List of usage examples for org.springframework.security.web.access.intercept FilterInvocationSecurityMetadataSource getAttributes
Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException;
From source file:it.scoppelletti.programmerpower.web.security.CompositeAccessDecisionManager.java
/** * Applica il controllo degli accessi.//from ww w .j a v a2s. c o m * * @param authentication Stato dell’autenticazione. * @param object Componente chiamante. * @param configAttributes Configurazione di accesso da applicare. */ @Override public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException { Collection<ConfigAttribute> attrs; List<FilterInvocationSecurityMetadataSource> list; synchronized (mySyncRoot) { if (mySecurityMetadataSource == null) { mySecurityMetadataSource = CompositeDecisionManagerContributor .listSecurityMetadataSource(myBeanName, myApplCtx); } // Uso una copia della collezione per rilasciare il lock appena // possibile list = new ArrayList<FilterInvocationSecurityMetadataSource>(mySecurityMetadataSource); } for (FilterInvocationSecurityMetadataSource securityMds : list) { attrs = securityMds.getAttributes(object); if (attrs != null && !attrs.isEmpty()) { super.decide(authentication, object, attrs); return; } } super.decide(authentication, object, configAttributes); }
From source file:it.scoppelletti.programmerpower.web.security.CompositeChannelDecisionManager.java
/** * Applica il controllo del protocollo.//from w w w.j a va 2 s. co m * * @param invocation Componente chiamante. * @param config Configurazione dei protocolli da applicare. */ @Override public void decide(FilterInvocation invocation, Collection<ConfigAttribute> config) throws IOException, ServletException { Collection<ConfigAttribute> attrs; List<FilterInvocationSecurityMetadataSource> list; synchronized (mySyncRoot) { if (mySecurityMetadataSource == null) { mySecurityMetadataSource = CompositeDecisionManagerContributor .listSecurityMetadataSource(myBeanName, myApplCtx); } // Uso una copia della collezione per rilasciare il lock appena // possibile list = new ArrayList<FilterInvocationSecurityMetadataSource>(mySecurityMetadataSource); } for (FilterInvocationSecurityMetadataSource securityMds : list) { attrs = securityMds.getAttributes(invocation); if (attrs != null && !attrs.isEmpty()) { super.decide(invocation, attrs); return; } } super.decide(invocation, config); }
From source file:org.springframework.security.config.http.DefaultFilterChainValidator.java
private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> filterStack) { ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class, filterStack); if (etf == null || !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) { return;/*from ww w . j av a2 s . c om*/ } String loginPage = ((LoginUrlAuthenticationEntryPoint) etf.getAuthenticationEntryPoint()).getLoginFormUrl(); logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration"); FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST"); List<Filter> filters = null; try { filters = fcp.getFilters(loginPage); } catch (Exception e) { // May happen legitimately if a filter-chain request matcher requires more // request data than that provided // by the dummy request used when creating the filter invocation. logger.info("Failed to obtain filter chain information for the login page. Unable to complete check."); } if (filters == null || filters.isEmpty()) { logger.debug("Filter chain is empty for the login page"); return; } if (getFilter(DefaultLoginPageGeneratingFilter.class, filters) != null) { logger.debug("Default generated login page is in use"); return; } FilterSecurityInterceptor fsi = getFilter(FilterSecurityInterceptor.class, filters); FilterInvocationSecurityMetadataSource fids = fsi.getSecurityMetadataSource(); Collection<ConfigAttribute> attributes = fids.getAttributes(loginRequest); if (attributes == null) { logger.debug("No access attributes defined for login page URL"); if (fsi.isRejectPublicInvocations()) { logger.warn("FilterSecurityInterceptor is configured to reject public invocations." + " Your login page may not be accessible."); } return; } AnonymousAuthenticationFilter anonPF = getFilter(AnonymousAuthenticationFilter.class, filters); if (anonPF == null) { logger.warn("The login page is being protected by the filter chain, but you don't appear to have" + " anonymous authentication enabled. This is almost certainly an error."); return; } // Simulate an anonymous access with the supplied attributes. AnonymousAuthenticationToken token = new AnonymousAuthenticationToken("key", anonPF.getPrincipal(), anonPF.getAuthorities()); try { fsi.getAccessDecisionManager().decide(token, loginRequest, attributes); } catch (AccessDeniedException e) { logger.warn("Anonymous access to the login page doesn't appear to be enabled. This is almost certainly " + "an error. Please check your configuration allows unauthenticated access to the configured " + "login page. (Simulated access was rejected: " + e + ")"); } catch (Exception e) { // May happen legitimately if a filter-chain request matcher requires more // request data than that provided // by the dummy request used when creating the filter invocation. See SEC-1878 logger.info( "Unable to check access to the login page to determine if anonymous access is allowed. This might be an error, but can happen under normal circumstances.", e); } }