Java 类org.springframework.security.web.FilterChainProxy 实例源码

@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
            samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
            samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
            metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
            samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
            samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
            samlLogoutProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
            samlIDPDiscovery()));
    return new FilterChainProxy(chains);
}

@Bean(name = "springSecurityFilterChain")
public FilterChainProxy springSecurityFilterChain() throws ServletException, Exception {

    final List<SecurityFilterChain> listOfFilterChains = new ArrayList<SecurityFilterChain>();

    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/cors")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/dump")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/validatorUrl")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-resources")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/ui")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/security")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/v2/api-docs")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-ui.html")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/webjars/**")));
    // no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/webjars/**")));// no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/*"), securityContextPersistenceFilterWithASCFalse(),
            usernamePasswordAuthenticationFilter(), sessionManagementFilter(), exceptionTranslationFilter(), filterSecurityInterceptor()));

    final FilterChainProxy filterChainProxy = new FilterChainProxy(listOfFilterChains);

    return filterChainProxy;
}

@Bean(name = "springSecurityFilterChain")
public FilterChainProxy springSecurityFilterChain() throws ServletException, Exception {

    final List<SecurityFilterChain> listOfFilterChains = new ArrayList<SecurityFilterChain>();
    // listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/login"), new NoSecurityFilter()));

    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/validatorUrl")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-resources")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/ui")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/security")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/v2/api-docs")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-ui.html")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/webjars/**")));
    // no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/webjars/**")));// no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/**"), securityContextPersistenceFilterWithASCFalse(),
            exceptionTranslationFilter(), filterSecurityInterceptor()));

    final FilterChainProxy filterChainProxy = new FilterChainProxy(listOfFilterChains);

    return filterChainProxy;
}

@Test
public void testWebConfiguration() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            WebMvcAutoConfiguration.class,
            ManagementWebSecurityAutoConfiguration.class,
            JacksonAutoConfiguration.class,
            HttpMessageConvertersAutoConfiguration.class,
            EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
            ManagementServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
    this.context.refresh();
    assertThat(this.context.getBean(AuthenticationManagerBuilder.class)).isNotNull();
    FilterChainProxy filterChainProxy = this.context.getBean(FilterChainProxy.class);
    // 1 for static resources, one for management endpoints and one for the rest
    assertThat(filterChainProxy.getFilterChains()).hasSize(3);
    assertThat(filterChainProxy.getFilters("/beans")).isNotEmpty();
    assertThat(filterChainProxy.getFilters("/beans/")).isNotEmpty();
    assertThat(filterChainProxy.getFilters("/beans.foo")).isNotEmpty();
    assertThat(filterChainProxy.getFilters("/beans/foo/bar")).isNotEmpty();
}

@Test
public void testFilterOrdering() {
    load();
    List<RegisteredFilter> registeredFilters = this.context
            .getBean(MockEmbeddedServletContainerFactory.class).getContainer()
            .getRegisteredFilters();
    List<Filter> filters = new ArrayList<Filter>(registeredFilters.size());
    for (RegisteredFilter registeredFilter : registeredFilters) {
        filters.add(registeredFilter.getFilter());
    }
    Iterator<Filter> iterator = filters.iterator();
    assertThat(iterator.next()).isInstanceOf(OrderedCharacterEncodingFilter.class);
    assertThat(iterator.next()).isInstanceOf(SessionRepositoryFilter.class);
    assertThat(iterator.next()).isInstanceOf(Filter.class);
    assertThat(iterator.next()).isInstanceOf(Filter.class);
    assertThat(iterator.next()).isInstanceOf(OrderedRequestContextFilter.class);
    assertThat(iterator.next()).isInstanceOf(FilterChainProxy.class);
}

@Test
public void defaultHeaderConfiguration() throws Exception {
    this.context = SpringApplication.run(VanillaWebConfiguration.class,
            "--server.port=0");
    MockMvc mockMvc = MockMvcBuilders
            .webAppContextSetup((WebApplicationContext) this.context)
            .addFilters((FilterChainProxy) this.context
                    .getBean("springSecurityFilterChain", Filter.class))
            .build();
    mockMvc.perform(MockMvcRequestBuilders.get("/"))
            .andExpect(MockMvcResultMatchers.header().string("X-Content-Type-Options",
                    is(notNullValue())))
            .andExpect(MockMvcResultMatchers.header().string("X-XSS-Protection",
                    is(notNullValue())))
            .andExpect(MockMvcResultMatchers.header().string("Cache-Control",
                    is(notNullValue())))
            .andExpect(MockMvcResultMatchers.header().string("X-Frame-Options",
                    is(notNullValue())));
}

/**
 * SAML Filter.
 * @return SAMLFilter
 * @throws Exception Exception
 */
@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
        samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
        samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
        samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
        samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
        samlLogoutProcessingFilter()));
     return new FilterChainProxy(chains);
}

@Test
public void testWebConfiguration() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            WebMvcAutoConfiguration.class,
            ManagementWebSecurityAutoConfiguration.class,
            JacksonAutoConfiguration.class,
            HttpMessageConvertersAutoConfiguration.class,
            EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
            ManagementServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
    this.context.refresh();
    assertThat(this.context.getBean(AuthenticationManagerBuilder.class)).isNotNull();
    FilterChainProxy filterChainProxy = this.context.getBean(FilterChainProxy.class);
    // 1 for static resources, one for management endpoints and one for the rest
    assertThat(filterChainProxy.getFilterChains()).hasSize(3);
    assertThat(filterChainProxy.getFilters("/beans")).isNotEmpty();
    assertThat(filterChainProxy.getFilters("/beans/")).isNotEmpty();
    assertThat(filterChainProxy.getFilters("/beans.foo")).isNotEmpty();
    assertThat(filterChainProxy.getFilters("/beans/foo/bar")).isNotEmpty();
}

@Test
public void testFilterOrdering() {
    load();
    List<RegisteredFilter> registeredFilters = this.context
            .getBean(MockEmbeddedServletContainerFactory.class).getContainer()
            .getRegisteredFilters();
    List<Filter> filters = new ArrayList<Filter>(registeredFilters.size());
    for (RegisteredFilter registeredFilter : registeredFilters) {
        filters.add(registeredFilter.getFilter());
    }
    Iterator<Filter> iterator = filters.iterator();
    assertThat(iterator.next()).isInstanceOf(OrderedCharacterEncodingFilter.class);
    assertThat(iterator.next()).isInstanceOf(SessionRepositoryFilter.class);
    assertThat(iterator.next()).isInstanceOf(Filter.class);
    assertThat(iterator.next()).isInstanceOf(Filter.class);
    assertThat(iterator.next()).isInstanceOf(OrderedRequestContextFilter.class);
    assertThat(iterator.next()).isInstanceOf(FilterChainProxy.class);
}

@Test
public void defaultHeaderConfiguration() throws Exception {
    this.context = SpringApplication.run(VanillaWebConfiguration.class,
            "--server.port=0");
    MockMvc mockMvc = MockMvcBuilders
            .webAppContextSetup((WebApplicationContext) this.context)
            .addFilters((FilterChainProxy) this.context
                    .getBean("springSecurityFilterChain", Filter.class))
            .build();
    mockMvc.perform(MockMvcRequestBuilders.get("/"))
            .andExpect(MockMvcResultMatchers.header().string("X-Content-Type-Options",
                    is(notNullValue())))
            .andExpect(MockMvcResultMatchers.header().string("X-XSS-Protection",
                    is(notNullValue())))
            .andExpect(MockMvcResultMatchers.header().string("Cache-Control",
                    is(notNullValue())))
            .andExpect(MockMvcResultMatchers.header().string("X-Frame-Options",
                    is(notNullValue())));
}

private FilterChainProxy samlFilter(SAMLEntryPoint samlEntryPoint, SAMLContextProvider contextProvider) {
    List<SecurityFilterChain> chains = new ArrayList<>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
        samlEntryPoint));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
        new MetadataDisplayFilter()));
    try {
        chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
            samlWebSSOProcessingFilter(samlAuthenticationProvider, contextProvider, samlProcessor)));
    } catch (Exception e) {
        e.printStackTrace();
    }
    SAMLDiscovery samlDiscovery = new SAMLDiscovery();
    samlDiscovery.setMetadata(cachingMetadataManager);
    samlDiscovery.setContextProvider(contextProvider);
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
        samlDiscovery));
    return new FilterChainProxy(chains);
}

@Test
public void testWebConfiguration() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            WebMvcAutoConfiguration.class,
            ManagementWebSecurityAutoConfiguration.class,
            JacksonAutoConfiguration.class,
            HttpMessageConvertersAutoConfiguration.class,
            EndpointAutoConfiguration.class, EndpointWebMvcAutoConfiguration.class,
            ManagementServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
    this.context.refresh();
    assertNotNull(this.context.getBean(AuthenticationManagerBuilder.class));
    FilterChainProxy filterChainProxy = this.context.getBean(FilterChainProxy.class);
    // 4 for static resources, one for management endpoints and one for the rest
    assertThat(filterChainProxy.getFilterChains(), hasSize(6));
    assertThat(filterChainProxy.getFilters("/beans"), hasSize(greaterThan(0)));
    assertThat(filterChainProxy.getFilters("/beans/"), hasSize(greaterThan(0)));
    assertThat(filterChainProxy.getFilters("/beans.foo"), hasSize(greaterThan(0)));
    assertThat(filterChainProxy.getFilters("/beans/foo/bar"),
            hasSize(greaterThan(0)));
}

@Test
public void defaultHeaderConfiguration() throws Exception {
    this.context = SpringApplication.run(VanillaWebConfiguration.class,
            "--server.port=0");
    MockMvc mockMvc = MockMvcBuilders
            .webAppContextSetup((WebApplicationContext) this.context)
            .addFilters((FilterChainProxy) this.context
                    .getBean("springSecurityFilterChain", Filter.class))
            .build();
    mockMvc.perform(MockMvcRequestBuilders.get("/"))
            .andExpect(MockMvcResultMatchers.header().string("X-Content-Type-Options",
                    is(notNullValue())))
            .andExpect(MockMvcResultMatchers.header().string("X-XSS-Protection",
                    is(notNullValue())))
            .andExpect(MockMvcResultMatchers.header().string("Cache-Control",
                    is(notNullValue())))
            .andExpect(MockMvcResultMatchers.header().string("X-Frame-Options",
                    is(notNullValue())));
}

/**
 * Updates security chain with given {@link org.motechproject.security.domain.MotechURLSecurityRule}
 *
 * @param securityRules list that contains new security rules
 */
private void updateSecurityChain(List<MotechURLSecurityRule> securityRules) {
    LOGGER.debug("Updating security chain");

    // sort rules by priority descending
    TreeSet<MotechURLSecurityRule> sortedRules = new TreeSet<>(new SecurityRuleComparator());
    sortedRules.addAll(securityRules);

    List<SecurityFilterChain> newFilterChains = new ArrayList<>();

    for (MotechURLSecurityRule securityRule : sortedRules) {
        if (securityRule.isActive() && !securityRule.isDeleted()) {
            LOGGER.debug("Creating SecurityFilterChain for: {}", securityRule.getPattern());
            for (HTTPMethod method : securityRule.getMethodsRequired()) {
                newFilterChains.add(securityRuleBuilder.buildSecurityChain(securityRule, method));
            }
            LOGGER.debug("Created SecurityFilterChain for: {}", securityRule.getPattern());
        }
    }

    proxy = new FilterChainProxy(newFilterChains);
    LOGGER.debug("Updated security chain.");
}

/**
 * Define the security filter chain in order to support SSO Auth by using SAML 2.0
 *
 * @return Filter chain proxy
 * @throws Exception
 */
@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
                                              metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
                                              samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
                                              samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
                                              samlLogoutProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), samlIDPDiscovery()));
    return new FilterChainProxy(chains);
}

/**
 * Define the security filter chain in order to support SSO Auth by using SAML 2.0
 *
 * @return Filter chain proxy
 * @throws Exception
 */
@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
            new TargetStoringFilter(),
            samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
            new TargetStoringFilter(),
            samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
            metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
            samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
            samlLogoutProcessingFilter()));
    return new FilterChainProxy(chains);
}

/**
* Define the security filter chain in order to support SSO Auth by using SAML 2.0
* 
* @return Filter chain proxy
* @throws Exception
*/
  @Bean
  public FilterChainProxy samlFilter() throws Exception {
      List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
              samlEntryPoint()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
              samlLogoutFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
              metadataDisplayFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
              samlWebSSOProcessingFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
              samlWebSSOHoKProcessingFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
              samlLogoutProcessingFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
              samlIDPDiscovery()));
      return new FilterChainProxy(chains);
  }

@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
    if (bean instanceof FilterChainProxy) {

        FilterChainProxy chains = (FilterChainProxy) bean;

        for (SecurityFilterChain chain : chains.getFilterChains()) {
            for (Filter filter : chain.getFilters()) {
                if (filter instanceof OAuth2ClientAuthenticationProcessingFilter) {
                    OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter =
                        (OAuth2ClientAuthenticationProcessingFilter) filter;
                    oAuth2ClientAuthenticationProcessingFilter
                        .setAuthenticationSuccessHandler(new OAuth2AuthenticationSuccessHandler());
                }
            }
        }
    }
    return bean;
}

@SneakyThrows
private void printAllFilters(FilterChain chain) {
    ApplicationFilterChain filterChain = (ApplicationFilterChain) chain;

    // 读取私有变量 filters
    ApplicationFilterConfig[] filterConfigs = (ApplicationFilterConfig[]) readField(filterChain, "filters");
    int filterSize = (int) readField(filterChain, "n");

    System.out.println("\n\nprintAllFilters(), size=" + filterSize);

    for (int i = 0; i < filterSize; i++) {
        System.out.println(filterConfigs[i].getFilterName() + ", " + filterConfigs[i].getFilterClass());

        Filter filter = (Filter) invokeMethod(filterConfigs[i], "getFilter");

        // spring 的 filter 代理类
        if (filter instanceof DelegatingFilterProxy) {
            DelegatingFilterProxy filterProxy = (DelegatingFilterProxy) filter;

            FilterChainProxy springFilter = (FilterChainProxy) readField(DelegatingFilterProxy.class, filterProxy,
                    "delegate");

            System.out.println(springFilter.getFilterChains());
            // List<Filter> springAdditionalFilters = (List<Filter>) readField(
            // springFilter, "additionalFilters");
            //
            // for (Filter f : springAdditionalFilters) {
            // System.out.print("\t\t");
            // System.out.println(f.getClass());
            // }
        }
    }

    System.out.println("\n\n");
}

@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
        samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
        metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
        samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
        samlIDPDiscovery()));
    return new FilterChainProxy(chains);
}

@Before
@SuppressWarnings("unchecked")
public void setUp() {
    filterChainProxy = mock(FilterChainProxy.class);
    chainWeaver = mock(ChainWeaver.class);
    proxyWeaver = new FilterChainProxyWeaver(filterChainProxy, chainWeaver);
}

@Test
public void testDisableIgnoredStaticApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ManagementWebSecurityAutoConfiguration.class,
            EndpointAutoConfiguration.class,
            ManagementServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.ignored:none");
    this.context.refresh();
    // Just the application and management endpoints now
    assertThat(this.context.getBean(FilterChainProxy.class).getFilterChains())
            .hasSize(2);
}

@Test
public void testDisableBasicAuthOnApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(WebConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
    this.context.refresh();
    // Just the management endpoints (one filter) and ignores now plus the backup
    // filter on app endpoints
    assertThat(this.context.getBean(FilterChainProxy.class).getFilterChains())
            .hasSize(3);
}

@Test
public void testWebConfiguration() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    this.context.refresh();
    assertThat(this.context.getBean(AuthenticationManagerBuilder.class)).isNotNull();
    // 5 for static resources and one for the rest
    assertThat(this.context.getBean(FilterChainProxy.class).getFilterChains())
            .hasSize(6);
}

@Test
public void testDisableIgnoredStaticApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.ignored:none");
    this.context.refresh();
    // Just the application endpoints now
    assertThat(this.context.getBean(FilterChainProxy.class).getFilterChains())
            .hasSize(1);
}

@Test
public void testDisableBasicAuthOnApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
    this.context.refresh();
    // Ignores and the "matches-none" filter only
    assertThat(this.context.getBeanNamesForType(FilterChainProxy.class).length)
            .isEqualTo(1);
}

@Bean
public FilterChainProxy filterChainProxy() throws Exception {
    //@formatter:off
    return new FilterChainProxy(ImmutableList.<SecurityFilterChain>of(
            new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), samlEntryPoint()),
            new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), samlLogoutFilter()),
            new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"), metadataDisplayFilter()),
            new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), samlProcessingFilter()),
            new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"), samlWebSSOHoKProcessingFilter()),
            new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"), samlLogoutProcessingFilter()),
            new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), samlIDPDiscovery())
    ));
    //@formatter:on
}

@Test
public void testDisableIgnoredStaticApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ManagementWebSecurityAutoConfiguration.class,
            EndpointAutoConfiguration.class,
            ManagementServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.ignored:none");
    this.context.refresh();
    // Just the application and management endpoints now
    assertThat(this.context.getBean(FilterChainProxy.class).getFilterChains())
            .hasSize(2);
}

@Test
public void testDisableBasicAuthOnApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(WebConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
    this.context.refresh();
    // Just the management endpoints (one filter) and ignores now plus the backup
    // filter on app endpoints
    assertThat(this.context.getBean(FilterChainProxy.class).getFilterChains())
            .hasSize(3);
}

@Test
public void testWebConfiguration() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    this.context.refresh();
    assertThat(this.context.getBean(AuthenticationManagerBuilder.class)).isNotNull();
    // 4 for static resources and one for the rest
    assertThat(this.context.getBean(FilterChainProxy.class).getFilterChains())
            .hasSize(5);
}

@Test
public void testDisableIgnoredStaticApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.ignored:none");
    this.context.refresh();
    // Just the application endpoints now
    assertThat(this.context.getBean(FilterChainProxy.class).getFilterChains())
            .hasSize(1);
}

@Test
public void testDisableBasicAuthOnApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
    this.context.refresh();
    // Ignores and the "matches-none" filter only
    assertThat(this.context.getBeanNamesForType(FilterChainProxy.class).length)
            .isEqualTo(1);
}

@Test
public void testDisableIgnoredStaticApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ManagementWebSecurityAutoConfiguration.class,
            EndpointAutoConfiguration.class,
            ManagementServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.ignored:none");
    this.context.refresh();
    // Just the application and management endpoints now
    assertEquals(2,
            this.context.getBean(FilterChainProxy.class).getFilterChains().size());
}

@Test
public void testDisableBasicAuthOnApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(WebConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
    this.context.refresh();
    // Just the management endpoints (one filter) and ignores now plus the backup
    // filter on app endpoints
    assertEquals(6,
            this.context.getBean(FilterChainProxy.class).getFilterChains().size());
}

@Test
public void testWebConfiguration() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    this.context.refresh();
    assertNotNull(this.context.getBean(AuthenticationManagerBuilder.class));
    // 5 for static resources and one for the rest
    List<SecurityFilterChain> filterChains = this.context
            .getBean(FilterChainProxy.class).getFilterChains();
    assertEquals(5, filterChains.size());
}

@Test
public void testDisableIgnoredStaticApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.ignored:none");
    this.context.refresh();
    // Just the application endpoints now
    assertEquals(1,
            this.context.getBean(FilterChainProxy.class).getFilterChains().size());
}

@Test
public void testDisableBasicAuthOnApplicationPaths() throws Exception {
    this.context = new AnnotationConfigWebApplicationContext();
    this.context.setServletContext(new MockServletContext());
    this.context.register(SecurityAutoConfiguration.class,
            ServerPropertiesAutoConfiguration.class,
            PropertyPlaceholderAutoConfiguration.class);
    EnvironmentTestUtils.addEnvironment(this.context, "security.basic.enabled:false");
    this.context.refresh();
    // Ignores and the "matches-none" filter only
    assertEquals(1, this.context.getBeanNamesForType(FilterChainProxy.class).length);
}

/**
 * Gets a filter chain proxy.
 *
 * @param trustedUserAuthenticationFilter the trusted user authentication filter.
 * @param httpHeaderAuthenticationFilter the HTTP header authentication filter.
 *
 * @return the filter chain proxy.
 */
@Bean
public FilterChainProxy filterChainProxy(final TrustedUserAuthenticationFilter trustedUserAuthenticationFilter,
    final HttpHeaderAuthenticationFilter httpHeaderAuthenticationFilter)
{
    return new FilterChainProxy(new SecurityFilterChain()
    {
        @Override
        public boolean matches(HttpServletRequest request)
        {
            // Match all URLs.
            return true;
        }

        @Override
        public List<Filter> getFilters()
        {
            List<Filter> filters = new ArrayList<>();

            // Required filter to store session information between HTTP requests.
            filters.add(new SecurityContextPersistenceFilter());

            // Trusted user filter to bypass security based on SpEL expression environment property.
            filters.add(trustedUserAuthenticationFilter);

            // Filter that authenticates based on http headers.
            if (Boolean.valueOf(configurationHelper.getProperty(ConfigurationValue.SECURITY_HTTP_HEADER_ENABLED)))
            {
                filters.add(httpHeaderAuthenticationFilter);
            }

            // Anonymous user filter.
            filters.add(new AnonymousAuthenticationFilter("AnonymousFilterKey"));

            return filters;
        }
    });
}

/**
 * Gets the filter chain proxy.
 *
 * @return the filter chain proxy
 */
@Bean(name = "filterChainProxy")
public FilterChainProxy getFilterChainProxy() {
  SecurityFilterChain chain = new DefaultSecurityFilterChain(new AntPathRequestMatcher("/**"),
      getSecurityContextPersistenceFilter(), getJ2eePreAuthenticatedProcessingFilter(),
      getLogoutFilter(), getExceptionTranslationFilter(), getFilterSecurityInterceptor());
  return new FilterChainProxy(chain);
}

@Test
public void testProxyInitialization() throws Exception {
    MotechProxyManager manager = getFromContext(MotechProxyManager.class);
    FilterChainProxy proxy = manager.getFilterChainProxy();

    assertNotNull(proxy);
    assertNotNull(proxy.getFilterChains());
}