Examples of org.springframework.security.access.ConfigAttribute

• org.springframework.security.access.ConfigAttribute
  Stores a security system related configuration attribute.

  When an {@link org.springframework.security.access.intercept.AbstractSecurityInterceptor}is set up, a list of configuration attributes is defined for secure object patterns. These configuration attributes have special meaning to a {@link RunAsManager}, {@link AccessDecisionManager} or AccessDecisionManager delegate.

  Stored at runtime with other ConfigAttributes for the same secure object target. @author Ben Alex

      for (Resources resource : resources) {
        Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
        // TODO:ZZQ 通过资源名称来表示具体的权限 注意：必须"ROLE_"开头
        // 关联代码：applicationContext-security.xml
        // 关联代码：com.huaxin.security.MyUserDetailServiceImpl#obtionGrantedAuthorities
        ConfigAttribute configAttribute = new SecurityConfig("ROLE_" + resource.getResKey());
        configAttributes.add(configAttribute);
        resourceMap.put(resource.getResUrl(), configAttributes);
      }
    }
  }

      return;
    }
    //所请求的资源拥有的权限(一个资源对多个权限)
    Iterator<ConfigAttribute> iterator = configAttributes.iterator();
    while(iterator.hasNext()) {
      ConfigAttribute configAttribute = iterator.next();
      //访问所请求资源所需要的权限
      String needPermission = configAttribute.getAttribute();
      //System.out.println("needPermission is " + needPermission);
      //用户所拥有的权限authentication
      for(GrantedAuthority ga : authentication.getAuthorities()) {
        if(needPermission.equals(ga.getAuthority())) {
          return;

        for(Map.Entry<MessageMatcher<?>,String> entry : matcherToExpression.entrySet()) {
            MessageMatcher<?> matcher = entry.getKey();
            String rawExpression = entry.getValue();
            Expression expression = handler.getExpressionParser().parseExpression(rawExpression);
            ConfigAttribute attribute = new MessageExpressionConfigAttribute(expression);
            matcherToAttrs.put(matcher, Arrays.asList(attribute));
        }
        return new DefaultMessageSecurityMetadataSource(matcherToAttrs);
    }

            if (failIfCalled) {
                fail("Should not have called this channel processor: " + configAttribute);
            }

            while (iter.hasNext()) {
                ConfigAttribute attr = (ConfigAttribute) iter.next();

                if (attr.getAttribute().equals(configAttribute)) {
                    invocation.getHttpResponse().sendRedirect("/redirected");

                    return;
                }
            }

    @Test
    public void returnsDelegateAttributes() throws Exception {
        List sources = new ArrayList();
        MethodSecurityMetadataSource delegate = mock(MethodSecurityMetadataSource.class);
        ConfigAttribute ca = mock(ConfigAttribute.class);
        List attributes = Arrays.asList(ca);
        Method toString = String.class.getMethod("toString");
        when(delegate.getAttributes(toString, String.class)).thenReturn(attributes);
        sources.add(delegate);
        mds = new DelegatingMethodSecurityMetadataSource(sources);

        DenyAgainVoter denyVoter = new DenyAgainVoter();
        list.add(voter);
        list.add(denyVoter);
        mock.setDecisionVoters(list);

        ConfigAttribute attr = new SecurityConfig("DENY_AGAIN_FOR_SURE");
        assertTrue(mock.supports(attr));

        ConfigAttribute badAttr = new SecurityConfig("WE_DONT_SUPPORT_THIS");
        assertTrue(!mock.supports(badAttr));
    }

    public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
        Iterator<ConfigAttribute> iter = attributes.iterator();

        while (iter.hasNext()) {
            ConfigAttribute attribute = iter.next();

            if (this.supports(attribute)) {
                return ACCESS_DENIED;
            }
        }

    public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
        Iterator<ConfigAttribute> iter = attributes.iterator();

        while (iter.hasNext()) {
            ConfigAttribute attribute = iter.next();

            if (this.supports(attribute)) {
                return ACCESS_DENIED;
            }
        }

        when(matcher1.matches(message)).thenReturn(true);

        Collection<ConfigAttribute> attrs = source.getAttributes(message);

        assertThat(attrs.size()).isEqualTo(1);
        ConfigAttribute attr = attrs.iterator().next();
        assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class);
        assertThat(((MessageExpressionConfigAttribute)attr).getAuthorizeExpression().getValue(rootObject)).isEqualTo(true);
    }

        when(matcher2.matches(message)).thenReturn(true);

        Collection<ConfigAttribute> attrs = source.getAttributes(message);

        assertThat(attrs.size()).isEqualTo(1);
        ConfigAttribute attr = attrs.iterator().next();
        assertThat(attr).isInstanceOf(MessageExpressionConfigAttribute.class);
        assertThat(((MessageExpressionConfigAttribute)attr).getAuthorizeExpression().getValue(rootObject)).isEqualTo(false);
    }