public void execute(FilterSecurityInterceptor filterSecurityInterceptor, Map<String, String> resourceMap) { Assert.notNull(filterSecurityInterceptor); Assert.notNull(resourceMap); logger.info("refresh url resource"); LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = null; requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>(); for (Map.Entry<String, String> entry : resourceMap.entrySet()) { String key = entry.getKey(); String value = entry.getValue(); requestMap.put(new AntPathRequestMatcher(key), SecurityConfig.createListFromCommaDelimitedString(value)); } FilterInvocationSecurityMetadataSource source = new DefaultFilterInvocationSecurityMetadataSource( requestMap); filterSecurityInterceptor.setSecurityMetadataSource(source); }
protected void initInterceptor(FilterSecurityInterceptor interceptor) { FilterInvocationSecurityMetadataSource metaDatasource = interceptor.getSecurityMetadataSource(); if (metaDatasource == null) { String msg = "Configuration error: FilterSecurityInterceptor bean " + "has not set an instance SecurityMetadataSource"; log.error(msg); throw new RuntimeException(msg); } if (metaDatasource instanceof CibetFilterInvocationSecurityMetadataSource) { return; } CibetFilterInvocationSecurityMetadataSource cibetDel = new CibetFilterInvocationSecurityMetadataSource( metaDatasource); interceptor.setSecurityMetadataSource(cibetDel); log.debug("replace existing " + metaDatasource.getClass().getName() + " against CibetFilterInvocationSecurityMetadataSource"); }
private void addSecureChannel(List<Filter> filters, Protocol protocol) { ChannelProcessingFilter channelProcessingFilter = new ChannelProcessingFilter(); channelProcessingFilter.setChannelDecisionManager(channelDecisionManager); RequestMatcher anyRequest = AnyRequestMatcher.INSTANCE; LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>(); Collection<ConfigAttribute> configAtts = new ArrayList<>(); switch (protocol) { case HTTP: configAtts.add(new SecurityConfig("ANY_CHANNEL")); break; case HTTPS: configAtts.add(new SecurityConfig("REQUIRES_SECURE_CHANNEL")); break; default: } requestMap.put(anyRequest, configAtts); FilterInvocationSecurityMetadataSource securityMetadataSource = new DefaultFilterInvocationSecurityMetadataSource(requestMap); channelProcessingFilter.setSecurityMetadataSource(securityMetadataSource); filters.add(channelProcessingFilter); }
public void refresh() { if ((filterSecurityInterceptor == null) || (urlSourceFetcher == null)) { logger.info( "filterSecurityInterceptor : {}, urlSourceFetcher : {}", filterSecurityInterceptor, urlSourceFetcher); return; } logger.info("execute refresh"); Map<String, String> resourceMap = urlSourceFetcher.getSource(null); LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = null; requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>(); for (Map.Entry<String, String> entry : resourceMap.entrySet()) { String key = entry.getKey(); String value = entry.getValue(); requestMap.put(new AntPathRequestMatcher(key), SecurityConfig.createListFromCommaDelimitedString(value)); } FilterInvocationSecurityMetadataSource source = new DefaultFilterInvocationSecurityMetadataSource( requestMap); filterSecurityInterceptor.setSecurityMetadataSource(source); }
public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() { return securityMetadataSource; }
public MockedSecurityInterceptor() { this.setAuthenticationManager(authentication -> null); AccessDecisionManager accessDecisionManager = mock(AccessDecisionManager.class); doReturn(true).when(accessDecisionManager).supports(any(Class.class)); this.setAccessDecisionManager(accessDecisionManager); FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource = mock(FilterInvocationSecurityMetadataSource.class); doReturn(true).when(filterInvocationSecurityMetadataSource).supports(any(Class.class)); this.setSecurityMetadataSource(filterInvocationSecurityMetadataSource); }
/** * Refresh. */ public void refresh() { ApplicationContext ctx = WebApplicationContextUtils .getRequiredWebApplicationContext(servletContext); FilterInvocationSecurityMetadataSource fisms = (FilterInvocationSecurityMetadataSource) ctx .getBean("securityMetadataSource"); // Get FilterSecurityInterceptor FilterSecurityInterceptor fsi = (FilterSecurityInterceptor) ctx .getBean("filterSecurityInterceptor"); // Set new SecurityMetadataSource to FilterSecurityInterceptor fsi.setSecurityMetadataSource(fisms); log.info(" SecurityMetadataSource updating ...."); }
public void setSecurityMetadataSource( FilterInvocationSecurityMetadataSource securityMetadataSource) { this.securityMetadataSource = securityMetadataSource; }
public CibetFilterInvocationSecurityMetadataSource( FilterInvocationSecurityMetadataSource s) { originalMetadataSource = s; }
/** * @return the originalMetadataSource */ public FilterInvocationSecurityMetadataSource getOriginalMetadataSource() { return originalMetadataSource; }
private void addFilterSecurityInterceptor(List<Filter> filters, MotechURLSecurityRule securityRule) { Map<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>(); List<AccessDecisionVoter> voters = new ArrayList<>(); Collection<ConfigAttribute> configAtts = new ArrayList<>(); if (CollectionUtils.isEmpty(securityRule.getPermissionAccess()) && CollectionUtils.isEmpty(securityRule.getUserAccess())) { configAtts.add(new SecurityConfig("IS_AUTHENTICATED_FULLY")); AuthenticatedVoter authVoter = new AuthenticatedVoter(); voters.add(authVoter); } else { if (!CollectionUtils.isEmpty(securityRule.getPermissionAccess())) { for (String permission : securityRule.getPermissionAccess()) { configAtts.add(new SecurityConfig(permission)); } } if (!CollectionUtils.isEmpty(securityRule.getUserAccess())) { for (String userAccess : securityRule.getUserAccess()) { configAtts.add(new SecurityConfig(SecurityConfigConstants.USER_ACCESS_PREFIX + userAccess)); } } } buildRequestMap(requestMap, configAtts, securityRule); FilterInvocationSecurityMetadataSource metadataSource = new DefaultFilterInvocationSecurityMetadataSource((LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>) requestMap); FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor(); interceptor.setSecurityMetadataSource(metadataSource); RoleVoter roleVoter = new RoleVoter(); roleVoter.setRolePrefix(SecurityConfigConstants.ROLE_ACCESS_PREFIX); voters.add(roleVoter); voters.add(new MotechAccessVoter()); AccessDecisionManager decisionManager = new AffirmativeBased(voters); interceptor.setAccessDecisionManager(decisionManager); interceptor.setAuthenticationManager(authenticationManager); filters.add(interceptor); }
@Override public Class<?> getObjectType() { return FilterInvocationSecurityMetadataSource.class; }
@Override public FilterInvocationSecurityMetadataSource getObject() { logger.info("###### DefaultFilterInvocationSecurityMetadataSource has changed. ######"); return new DefaultFilterInvocationSecurityMetadataSource(buildRequestMap()); }
public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() { return this.securityMetadataSource; }
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) { this.securityMetadataSource = newSource; }
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource securityMetadataSource) { this.securityMetadataSource = securityMetadataSource; }
/** * Gets the security metadata source. * * @return the security metadata source */ public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() { return this.securityMetadataSource; }
/** * Sets the security metadata source. * * @param newSource * the new security metadata source */ public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource newSource) { this.securityMetadataSource = newSource; }
/** * The filter invocation definition source. * * @return The filter invocation definition source. */ public FilterInvocationSecurityMetadataSource getObjectDefinitionSource() { return objectDefinitionSource; }
/** * The filter invocation definition source. * * @param objectDefinitionSource The filter invocation definition source. */ public void setObjectDefinitionSource(FilterInvocationSecurityMetadataSource objectDefinitionSource) { this.objectDefinitionSource = objectDefinitionSource; }