextHolderStrategy();
|
||||
.getContextHolderStrategy();
|
||||
|
||||
@Override
|
||||
@SuppressWarnings("deprecation")
|
||||
|
|
@ -63,7 +63,7 @@ class WebMvcSecurityConfiguration implements WebMvcConfigurer, ApplicationContex
|
|||
authenticationPrincipalResolver.setSecurityContextHolderStrategy(this.securityContextHolderStrategy);
|
||||
argumentResolvers.add(authenticationPrincipalResolver);
|
||||
argumentResolvers
|
||||
.add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver());
|
||||
.add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver());
|
||||
CurrentSecurityContextArgumentResolver currentSecurityContextArgumentResolver = new CurrentSecurityContextArgumentResolver();
|
||||
currentSecurityContextArgumentResolver.setBeanResolver(this.beanResolver);
|
||||
currentSecurityContextArgumentResolver.setSecurityContextHolderStrategy(this.securityContextHolderStrategy);
|
||||
|
|
|
|||
|
|
@ -150,7 +150,8 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
|
|||
this.webSecurity.debug(this.debugEnabled);
|
||||
}
|
||||
List<SecurityConfigurer<Filter, WebSecurity>> webSecurityConfigurers = new AutowiredWebSecurityConfigurersIgnoreParents(
|
||||
beanFactory).getWebSecurityConfigurers();
|
||||
beanFactory)
|
||||
.getWebSecurityConfigurers();
|
||||
webSecurityConfigurers.sort(AnnotationAwareOrderComparator.INSTANCE);
|
||||
Integer previousOrder = null;
|
||||
Object previousConfig = null;
|
||||
|
|
@ -187,7 +188,7 @@ public class WebSecurityConfiguration implements ImportAware, BeanClassLoaderAwa
|
|||
@Override
|
||||
public void setImportMetadata(AnnotationMetadata importMetadata) {
|
||||
Map<String, Object> enableWebSecurityAttrMap = importMetadata
|
||||
.getAnnotationAttributes(EnableWebSecurity.class.getName());
|
||||
.getAnnotationAttributes(EnableWebSecurity.class.getName());
|
||||
AnnotationAttributes enableWebSecurityAttrs = AnnotationAttributes.fromMap(enableWebSecurityAttrMap);
|
||||
this.debugEnabled = enableWebSecurityAttrs.getBoolean("debug");
|
||||
if (this.webSecurity != null) {
|
||||
|
|
|
|||
|
|
@ -283,7 +283,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
|
|||
this.authFilter.setAuthenticationDetailsSource(this.authenticationDetailsSource);
|
||||
}
|
||||
SessionAuthenticationStrategy sessionAuthenticationStrategy = http
|
||||
.getSharedObject(SessionAuthenticationStrategy.class);
|
||||
.getSharedObject(SessionAuthenticationStrategy.class);
|
||||
if (sessionAuthenticationStrategy != null) {
|
||||
this.authFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
|
||||
}
|
||||
|
|
@ -294,7 +294,7 @@ public abstract class AbstractAuthenticationFilterConfigurer<B extends HttpSecur
|
|||
SecurityContextConfigurer securityContextConfigurer = http.getConfigurer(SecurityContextConfigurer.class);
|
||||
if (securityContextConfigurer != null && securityContextConfigurer.isRequireExplicitSave()) {
|
||||
SecurityContextRepository securityContextRepository = securityContextConfigurer
|
||||
.getSecurityContextRepository();
|
||||
.getSecurityContextRepository();
|
||||
this.authFilter.setSecurityContextRepository(securityContextRepository);
|
||||
}
|
||||
this.authFilter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
|
|||
extends AbstractRequestMatcherRegistry<AuthorizedUrl> {
|
||||
|
||||
private final RequestMatcherDelegatingAuthorizationManager.Builder managerBuilder = RequestMatcherDelegatingAuthorizationManager
|
||||
.builder();
|
||||
.builder();
|
||||
|
||||
private List<RequestMatcher> unmappedMatchers;
|
||||
|
||||
|
|
|
|||
|
|
@ -174,7 +174,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
|
|||
String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
|
||||
if (grantedAuthorityDefaultsBeanNames.length == 1) {
|
||||
GrantedAuthorityDefaults grantedAuthorityDefaults = context
|
||||
.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
|
||||
.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
|
||||
defaultHandler.setDefaultRolePrefix(grantedAuthorityDefaults.getRolePrefix());
|
||||
}
|
||||
String[] permissionEvaluatorBeanNames = context.getBeanNamesForType(PermissionEvaluator.class);
|
||||
|
|
@ -294,7 +294,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
|
|||
*/
|
||||
public ExpressionInterceptUrlRegistry hasRole(String role) {
|
||||
return access(ExpressionUrlAuthorizationConfigurer
|
||||
.hasRole(ExpressionUrlAuthorizationConfigurer.this.rolePrefix, role));
|
||||
.hasRole(ExpressionUrlAuthorizationConfigurer.this.rolePrefix, role));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -308,7 +308,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
|
|||
*/
|
||||
public ExpressionInterceptUrlRegistry hasAnyRole(String... roles) {
|
||||
return access(ExpressionUrlAuthorizationConfigurer
|
||||
.hasAnyRole(ExpressionUrlAuthorizationConfigurer.this.rolePrefix, roles));
|
||||
.hasAnyRole(ExpressionUrlAuthorizationConfigurer.this.rolePrefix, roles));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -260,7 +260,7 @@ public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends
|
|||
*/
|
||||
private void initDefaultLoginFilter(H http) {
|
||||
DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
if (loginPageGeneratingFilter != null && !isCustomLoginPage()) {
|
||||
loginPageGeneratingFilter.setFormLoginEnabled(true);
|
||||
loginPageGeneratingFilter.setUsernameParameter(getUsernameParameter());
|
||||
|
|
|
|||
|
|
@ -192,8 +192,8 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
|
|||
PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
|
||||
authenticationProvider.setPreAuthenticatedUserDetailsService(getUserDetailsService());
|
||||
authenticationProvider = postProcess(authenticationProvider);
|
||||
http.authenticationProvider(authenticationProvider).setSharedObject(AuthenticationEntryPoint.class,
|
||||
new Http403ForbiddenEntryPoint());
|
||||
http.authenticationProvider(authenticationProvider)
|
||||
.setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -214,9 +214,9 @@ public final class JeeConfigurer<H extends HttpSecurityBuilder<H>> extends Abstr
|
|||
this.j2eePreAuthenticatedProcessingFilter = new J2eePreAuthenticatedProcessingFilter();
|
||||
this.j2eePreAuthenticatedProcessingFilter.setAuthenticationManager(authenticationManager);
|
||||
this.j2eePreAuthenticatedProcessingFilter
|
||||
.setAuthenticationDetailsSource(createWebAuthenticationDetailsSource());
|
||||
.setAuthenticationDetailsSource(createWebAuthenticationDetailsSource());
|
||||
this.j2eePreAuthenticatedProcessingFilter
|
||||
.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
|
||||
.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
|
||||
this.j2eePreAuthenticatedProcessingFilter = postProcess(this.j2eePreAuthenticatedProcessingFilter);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -280,7 +280,7 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
PermitAllSupport.permitAll(http, this.getLogoutRequestMatcher(http));
|
||||
}
|
||||
DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
if (loginPageGeneratingFilter != null && !isCustomLogoutSuccess()) {
|
||||
loginPageGeneratingFilter.setLogoutSuccessUrl(getLogoutSuccessUrl());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ final class PermitAllSupport {
|
|||
static void permitAll(HttpSecurityBuilder<? extends HttpSecurityBuilder<?>> http,
|
||||
RequestMatcher... requestMatchers) {
|
||||
ExpressionUrlAuthorizationConfigurer<?> configurer = http
|
||||
.getConfigurer(ExpressionUrlAuthorizationConfigurer.class);
|
||||
.getConfigurer(ExpressionUrlAuthorizationConfigurer.class);
|
||||
AuthorizeHttpRequestsConfigurer<?> httpConfigurer = http.getConfigurer(AuthorizeHttpRequestsConfigurer.class);
|
||||
|
||||
boolean oneConfigurerPresent = configurer == null ^ httpConfigurer == null;
|
||||
|
|
@ -58,8 +58,9 @@ final class PermitAllSupport {
|
|||
for (RequestMatcher matcher : requestMatchers) {
|
||||
if (matcher != null) {
|
||||
if (configurer != null) {
|
||||
configurer.getRegistry().addMapping(0, new UrlMapping(matcher,
|
||||
SecurityConfig.createList(ExpressionUrlAuthorizationConfigurer.permitAll)));
|
||||
configurer.getRegistry()
|
||||
.addMapping(0, new UrlMapping(matcher,
|
||||
SecurityConfig.createList(ExpressionUrlAuthorizationConfigurer.permitAll)));
|
||||
}
|
||||
else {
|
||||
httpConfigurer.addFirst(matcher, AuthorizeHttpRequestsConfigurer.permitAllAuthorizationManager);
|
||||
|
|
|
|||
|
|
@ -292,7 +292,7 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
SecurityContextConfigurer<?> securityContextConfigurer = http.getConfigurer(SecurityContextConfigurer.class);
|
||||
if (securityContextConfigurer != null && securityContextConfigurer.isRequireExplicitSave()) {
|
||||
SecurityContextRepository securityContextRepository = securityContextConfigurer
|
||||
.getSecurityContextRepository();
|
||||
.getSecurityContextRepository();
|
||||
rememberMeFilter.setSecurityContextRepository(securityContextRepository);
|
||||
}
|
||||
rememberMeFilter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
|
||||
|
|
@ -325,7 +325,7 @@ public final class RememberMeConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
*/
|
||||
private void initDefaultLoginFilter(H http) {
|
||||
DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
if (loginPageGeneratingFilter != null) {
|
||||
loginPageGeneratingFilter.setRememberMeParameter(getRememberMeParameter());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
|
||||
SecurityContextRepository getSecurityContextRepository() {
|
||||
SecurityContextRepository securityContextRepository = getBuilder()
|
||||
.getSharedObject(SecurityContextRepository.class);
|
||||
.getSharedObject(SecurityContextRepository.class);
|
||||
if (securityContextRepository == null) {
|
||||
securityContextRepository = new DelegatingSecurityContextRepository(
|
||||
new RequestAttributeSecurityContextRepository(), new HttpSessionSecurityContextRepository());
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ public final class ServletApiConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
String[] grantedAuthorityDefaultsBeanNames = context.getBeanNamesForType(GrantedAuthorityDefaults.class);
|
||||
if (grantedAuthorityDefaultsBeanNames.length == 1) {
|
||||
GrantedAuthorityDefaults grantedAuthorityDefaults = context
|
||||
.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
|
||||
.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
|
||||
this.securityContextRequestFilter.setRolePrefix(grantedAuthorityDefaults.getRolePrefix());
|
||||
}
|
||||
this.securityContextRequestFilter.setSecurityContextHolderStrategy(getSecurityContextHolderStrategy());
|
||||
|
|
|
|||
|
|
@ -210,7 +210,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
public SessionManagementConfigurer<H> sessionAuthenticationErrorUrl(String sessionAuthenticationErrorUrl) {
|
||||
this.sessionAuthenticationErrorUrl = sessionAuthenticationErrorUrl;
|
||||
this.propertiesThatRequireImplicitAuthentication
|
||||
.add("sessionAuthenticationErrorUrl = " + sessionAuthenticationErrorUrl);
|
||||
.add("sessionAuthenticationErrorUrl = " + sessionAuthenticationErrorUrl);
|
||||
return this;
|
||||
}
|
||||
|
||||
|
|
@ -227,7 +227,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
AuthenticationFailureHandler sessionAuthenticationFailureHandler) {
|
||||
this.sessionAuthenticationFailureHandler = sessionAuthenticationFailureHandler;
|
||||
this.propertiesThatRequireImplicitAuthentication
|
||||
.add("sessionAuthenticationFailureHandler = " + sessionAuthenticationFailureHandler);
|
||||
.add("sessionAuthenticationFailureHandler = " + sessionAuthenticationFailureHandler);
|
||||
return this;
|
||||
}
|
||||
|
||||
|
|
@ -286,7 +286,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
SessionAuthenticationStrategy sessionAuthenticationStrategy) {
|
||||
this.providedSessionAuthenticationStrategy = sessionAuthenticationStrategy;
|
||||
this.propertiesThatRequireImplicitAuthentication
|
||||
.add("sessionAuthenticationStrategy = " + sessionAuthenticationStrategy);
|
||||
.add("sessionAuthenticationStrategy = " + sessionAuthenticationStrategy);
|
||||
return this;
|
||||
}
|
||||
|
||||
|
|
@ -415,7 +415,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
|
||||
private boolean shouldRequireExplicitAuthenticationStrategy() {
|
||||
boolean defaultRequireExplicitAuthenticationStrategy = this.propertiesThatRequireImplicitAuthentication
|
||||
.isEmpty();
|
||||
.isEmpty();
|
||||
if (this.requireExplicitAuthenticationStrategy == null) {
|
||||
// explicit is not set, use default
|
||||
return defaultRequireExplicitAuthenticationStrategy;
|
||||
|
|
|
|||
|
|
@ -173,8 +173,8 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>>
|
|||
public void init(H http) {
|
||||
PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
|
||||
authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http));
|
||||
http.authenticationProvider(authenticationProvider).setSharedObject(AuthenticationEntryPoint.class,
|
||||
new Http403ForbiddenEntryPoint());
|
||||
http.authenticationProvider(authenticationProvider)
|
||||
.setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -259,7 +259,7 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
resolver);
|
||||
if (this.authorizationRequestRepository != null) {
|
||||
authorizationRequestRedirectFilter
|
||||
.setAuthorizationRequestRepository(this.authorizationRequestRepository);
|
||||
.setAuthorizationRequestRepository(this.authorizationRequestRepository);
|
||||
}
|
||||
if (this.authorizationRedirectStrategy != null) {
|
||||
authorizationRequestRedirectFilter.setAuthorizationRedirectStrategy(this.authorizationRedirectStrategy);
|
||||
|
|
@ -276,7 +276,7 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
return this.authorizationRequestResolver;
|
||||
}
|
||||
ClientRegistrationRepository clientRegistrationRepository = OAuth2ClientConfigurerUtils
|
||||
.getClientRegistrationRepository(getBuilder());
|
||||
.getClientRegistrationRepository(getBuilder());
|
||||
return new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository,
|
||||
OAuth2AuthorizationRequestRedirectFilter.DEFAULT_AUTHORIZATION_REQUEST_BASE_URI);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ final class OAuth2ClientConfigurerUtils {
|
|||
|
||||
static <B extends HttpSecurityBuilder<B>> ClientRegistrationRepository getClientRegistrationRepository(B builder) {
|
||||
ClientRegistrationRepository clientRegistrationRepository = builder
|
||||
.getSharedObject(ClientRegistrationRepository.class);
|
||||
.getSharedObject(ClientRegistrationRepository.class);
|
||||
if (clientRegistrationRepository == null) {
|
||||
clientRegistrationRepository = getClientRegistrationRepositoryBean(builder);
|
||||
builder.setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
|
||||
|
|
@ -59,7 +59,7 @@ final class OAuth2ClientConfigurerUtils {
|
|||
static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientRepository getAuthorizedClientRepository(
|
||||
B builder) {
|
||||
OAuth2AuthorizedClientRepository authorizedClientRepository = builder
|
||||
.getSharedObject(OAuth2AuthorizedClientRepository.class);
|
||||
.getSharedObject(OAuth2AuthorizedClientRepository.class);
|
||||
if (authorizedClientRepository == null) {
|
||||
authorizedClientRepository = getAuthorizedClientRepositoryBean(builder);
|
||||
if (authorizedClientRepository == null) {
|
||||
|
|
@ -74,8 +74,8 @@ final class OAuth2ClientConfigurerUtils {
|
|||
private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientRepository getAuthorizedClientRepositoryBean(
|
||||
B builder) {
|
||||
Map<String, OAuth2AuthorizedClientRepository> authorizedClientRepositoryMap = BeanFactoryUtils
|
||||
.beansOfTypeIncludingAncestors(builder.getSharedObject(ApplicationContext.class),
|
||||
OAuth2AuthorizedClientRepository.class);
|
||||
.beansOfTypeIncludingAncestors(builder.getSharedObject(ApplicationContext.class),
|
||||
OAuth2AuthorizedClientRepository.class);
|
||||
if (authorizedClientRepositoryMap.size() > 1) {
|
||||
throw new NoUniqueBeanDefinitionException(OAuth2AuthorizedClientRepository.class,
|
||||
authorizedClientRepositoryMap.size(),
|
||||
|
|
@ -100,8 +100,8 @@ final class OAuth2ClientConfigurerUtils {
|
|||
private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizedClientService getAuthorizedClientServiceBean(
|
||||
B builder) {
|
||||
Map<String, OAuth2AuthorizedClientService> authorizedClientServiceMap = BeanFactoryUtils
|
||||
.beansOfTypeIncludingAncestors(builder.getSharedObject(ApplicationContext.class),
|
||||
OAuth2AuthorizedClientService.class);
|
||||
.beansOfTypeIncludingAncestors(builder.getSharedObject(ApplicationContext.class),
|
||||
OAuth2AuthorizedClientService.class);
|
||||
if (authorizedClientServiceMap.size() > 1) {
|
||||
throw new NoUniqueBeanDefinitionException(OAuth2AuthorizedClientService.class,
|
||||
authorizedClientServiceMap.size(),
|
||||
|
|
|
|||
|
|
@ -325,7 +325,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
}
|
||||
http.authenticationProvider(this.postProcess(oauth2LoginAuthenticationProvider));
|
||||
boolean oidcAuthenticationProviderEnabled = ClassUtils
|
||||
.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
|
||||
.isPresent("org.springframework.security.oauth2.jwt.JwtDecoder", this.getClass().getClassLoader());
|
||||
if (oidcAuthenticationProviderEnabled) {
|
||||
OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = getOidcUserService();
|
||||
OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider = new OidcAuthorizationCodeAuthenticationProvider(
|
||||
|
|
@ -363,11 +363,11 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
}
|
||||
if (this.authorizationEndpointConfig.authorizationRequestRepository != null) {
|
||||
authorizationRequestFilter
|
||||
.setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository);
|
||||
.setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository);
|
||||
}
|
||||
if (this.authorizationEndpointConfig.authorizationRedirectStrategy != null) {
|
||||
authorizationRequestFilter
|
||||
.setAuthorizationRedirectStrategy(this.authorizationEndpointConfig.authorizationRedirectStrategy);
|
||||
.setAuthorizationRedirectStrategy(this.authorizationEndpointConfig.authorizationRedirectStrategy);
|
||||
}
|
||||
RequestCache requestCache = http.getSharedObject(RequestCache.class);
|
||||
if (requestCache != null) {
|
||||
|
|
@ -380,7 +380,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
}
|
||||
if (this.authorizationEndpointConfig.authorizationRequestRepository != null) {
|
||||
authenticationFilter
|
||||
.setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository);
|
||||
.setAuthorizationRequestRepository(this.authorizationEndpointConfig.authorizationRequestRepository);
|
||||
}
|
||||
super.configure(http);
|
||||
}
|
||||
|
|
@ -398,15 +398,16 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
throw new NoUniqueBeanDefinitionException(type, names);
|
||||
}
|
||||
if (names.length == 1) {
|
||||
return (JwtDecoderFactory<ClientRegistration>) this.getBuilder().getSharedObject(ApplicationContext.class)
|
||||
.getBean(names[0]);
|
||||
return (JwtDecoderFactory<ClientRegistration>) this.getBuilder()
|
||||
.getSharedObject(ApplicationContext.class)
|
||||
.getBean(names[0]);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private GrantedAuthoritiesMapper getGrantedAuthoritiesMapper() {
|
||||
GrantedAuthoritiesMapper grantedAuthoritiesMapper = this.getBuilder()
|
||||
.getSharedObject(GrantedAuthoritiesMapper.class);
|
||||
.getSharedObject(GrantedAuthoritiesMapper.class);
|
||||
if (grantedAuthoritiesMapper == null) {
|
||||
grantedAuthoritiesMapper = this.getGrantedAuthoritiesMapperBean();
|
||||
if (grantedAuthoritiesMapper != null) {
|
||||
|
|
@ -418,8 +419,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
|
||||
private GrantedAuthoritiesMapper getGrantedAuthoritiesMapperBean() {
|
||||
Map<String, GrantedAuthoritiesMapper> grantedAuthoritiesMapperMap = BeanFactoryUtils
|
||||
.beansOfTypeIncludingAncestors(this.getBuilder().getSharedObject(ApplicationContext.class),
|
||||
GrantedAuthoritiesMapper.class);
|
||||
.beansOfTypeIncludingAncestors(this.getBuilder().getSharedObject(ApplicationContext.class),
|
||||
GrantedAuthoritiesMapper.class);
|
||||
return (!grantedAuthoritiesMapperMap.isEmpty() ? grantedAuthoritiesMapperMap.values().iterator().next() : null);
|
||||
}
|
||||
|
||||
|
|
@ -456,7 +457,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
|
||||
private void initDefaultLoginFilter(B http) {
|
||||
DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
if (loginPageGeneratingFilter == null || this.isCustomLoginPage()) {
|
||||
return;
|
||||
}
|
||||
|
|
@ -470,7 +471,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
private Map<String, String> getLoginLinks() {
|
||||
Iterable<ClientRegistration> clientRegistrations = null;
|
||||
ClientRegistrationRepository clientRegistrationRepository = OAuth2ClientConfigurerUtils
|
||||
.getClientRegistrationRepository(this.getBuilder());
|
||||
.getClientRegistrationRepository(this.getBuilder());
|
||||
ResolvableType type = ResolvableType.forInstance(clientRegistrationRepository).as(Iterable.class);
|
||||
if (type != ResolvableType.NONE && ClientRegistration.class.isAssignableFrom(type.resolveGenerics()[0])) {
|
||||
clientRegistrations = (Iterable<ClientRegistration>) clientRegistrationRepository;
|
||||
|
|
@ -510,13 +511,13 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
|
||||
private RequestMatcher getFormLoginNotEnabledRequestMatcher(B http) {
|
||||
DefaultLoginPageGeneratingFilter defaultLoginPageGeneratingFilter = http
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
Field formLoginEnabledField = (defaultLoginPageGeneratingFilter != null)
|
||||
? ReflectionUtils.findField(DefaultLoginPageGeneratingFilter.class, "formLoginEnabled") : null;
|
||||
if (formLoginEnabledField != null) {
|
||||
ReflectionUtils.makeAccessible(formLoginEnabledField);
|
||||
return (request) -> Boolean.FALSE
|
||||
.equals(ReflectionUtils.getField(formLoginEnabledField, defaultLoginPageGeneratingFilter));
|
||||
.equals(ReflectionUtils.getField(formLoginEnabledField, defaultLoginPageGeneratingFilter));
|
||||
}
|
||||
return AnyRequestMatcher.INSTANCE;
|
||||
}
|
||||
|
|
@ -710,8 +711,8 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
*/
|
||||
public UserInfoEndpointConfig userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
|
||||
Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
|
||||
OAuth2LoginConfigurer.this.getBuilder().setSharedObject(GrantedAuthoritiesMapper.class,
|
||||
userAuthoritiesMapper);
|
||||
OAuth2LoginConfigurer.this.getBuilder()
|
||||
.setSharedObject(GrantedAuthoritiesMapper.class, userAuthoritiesMapper);
|
||||
return this;
|
||||
}
|
||||
|
||||
|
|
@ -731,7 +732,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
|
||||
OAuth2LoginAuthenticationToken authorizationCodeAuthentication = (OAuth2LoginAuthenticationToken) authentication;
|
||||
OAuth2AuthorizationRequest authorizationRequest = authorizationCodeAuthentication.getAuthorizationExchange()
|
||||
.getAuthorizationRequest();
|
||||
.getAuthorizationRequest();
|
||||
if (authorizationRequest.getScopes().contains(OidcScopes.OPENID)) {
|
||||
// Section 3.1.2.1 Authentication Request -
|
||||
// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest scope
|
||||
|
|
|
|||
|
|
@ -298,7 +298,7 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
|
|||
ExceptionHandlingConfigurer<H> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
|
||||
if (exceptionHandling != null) {
|
||||
ContentNegotiationStrategy contentNegotiationStrategy = http
|
||||
.getSharedObject(ContentNegotiationStrategy.class);
|
||||
.getSharedObject(ContentNegotiationStrategy.class);
|
||||
if (contentNegotiationStrategy == null) {
|
||||
contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -341,7 +341,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
OpenSaml4AuthenticationRequestResolver openSaml4AuthenticationRequestResolver = new OpenSaml4AuthenticationRequestResolver(
|
||||
relyingPartyRegistrationResolver(http));
|
||||
openSaml4AuthenticationRequestResolver
|
||||
.setRequestMatcher(new AntPathRequestMatcher(this.authenticationRequestUri));
|
||||
.setRequestMatcher(new AntPathRequestMatcher(this.authenticationRequestUri));
|
||||
return openSaml4AuthenticationRequestResolver;
|
||||
}
|
||||
|
||||
|
|
@ -377,7 +377,7 @@ public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>>
|
|||
|
||||
private void initDefaultLoginFilter(B http) {
|
||||
DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
.getSharedObject(DefaultLoginPageGeneratingFilter.class);
|
||||
if (loginPageGeneratingFilter == null || this.isCustomLoginPage()) {
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -292,7 +292,7 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
|
|||
private Saml2RelyingPartyInitiatedLogoutSuccessHandler createSaml2LogoutRequestSuccessHandler(
|
||||
RelyingPartyRegistrationResolver relyingPartyRegistrationResolver) {
|
||||
Saml2LogoutRequestResolver logoutRequestResolver = this.logoutRequestConfigurer
|
||||
.logoutRequestResolver(relyingPartyRegistrationResolver);
|
||||
.logoutRequestResolver(relyingPartyRegistrationResolver);
|
||||
return new Saml2RelyingPartyInitiatedLogoutSuccessHandler(logoutRequestResolver);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -235,7 +235,7 @@ public class MessageSecurityMetadataSourceRegistry {
|
|||
matcherToExpression.put(entry.getKey().build(), entry.getValue());
|
||||
}
|
||||
return ExpressionBasedMessageSecurityMetadataSourceFactory
|
||||
.createExpressionMessageMetadataSource(matcherToExpression, this.expressionHandler);
|
||||
.createExpressionMessageMetadataSource(matcherToExpression, this.expressionHandler);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -124,7 +124,12 @@ final class ReactiveOAuth2ClientImportSelector implements ImportSelector {
|
|||
ReactiveOAuth2AuthorizedClientManager authorizedClientManager = null;
|
||||
if (this.authorizedClientRepository != null && this.clientRegistrationRepository != null) {
|
||||
ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = ReactiveOAuth2AuthorizedClientProviderBuilder
|
||||
.builder().authorizationCode().refreshToken().clientCredentials().password().build();
|
||||
.builder()
|
||||
.authorizationCode()
|
||||
.refreshToken()
|
||||
.clientCredentials()
|
||||
.password()
|
||||
.build();
|
||||
DefaultReactiveOAuth2AuthorizedClientManager defaultReactiveOAuth2AuthorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(
|
||||
this.clientRegistrationRepository, getAuthorizedClientRepository());
|
||||
defaultReactiveOAuth2AuthorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider);
|
||||
|
|
|
|||
|
|
@ -138,7 +138,7 @@ class WebFluxSecurityConfiguration {
|
|||
static boolean shouldConfigure(ApplicationContext context) {
|
||||
ClassLoader loader = context.getClassLoader();
|
||||
Class<?> reactiveClientRegistrationRepositoryClass = ClassUtils
|
||||
.resolveClassName(REACTIVE_CLIENT_REGISTRATION_REPOSITORY_CLASSNAME, loader);
|
||||
.resolveClassName(REACTIVE_CLIENT_REGISTRATION_REPOSITORY_CLASSNAME, loader);
|
||||
return context.getBeanNamesForType(reactiveClientRegistrationRepositoryClass).length == 1;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.springframework.security.config.annotation.authentication.configurati
|
|||
/**
|
||||
* Add this annotation to an {@code @Configuration} class to have the Spring Security
|
||||
* configuration integrate with Spring MVC.
|
||||
*
|
||||
* @deprecated Use EnableWebSecurity instead which will automatically add the Spring MVC
|
||||
* related Security items.
|
||||
* @author Rob Winch
|
||||
|
|
|
|||
|
|
@ -32,8 +32,8 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
|
|||
* Used to add a {@link RequestDataValueProcessor} for Spring MVC and Spring Security CSRF
|
||||
* integration. This configuration is added whenever {@link EnableWebMvc} is added by
|
||||
* <a href="
|
||||
* {@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a>
|
||||
* and the DispatcherServlet is present on the classpath. It also adds the
|
||||
* {@docRoot}/org/springframework/security/config/annotation/web/configuration/SpringWebMvcImportSelector.html">SpringWebMvcImportSelector</a> and
|
||||
* the DispatcherServlet is present on the classpath. It also adds the
|
||||
* {@link AuthenticationPrincipalArgumentResolver} as a
|
||||
* {@link HandlerMethodArgumentResolver}.
|
||||
*
|
||||
|
|
@ -51,7 +51,7 @@ public class WebMvcSecurityConfiguration implements WebMvcConfigurer {
|
|||
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
|
||||
argumentResolvers.add(new AuthenticationPrincipalArgumentResolver());
|
||||
argumentResolvers
|
||||
.add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver());
|
||||
.add(new org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver());
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
|
|||
|
|
@ -29,10 +29,11 @@ final class MessageMatcherAuthorizationManagerConfiguration {
|
|||
@Scope("prototype")
|
||||
MessageMatcherDelegatingAuthorizationManager.Builder messageAuthorizationManagerBuilder(
|
||||
ApplicationContext context) {
|
||||
return MessageMatcherDelegatingAuthorizationManager.builder().simpDestPathMatcher(
|
||||
() -> (context.getBeanNamesForType(SimpAnnotationMethodMessageHandler.class).length > 0)
|
||||
? context.getBean(SimpAnnotationMethodMessageHandler.class).getPathMatcher()
|
||||
: new AntPathMatcher());
|
||||
return MessageMatcherDelegatingAuthorizationManager.builder()
|
||||
.simpDestPathMatcher(
|
||||
() -> (context.getBeanNamesForType(SimpAnnotationMethodMessageHandler.class).length > 0)
|
||||
? context.getBean(SimpAnnotationMethodMessageHandler.class).getPathMatcher()
|
||||
: new AntPathMatcher());
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -64,10 +64,13 @@ final class WebSocketMessageBrokerSecurityConfiguration
|
|||
private MessageMatcherDelegatingAuthorizationManager b;
|
||||
|
||||
private static final AuthorizationManager<Message<?>> ANY_MESSAGE_AUTHENTICATED = MessageMatcherDelegatingAuthorizationManager
|
||||
.builder().anyMessage().authenticated().build();
|
||||
.builder()
|
||||
.anyMessage()
|
||||
.authenticated()
|
||||
.build();
|
||||
|
||||
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||
.getContextHolderStrategy();
|
||||
.getContextHolderStrategy();
|
||||
|
||||
private final SecurityContextChannelInterceptor securityContextChannelInterceptor = new SecurityContextChannelInterceptor();
|
||||
|
||||
|
|
|
|||
|
|
@ -31,8 +31,9 @@ class OAuth2LoginRuntimeHints implements RuntimeHintsRegistrar {
|
|||
|
||||
@Override
|
||||
public void registerHints(RuntimeHints hints, ClassLoader classLoader) {
|
||||
hints.reflection().registerTypeIfPresent(classLoader, "org.springframework.security.oauth2.jwt.JwtDecoder",
|
||||
MemberCategory.INVOKE_PUBLIC_METHODS);
|
||||
hints.reflection()
|
||||
.registerTypeIfPresent(classLoader, "org.springframework.security.oauth2.jwt.JwtDecoder",
|
||||
MemberCategory.INVOKE_PUBLIC_METHODS);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,12 +55,12 @@ public abstract class AbstractUserDetailsServiceBeanDefinitionParser implements
|
|||
// Register a caching version of the user service if there's a cache-ref
|
||||
if (StringUtils.hasText(cacheRef)) {
|
||||
BeanDefinitionBuilder cachingUSBuilder = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(CachingUserDetailsService.class);
|
||||
.rootBeanDefinition(CachingUserDetailsService.class);
|
||||
cachingUSBuilder.addConstructorArgReference(beanId);
|
||||
cachingUSBuilder.addPropertyValue("userCache", new RuntimeBeanReference(cacheRef));
|
||||
BeanDefinition cachingUserService = cachingUSBuilder.getBeanDefinition();
|
||||
parserContext
|
||||
.registerBeanComponent(new BeanComponentDefinition(cachingUserService, beanId + CACHING_SUFFIX));
|
||||
.registerBeanComponent(new BeanComponentDefinition(cachingUserService, beanId + CACHING_SUFFIX));
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -64,8 +64,8 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
|
|||
String id = element.getAttribute("id");
|
||||
if (!StringUtils.hasText(id)) {
|
||||
if (pc.getRegistry().containsBeanDefinition(BeanIds.AUTHENTICATION_MANAGER)) {
|
||||
pc.getReaderContext().warning("Overriding globally registered AuthenticationManager",
|
||||
pc.extractSource(element));
|
||||
pc.getReaderContext()
|
||||
.warning("Overriding globally registered AuthenticationManager", pc.extractSource(element));
|
||||
}
|
||||
id = BeanIds.AUTHENTICATION_MANAGER;
|
||||
}
|
||||
|
|
@ -124,14 +124,16 @@ public class AuthenticationManagerBeanDefinitionParser implements BeanDefinition
|
|||
return new RuntimeBeanReference(providerId);
|
||||
}
|
||||
if (providerElement.getAttributes().getLength() > 1) {
|
||||
pc.getReaderContext().error("authentication-provider element cannot be used with other attributes "
|
||||
+ "when using 'ref' attribute", pc.extractSource(element));
|
||||
pc.getReaderContext()
|
||||
.error("authentication-provider element cannot be used with other attributes "
|
||||
+ "when using 'ref' attribute", pc.extractSource(element));
|
||||
}
|
||||
NodeList providerChildren = providerElement.getChildNodes();
|
||||
for (int i = 0; i < providerChildren.getLength(); i++) {
|
||||
if (providerChildren.item(i) instanceof Element) {
|
||||
pc.getReaderContext().error("authentication-provider element cannot have child elements when used "
|
||||
+ "with 'ref' attribute", pc.extractSource(element));
|
||||
pc.getReaderContext()
|
||||
.error("authentication-provider element cannot have child elements when used "
|
||||
+ "with 'ref' attribute", pc.extractSource(element));
|
||||
}
|
||||
}
|
||||
return new RuntimeBeanReference(ref);
|
||||
|
|
|
|||
|
|
@ -60,9 +60,9 @@ public class AuthenticationProviderBeanDefinitionParser implements BeanDefinitio
|
|||
if (StringUtils.hasText(ref)) {
|
||||
if (userServiceElt != null) {
|
||||
pc.getReaderContext()
|
||||
.error("The " + ATT_USER_DETAILS_REF + " attribute cannot be used in combination with child"
|
||||
+ "elements '" + Elements.USER_SERVICE + "', '" + Elements.JDBC_USER_SERVICE + "' or '"
|
||||
+ Elements.LDAP_USER_SERVICE + "'", element);
|
||||
.error("The " + ATT_USER_DETAILS_REF + " attribute cannot be used in combination with child"
|
||||
+ "elements '" + Elements.USER_SERVICE + "', '" + Elements.JDBC_USER_SERVICE + "' or '"
|
||||
+ Elements.LDAP_USER_SERVICE + "'", element);
|
||||
}
|
||||
authProvider.getPropertyValues().add("userDetailsService", new RuntimeBeanReference(ref));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,8 +46,9 @@ public class JdbcUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
|||
builder.addPropertyReference("dataSource", dataSource);
|
||||
}
|
||||
else {
|
||||
parserContext.getReaderContext().error(ATT_DATA_SOURCE + " is required for " + Elements.JDBC_USER_SERVICE,
|
||||
parserContext.extractSource(element));
|
||||
parserContext.getReaderContext()
|
||||
.error(ATT_DATA_SOURCE + " is required for " + Elements.JDBC_USER_SERVICE,
|
||||
parserContext.extractSource(element));
|
||||
}
|
||||
String usersQuery = element.getAttribute(ATT_USERS_BY_USERNAME_QUERY);
|
||||
String authoritiesQuery = element.getAttribute(ATT_AUTHORITIES_BY_USERNAME_QUERY);
|
||||
|
|
|
|||
|
|
@ -299,11 +299,12 @@ final class AuthenticationConfigBuilder {
|
|||
formFilter.getPropertyValues().addPropertyValue("allowSessionCreation", this.allowSessionCreation);
|
||||
formFilter.getPropertyValues().addPropertyValue("authenticationManager", authManager);
|
||||
if (authenticationFilterSecurityContextRepositoryRef != null) {
|
||||
formFilter.getPropertyValues().addPropertyValue("securityContextRepository",
|
||||
authenticationFilterSecurityContextRepositoryRef);
|
||||
formFilter.getPropertyValues()
|
||||
.addPropertyValue("securityContextRepository", authenticationFilterSecurityContextRepositoryRef);
|
||||
}
|
||||
formFilter.getPropertyValues().addPropertyValue("securityContextHolderStrategy",
|
||||
authenticationFilterSecurityContextHolderStrategyRef);
|
||||
formFilter.getPropertyValues()
|
||||
.addPropertyValue("securityContextHolderStrategy",
|
||||
authenticationFilterSecurityContextHolderStrategyRef);
|
||||
// Id is required by login page filter
|
||||
this.formFilterId = this.pc.getReaderContext().generateBeanName(formFilter);
|
||||
this.pc.registerBeanComponent(new BeanComponentDefinition(formFilter, this.formFilterId));
|
||||
|
|
@ -337,8 +338,8 @@ final class AuthenticationConfigBuilder {
|
|||
registerDefaultAuthorizedClientRepositoryIfNecessary(defaultAuthorizedClientRepository);
|
||||
oauth2LoginFilterBean.getPropertyValues().addPropertyValue("authenticationManager", authManager);
|
||||
if (authenticationFilterSecurityContextRepositoryRef != null) {
|
||||
oauth2LoginFilterBean.getPropertyValues().addPropertyValue("securityContextRepository",
|
||||
authenticationFilterSecurityContextRepositoryRef);
|
||||
oauth2LoginFilterBean.getPropertyValues()
|
||||
.addPropertyValue("securityContextRepository", authenticationFilterSecurityContextRepositoryRef);
|
||||
}
|
||||
|
||||
// retrieve the other bean result
|
||||
|
|
@ -350,7 +351,7 @@ final class AuthenticationConfigBuilder {
|
|||
String oauth2LoginAuthProviderId = this.pc.getReaderContext().generateBeanName(oauth2LoginAuthProvider);
|
||||
this.oauth2LoginFilterId = this.pc.getReaderContext().generateBeanName(oauth2LoginFilterBean);
|
||||
String oauth2AuthorizationRequestRedirectFilterId = this.pc.getReaderContext()
|
||||
.generateBeanName(this.oauth2AuthorizationRequestRedirectFilter);
|
||||
.generateBeanName(this.oauth2AuthorizationRequestRedirectFilter);
|
||||
this.oauth2LoginLinks = parser.getOAuth2LoginLinks();
|
||||
|
||||
// register the component
|
||||
|
|
@ -385,17 +386,17 @@ final class AuthenticationConfigBuilder {
|
|||
registerDefaultAuthorizedClientRepositoryIfNecessary(defaultAuthorizedClientRepository);
|
||||
this.authorizationRequestRedirectFilter = parser.getAuthorizationRequestRedirectFilter();
|
||||
String authorizationRequestRedirectFilterId = this.pc.getReaderContext()
|
||||
.generateBeanName(this.authorizationRequestRedirectFilter);
|
||||
.generateBeanName(this.authorizationRequestRedirectFilter);
|
||||
this.pc.registerBeanComponent(new BeanComponentDefinition(this.authorizationRequestRedirectFilter,
|
||||
authorizationRequestRedirectFilterId));
|
||||
this.authorizationCodeGrantFilter = parser.getAuthorizationCodeGrantFilter();
|
||||
String authorizationCodeGrantFilterId = this.pc.getReaderContext()
|
||||
.generateBeanName(this.authorizationCodeGrantFilter);
|
||||
.generateBeanName(this.authorizationCodeGrantFilter);
|
||||
this.pc.registerBeanComponent(
|
||||
new BeanComponentDefinition(this.authorizationCodeGrantFilter, authorizationCodeGrantFilterId));
|
||||
BeanDefinition authorizationCodeAuthenticationProvider = parser.getAuthorizationCodeAuthenticationProvider();
|
||||
String authorizationCodeAuthenticationProviderId = this.pc.getReaderContext()
|
||||
.generateBeanName(authorizationCodeAuthenticationProvider);
|
||||
.generateBeanName(authorizationCodeAuthenticationProvider);
|
||||
this.pc.registerBeanComponent(new BeanComponentDefinition(authorizationCodeAuthenticationProvider,
|
||||
authorizationCodeAuthenticationProviderId));
|
||||
this.authorizationCodeAuthenticationProviderRef = new RuntimeBeanReference(
|
||||
|
|
@ -405,7 +406,7 @@ final class AuthenticationConfigBuilder {
|
|||
void registerDefaultAuthorizedClientRepositoryIfNecessary(BeanDefinition defaultAuthorizedClientRepository) {
|
||||
if (!this.defaultAuthorizedClientRepositoryRegistered && defaultAuthorizedClientRepository != null) {
|
||||
String authorizedClientRepositoryId = this.pc.getReaderContext()
|
||||
.generateBeanName(defaultAuthorizedClientRepository);
|
||||
.generateBeanName(defaultAuthorizedClientRepository);
|
||||
this.pc.registerBeanComponent(
|
||||
new BeanComponentDefinition(defaultAuthorizedClientRepository, authorizedClientRepositoryId));
|
||||
this.defaultAuthorizedClientRepositoryRegistered = true;
|
||||
|
|
@ -418,7 +419,7 @@ final class AuthenticationConfigBuilder {
|
|||
}
|
||||
if (webMvcPresent) {
|
||||
this.pc.getReaderContext()
|
||||
.registerWithGeneratedName(new RootBeanDefinition(OAuth2ClientWebMvcSecurityPostProcessor.class));
|
||||
.registerWithGeneratedName(new RootBeanDefinition(OAuth2ClientWebMvcSecurityPostProcessor.class));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -437,7 +438,7 @@ final class AuthenticationConfigBuilder {
|
|||
|
||||
this.saml2AuthenticationFilterId = this.pc.getReaderContext().generateBeanName(saml2WebSsoAuthenticationFilter);
|
||||
this.saml2AuthenticationRequestFilterId = this.pc.getReaderContext()
|
||||
.generateBeanName(this.saml2AuthorizationRequestFilter);
|
||||
.generateBeanName(this.saml2AuthorizationRequestFilter);
|
||||
this.saml2AuthenticationUrlToProviderName = parser.getSaml2AuthenticationUrlToProviderName();
|
||||
|
||||
// register the component
|
||||
|
|
@ -449,8 +450,8 @@ final class AuthenticationConfigBuilder {
|
|||
|
||||
private void injectRememberMeServicesRef(RootBeanDefinition bean, String rememberMeServicesId) {
|
||||
if (rememberMeServicesId != null) {
|
||||
bean.getPropertyValues().addPropertyValue("rememberMeServices",
|
||||
new RuntimeBeanReference(rememberMeServicesId));
|
||||
bean.getPropertyValues()
|
||||
.addPropertyValue("rememberMeServices", new RuntimeBeanReference(rememberMeServicesId));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -508,7 +509,7 @@ final class AuthenticationConfigBuilder {
|
|||
RootBeanDefinition filter = null;
|
||||
if (x509Elt != null) {
|
||||
BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(X509AuthenticationFilter.class);
|
||||
.rootBeanDefinition(X509AuthenticationFilter.class);
|
||||
filterBuilder.getRawBeanDefinition().setSource(this.pc.extractSource(x509Elt));
|
||||
filterBuilder.addPropertyValue("authenticationManager", authManager);
|
||||
filterBuilder.addPropertyValue("securityContextHolderStrategy",
|
||||
|
|
@ -516,7 +517,7 @@ final class AuthenticationConfigBuilder {
|
|||
String regex = x509Elt.getAttribute("subject-principal-regex");
|
||||
if (StringUtils.hasText(regex)) {
|
||||
BeanDefinitionBuilder extractor = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(SubjectDnX509PrincipalExtractor.class);
|
||||
.rootBeanDefinition(SubjectDnX509PrincipalExtractor.class);
|
||||
extractor.addPropertyValue("subjectDnRegex", regex);
|
||||
filterBuilder.addPropertyValue("principalExtractor", extractor.getBeanDefinition());
|
||||
}
|
||||
|
|
@ -559,13 +560,13 @@ final class AuthenticationConfigBuilder {
|
|||
RootBeanDefinition filter = null;
|
||||
if (jeeElt != null) {
|
||||
BeanDefinitionBuilder filterBuilder = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(J2eePreAuthenticatedProcessingFilter.class);
|
||||
.rootBeanDefinition(J2eePreAuthenticatedProcessingFilter.class);
|
||||
filterBuilder.getRawBeanDefinition().setSource(this.pc.extractSource(jeeElt));
|
||||
filterBuilder.addPropertyValue("authenticationManager", authManager);
|
||||
filterBuilder.addPropertyValue("securityContextHolderStrategy",
|
||||
authenticationFilterSecurityContextHolderStrategyRef);
|
||||
BeanDefinitionBuilder adsBldr = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class);
|
||||
.rootBeanDefinition(J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource.class);
|
||||
adsBldr.addPropertyValue("userRoles2GrantedAuthoritiesMapper",
|
||||
new RootBeanDefinition(SimpleAttributes2GrantedAuthoritiesMapper.class));
|
||||
String roles = jeeElt.getAttribute(ATT_MAPPABLE_ROLES);
|
||||
|
|
@ -574,8 +575,8 @@ final class AuthenticationConfigBuilder {
|
|||
rolesBuilder.addConstructorArgValue(roles);
|
||||
rolesBuilder.setFactoryMethod("commaDelimitedListToSet");
|
||||
RootBeanDefinition mappableRolesRetriever = new RootBeanDefinition(SimpleMappableAttributesRetriever.class);
|
||||
mappableRolesRetriever.getPropertyValues().addPropertyValue("mappableAttributes",
|
||||
rolesBuilder.getBeanDefinition());
|
||||
mappableRolesRetriever.getPropertyValues()
|
||||
.addPropertyValue("mappableAttributes", rolesBuilder.getBeanDefinition());
|
||||
adsBldr.addPropertyValue("mappableRolesRetriever", mappableRolesRetriever);
|
||||
filterBuilder.addPropertyValue("authenticationDetailsSource", adsBldr.getBeanDefinition());
|
||||
filter = (RootBeanDefinition) filterBuilder.getBeanDefinition();
|
||||
|
|
@ -609,11 +610,11 @@ final class AuthenticationConfigBuilder {
|
|||
this.logger.info("No login page configured. The default internal one will be used. Use the '"
|
||||
+ FormLoginBeanDefinitionParser.ATT_LOGIN_PAGE + "' attribute to set the URL of the login page.");
|
||||
BeanDefinitionBuilder loginPageFilter = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(DefaultLoginPageGeneratingFilter.class);
|
||||
.rootBeanDefinition(DefaultLoginPageGeneratingFilter.class);
|
||||
loginPageFilter.addPropertyValue("resolveHiddenInputs", new CsrfTokenHiddenInputFunction());
|
||||
|
||||
BeanDefinitionBuilder logoutPageFilter = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(DefaultLogoutPageGeneratingFilter.class);
|
||||
.rootBeanDefinition(DefaultLogoutPageGeneratingFilter.class);
|
||||
logoutPageFilter.addPropertyValue("resolveHiddenInputs", new CsrfTokenHiddenInputFunction());
|
||||
if (this.formFilterId != null) {
|
||||
loginPageFilter.addConstructorArgReference(this.formFilterId);
|
||||
|
|
@ -726,10 +727,10 @@ final class AuthenticationConfigBuilder {
|
|||
this.anonymousFilter = new RootBeanDefinition(AnonymousAuthenticationFilter.class);
|
||||
this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
|
||||
this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(1, username);
|
||||
this.anonymousFilter.getConstructorArgumentValues().addIndexedArgumentValue(2,
|
||||
AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority));
|
||||
this.anonymousFilter.getPropertyValues().addPropertyValue("securityContextHolderStrategy",
|
||||
authenticationFilterSecurityContextHolderStrategyRef);
|
||||
this.anonymousFilter.getConstructorArgumentValues()
|
||||
.addIndexedArgumentValue(2, AuthorityUtils.commaSeparatedStringToAuthorityList(grantedAuthority));
|
||||
this.anonymousFilter.getPropertyValues()
|
||||
.addPropertyValue("securityContextHolderStrategy", authenticationFilterSecurityContextHolderStrategyRef);
|
||||
this.anonymousFilter.setSource(source);
|
||||
RootBeanDefinition anonymousProviderBean = new RootBeanDefinition(AnonymousAuthenticationProvider.class);
|
||||
anonymousProviderBean.getConstructorArgumentValues().addIndexedArgumentValue(0, key);
|
||||
|
|
@ -760,16 +761,16 @@ final class AuthenticationConfigBuilder {
|
|||
private BeanMetadataElement createAccessDeniedHandler(Element element, ParserContext pc) {
|
||||
Element accessDeniedElt = DomUtils.getChildElementByTagName(element, Elements.ACCESS_DENIED_HANDLER);
|
||||
BeanDefinitionBuilder accessDeniedHandler = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(AccessDeniedHandlerImpl.class);
|
||||
.rootBeanDefinition(AccessDeniedHandlerImpl.class);
|
||||
if (accessDeniedElt != null) {
|
||||
String errorPage = accessDeniedElt.getAttribute("error-page");
|
||||
String ref = accessDeniedElt.getAttribute("ref");
|
||||
if (StringUtils.hasText(errorPage)) {
|
||||
if (StringUtils.hasText(ref)) {
|
||||
pc.getReaderContext()
|
||||
.error("The attribute " + ATT_ACCESS_DENIED_ERROR_PAGE
|
||||
+ " cannot be used together with the 'ref' attribute within <"
|
||||
+ Elements.ACCESS_DENIED_HANDLER + ">", pc.extractSource(accessDeniedElt));
|
||||
.error("The attribute " + ATT_ACCESS_DENIED_ERROR_PAGE
|
||||
+ " cannot be used together with the 'ref' attribute within <"
|
||||
+ Elements.ACCESS_DENIED_HANDLER + ">", pc.extractSource(accessDeniedElt));
|
||||
|
||||
}
|
||||
accessDeniedHandler.addPropertyValue("errorPage", errorPage);
|
||||
|
|
@ -786,10 +787,10 @@ final class AuthenticationConfigBuilder {
|
|||
return this.defaultDeniedHandlerMappings.values().iterator().next();
|
||||
}
|
||||
accessDeniedHandler = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(RequestMatcherDelegatingAccessDeniedHandler.class);
|
||||
.rootBeanDefinition(RequestMatcherDelegatingAccessDeniedHandler.class);
|
||||
accessDeniedHandler.addConstructorArgValue(this.defaultDeniedHandlerMappings);
|
||||
accessDeniedHandler
|
||||
.addConstructorArgValue(BeanDefinitionBuilder.rootBeanDefinition(AccessDeniedHandlerImpl.class));
|
||||
.addConstructorArgValue(BeanDefinitionBuilder.rootBeanDefinition(AccessDeniedHandlerImpl.class));
|
||||
return accessDeniedHandler.getBeanDefinition();
|
||||
}
|
||||
|
||||
|
|
@ -805,7 +806,7 @@ final class AuthenticationConfigBuilder {
|
|||
return this.defaultEntryPointMappings.values().iterator().next();
|
||||
}
|
||||
BeanDefinitionBuilder delegatingEntryPoint = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(DelegatingAuthenticationEntryPoint.class);
|
||||
.rootBeanDefinition(DelegatingAuthenticationEntryPoint.class);
|
||||
delegatingEntryPoint.addConstructorArgValue(this.defaultEntryPointMappings);
|
||||
return delegatingEntryPoint.getBeanDefinition();
|
||||
}
|
||||
|
|
@ -836,10 +837,11 @@ final class AuthenticationConfigBuilder {
|
|||
if (this.oauth2LoginEntryPoint != null) {
|
||||
return this.oauth2LoginEntryPoint;
|
||||
}
|
||||
this.pc.getReaderContext().error("No AuthenticationEntryPoint could be established. Please "
|
||||
+ "make sure you have a login mechanism configured through the namespace (such as form-login) or "
|
||||
+ "specify a custom AuthenticationEntryPoint with the '" + ATT_ENTRY_POINT_REF + "' attribute ",
|
||||
this.pc.extractSource(this.httpElt));
|
||||
this.pc.getReaderContext()
|
||||
.error("No AuthenticationEntryPoint could be established. Please "
|
||||
+ "make sure you have a login mechanism configured through the namespace (such as form-login) or "
|
||||
+ "specify a custom AuthenticationEntryPoint with the '" + ATT_ENTRY_POINT_REF + "' attribute ",
|
||||
this.pc.extractSource(this.httpElt));
|
||||
return null;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -75,13 +75,14 @@ class AuthorizationFilterParser implements BeanDefinitionParser {
|
|||
@Override
|
||||
public BeanDefinition parse(Element element, ParserContext parserContext) {
|
||||
if (!isUseExpressions(element)) {
|
||||
parserContext.getReaderContext().error("AuthorizationManager must be used with `use-expressions=\"true\"",
|
||||
element);
|
||||
parserContext.getReaderContext()
|
||||
.error("AuthorizationManager must be used with `use-expressions=\"true\"", element);
|
||||
return null;
|
||||
}
|
||||
if (StringUtils.hasText(element.getAttribute(ATT_ACCESS_DECISION_MANAGER_REF))) {
|
||||
parserContext.getReaderContext().error(
|
||||
"AuthorizationManager cannot be used in conjunction with `access-decision-manager-ref`", element);
|
||||
parserContext.getReaderContext()
|
||||
.error("AuthorizationManager cannot be used in conjunction with `access-decision-manager-ref`",
|
||||
element);
|
||||
return null;
|
||||
}
|
||||
this.authorizationManagerRef = createAuthorizationManager(element, parserContext);
|
||||
|
|
@ -92,8 +93,8 @@ class AuthorizationFilterParser implements BeanDefinitionParser {
|
|||
filterBuilder.addPropertyValue("shouldFilterAllDispatcherTypes", Boolean.FALSE);
|
||||
}
|
||||
BeanDefinition filter = filterBuilder
|
||||
.addPropertyValue("securityContextHolderStrategy", this.securityContextHolderStrategy)
|
||||
.getBeanDefinition();
|
||||
.addPropertyValue("securityContextHolderStrategy", this.securityContextHolderStrategy)
|
||||
.getBeanDefinition();
|
||||
String id = element.getAttribute(AbstractBeanDefinitionParser.ID_ATTRIBUTE);
|
||||
if (StringUtils.hasText(id)) {
|
||||
parserContext.registerComponent(new BeanComponentDefinition(filter, id));
|
||||
|
|
@ -123,16 +124,16 @@ class AuthorizationFilterParser implements BeanDefinitionParser {
|
|||
for (Element interceptMessage : interceptMessages) {
|
||||
String accessExpression = interceptMessage.getAttribute(ATT_ACCESS);
|
||||
BeanDefinitionBuilder authorizationManager = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(WebExpressionAuthorizationManager.class);
|
||||
.rootBeanDefinition(WebExpressionAuthorizationManager.class);
|
||||
authorizationManager.addPropertyReference("expressionHandler", expressionHandlerRef);
|
||||
authorizationManager.addConstructorArgValue(accessExpression);
|
||||
BeanMetadataElement matcher = createMatcher(matcherType, interceptMessage, parserContext);
|
||||
matcherToExpression.put(matcher, authorizationManager.getBeanDefinition());
|
||||
}
|
||||
BeanDefinitionBuilder mds = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(RequestMatcherDelegatingAuthorizationManagerFactory.class)
|
||||
.addPropertyValue("requestMatcherMap", matcherToExpression)
|
||||
.addPropertyValue("observationRegistry", getObservationRegistry(element));
|
||||
.rootBeanDefinition(RequestMatcherDelegatingAuthorizationManagerFactory.class)
|
||||
.addPropertyValue("requestMatcherMap", matcherToExpression)
|
||||
.addPropertyValue("observationRegistry", getObservationRegistry(element));
|
||||
return context.registerWithGeneratedName(mds.getBeanDefinition());
|
||||
}
|
||||
|
||||
|
|
@ -152,8 +153,9 @@ class AuthorizationFilterParser implements BeanDefinitionParser {
|
|||
servletPath = null;
|
||||
}
|
||||
else if (!MatcherType.mvc.equals(matcherType)) {
|
||||
parserContext.getReaderContext().error(
|
||||
ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'", urlElt);
|
||||
parserContext.getReaderContext()
|
||||
.error(ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'",
|
||||
urlElt);
|
||||
}
|
||||
return hasMatcherRef ? new RuntimeBeanReference(matcherRef)
|
||||
: matcherType.createMatcher(parserContext, path, method, servletPath);
|
||||
|
|
@ -190,9 +192,9 @@ class AuthorizationFilterParser implements BeanDefinitionParser {
|
|||
@Override
|
||||
public AuthorizationManager<HttpServletRequest> getObject() throws Exception {
|
||||
RequestMatcherDelegatingAuthorizationManager.Builder builder = RequestMatcherDelegatingAuthorizationManager
|
||||
.builder();
|
||||
.builder();
|
||||
for (Map.Entry<RequestMatcher, AuthorizationManager<RequestAuthorizationContext>> entry : this.beans
|
||||
.entrySet()) {
|
||||
.entrySet()) {
|
||||
builder.add(entry.getKey(), entry.getValue());
|
||||
}
|
||||
AuthorizationManager<HttpServletRequest> manager = builder.build();
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
|
|||
if (!StringUtils.hasText(this.csrfRepositoryRef)) {
|
||||
RootBeanDefinition csrfTokenRepository = new RootBeanDefinition(HttpSessionCsrfTokenRepository.class);
|
||||
BeanDefinitionBuilder lazyTokenRepository = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(LazyCsrfTokenRepository.class);
|
||||
.rootBeanDefinition(LazyCsrfTokenRepository.class);
|
||||
lazyTokenRepository.addConstructorArgValue(csrfTokenRepository);
|
||||
this.csrfRepositoryRef = pc.getReaderContext().generateBeanName(lazyTokenRepository.getBeanDefinition());
|
||||
pc.registerBeanComponent(
|
||||
|
|
@ -161,19 +161,20 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
|
|||
}
|
||||
ManagedMap<Class<? extends AccessDeniedException>, BeanDefinition> handlers = new ManagedMap<>();
|
||||
BeanDefinitionBuilder invalidSessionHandlerBldr = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(InvalidSessionAccessDeniedHandler.class);
|
||||
.rootBeanDefinition(InvalidSessionAccessDeniedHandler.class);
|
||||
invalidSessionHandlerBldr.addConstructorArgValue(invalidSessionStrategy);
|
||||
handlers.put(MissingCsrfTokenException.class, invalidSessionHandlerBldr.getBeanDefinition());
|
||||
BeanDefinitionBuilder deniedBldr = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(DelegatingAccessDeniedHandler.class);
|
||||
.rootBeanDefinition(DelegatingAccessDeniedHandler.class);
|
||||
deniedBldr.addConstructorArgValue(handlers);
|
||||
deniedBldr.addConstructorArgValue(defaultDeniedHandler);
|
||||
BeanDefinition denied = deniedBldr.getBeanDefinition();
|
||||
ManagedList compositeList = new ManagedList();
|
||||
BeanDefinitionBuilder compositeBldr = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(CompositeAccessDeniedHandler.class);
|
||||
.rootBeanDefinition(CompositeAccessDeniedHandler.class);
|
||||
BeanDefinition observing = BeanDefinitionBuilder.rootBeanDefinition(ObservationMarkingAccessDeniedHandler.class)
|
||||
.addConstructorArgValue(this.observationRegistry).getBeanDefinition();
|
||||
.addConstructorArgValue(this.observationRegistry)
|
||||
.getBeanDefinition();
|
||||
compositeList.add(denied);
|
||||
compositeList.add(observing);
|
||||
compositeBldr.addConstructorArgValue(compositeList);
|
||||
|
|
@ -182,14 +183,14 @@ public class CsrfBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
BeanDefinition getCsrfAuthenticationStrategy() {
|
||||
BeanDefinitionBuilder csrfAuthenticationStrategy = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(CsrfAuthenticationStrategy.class);
|
||||
.rootBeanDefinition(CsrfAuthenticationStrategy.class);
|
||||
csrfAuthenticationStrategy.addConstructorArgReference(this.csrfRepositoryRef);
|
||||
return csrfAuthenticationStrategy.getBeanDefinition();
|
||||
}
|
||||
|
||||
BeanDefinition getCsrfLogoutHandler() {
|
||||
BeanDefinitionBuilder csrfAuthenticationStrategy = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(CsrfLogoutHandler.class);
|
||||
.rootBeanDefinition(CsrfLogoutHandler.class);
|
||||
csrfAuthenticationStrategy.addConstructorArgReference(this.csrfRepositoryRef);
|
||||
return csrfAuthenticationStrategy.getBeanDefinition();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -150,7 +150,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
|
|||
return;
|
||||
}
|
||||
String loginPage = ((LoginUrlAuthenticationEntryPoint) exceptions.getAuthenticationEntryPoint())
|
||||
.getLoginFormUrl();
|
||||
.getLoginFormUrl();
|
||||
this.logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
|
||||
FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
|
||||
List<Filter> filters = null;
|
||||
|
|
@ -219,7 +219,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
|
|||
AuthorizationFilter authorizationFilter = getFilter(AuthorizationFilter.class, filters);
|
||||
if (authorizationFilter != null) {
|
||||
AuthorizationManager<HttpServletRequest> authorizationManager = authorizationFilter
|
||||
.getAuthorizationManager();
|
||||
.getAuthorizationManager();
|
||||
try {
|
||||
AuthorizationDecision decision = authorizationManager.check(() -> TEST, loginRequest.getHttpRequest());
|
||||
return decision != null && decision.isGranted();
|
||||
|
|
@ -251,7 +251,7 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
|
|||
if (authorizationFilter != null) {
|
||||
return () -> {
|
||||
AuthorizationManager<HttpServletRequest> authorizationManager = authorizationFilter
|
||||
.getAuthorizationManager();
|
||||
.getAuthorizationManager();
|
||||
AuthorizationDecision decision = authorizationManager.check(() -> token, loginRequest.getHttpRequest());
|
||||
return decision != null && decision.isGranted();
|
||||
};
|
||||
|
|
|
|||
|
|
@ -53,13 +53,14 @@ public class FilterChainMapBeanDefinitionDecorator implements BeanDefinitionDeco
|
|||
String path = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN);
|
||||
String filters = chain.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS);
|
||||
if (!StringUtils.hasText(path)) {
|
||||
parserContext.getReaderContext().error(
|
||||
"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN + "' must not be empty",
|
||||
elt);
|
||||
parserContext.getReaderContext()
|
||||
.error("The attribute '" + HttpSecurityBeanDefinitionParser.ATT_PATH_PATTERN
|
||||
+ "' must not be empty", elt);
|
||||
}
|
||||
if (!StringUtils.hasText(filters)) {
|
||||
parserContext.getReaderContext().error(
|
||||
"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "'must not be empty", elt);
|
||||
parserContext.getReaderContext()
|
||||
.error("The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "'must not be empty",
|
||||
elt);
|
||||
}
|
||||
BeanDefinition matcher = matcherType.createMatcher(parserContext, path, null);
|
||||
if (filters.equals(HttpSecurityBeanDefinitionParser.OPT_FILTERS_NONE)) {
|
||||
|
|
|
|||
|
|
@ -69,17 +69,18 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
|
|||
// Check for attributes that aren't allowed in this context
|
||||
for (Element elt : interceptUrls) {
|
||||
if (StringUtils.hasLength(elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL))) {
|
||||
parserContext.getReaderContext().error("The attribute '"
|
||||
+ HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL + "' isn't allowed here.", elt);
|
||||
parserContext.getReaderContext()
|
||||
.error("The attribute '" + HttpSecurityBeanDefinitionParser.ATT_REQUIRES_CHANNEL
|
||||
+ "' isn't allowed here.", elt);
|
||||
}
|
||||
if (StringUtils.hasLength(elt.getAttribute(HttpSecurityBeanDefinitionParser.ATT_FILTERS))) {
|
||||
parserContext.getReaderContext().error(
|
||||
"The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "' isn't allowed here.",
|
||||
elt);
|
||||
parserContext.getReaderContext()
|
||||
.error("The attribute '" + HttpSecurityBeanDefinitionParser.ATT_FILTERS + "' isn't allowed here.",
|
||||
elt);
|
||||
}
|
||||
if (StringUtils.hasLength(elt.getAttribute(ATT_SERVLET_PATH))) {
|
||||
parserContext.getReaderContext().error("The attribute '" + ATT_SERVLET_PATH + "' isn't allowed here.",
|
||||
elt);
|
||||
parserContext.getReaderContext()
|
||||
.error("The attribute '" + ATT_SERVLET_PATH + "' isn't allowed here.", elt);
|
||||
}
|
||||
}
|
||||
BeanDefinition mds = createSecurityMetadataSource(interceptUrls, false, element, parserContext);
|
||||
|
|
@ -110,7 +111,7 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
|
|||
expressionHandlerRef = registerDefaultExpressionHandler(pc);
|
||||
}
|
||||
fidsBuilder = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
|
||||
.rootBeanDefinition(ExpressionBasedFilterInvocationSecurityMetadataSource.class);
|
||||
fidsBuilder.addConstructorArgValue(requestToAttributesMap);
|
||||
fidsBuilder.addConstructorArgReference(expressionHandlerRef);
|
||||
}
|
||||
|
|
@ -159,9 +160,9 @@ public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinit
|
|||
servletPath = null;
|
||||
}
|
||||
else if (!MatcherType.mvc.equals(matcherType)) {
|
||||
parserContext.getReaderContext().error(
|
||||
ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'",
|
||||
urlElt);
|
||||
parserContext.getReaderContext()
|
||||
.error(ATT_SERVLET_PATH + " is not applicable for request-matcher: '" + matcherType.name() + "'",
|
||||
urlElt);
|
||||
}
|
||||
BeanMetadataElement matcher = hasMatcherRef ? new RuntimeBeanReference(matcherRef)
|
||||
: matcherType.createMatcher(parserContext, path, method, servletPath);
|
||||
|
|
|
|||
|
|
@ -159,7 +159,7 @@ public class FormLoginBeanDefinitionParser {
|
|||
}
|
||||
this.filterBean.setSource(source);
|
||||
BeanDefinitionBuilder entryPointBuilder = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
|
||||
.rootBeanDefinition(LoginUrlAuthenticationEntryPoint.class);
|
||||
entryPointBuilder.getRawBeanDefinition().setSource(source);
|
||||
entryPointBuilder.addConstructorArgValue((this.loginPage != null) ? this.loginPage : DEF_LOGIN_PAGE);
|
||||
entryPointBuilder.addPropertyValue("portMapper", this.portMapper);
|
||||
|
|
@ -178,7 +178,7 @@ public class FormLoginBeanDefinitionParser {
|
|||
}
|
||||
this.loginProcessingUrl = loginUrl;
|
||||
BeanDefinitionBuilder matcherBuilder = BeanDefinitionBuilder
|
||||
.rootBeanDefinition("org.springframework.security.web.util.matcher.AntPathRequestMatcher");
|
||||
.rootBeanDefinition("org.springframework.security.web.util.matcher.AntPathRequestMatcher");
|
||||
matcherBuilder.addConstructorArgValue(loginUrl);
|
||||
if (this.loginMethod != null) {
|
||||
matcherBuilder.addConstructorArgValue("POST");
|
||||
|
|
@ -189,13 +189,13 @@ public class FormLoginBeanDefinitionParser {
|
|||
}
|
||||
else if (StringUtils.hasText(authenticationSuccessForwardUrl)) {
|
||||
BeanDefinitionBuilder forwardSuccessHandler = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(ForwardAuthenticationSuccessHandler.class);
|
||||
.rootBeanDefinition(ForwardAuthenticationSuccessHandler.class);
|
||||
forwardSuccessHandler.addConstructorArgValue(authenticationSuccessForwardUrl);
|
||||
filterBuilder.addPropertyValue("authenticationSuccessHandler", forwardSuccessHandler.getBeanDefinition());
|
||||
}
|
||||
else {
|
||||
BeanDefinitionBuilder successHandler = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(SavedRequestAwareAuthenticationSuccessHandler.class);
|
||||
.rootBeanDefinition(SavedRequestAwareAuthenticationSuccessHandler.class);
|
||||
if ("true".equals(alwaysUseDefault)) {
|
||||
successHandler.addPropertyValue("alwaysUseDefaultTargetUrl", Boolean.TRUE);
|
||||
}
|
||||
|
|
@ -215,13 +215,13 @@ public class FormLoginBeanDefinitionParser {
|
|||
}
|
||||
else if (StringUtils.hasText(authenticationFailureForwardUrl)) {
|
||||
BeanDefinitionBuilder forwardFailureHandler = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(ForwardAuthenticationFailureHandler.class);
|
||||
.rootBeanDefinition(ForwardAuthenticationFailureHandler.class);
|
||||
forwardFailureHandler.addConstructorArgValue(authenticationFailureForwardUrl);
|
||||
filterBuilder.addPropertyValue("authenticationFailureHandler", forwardFailureHandler.getBeanDefinition());
|
||||
}
|
||||
else {
|
||||
BeanDefinitionBuilder failureHandler = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(SimpleUrlAuthenticationFailureHandler.class);
|
||||
.rootBeanDefinition(SimpleUrlAuthenticationFailureHandler.class);
|
||||
if (!StringUtils.hasText(authenticationFailureUrl)) {
|
||||
// Fall back to re-displaying the custom login page, if one was specified.
|
||||
if (StringUtils.hasText(loginPage)) {
|
||||
|
|
|
|||
|
|
@ -50,10 +50,10 @@ final class GrantedAuthorityDefaultsParserUtils {
|
|||
@Override
|
||||
public final void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
|
||||
String[] grantedAuthorityDefaultsBeanNames = applicationContext
|
||||
.getBeanNamesForType(GrantedAuthorityDefaults.class);
|
||||
.getBeanNamesForType(GrantedAuthorityDefaults.class);
|
||||
if (grantedAuthorityDefaultsBeanNames.length == 1) {
|
||||
GrantedAuthorityDefaults grantedAuthorityDefaults = applicationContext
|
||||
.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
|
||||
.getBean(grantedAuthorityDefaultsBeanNames[0], GrantedAuthorityDefaults.class);
|
||||
this.rolePrefix = grantedAuthorityDefaults.getRolePrefix();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -157,8 +157,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
parseHeaderElements(element);
|
||||
boolean noWriters = this.headerWriters.isEmpty();
|
||||
if (disabled && !noWriters) {
|
||||
parserContext.getReaderContext().error("Cannot specify <headers disabled=\"true\"> with child elements.",
|
||||
element);
|
||||
parserContext.getReaderContext()
|
||||
.error("Cannot specify <headers disabled=\"true\"> with child elements.", element);
|
||||
}
|
||||
else if (noWriters) {
|
||||
return null;
|
||||
|
|
@ -192,7 +192,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
private void addCacheControl() {
|
||||
BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
|
||||
.genericBeanDefinition(CacheControlHeadersWriter.class);
|
||||
.genericBeanDefinition(CacheControlHeadersWriter.class);
|
||||
this.headerWriters.add(headersWriter.getBeanDefinition());
|
||||
}
|
||||
|
||||
|
|
@ -309,11 +309,11 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
private void addContentSecurityPolicy(Element contentSecurityPolicyElement, ParserContext context) {
|
||||
BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
|
||||
.genericBeanDefinition(ContentSecurityPolicyHeaderWriter.class);
|
||||
.genericBeanDefinition(ContentSecurityPolicyHeaderWriter.class);
|
||||
String policyDirectives = contentSecurityPolicyElement.getAttribute(ATT_POLICY_DIRECTIVES);
|
||||
if (!StringUtils.hasText(policyDirectives)) {
|
||||
context.getReaderContext().error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.",
|
||||
contentSecurityPolicyElement);
|
||||
context.getReaderContext()
|
||||
.error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.", contentSecurityPolicyElement);
|
||||
}
|
||||
else {
|
||||
headersWriter.addConstructorArgValue(policyDirectives);
|
||||
|
|
@ -335,7 +335,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
private void addReferrerPolicy(Element referrerPolicyElement, ParserContext context) {
|
||||
BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
|
||||
.genericBeanDefinition(ReferrerPolicyHeaderWriter.class);
|
||||
.genericBeanDefinition(ReferrerPolicyHeaderWriter.class);
|
||||
String policy = referrerPolicyElement.getAttribute(ATT_POLICY);
|
||||
if (StringUtils.hasLength(policy)) {
|
||||
headersWriter.addConstructorArgValue(ReferrerPolicy.get(policy));
|
||||
|
|
@ -353,11 +353,11 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
private void addFeaturePolicy(Element featurePolicyElement, ParserContext context) {
|
||||
BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
|
||||
.genericBeanDefinition(FeaturePolicyHeaderWriter.class);
|
||||
.genericBeanDefinition(FeaturePolicyHeaderWriter.class);
|
||||
String policyDirectives = featurePolicyElement.getAttribute(ATT_POLICY_DIRECTIVES);
|
||||
if (!StringUtils.hasText(policyDirectives)) {
|
||||
context.getReaderContext().error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.",
|
||||
featurePolicyElement);
|
||||
context.getReaderContext()
|
||||
.error(ATT_POLICY_DIRECTIVES + " requires a 'value' to be set.", featurePolicyElement);
|
||||
}
|
||||
else {
|
||||
headersWriter.addConstructorArgValue(policyDirectives);
|
||||
|
|
@ -375,7 +375,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
private void addPermissionsPolicy(Element permissionsPolicyElement, ParserContext context) {
|
||||
BeanDefinitionBuilder headersWriter = BeanDefinitionBuilder
|
||||
.genericBeanDefinition(PermissionsPolicyHeaderWriter.class);
|
||||
.genericBeanDefinition(PermissionsPolicyHeaderWriter.class);
|
||||
String policyDirectives = permissionsPolicyElement.getAttribute(ATT_POLICY);
|
||||
if (!StringUtils.hasText(policyDirectives)) {
|
||||
context.getReaderContext().error(ATT_POLICY + " requires a 'value' to be set.", permissionsPolicyElement);
|
||||
|
|
@ -397,7 +397,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
addCrossOriginOpenerPolicy(crossOriginOpenerPolicyElement, writer);
|
||||
}
|
||||
BeanDefinitionBuilder builder = BeanDefinitionBuilder
|
||||
.genericBeanDefinition(CrossOriginOpenerPolicyHeaderWriter.class, () -> writer);
|
||||
.genericBeanDefinition(CrossOriginOpenerPolicyHeaderWriter.class, () -> writer);
|
||||
this.headerWriters.add(builder.getBeanDefinition());
|
||||
}
|
||||
|
||||
|
|
@ -412,7 +412,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
addCrossOriginEmbedderPolicy(crossOriginEmbedderPolicyElement, writer);
|
||||
}
|
||||
BeanDefinitionBuilder builder = BeanDefinitionBuilder
|
||||
.genericBeanDefinition(CrossOriginEmbedderPolicyHeaderWriter.class, () -> writer);
|
||||
.genericBeanDefinition(CrossOriginEmbedderPolicyHeaderWriter.class, () -> writer);
|
||||
this.headerWriters.add(builder.getBeanDefinition());
|
||||
}
|
||||
|
||||
|
|
@ -427,7 +427,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
addCrossOriginResourcePolicy(crossOriginResourcePolicyElement, writer);
|
||||
}
|
||||
BeanDefinitionBuilder builder = BeanDefinitionBuilder
|
||||
.genericBeanDefinition(CrossOriginResourcePolicyHeaderWriter.class, () -> writer);
|
||||
.genericBeanDefinition(CrossOriginResourcePolicyHeaderWriter.class, () -> writer);
|
||||
this.headerWriters.add(builder.getBeanDefinition());
|
||||
}
|
||||
|
||||
|
|
@ -456,8 +456,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
}
|
||||
|
||||
private void attrNotAllowed(ParserContext context, String attrName, String otherAttrName, Element element) {
|
||||
context.getReaderContext().error("Only one of '" + attrName + "' or '" + otherAttrName + "' can be set.",
|
||||
element);
|
||||
context.getReaderContext()
|
||||
.error("Only one of '" + attrName + "' or '" + otherAttrName + "' can be set.", element);
|
||||
}
|
||||
|
||||
private void parseHeaderElements(Element element) {
|
||||
|
|
@ -491,7 +491,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
|
||||
private void addContentTypeOptions() {
|
||||
BeanDefinitionBuilder builder = BeanDefinitionBuilder
|
||||
.genericBeanDefinition(XContentTypeOptionsHeaderWriter.class);
|
||||
.genericBeanDefinition(XContentTypeOptionsHeaderWriter.class);
|
||||
this.headerWriters.add(builder.getBeanDefinition());
|
||||
}
|
||||
|
||||
|
|
@ -527,8 +527,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
String strategyRef = getAttribute(frameElement, ATT_REF, null);
|
||||
String strategy = getAttribute(frameElement, ATT_STRATEGY, null);
|
||||
if (StringUtils.hasText(strategy) && StringUtils.hasText(strategyRef)) {
|
||||
parserContext.getReaderContext().error("Only one of 'strategy' or 'strategy-ref' can be set.",
|
||||
frameElement);
|
||||
parserContext.getReaderContext()
|
||||
.error("Only one of 'strategy' or 'strategy-ref' can be set.", frameElement);
|
||||
return;
|
||||
}
|
||||
if (strategyRef != null) {
|
||||
|
|
@ -550,8 +550,8 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
builder.addConstructorArgValue(new StaticAllowFromStrategy(new URI(value)));
|
||||
}
|
||||
catch (URISyntaxException ex) {
|
||||
parserContext.getReaderContext().error("'value' attribute doesn't represent a valid URI.", frameElement,
|
||||
ex);
|
||||
parserContext.getReaderContext()
|
||||
.error("'value' attribute doesn't represent a valid URI.", frameElement, ex);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
|
@ -564,7 +564,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
private BeanDefinitionBuilder getAllowFromStrategy(String strategy, String value) {
|
||||
if ("whitelist".equals(strategy)) {
|
||||
BeanDefinitionBuilder allowFromStrategy = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(WhiteListedAllowFromStrategy.class);
|
||||
.rootBeanDefinition(WhiteListedAllowFromStrategy.class);
|
||||
allowFromStrategy.addConstructorArgValue(StringUtils.commaDelimitedListToSet(value));
|
||||
return allowFromStrategy;
|
||||
}
|
||||
|
|
@ -580,7 +580,7 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser {
|
|||
if (xssElt != null) {
|
||||
boolean disabled = "true".equals(getAttribute(xssElt, ATT_DISABLED, "false"));
|
||||
XXssProtectionHeaderWriter.HeaderValue headerValue = XXssProtectionHeaderWriter.HeaderValue
|
||||
.from(xssElt.getAttribute(ATT_HEADER_VALUE));
|
||||
.from(xssElt.getAttribute(ATT_HEADER_VALUE));
|
||||
if (headerValue != null) {
|
||||
if (disabled) {
|
||||
attrNotAllowed(parserContext, ATT_HEADER_VALUE, ATT_DISABLED, xssElt);
|
||||
|
|
|
|||
|
|
@ -338,14 +338,14 @@ class HttpConfigurationBuilder {
|
|||
private void createSecurityContextPersistenceFilter() {
|
||||
BeanDefinitionBuilder scpf = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextPersistenceFilter.class);
|
||||
switch (this.sessionPolicy) {
|
||||
case ALWAYS:
|
||||
scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
|
||||
break;
|
||||
case NEVER:
|
||||
scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
|
||||
break;
|
||||
default:
|
||||
scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
|
||||
case ALWAYS:
|
||||
scpf.addPropertyValue("forceEagerSessionCreation", Boolean.TRUE);
|
||||
break;
|
||||
case NEVER:
|
||||
scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
|
||||
break;
|
||||
default:
|
||||
scpf.addPropertyValue("forceEagerSessionCreation", Boolean.FALSE);
|
||||
}
|
||||
scpf.addPropertyValue("securityContextHolderStrategy", this.holderStrategyRef);
|
||||
scpf.addConstructorArgValue(this.contextRepoRef);
|
||||
|
|
@ -360,7 +360,7 @@ class HttpConfigurationBuilder {
|
|||
return;
|
||||
}
|
||||
this.holderStrategyRef = BeanDefinitionBuilder.rootBeanDefinition(SecurityContextHolderStrategyFactory.class)
|
||||
.getBeanDefinition();
|
||||
.getBeanDefinition();
|
||||
}
|
||||
|
||||
private void createSecurityContextRepository() {
|
||||
|
|
@ -373,14 +373,14 @@ class HttpConfigurationBuilder {
|
|||
else {
|
||||
contextRepo = BeanDefinitionBuilder.rootBeanDefinition(HttpSessionSecurityContextRepository.class);
|
||||
switch (this.sessionPolicy) {
|
||||
case ALWAYS:
|
||||
contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
|
||||
break;
|
||||
case NEVER:
|
||||
contextRepo.addPropertyValue("allowSessionCreation", Boolean.FALSE);
|
||||
break;
|
||||
default:
|
||||
contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
|
||||
case ALWAYS:
|
||||
contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
|
||||
break;
|
||||
case NEVER:
|
||||
contextRepo.addPropertyValue("allowSessionCreation", Boolean.FALSE);
|
||||
break;
|
||||
default:
|
||||
contextRepo.addPropertyValue("allowSessionCreation", Boolean.TRUE);
|
||||
}
|
||||
if (isDisableUrlRewriting()) {
|
||||
contextRepo.addPropertyValue("disableUrlRewriting", Boolean.TRUE);
|
||||
|
|
@ -419,9 +419,9 @@ class HttpConfigurationBuilder {
|
|||
if (sessionMgmtElt != null) {
|
||||
if (this.sessionPolicy == SessionCreationPolicy.STATELESS) {
|
||||
this.pc.getReaderContext()
|
||||
.error(Elements.SESSION_MANAGEMENT + " cannot be used" + " in combination with "
|
||||
+ ATT_CREATE_SESSION + "='" + SessionCreationPolicy.STATELESS + "'",
|
||||
this.pc.extractSource(sessionMgmtElt));
|
||||
.error(Elements.SESSION_MANAGEMENT + " cannot be used" + " in combination with "
|
||||
+ ATT_CREATE_SESSION + "='" + SessionCreationPolicy.STATELESS + "'",
|
||||
this.pc.extractSource(sessionMgmtElt));
|
||||
}
|
||||
sessionFixationAttribute = sessionMgmtElt.getAttribute(ATT_SESSION_FIXATION_PROTECTION);
|
||||
invalidSessionUrl = sessionMgmtElt.getAttribute(ATT_INVALID_SESSION_URL);
|
||||
|
|
@ -432,15 +432,14 @@ class HttpConfigurationBuilder {
|
|||
sessionControlEnabled = sessionCtrlElt != null;
|
||||
if (StringUtils.hasText(invalidSessionUrl) && StringUtils.hasText(invalidSessionStrategyRef)) {
|
||||
this.pc.getReaderContext()
|
||||
.error(ATT_INVALID_SESSION_URL + " attribute cannot be used in combination with" + " the "
|
||||
+ ATT_INVALID_SESSION_STRATEGY_REF + " attribute.", sessionMgmtElt);
|
||||
.error(ATT_INVALID_SESSION_URL + " attribute cannot be used in combination with" + " the "
|
||||
+ ATT_INVALID_SESSION_STRATEGY_REF + " attribute.", sessionMgmtElt);
|
||||
}
|
||||
if (sessionControlEnabled) {
|
||||
if (StringUtils.hasText(sessionAuthStratRef)) {
|
||||
this.pc.getReaderContext()
|
||||
.error(ATT_SESSION_AUTH_STRATEGY_REF + " attribute cannot be used"
|
||||
+ " in combination with <" + Elements.CONCURRENT_SESSIONS + ">",
|
||||
this.pc.extractSource(sessionCtrlElt));
|
||||
.error(ATT_SESSION_AUTH_STRATEGY_REF + " attribute cannot be used" + " in combination with <"
|
||||
+ Elements.CONCURRENT_SESSIONS + ">", this.pc.extractSource(sessionCtrlElt));
|
||||
}
|
||||
createConcurrencyControlFilterAndSessionRegistry(sessionCtrlElt);
|
||||
}
|
||||
|
|
@ -450,8 +449,9 @@ class HttpConfigurationBuilder {
|
|||
sessionFixationAttribute = OPT_CHANGE_SESSION_ID;
|
||||
}
|
||||
else if (StringUtils.hasText(sessionAuthStratRef)) {
|
||||
this.pc.getReaderContext().error(ATT_SESSION_FIXATION_PROTECTION + " attribute cannot be used"
|
||||
+ " in combination with " + ATT_SESSION_AUTH_STRATEGY_REF, this.pc.extractSource(sessionMgmtElt));
|
||||
this.pc.getReaderContext()
|
||||
.error(ATT_SESSION_FIXATION_PROTECTION + " attribute cannot be used" + " in combination with "
|
||||
+ ATT_SESSION_AUTH_STRATEGY_REF, this.pc.extractSource(sessionMgmtElt));
|
||||
}
|
||||
|
||||
if (this.sessionPolicy == SessionCreationPolicy.STATELESS) {
|
||||
|
|
@ -459,7 +459,7 @@ class HttpConfigurationBuilder {
|
|||
return;
|
||||
}
|
||||
boolean sessionFixationProtectionRequired = !sessionFixationAttribute
|
||||
.equals(OPT_SESSION_FIXATION_NO_PROTECTION);
|
||||
.equals(OPT_SESSION_FIXATION_NO_PROTECTION);
|
||||
ManagedList<BeanMetadataElement> delegateSessionStrategies = new ManagedList<>();
|
||||
BeanDefinitionBuilder concurrentSessionStrategy;
|
||||
BeanDefinitionBuilder sessionFixationStrategy = null;
|
||||
|
|
@ -470,10 +470,11 @@ class HttpConfigurationBuilder {
|
|||
if (sessionControlEnabled) {
|
||||
Assert.state(this.sessionRegistryRef != null, "No sessionRegistryRef found");
|
||||
concurrentSessionStrategy = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(ConcurrentSessionControlAuthenticationStrategy.class);
|
||||
.rootBeanDefinition(ConcurrentSessionControlAuthenticationStrategy.class);
|
||||
concurrentSessionStrategy.addConstructorArgValue(this.sessionRegistryRef);
|
||||
String maxSessions = this.pc.getReaderContext().getEnvironment()
|
||||
.resolvePlaceholders(sessionCtrlElt.getAttribute("max-sessions"));
|
||||
String maxSessions = this.pc.getReaderContext()
|
||||
.getEnvironment()
|
||||
.resolvePlaceholders(sessionCtrlElt.getAttribute("max-sessions"));
|
||||
if (StringUtils.hasText(maxSessions)) {
|
||||
concurrentSessionStrategy.addPropertyValue("maximumSessions", maxSessions);
|
||||
}
|
||||
|
|
@ -487,11 +488,11 @@ class HttpConfigurationBuilder {
|
|||
if (sessionFixationProtectionRequired || StringUtils.hasText(invalidSessionUrl)) {
|
||||
if (useChangeSessionId) {
|
||||
sessionFixationStrategy = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(ChangeSessionIdAuthenticationStrategy.class);
|
||||
.rootBeanDefinition(ChangeSessionIdAuthenticationStrategy.class);
|
||||
}
|
||||
else {
|
||||
sessionFixationStrategy = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(SessionFixationProtectionStrategy.class);
|
||||
.rootBeanDefinition(SessionFixationProtectionStrategy.class);
|
||||
}
|
||||
delegateSessionStrategies.add(sessionFixationStrategy.getBeanDefinition());
|
||||
}
|
||||
|
|
@ -500,7 +501,7 @@ class HttpConfigurationBuilder {
|
|||
}
|
||||
if (sessionControlEnabled) {
|
||||
registerSessionStrategy = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(RegisterSessionAuthenticationStrategy.class);
|
||||
.rootBeanDefinition(RegisterSessionAuthenticationStrategy.class);
|
||||
registerSessionStrategy.addConstructorArgValue(this.sessionRegistryRef);
|
||||
delegateSessionStrategies.add(registerSessionStrategy.getBeanDefinition());
|
||||
}
|
||||
|
|
@ -509,7 +510,7 @@ class HttpConfigurationBuilder {
|
|||
return;
|
||||
}
|
||||
BeanDefinitionBuilder sessionMgmtFilter = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(SessionManagementFilter.class);
|
||||
.rootBeanDefinition(SessionManagementFilter.class);
|
||||
RootBeanDefinition failureHandler = new RootBeanDefinition(SimpleUrlAuthenticationFailureHandler.class);
|
||||
if (StringUtils.hasText(errorUrl)) {
|
||||
failureHandler.getPropertyValues().addPropertyValue("defaultFailureUrl", errorUrl);
|
||||
|
|
@ -525,7 +526,7 @@ class HttpConfigurationBuilder {
|
|||
}
|
||||
if (!delegateSessionStrategies.isEmpty()) {
|
||||
BeanDefinitionBuilder sessionStrategy = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(CompositeSessionAuthenticationStrategy.class);
|
||||
.rootBeanDefinition(CompositeSessionAuthenticationStrategy.class);
|
||||
BeanDefinition strategyBean = sessionStrategy.getBeanDefinition();
|
||||
sessionStrategy.addConstructorArgValue(delegateSessionStrategies);
|
||||
sessionAuthStratRef = this.pc.getReaderContext().generateBeanName(strategyBean);
|
||||
|
|
@ -533,7 +534,7 @@ class HttpConfigurationBuilder {
|
|||
}
|
||||
if (StringUtils.hasText(invalidSessionUrl)) {
|
||||
BeanDefinitionBuilder invalidSessionBldr = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(SimpleRedirectInvalidSessionStrategy.class);
|
||||
.rootBeanDefinition(SimpleRedirectInvalidSessionStrategy.class);
|
||||
invalidSessionBldr.addConstructorArgValue(invalidSessionUrl);
|
||||
this.invalidSession = invalidSessionBldr.getBeanDefinition();
|
||||
sessionMgmtFilter.addPropertyValue("invalidSessionStrategy", this.invalidSession);
|
||||
|
|
@ -575,13 +576,13 @@ class HttpConfigurationBuilder {
|
|||
String expiryUrl = element.getAttribute(ATT_EXPIRY_URL);
|
||||
String expiredSessionStrategyRef = element.getAttribute(ATT_EXPIRED_SESSION_STRATEGY_REF);
|
||||
if (StringUtils.hasText(expiryUrl) && StringUtils.hasText(expiredSessionStrategyRef)) {
|
||||
this.pc.getReaderContext().error(
|
||||
"Cannot use 'expired-url' attribute and 'expired-session-strategy-ref'" + " attribute together.",
|
||||
source);
|
||||
this.pc.getReaderContext()
|
||||
.error("Cannot use 'expired-url' attribute and 'expired-session-strategy-ref'" + " attribute together.",
|
||||
source);
|
||||
}
|
||||
if (StringUtils.hasText(expiryUrl)) {
|
||||
BeanDefinitionBuilder expiredSessionBldr = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(SimpleRedirectSessionInformationExpiredStrategy.class);
|
||||
.rootBeanDefinition(SimpleRedirectSessionInformationExpiredStrategy.class);
|
||||
expiredSessionBldr.addConstructorArgValue(expiryUrl);
|
||||
filterBuilder.addConstructorArgValue(expiredSessionBldr.getBeanDefinition());
|
||||
}
|
||||
|
|
@ -623,7 +624,8 @@ class HttpConfigurationBuilder {
|
|||
}
|
||||
if ("true".equals(provideJaasApi)) {
|
||||
this.jaasApiFilter = BeanDefinitionBuilder.rootBeanDefinition(JaasApiIntegrationFilter.class)
|
||||
.addPropertyValue("securityContextHolderStrategy", this.holderStrategyRef).getBeanDefinition();
|
||||
.addPropertyValue("securityContextHolderStrategy", this.holderStrategyRef)
|
||||
.getBeanDefinition();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -634,10 +636,10 @@ class HttpConfigurationBuilder {
|
|||
}
|
||||
RootBeanDefinition channelFilter = new RootBeanDefinition(ChannelProcessingFilter.class);
|
||||
BeanDefinitionBuilder metadataSourceBldr = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
|
||||
.rootBeanDefinition(DefaultFilterInvocationSecurityMetadataSource.class);
|
||||
metadataSourceBldr.addConstructorArgValue(channelRequestMap);
|
||||
channelFilter.getPropertyValues().addPropertyValue("securityMetadataSource",
|
||||
metadataSourceBldr.getBeanDefinition());
|
||||
channelFilter.getPropertyValues()
|
||||
.addPropertyValue("securityMetadataSource", metadataSourceBldr.getBeanDefinition());
|
||||
RootBeanDefinition channelDecisionManager = new RootBeanDefinition(ChannelDecisionManagerImpl.class);
|
||||
ManagedList<RootBeanDefinition> channelProcessors = new ManagedList<>(3);
|
||||
RootBeanDefinition secureChannelProcessor = new RootBeanDefinition(SecureChannelProcessor.class);
|
||||
|
|
@ -703,7 +705,7 @@ class HttpConfigurationBuilder {
|
|||
requestCacheBldr.addPropertyValue("portResolver", this.portResolver);
|
||||
if (this.csrfFilter != null) {
|
||||
BeanDefinitionBuilder requestCacheMatcherBldr = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(AntPathRequestMatcher.class);
|
||||
.rootBeanDefinition(AntPathRequestMatcher.class);
|
||||
requestCacheMatcherBldr.addConstructorArgValue("/**");
|
||||
requestCacheMatcherBldr.addConstructorArgValue("GET");
|
||||
requestCacheBldr.addPropertyValue("requestMatcher", requestCacheMatcherBldr.getBeanDefinition());
|
||||
|
|
@ -743,8 +745,9 @@ class HttpConfigurationBuilder {
|
|||
// use with
|
||||
// taglibs etc.
|
||||
BeanDefinition wipe = BeanDefinitionBuilder
|
||||
.rootBeanDefinition(AuthorizationManagerWebInvocationPrivilegeEvaluator.class)
|
||||
.addConstructorArgReference(authorizationFilterParser.getAuthorizationManagerRef()).getBeanDefinition();
|
||||
.rootBeanDefinition(AuthorizationManagerWebInvocationPrivilegeEvaluator.class)
|
||||
.addConstructorArgReference(authorizationFilterParser.getAuthorizationManagerRef())
|
||||
.getBeanDefinition();
|
||||
this.pc.registerBeanComponent(
|
||||
new BeanComponentDefinition(wipe, this.pc.getReaderContext().generateBeanName(wipe)));
|
||||
this.fsi = new RuntimeBeanReference(fsiId);
|
||||
|
|
@ -753,14 +756,15 @@ class HttpConfigurationBuilder {
|
|||
private void createFilterSecurityInterceptor(BeanReference authManager) {
|
||||
boolean useExpressions = FilterInvocationSecurityMetadataSourceParser.isUseExpressions(this.httpElt);
|
||||
RootBeanDefinition securityMds = FilterInvocationSecurityMetadataSourceParser
|
||||
.createSecurityMetadataSource(this.interceptUrls, this.addAllAuth, this.httpElt, this.pc);
|
||||
.createSecurityMetadataSource(this.interceptUrls, this.addAllAuth, this.httpElt, this.pc);
|
||||
RootBeanDefinition accessDecisionMgr;
|
||||
ManagedList<BeanDefinition> voters = new ManagedList<>(2);
|
||||
if (useExpressions) {
|
||||
BeanDefinitionBuilder expressionVoter = BeanDefinitionBuilder.rootBeanDefinition(WebExpressionVoter.class);
|
||||
// Read the expression handler from the FISMS
|
||||
RuntimeBeanReference expressionHandler = (RuntimeBeanReference) securityMds.getConstructorArgumentValues()
|
||||
.getArgumentValue(1, RuntimeBeanReference.class).getValue();
|
||||
.getArgumentValue(1, RuntimeBeanReference.class)
|
||||
.getValue();
|
||||
expressionVoter.addPropertyValue("expressionHandler", expressionHandler);
|
||||
voters.add(expressionVoter.getBeanDefinition());
|
||||
}
|
||||
|
|
@ -927,7 +931,7 @@ class HttpConfigurationBuilder {
|
|||
private SecurityContextHolderAwareRequestFilter filter = new SecurityContextHolderAwareRequestFilter();
|
||||
|
||||
private SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder
|
||||
.getContextHolderStrategy();
|
||||
.getContextHolderStrategy();
|
||||
|
||||
@Override
|
||||
public SecurityContextHolderAwareRequestFilter getBean() {
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue