@Override protected void configureUrlAuthorization( ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) { @SuppressWarnings("rawtypes") List<AccessDecisionVoter> listOfVoters = new ArrayList<AccessDecisionVoter>(); listOfVoters.add(new WebExpressionVoter()); listOfVoters.add(new MolgenisAccessDecisionVoter()); expressionInterceptUrlRegistry.accessDecisionManager(new AffirmativeBased(listOfVoters)); expressionInterceptUrlRegistry.antMatchers("/").permitAll() // DAS datasource uses the database, unauthenticated users can // not see any data .antMatchers("/das/**").permitAll() .antMatchers("/myDas/**").permitAll() .antMatchers("/annotators/**").authenticated() .antMatchers("/charts/**").authenticated(); }
@Description("ConsensusBased AccessDecisionManager for Authorization voting") @Bean public AccessDecisionManager accessDecisionManager( CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) { List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList( // new AuthenticatedVoter(), // new RoleVoter(), new WebExpressionVoter(){{ setExpressionHandler(customWebSecurityExpressionHandler); }} ); return new ConsensusBased(decisionVoters); }
public AccessDecisionManager accessDecisionManager2( CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) { List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList( new AuthenticatedVoter(), new RoleVoter(), new WebExpressionVoter(){{ setExpressionHandler(customWebSecurityExpressionHandler); }} ); return new UnanimousBased(decisionVoters); }
@Description("AccessDecisionManager for Authorization voting") @Bean public AccessDecisionManager accessDecisionManager( CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) { List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList( new WebExpressionVoter(){{ setExpressionHandler(customWebSecurityExpressionHandler); }} ); return new ConsensusBased(decisionVoters); }
@Description("ConsensusBased AccessDecisionManager for Authorization voting") @Bean public AccessDecisionManager accessDecisionManager( CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) { List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList( new WebExpressionVoter(){{ setExpressionHandler(customWebSecurityExpressionHandler); }} ); return new ConsensusBased(decisionVoters); }
private void checkUrlAccessExpression() { log.debug("check if URL access expressions are allowed"); String[] names = context.getBeanDefinitionNames(); for (String name : names) { if (context.getBean(name) instanceof AbstractAccessDecisionManager) { for (AccessDecisionVoter v : ((AbstractAccessDecisionManager) context.getBean(name)).getDecisionVoters()) { if (v instanceof WebExpressionVoter) { log.debug("parse urlAccess as EL expression"); urlAccessExpression = true; return; } } } } log.debug("parse urlAccess as simple expression"); urlAccessExpression = false; }
@Bean public FilterSecurityInterceptor filterInvocationInterceptor(){ List<AccessDecisionVoter> vote = new ArrayList<AccessDecisionVoter>(Arrays.asList(new WebExpressionVoter())); AffirmativeBased voters = new AffirmativeBased(vote); voters.setAllowIfAllAbstainDecisions(false); FilterSecurityInterceptor bean = new FilterSecurityInterceptor(); bean.setAuthenticationManager(authenticationManager()); bean.setAccessDecisionManager(voters); bean.setSecurityMetadataSource(securityMetadataSource); bean.setMessageSource(messageSource); return bean; }
@Override protected void configureUrlAuthorization( ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) { List<AccessDecisionVoter<?>> listOfVoters = new ArrayList<>(); listOfVoters.add(new WebExpressionVoter()); listOfVoters.add(new MolgenisAccessDecisionVoter()); expressionInterceptUrlRegistry.accessDecisionManager(new AffirmativeBased(listOfVoters)); expressionInterceptUrlRegistry.antMatchers("/").permitAll().antMatchers("/fdp/**").permitAll() .antMatchers("/annotators/**").authenticated() .antMatchers("/charts/**").authenticated(); }
@SuppressWarnings("rawtypes") public static HandlerSecurityInterceptor create() { HandlerSecurityInterceptor interceptor = new HandlerSecurityInterceptor(); WebExpressionVoterAdapter voter = new WebExpressionVoterAdapter(new WebExpressionVoter()); AccessDecisionManager accessDecisionManager = new AffirmativeBased(Arrays.<AccessDecisionVoter> asList(voter)); interceptor.setAccessDecisionManager(accessDecisionManager); interceptor.setSecurityMetadataSource(new ExpressionBasedHandlerInvocationSecurityMetadataSource()); return interceptor; }
@Override protected void configureUrlAuthorization( ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) { List<AccessDecisionVoter<?>> listOfVoters = new ArrayList<>(); listOfVoters.add(new WebExpressionVoter()); listOfVoters.add(new MolgenisAccessDecisionVoter()); expressionInterceptUrlRegistry.accessDecisionManager(new AffirmativeBased(listOfVoters)); expressionInterceptUrlRegistry.antMatchers("/").permitAll() .antMatchers("/fdp/**").permitAll() .antMatchers("/annotators/**").authenticated(); }
@Bean public WebExpressionVoter webExpressionVoter() { WebExpressionVoter result = new WebExpressionVoter(); result.setExpressionHandler(rbacWebSecurityExpressionHandler()); return result; }
@Bean public AccessDecisionManager accessDecisionManager(){ AffirmativeBased affirmative = new AffirmativeBased(Arrays.asList(multiWebExpressionVoter(), new WebExpressionVoter(), new AuthenticatedVoter())); return affirmative; }
@Bean public WebExpressionVoter webExpressionVoter() { return new WebExpressionVoter(); }
public WebExpressionVoterAdapter(WebExpressionVoter webExpressionVoter) { this.webExpressionVoter = webExpressionVoter; }