org.springframework.security.access.AccessDecisionVoter Java Examples
The following examples show how to use
org.springframework.security.access.AccessDecisionVoter.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: MyAccessDecisionManager.java From base-admin with MIT License | 6 votes |
@Override public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException { int deny = 0; for (AccessDecisionVoter voter : getDecisionVoters()) { int result = voter.vote(authentication, object, configAttributes); if (logger.isDebugEnabled()) { logger.debug("Voter: " + voter + ", returned: " + result); } switch (result) { case AccessDecisionVoter.ACCESS_GRANTED: return; case AccessDecisionVoter.ACCESS_DENIED: deny++; break; default: break; } } if (deny > 0) { throw new AccessDeniedException(messages.getMessage( "AbstractAccessDecisionManager.accessDenied", "Access is denied")); } // To get this far, every AccessDecisionVoter abstained checkAllowIfAllAbstainDecisions(); }
Example #2
Source File: SecurityConfig.java From base-admin with MIT License | 6 votes |
@Bean public DynamicallyUrlInterceptor dynamicallyUrlInterceptor(){ //首次获取 List<SysAuthorityVo> authorityVoList = sysAuthorityService.list(new SysAuthorityVo()).getData(); myFilterInvocationSecurityMetadataSource.setRequestMap(authorityVoList); //初始化拦截器并添加数据源(注意:不要手动new对象,把它交给spring管理,spring默认单例) DynamicallyUrlInterceptor interceptor = new DynamicallyUrlInterceptor(); interceptor.setSecurityMetadataSource(myFilterInvocationSecurityMetadataSource); //配置RoleVoter决策 List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>(); decisionVoters.add(new RoleVoter()); //设置认证决策管理器 interceptor.setAccessDecisionManager(new MyAccessDecisionManager(decisionVoters)); return interceptor; }
Example #3
Source File: CustomAuthorizationConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
public AccessDecisionManager accessDecisionManager2( CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) { List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList( new AuthenticatedVoter(), new RoleVoter(), new WebExpressionVoter(){{ setExpressionHandler(customWebSecurityExpressionHandler); }} ); return new UnanimousBased(decisionVoters); }
Example #4
Source File: LogAccessConfigAuthorizedVoterTest.java From lognavigator with Apache License 2.0 | 5 votes |
@Test public void testPreHandle_UserAuthorized() throws Exception { FilterInvocation filterInvocation = new FilterInvocation("/logs/log-with-oneuser-authorized/list", "GET"); TestingAuthenticationToken authenticatedUser = new TestingAuthenticationToken("oneuser", null); SecurityContextHolder.getContext().setAuthentication(authenticatedUser); int resultAccess = logAccessConfigAuthorizedVoter.vote(authenticatedUser, filterInvocation, Arrays.asList(GOOD_ATTRIBUTE)); Assert.assertEquals(AccessDecisionVoter.ACCESS_GRANTED, resultAccess); }
Example #5
Source File: MethodBasedSecurityConfig.java From onetwo with Apache License 2.0 | 5 votes |
/*** * 对应的方法决策器 */ @Override protected AccessDecisionManager accessDecisionManager() { AccessDecisionManager decisionManager = super.accessDecisionManager(); @SuppressWarnings("unchecked") List<AccessDecisionVoter<? extends Object>> decisionVoters = (List<AccessDecisionVoter<? extends Object>>)ReflectUtils.getFieldValue(decisionManager, "decisionVoters"); decisionVoters.add(new MethodWebExpressionVoter()); return decisionManager; }
Example #6
Source File: AppSpringModuleConfig.java From herd with Apache License 2.0 | 5 votes |
/** * Overridden to remove role prefix for the role voter. The application does not require any other access decision voters in the default configuration. */ /* * rawtypes must be suppressed because AffirmativeBased constructor takes in a raw typed list of AccessDecisionVoters */ @SuppressWarnings("rawtypes") @Override protected AccessDecisionManager accessDecisionManager() { List<AccessDecisionVoter<?>> decisionVoters = new ArrayList<>(); RoleVoter decisionVoter = new RoleVoter(); decisionVoter.setRolePrefix(""); decisionVoters.add(decisionVoter); return new AffirmativeBased(decisionVoters); }
Example #7
Source File: LogAccessConfigAuthorizedVoterTest.java From lognavigator with Apache License 2.0 | 5 votes |
@Test public void testPreHandle_RoleAuthorized() throws Exception { // given FilterInvocation filterInvocation = new FilterInvocation("/logs/log-with-onerole-authorized/list", "GET"); TestingAuthenticationToken authenticatedUser = new TestingAuthenticationToken("anyuser", null, "onerole"); SecurityContextHolder.getContext().setAuthentication(authenticatedUser); int resultAccess = logAccessConfigAuthorizedVoter.vote(authenticatedUser, filterInvocation, Arrays.asList(GOOD_ATTRIBUTE)); Assert.assertEquals(AccessDecisionVoter.ACCESS_GRANTED, resultAccess); }
Example #8
Source File: LogAccessConfigAuthorizedVoterTest.java From lognavigator with Apache License 2.0 | 5 votes |
@Test public void testPreHandle_UserNotAuthorizedButRoleAuthorized() throws Exception { FilterInvocation filterInvocation = new FilterInvocation("/logs/log-with-onerole-and-oneuser-authorized/list", "GET"); TestingAuthenticationToken authenticatedUser = new TestingAuthenticationToken("anyuser", null, "onerole"); SecurityContextHolder.getContext().setAuthentication(authenticatedUser); int resultAccess = logAccessConfigAuthorizedVoter.vote(authenticatedUser, filterInvocation, Arrays.asList(GOOD_ATTRIBUTE)); Assert.assertEquals(AccessDecisionVoter.ACCESS_GRANTED, resultAccess); }
Example #9
Source File: AccessDecisionManagerImpl.java From bdf3 with Apache License 2.0 | 5 votes |
public boolean supports(Class<?> clazz) { for (AccessDecisionVoter<? extends Object> voter : this.decisionVoters) { if (voter.supports(clazz)) { return true; } } return false; }
Example #10
Source File: AccessDecisionManagerImpl.java From bdf3 with Apache License 2.0 | 5 votes |
@SuppressWarnings({ "rawtypes", "unchecked" }) @Override public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException { if (userService.isAdministrator()) { return; } int deny = 0; for (AccessDecisionVoter voter : getDecisionVoters()) { if (voter.supports(object.getClass())) { int result = voter.vote(authentication, object, configAttributes); if (logger.isDebugEnabled()) { logger.debug("Voter: " + voter + ", returned: " + result); } switch (result) { case AccessDecisionVoter.ACCESS_GRANTED: return; case AccessDecisionVoter.ACCESS_DENIED: deny++; break; default: break; } } } if (deny > 0) { throw new AccessDeniedException(messages.getMessage( "AbstractAccessDecisionManager.accessDenied", "Access is denied")); } setAllowIfAllAbstainDecisions(allowIfAllAbstainDecisions); checkAllowIfAllAbstainDecisions(); }
Example #11
Source File: CustomAuthorizationConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
public AccessDecisionManager accessDecisionManager2( CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) { List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList( new AuthenticatedVoter(), new RoleVoter(), new WebExpressionVoter(){{ setExpressionHandler(customWebSecurityExpressionHandler); }} ); return new UnanimousBased(decisionVoters); }
Example #12
Source File: CustomAuthorizationConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
@Description("ConsensusBased AccessDecisionManager for Authorization voting") @Bean public AccessDecisionManager accessDecisionManager( CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) { List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList( new WebExpressionVoter(){{ setExpressionHandler(customWebSecurityExpressionHandler); }} ); return new ConsensusBased(decisionVoters); }
Example #13
Source File: CustomAuthorizationConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
@Description("AccessDecisionManager for Authorization voting") @Bean public AccessDecisionManager accessDecisionManager( CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) { List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList( new WebExpressionVoter(){{ setExpressionHandler(customWebSecurityExpressionHandler); }} ); return new ConsensusBased(decisionVoters); }
Example #14
Source File: CustomAuthorizationConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
@Description("ConsensusBased AccessDecisionManager for Authorization voting") @Bean public AccessDecisionManager accessDecisionManager( CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) { List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList( // new AuthenticatedVoter(), // new RoleVoter(), new WebExpressionVoter(){{ setExpressionHandler(customWebSecurityExpressionHandler); }} ); return new ConsensusBased(decisionVoters); }
Example #15
Source File: OpenApiSecurityConfigurer.java From spring-backend-boilerplate with Apache License 2.0 | 5 votes |
@Bean public AccessDecisionManager accessDecisionManager() { List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>(); decisionVoters.add(new RoleVoter()); decisionVoters.add(new AuthenticatedVoter()); decisionVoters.add(webExpressionVoter()); return new AffirmativeBased(decisionVoters); }
Example #16
Source File: WebAppSecurityConfig.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
@Override protected void configureUrlAuthorization( ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) { List<AccessDecisionVoter<?>> listOfVoters = new ArrayList<>(); listOfVoters.add(new WebExpressionVoter()); listOfVoters.add(molgenisAccessDecisionVoter()); expressionInterceptUrlRegistry.accessDecisionManager(new AffirmativeBased(listOfVoters)); expressionInterceptUrlRegistry.antMatchers("/").permitAll(); }
Example #17
Source File: MyAccessDecisionManager.java From oauth2-resource with MIT License | 5 votes |
/** * 方法是判定是否拥有权限的决策方法, * (1)authentication 是释CustomUserService中循环添加到 GrantedAuthority 对象中的权限信息集合. * (2)object 包含客户端发起的请求的request信息,可转换为 HttpServletRequest request = ((FilterInvocation) object).getHttpRequest(); * (3)configAttributes 为FilterInvocationSecurityMetadataSource的getAttributes(Object object)这个方法返回的结果,此方法是为了判定用户请求的url 是否在权限表中,如果在权限表中,则返回给 decide 方法 */ @SuppressWarnings("unchecked") @Override public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException { int deny = 0; for (AccessDecisionVoter voter : getDecisionVoters()) { int result = voter.vote(authentication, object, configAttributes); if (logger.isDebugEnabled()) { logger.debug("Voter: " + voter + ", returned: " + result); } switch (result) { case AccessDecisionVoter.ACCESS_GRANTED: return; case AccessDecisionVoter.ACCESS_DENIED: deny++; break; default: break; } } if (deny > 0) { throw new AccessDeniedException(messages.getMessage( "AbstractAccessDecisionManager.accessDenied", "Access is denied")); } // To get this far, every AccessDecisionVoter abstained checkAllowIfAllAbstainDecisions(); }
Example #18
Source File: WebSecurityConfig.java From tutorials with MIT License | 5 votes |
@Bean public AccessDecisionManager accessDecisionManager() { // @formatter: off List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList(new WebExpressionVoter(), new RoleVoter(), new AuthenticatedVoter(), new MinuteBasedVoter()); // @formatter: on return new UnanimousBased(decisionVoters); }
Example #19
Source File: SecurityConfig.java From tutorials with MIT License | 5 votes |
@Bean public AccessDecisionManager customAccessDecisionManager() { List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>(); decisionVoters.add(new RoleVoter()); decisionVoters.add(new UsernameAccessDecisionVoter()); AccessDecisionManager accessDecisionManager = new AffirmativeBased(decisionVoters); return accessDecisionManager; }
Example #20
Source File: SecurityConfig.java From feast with Apache License 2.0 | 5 votes |
/** * Creates an AccessDecisionManager if authorization is enabled. This object determines the policy * used to make authorization decisions. * * @return AccessDecisionManager */ @Bean @ConditionalOnProperty(prefix = "feast.security.authorization", name = "enabled") AccessDecisionManager accessDecisionManager() { final List<AccessDecisionVoter<?>> voters = new ArrayList<>(); voters.add(new AccessPredicateVoter()); return new UnanimousBased(voters); }
Example #21
Source File: JvueGlobalMethodSecurityConfiguration.java From jvue-admin with MIT License | 5 votes |
@Override public AccessDecisionManager accessDecisionManager() { List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>(); decisionVoters.add(jvueMethodAclVoter);// 启用自定义投票器 decisionVoters.add(new RoleVoter()); decisionVoters.add(new AuthenticatedVoter()); return new AffirmativeBased(decisionVoters); }
Example #22
Source File: SpringAuthManager.java From jdal with Apache License 2.0 | 5 votes |
@PostConstruct public void init() { if (this.accessDecisionManager == null) { if (log.isDebugEnabled()) log.debug("Creating default AffirmativeBased AccesDecisionManager with RoleVoter"); List<AccessDecisionVoter<? extends Object>> defaultVoters = new ArrayList<AccessDecisionVoter<? extends Object>>(); defaultVoters.add(new RoleVoter()); this.accessDecisionManager = new AffirmativeBased(defaultVoters); } }
Example #23
Source File: AccessDecisionManagerImpl.java From bdf3 with Apache License 2.0 | 4 votes |
@Autowired public AccessDecisionManagerImpl( List<AccessDecisionVoter<? extends Object>> decisionVoters) { super(decisionVoters); this.decisionVoters = decisionVoters; }
Example #24
Source File: LogAccessConfigAuthorizedVoterTest.java From lognavigator with Apache License 2.0 | 4 votes |
@Test public void testVote_BadAttribute() throws Exception { int resultAccess = logAccessConfigAuthorizedVoter.vote(null, new FilterInvocation(null, null), Arrays.asList(BAD_ATTRIBUTE)); Assert.assertEquals(AccessDecisionVoter.ACCESS_ABSTAIN, resultAccess); }
Example #25
Source File: SecurityConfiguration.java From haven-platform with Apache License 2.0 | 4 votes |
@Bean AccessDecisionManager accessDecisionManager() { ImmutableList.Builder<AccessDecisionVoter<?>> lb = ImmutableList.builder(); lb.add(new AdminRoleVoter()); return new AffirmativeBased(lb.build()); }
Example #26
Source File: ManualSecurityConfiguration.java From grpc-spring-boot-starter with MIT License | 4 votes |
@Bean AccessDecisionManager accessDecisionManager() { final List<AccessDecisionVoter<?>> voters = new ArrayList<>(); voters.add(new AccessPredicateVoter()); return new UnanimousBased(voters); }
Example #27
Source File: ManualSecurityConfiguration.java From grpc-spring-boot-starter with MIT License | 4 votes |
@Bean AccessDecisionManager accessDecisionManager() { final List<AccessDecisionVoter<?>> voters = new ArrayList<>(); voters.add(new AccessPredicateVoter()); return new UnanimousBased(voters); }
Example #28
Source File: MyAccessDecisionManager.java From oauth2-resource with MIT License | 4 votes |
protected MyAccessDecisionManager(List<AccessDecisionVoter<?>> decisionVoters) { super(decisionVoters); }
Example #29
Source File: LDAccessDecisionManager.java From document-management-software with GNU Lesser General Public License v3.0 | 4 votes |
public LDAccessDecisionManager(List<AccessDecisionVoter<? extends Object>> decisionVoters) { super(decisionVoters); }
Example #30
Source File: MyAccessDecisionManager.java From base-admin with MIT License | 4 votes |
MyAccessDecisionManager(List<AccessDecisionVoter<?>> decisionVoters) { super(decisionVoters); }