Examples of org.springframework.security.web.util.matcher.RequestMatcher

Package org.springframework.security.web.util.matcher

Examples of org.springframework.security.web.util.matcher.RequestMatcher

org.springframework.security.web.util.matcher.RequestMatcher
Simple strategy to match an HttpServletRequest. @author Luke Taylor @since 3.0.2


        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setDefaultTargetUrl(targetUrl);
        successHandler.setAlwaysUseDefaultTargetUrl( Boolean.parseBoolean( alwaysUseTargetUrl ) );
        filter.setAuthenticationSuccessHandler( successHandler);
    filter.setRequiresAuthenticationRequestMatcher(new RequestMatcher() {
      
          // copied from AbstractAuthenticationProcessingFilter
      @Override
      public boolean matches(HttpServletRequest request) {
        String uri = request.getRequestURI();

View Full Code Here

    private void checkPathOrder(List<SecurityFilterChain> filterChains) {
        // Check that the universal pattern is listed at the end, if at all
        Iterator<SecurityFilterChain> chains = filterChains.iterator();


        while (chains.hasNext()) {
            RequestMatcher matcher = ((DefaultSecurityFilterChain)chains.next()).getRequestMatcher();
            if (AnyRequestMatcher.INSTANCE.equals(matcher) && chains.hasNext()) {
                throw new IllegalArgumentException("A universal match pattern ('/**') is defined " +
                        " before other patterns in the filter chain, causing them to be ignored. Please check the " +
                        "ordering in your <security:http> namespace or FilterChainProxy bean configuration");
            }

View Full Code Here

            throw new IllegalStateException("An incomplete mapping was found for " + unmappedMatchers +". Try completing it with something like requestUrls().<something>.hasRole('USER')");
        }


        LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
        for (UrlMapping mapping : getUrlMappings()) {
            RequestMatcher matcher = mapping.getRequestMatcher();
            Collection<ConfigAttribute> configAttrs = mapping.getConfigAttrs();
            requestMap.put(matcher,configAttrs);
        }
        return requestMap;
    }

View Full Code Here


        LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestToExpressionAttributesMap =
            new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>(requestMap);


        for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : requestMap.entrySet()) {
            RequestMatcher request = entry.getKey();
            Assert.isTrue(entry.getValue().size() == 1, "Expected a single expression attribute for " + request);
            ArrayList<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(1);
            String expression = entry.getValue().toArray(new ConfigAttribute[1])[0].getAttribute();
            logger.debug("Adding web access control expression '" + expression + "', for " + request);
            try {

View Full Code Here

        ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
        if(contentNegotiationStrategy == null) {
            contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
        }


        RequestMatcher notFavIcon = new NegatedRequestMatcher(new AntPathRequestMatcher("/**/favicon.ico"));


        MediaTypeRequestMatcher jsonRequest = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_JSON);
        jsonRequest.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
        RequestMatcher notJson = new NegatedRequestMatcher(jsonRequest);


        RequestMatcher notXRequestedWith = new NegatedRequestMatcher(new RequestHeaderRequestMatcher("X-Requested-With","XMLHttpRequest"));


        boolean isCsrfEnabled = http.getConfigurer(CsrfConfigurer.class) != null;


        List<RequestMatcher> matchers = new ArrayList<RequestMatcher>();
        if(isCsrfEnabled) {
            RequestMatcher getRequests = new AntPathRequestMatcher("/**", "GET");
            matchers.add(0, getRequests);
        }
        matchers.add(notFavIcon);
        matchers.add(notJson);
        matchers.add(notXRequestedWith);

View Full Code Here

    }


    @Test
    public void testDefaultEntryPoint() throws Exception {
        AuthenticationEntryPoint firstAEP = mock(AuthenticationEntryPoint.class);
        RequestMatcher firstRM = mock(RequestMatcher.class);
        when(firstRM.matches(request)).thenReturn(false);
        entryPoints.put(firstRM, firstAEP);


        daep.commence(request, null, null);


        verify(defaultEntryPoint).commence(request, null, null);

View Full Code Here

    }


    @Test
    public void testFirstEntryPoint() throws Exception {
        AuthenticationEntryPoint firstAEP = mock(AuthenticationEntryPoint.class);
        RequestMatcher firstRM = mock(RequestMatcher.class);
        AuthenticationEntryPoint secondAEP = mock(AuthenticationEntryPoint.class);
        RequestMatcher secondRM = mock(RequestMatcher.class);
        when(firstRM.matches(request)).thenReturn(true);
        entryPoints.put(firstRM, firstAEP);
        entryPoints.put(secondRM, secondAEP);


        daep.commence(request, null, null);

View Full Code Here

    }


    @Test
    public void testSecondEntryPoint() throws Exception {
        AuthenticationEntryPoint firstAEP = mock(AuthenticationEntryPoint.class);
        RequestMatcher firstRM = mock(RequestMatcher.class);
        AuthenticationEntryPoint secondAEP = mock(AuthenticationEntryPoint.class);
        RequestMatcher secondRM = mock(RequestMatcher.class);
        when(firstRM.matches(request)).thenReturn(false);
        when(secondRM.matches(request)).thenReturn(true);
        entryPoints.put(firstRM, firstAEP);
        entryPoints.put(secondRM, secondAEP);


        daep.commence(request, null, null);

View Full Code Here

    }


    @Test
    public void requestMatcherDefinesCorrectSubsetOfCachedRequests() throws Exception {
        HttpSessionRequestCache cache = new HttpSessionRequestCache();
        cache.setRequestMatcher(new RequestMatcher() {
            public boolean matches(HttpServletRequest request) {
                return request.getMethod().equals("GET");
            }
        });

View Full Code Here

  /**
   * Default constructor.
   * @param defaultFilterProcessesUrl the url of the filter
   */
  public OpenIDAuthFilter(final String defaultFilterProcessesUrl) {
    setRequiresAuthenticationRequestMatcher(new RequestMatcher() {
      public boolean matches(HttpServletRequest request) {
        String uri = request.getRequestURI();
        boolean matches;
        if ("".equals(request.getContextPath())) {
          matches = uri.endsWith(defaultFilterProcessesUrl);

View Full Code Here

0 1

TOP

Related Classes of org.springframework.security.web.util.matcher.RequestMatcher

$.SecurityConfig

com.erudika.para.security.OpenIDAuthFilter

com.erudika.para.security.SecurityConfig

nu.localhost.tapestry5.springsecurity.services.SecurityModule

org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration$ApplicationNoWebSecurityConfigurerAdapter

org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry

org.springframework.security.config.annotation.web.configurers.RequestCacheConfigurer

org.springframework.security.config.http.DefaultFilterChainValidator

org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource

org.springframework.security.web.authentication.DelegatingAuthenticationEntryPointTests

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.