org.springframework.security.web.util.matcher.RequestMatcher Java Examples
The following examples show how to use
org.springframework.security.web.util.matcher.RequestMatcher.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: CustomInvocationSecurityMetadataSourceService.java From bbs with GNU Affero General Public License v3.0 | 6 votes |
|
private void loadResourceDefine() {
// 在Web服务器启动时,提取系统中的所有权限。
//应当是资源为key, 权限为value。 资源通常为url, 权限就是那些以ROLE_为前缀的角色。 一个资源可以由多个权限来访问。
List<PermissionObject> query = aclService.findModulePermission();
if(query != null && query.size() >0){
for (PermissionObject permissionObject : query) {
String methods = null;
if(permissionObject.getMethods() != null && !"".equals(permissionObject.getMethods())){
methods = permissionObject.getMethods();
}
RequestMatcher matcher = new MyAntPathRequestMatcher(permissionObject.getUrl(), methods,true);
Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>();//权限
ConfigAttribute ca = new SecurityConfig(permissionObject.getPermissionName());
atts.add(ca);
if(requestMap.get(matcher) != null){//处理附加URL情况
requestMap.get(matcher).add(ca);
}else{
requestMap.put(matcher,atts);
}
}
}
}
Example #2
| Source File: WebSecurityConfig.java From bearchoke with Apache License 2.0 | 6 votes |
|
@Bean(name = "authFilter")
public Filter authFilter() throws Exception {
log.info("Creating authFilter...");
RequestMatcher antReqMatch = new AntPathRequestMatcher(API_LOGIN_URL);
List<RequestMatcher> reqMatches = new ArrayList<>();
reqMatches.add(antReqMatch);
RequestMatcher reqMatch = new AndRequestMatcher(reqMatches);
UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
filter.setPostOnly(true);
filter.setUsernameParameter(USERNAME);
filter.setPasswordParameter(PASSWORD);
filter.setRequiresAuthenticationRequestMatcher(reqMatch);
filter.setAuthenticationSuccessHandler(apiAuthenticationSuccessHandler);
filter.setAuthenticationFailureHandler(apiAuthenticationFailureHandler);
filter.setAuthenticationManager(authenticationManager());
return filter;
}
Example #3
| Source File: UrlResourcePopulator.java From lemon with Apache License 2.0 | 6 votes |
|
public void execute(FilterSecurityInterceptor filterSecurityInterceptor,
Map<String, String> resourceMap) {
Assert.notNull(filterSecurityInterceptor);
Assert.notNull(resourceMap);
logger.info("refresh url resource");
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = null;
requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
for (Map.Entry<String, String> entry : resourceMap.entrySet()) {
String key = entry.getKey();
String value = entry.getValue();
requestMap.put(new AntPathRequestMatcher(key),
SecurityConfig.createListFromCommaDelimitedString(value));
}
FilterInvocationSecurityMetadataSource source = new DefaultFilterInvocationSecurityMetadataSource(
requestMap);
filterSecurityInterceptor.setSecurityMetadataSource(source);
}
Example #4
| Source File: WebSecurityConfig.java From youkefu with Apache License 2.0 | 6 votes |
|
@Bean
public Filter tokenInfoTokenFilterSecurityInterceptor() throws Exception
{
RequestMatcher autconfig = new RegexRequestMatcher("/autoconfig([\\S\\s]*?)",null);
RequestMatcher configprops = new RegexRequestMatcher("/configprops([\\S\\s]*?)",null);
RequestMatcher beans = new RegexRequestMatcher("/beans([\\S\\s]*?)",null);
RequestMatcher dump = new RegexRequestMatcher("/dump([\\S\\s]*?)",null);
RequestMatcher env = new RegexRequestMatcher("/env([\\S\\s]*?)",null);
RequestMatcher health = new RegexRequestMatcher("/health([\\S\\s]*?)",null);
RequestMatcher info = new RegexRequestMatcher("/info([\\S\\s]*?)",null);
RequestMatcher mappings = new RegexRequestMatcher("/mappings([\\S\\s]*?)",null);
RequestMatcher metrics = new RegexRequestMatcher("/metrics([\\S\\s]*?)",null);
RequestMatcher trace = new RegexRequestMatcher("/trace([\\S\\s]*?)",null);
RequestMatcher druid = new RegexRequestMatcher("/druid([\\S\\s]*?)",null);
RequestMatcher admin = new RegexRequestMatcher("/admin([\\S\\s]*?)",null);
return new DelegateRequestMatchingFilter(autconfig , configprops , beans , dump , env , health , info , mappings , metrics , trace, druid , admin);
}
Example #5
| Source File: SecurityFilterConfig.java From cosmo with Apache License 2.0 | 6 votes |
|
@Bean
public FilterRegistrationBean<?> securityFilterChain() {
FilterSecurityInterceptor securityFilter = new FilterSecurityInterceptor();
securityFilter.setAuthenticationManager(this.authManager);
securityFilter.setAccessDecisionManager(this.davDecisionManager);
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> metadata = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
metadata.put(AnyRequestMatcher.INSTANCE, SecurityConfig.createList(ROLES));
securityFilter.setSecurityMetadataSource(new DefaultFilterInvocationSecurityMetadataSource(metadata));
/*
* Note that the order in which filters are defined is highly important.
*/
SecurityFilterChain filterChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE,
this.cosmoExceptionFilter, this.extraTicketFilter, this.ticketFilter,
new BasicAuthenticationFilter(authManager, this.authEntryPoint), securityFilter);
FilterChainProxy proxy = new FilterChainProxy(filterChain);
proxy.setFirewall(this.httpFirewall);
FilterRegistrationBean<?> filterBean = new FilterRegistrationBean<>(proxy);
filterBean.addUrlPatterns(PATH_DAV);
return filterBean;
}
Example #6
| Source File: ValidateCodeFilter.java From FEBS-Cloud with Apache License 2.0 | 6 votes |
|
@Override
protected void doFilterInternal(@Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse,
@Nonnull FilterChain filterChain) throws ServletException, IOException {
String header = httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION);
RequestMatcher matcher = new AntPathRequestMatcher(EndpointConstant.OAUTH_TOKEN, HttpMethod.POST.toString());
if (matcher.matches(httpServletRequest)
&& StringUtils.equalsIgnoreCase(httpServletRequest.getParameter(ParamsConstant.GRANT_TYPE), GrantTypeConstant.PASSWORD)) {
try {
validateCode(httpServletRequest);
filterChain.doFilter(httpServletRequest, httpServletResponse);
} catch (Exception e) {
FebsResponse febsResponse = new FebsResponse();
FebsUtil.makeFailureResponse(httpServletResponse, febsResponse.message(e.getMessage()));
log.error(e.getMessage(), e);
}
} else {
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
}
Example #7
| Source File: DelegateRequestMatchingFilter.java From youkefu with Apache License 2.0 | 6 votes |
|
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
boolean matchAnyRoles = false ;
for(RequestMatcher anyRequest : ignoredRequests ){
if(anyRequest.matches(request)){
matchAnyRoles = true ;
}
}
User user = (User) request.getSession().getAttribute(UKDataContext.USER_SESSION_NAME) ;
if(matchAnyRoles){
if(user !=null && "0".equals(user.getUsertype())){
chain.doFilter(req,resp);
}else{
//重定向到 无权限执行操作的页面
HttpServletResponse response = (HttpServletResponse) resp ;
response.sendRedirect("/?msg=security");
}
}else{
try{
chain.doFilter(req,resp);
}catch(ClientAbortException ex){
//Tomcat异常,不做处理
}
}
}
Example #8
| Source File: MyFilterInvocationSecurityMetadataSource.java From base-admin with MIT License | 6 votes |
|
/**
* 更新权限集合
*/
public void setRequestMap(List<SysAuthorityVo> authorityVoList){
Map<RequestMatcher, Collection<ConfigAttribute>> map = new ConcurrentHashMap<>();
for (SysAuthorityVo sysAuthorityVo : authorityVoList) {
String authorityName = sysAuthorityVo.getAuthorityName();
if (StringUtils.isEmpty(sysAuthorityVo.getAuthorityContent())) continue;
for (String url : sysAuthorityVo.getAuthorityContent().split(",")) {
Collection<ConfigAttribute> value = map.get(new AntPathRequestMatcher(url));
if (StringUtils.isEmpty(value)) {
ArrayList<ConfigAttribute> configs = new ArrayList<>();
configs.add(new SecurityConfig(authorityName));
map.put(new AntPathRequestMatcher(url), configs);
} else {
value.add(new SecurityConfig(authorityName));
}
}
}
this.requestMap = map;
}
Example #9
| Source File: AtlasSecurityConfig.java From incubator-atlas with Apache License 2.0 | 5 votes |
|
public DelegatingAuthenticationEntryPoint getDelegatingAuthenticationEntryPoint() {
LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPointMap = new LinkedHashMap<>();
entryPointMap.put(new RequestHeaderRequestMatcher("User-Agent", "Mozilla"), atlasAuthenticationEntryPoint);
DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint(entryPointMap);
entryPoint.setDefaultEntryPoint(getAuthenticationEntryPoint());
return entryPoint;
}
Example #10
| Source File: DatabaseSecurityMetadataSource.java From onetwo with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
protected final Map<RequestMatcher, Collection<ConfigAttribute>> getDefaultRequestMap() {
Map<RequestMatcher, Collection<ConfigAttribute>> requestMap = this.defaultRequestMap;
if (requestMap==null) {
DefaultFilterInvocationSecurityMetadataSource originMetadata = (DefaultFilterInvocationSecurityMetadataSource)filterSecurityInterceptor.getSecurityMetadataSource();
//这个内置实现不支持一个url映射到多个表达式
// ExpressionBasedFilterInvocationSecurityMetadataSource fism = new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, securityExpressionHandler);
requestMap = (Map<RequestMatcher, Collection<ConfigAttribute>>)ReflectUtils.getFieldValue(originMetadata, "requestMap", false);
this.defaultRequestMap = requestMap;
}
return requestMap;
}
Example #11
| Source File: SecurityUtils.java From fast-family-master with Apache License 2.0 | 5 votes |
|
public static boolean skipPathRequest(HttpServletRequest request, String[] whiteList) {
List<String> pathsToSkip = new ArrayList();
pathsToSkip.addAll(Arrays.asList(whiteList));
List<RequestMatcher> m = (List) pathsToSkip.stream().map((path) -> {
return new AntPathRequestMatcher(path);
}).collect(Collectors.toList());
OrRequestMatcher matchers = new OrRequestMatcher(m);
return matchers.matches(request);
}
Example #12
| Source File: RequestConfigMapping.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
public RequestConfigMapping(RequestMatcher matcher, Collection<ConfigAttribute> attributes) {
if (matcher == null) {
throw new IllegalArgumentException("matcher cannot be null");
}
Assert.notEmpty(attributes, "attributes cannot be null or emtpy");
this.matcher = matcher;
this.attributes = attributes;
}
Example #13
| Source File: JwtTokenAuthenticationProcessingFilter.java From IOT-Technical-Guide with Apache License 2.0 | 5 votes |
|
@Autowired
public JwtTokenAuthenticationProcessingFilter(AuthenticationFailureHandler failureHandler,
TokenExtractor tokenExtractor, RequestMatcher matcher) {
super(matcher);
this.failureHandler = failureHandler;
this.tokenExtractor = tokenExtractor;
}
Example #14
| Source File: CrustAuthenticationFilter.java From Milkomeda with MIT License | 5 votes |
|
protected boolean permissiveRequest(HttpServletRequest request) {
if (permissiveRequestMatchers == null)
return false;
for (RequestMatcher permissiveMatcher : permissiveRequestMatchers) {
if (permissiveMatcher.matches(request))
return true;
}
return false;
}
Example #15
| Source File: RequestConfigMapping.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
public RequestConfigMapping(RequestMatcher matcher, Collection<ConfigAttribute> attributes) {
if (matcher == null) {
throw new IllegalArgumentException("matcher cannot be null");
}
Assert.notEmpty(attributes, "attributes cannot be null or emtpy");
this.matcher = matcher;
this.attributes = attributes;
}
Example #16
| Source File: UrlSecurityMetadataSource.java From bdf3 with Apache License 2.0 | 5 votes |
|
public Collection<ConfigAttribute> getAttributes(Object object) {
final HttpServletRequest request = ((FilterInvocation) object).getRequest();
try {
for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : getRequestMap()
.entrySet()) {
if (entry.getKey().matches(request)) {
return entry.getValue();
}
}
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
Example #17
| Source File: JwtTokenAuthenticationProcessingFilter.java From springboot-security-jwt with MIT License | 5 votes |
|
@Autowired
public JwtTokenAuthenticationProcessingFilter(AuthenticationFailureHandler failureHandler,
TokenExtractor tokenExtractor, RequestMatcher matcher) {
super(matcher);
this.failureHandler = failureHandler;
this.tokenExtractor = tokenExtractor;
}
Example #18
| Source File: RequestConfigMapping.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
public RequestConfigMapping(RequestMatcher matcher, Collection<ConfigAttribute> attributes) {
if (matcher == null) {
throw new IllegalArgumentException("matcher cannot be null");
}
Assert.notEmpty(attributes, "attributes cannot be null or emtpy");
this.matcher = matcher;
this.attributes = attributes;
}
Example #19
| Source File: ServiceProviderEndpointsTest.java From spring-boot-security-saml with MIT License | 5 votes |
|
@Test
public void matchers() throws Exception {
ServiceProviderEndpoints endpoints = new ServiceProviderEndpoints();
endpoints.setDefaultFailureURL("/failure");
endpoints.setIdpSelectionPageURL("/idp");
endpoints.setSsoLoginURL("/login");
endpoints.setDiscoveryProcessingURL("/discovery");
endpoints.setDefaultTargetURL("/default");
endpoints.setLogoutURL("/logout");
endpoints.setMetadataURL("/metadata");
endpoints.setSingleLogoutURL("/slo");
endpoints.setSsoHoKProcessingURL("/hok");
endpoints.setSsoProcessingURL("/sso");
RequestMatcher matcher = endpoints.getRequestMatcher();
assertThat(matcher.matches(mockRequest("/failure"))).isTrue();
assertThat(matcher.matches(mockRequest("/idp"))).isTrue();
assertThat(matcher.matches(mockRequest("/login"))).isTrue();
assertThat(matcher.matches(mockRequest("/discovery"))).isTrue();
assertThat(matcher.matches(mockRequest("/default"))).isTrue();
assertThat(matcher.matches(mockRequest("/logout"))).isTrue();
assertThat(matcher.matches(mockRequest("/metadata"))).isTrue();
assertThat(matcher.matches(mockRequest("/slo"))).isTrue();
assertThat(matcher.matches(mockRequest("/hok"))).isTrue();
assertThat(matcher.matches(mockRequest("/sso"))).isTrue();
assertThat(matcher.matches(mockRequest("/sanity-check"))).isFalse();
}
Example #20
| Source File: MutipleRequestMatcher.java From onetwo with Apache License 2.0 | 5 votes |
|
@Override
public boolean matches(HttpServletRequest request) {
for(RequestMatcher matcher : matchers){
if(matcher.matches(request)){
return true;
}
}
return false;
}
Example #21
| Source File: AuthorizationService.java From codeway_service with GNU General Public License v3.0 | 5 votes |
|
/**
* 所有资源列表
* 一个页面的数组组装可能存在多个ajax,这里我使用逗号分隔的url字段来处理
*/
public Map<RequestMatcher, ConfigAttribute> resourceConfigAttributes() {
Set<Resource> resources = this.findResourceByCondition();
// 处理逗号分隔的url
Set<Resource> extendSets = new HashSet<>();
resources.forEach(resource -> {
if (StringUtils.isNotEmpty(resource.getUrl()) && resource.getUrl().contains(",")){
Arrays.asList(resource.getUrl().split(",")).forEach(urlSplit -> {
try {
Resource resourceClone = (Resource)resource.clone();
resourceClone.setId(String.valueOf(idGenerate.nextId()));
resourceClone.setUrl(urlSplit);
extendSets.add(resourceClone);
} catch (CloneNotSupportedException e) {
LogBack.error(e.getMessage());
e.printStackTrace();
}
});
}
});
resources.removeIf(resource -> StringUtils.isNotEmpty(resource.getUrl()) && resource.getUrl().contains(","));
resources.addAll(extendSets);
Map<RequestMatcher, ConfigAttribute> map = resources.stream().collect(Collectors.toMap(
resource -> {
MvcRequestMatcher mvcRequestMatcher = new MvcRequestMatcher(mvcHandlerMappingIntrospector, resource.getUrl());
mvcRequestMatcher.setMethod(HttpMethod.resolve(resource.getMethod()));
return mvcRequestMatcher;
},
resource -> new SecurityConfig(resource.getCode())
)
);
return map;
}
Example #22
| Source File: SamlAntMatcher.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
@Override
public boolean matches(final HttpServletRequest request) {
Collection<RequestMatcher> requestMatchers = disabledMatchers;
if (context.isSAMLEnabled()) {
requestMatchers = enabledMatchers;
}
return requestMatchers.stream().anyMatch(requestMatcher -> requestMatcher.matches(request));
}
Example #23
| Source File: UrlSourceBuilder.java From lemon with Apache License 2.0 | 5 votes |
|
public void refresh() {
if ((filterSecurityInterceptor == null) || (urlSourceFetcher == null)) {
logger.info(
"filterSecurityInterceptor : {}, urlSourceFetcher : {}",
filterSecurityInterceptor, urlSourceFetcher);
return;
}
logger.info("execute refresh");
Map<String, String> resourceMap = urlSourceFetcher.getSource(null);
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = null;
requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
for (Map.Entry<String, String> entry : resourceMap.entrySet()) {
String key = entry.getKey();
String value = entry.getValue();
requestMap.put(new AntPathRequestMatcher(key),
SecurityConfig.createListFromCommaDelimitedString(value));
}
FilterInvocationSecurityMetadataSource source = new DefaultFilterInvocationSecurityMetadataSource(
requestMap);
filterSecurityInterceptor.setSecurityMetadataSource(source);
}
Example #24
| Source File: SecurityConfig.java From ambari-logsearch with Apache License 2.0 | 5 votes |
|
private LogsearchFilter logSearchConfigStateFilter() {
RequestMatcher requestMatcher;
if (logSearchConfigApiConfig.isSolrFilterStorage() || logSearchConfigApiConfig.isZkFilterStorage()) {
requestMatcher = shipperConfigInputRequestMatcher();
} else {
requestMatcher = logsearchConfigRequestMatcher();
}
return new LogsearchFilter(requestMatcher, new ConfigStateProvider(logSearchConfigState, logSearchConfigApiConfig.isConfigApiEnabled()));
}
Example #25
| Source File: AtlasSecurityConfig.java From atlas with Apache License 2.0 | 5 votes |
|
public DelegatingAuthenticationEntryPoint getDelegatingAuthenticationEntryPoint() throws Exception {
LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPointMap = new LinkedHashMap<>();
entryPointMap.put(new RequestHeaderRequestMatcher(HeadersUtil.USER_AGENT_KEY, HeadersUtil.USER_AGENT_VALUE), atlasAuthenticationEntryPoint);
DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint(entryPointMap);
entryPoint.setDefaultEntryPoint(getAuthenticationEntryPoint());
return entryPoint;
}
Example #26
| Source File: JwtTokenAuthenticationFilter.java From quartz-manager with Apache License 2.0 | 5 votes |
|
private boolean skipPathRequest(HttpServletRequest request, List<String> pathsToSkip ) {
if(pathsToSkip == null)
pathsToSkip = new ArrayList<String>();
List<RequestMatcher> matchers = pathsToSkip.stream().map(path -> new AntPathRequestMatcher(path)).collect(Collectors.toList());
OrRequestMatcher compositeMatchers = new OrRequestMatcher(matchers);
return compositeMatchers.matches(request);
}
Example #27
| Source File: ExpressionFilterInvocationSecurityMetadataSource.java From oauth2-resource with MIT License | 5 votes |
|
@Override
public Collection<ConfigAttribute> getAllConfigAttributes() {
Set<ConfigAttribute> allAttributes = new HashSet<>();
for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : resourceMap
.entrySet()) {
allAttributes.addAll(entry.getValue());
}
return allAttributes;
}
Example #28
| Source File: LogsearchFilterTest.java From ambari-logsearch with Apache License 2.0 | 5 votes |
|
@Before
public void setUp() {
requestMatcher = strictMock(RequestMatcher.class);
statusProvider = strictMock(StatusProvider.class);
servletRequest = strictMock(HttpServletRequest.class);
servletResponse = strictMock(HttpServletResponse.class);
filterChain = strictMock(FilterChain.class);
expect(servletRequest.getRequestURI()).andReturn(REQUEST_URI).anyTimes();
}
Example #29
| Source File: JwtTokenAuthenticationProcessingFilter.java From Groza with Apache License 2.0 | 5 votes |
|
@Autowired
public JwtTokenAuthenticationProcessingFilter(AuthenticationFailureHandler failureHandler,
TokenExtractor tokenExtractor, RequestMatcher matcher) {
super(matcher);
this.failureHandler = failureHandler;
this.tokenExtractor = tokenExtractor;
}
Example #30
| Source File: ExpressionFilterInvocationSecurityMetadataSource.java From oauth2-resource with MIT License | 5 votes |
|
/**
* 此方法是为了判定用户请求的url 是否在权限表中,如果在权限表中,则返回给 decide 方法。
* object-->FilterInvocation
*/
@Override
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
FilterInvocation filterInvocation = (FilterInvocation) object;
HttpServletRequest request = filterInvocation.getHttpRequest();
if (resourceMap == null || resourceMap.size() == 0) {
loadResource(request);
}
String requestUrl = filterInvocation.getRequestUrl();
for (Map.Entry<RequestMatcher, Collection<ConfigAttribute>> entry : resourceMap
.entrySet()) {
if (entry.getKey().matches(request)) {
log.info("【" + requestUrl + "】匹配到DB权限列表");
return entry.getValue();
}
}
log.info("【" + requestUrl + "】不在DB权限列表当中,尝试匹配代码中的权限配置...");
/// return null; //默认白名单通过
// 返回代码定义的默认配置(authenticated、permitAll等)
Collection<ConfigAttribute> configAttributes = hardCodedSecurityMetadataSource.getAttributes(object);
if (configAttributes == null || configAttributes.size() == 0) {
log.info("【" + requestUrl + "】不在代码中的权限配置");
} else {
log.info("【" + requestUrl + "】匹配到代码中硬编码的配置或默认配置");
}
return configAttributes;
}
