org.springframework.security.config.annotation.ObjectPostProcessor Java Examples

The following examples show how to use org.springframework.security.config.annotation.ObjectPostProcessor. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AuthenticationHandler.java    From blackduck-alert with Apache License 2.0 6 votes vote down vote up
private ObjectPostProcessor<AffirmativeBased> createRoleProcessor() {
    return new ObjectPostProcessor<>() {
        @Override
        public AffirmativeBased postProcess(AffirmativeBased affirmativeBased) {
            WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
            DefaultWebSecurityExpressionHandler expressionHandler = new DefaultWebSecurityExpressionHandler();
            expressionHandler.setRoleHierarchy(authorities -> {
                String[] allAlertRoles = retrieveAllowedRoles();
                return AuthorityUtils.createAuthorityList(allAlertRoles);
            });
            webExpressionVoter.setExpressionHandler(expressionHandler);
            affirmativeBased.getDecisionVoters().add(webExpressionVoter);
            return affirmativeBased;
        }
    };
}
 
Example #2
Source File: ServiceProviderBuilder.java    From spring-boot-security-saml with MIT License 5 votes vote down vote up
public ServiceProviderBuilder() {
    super(new ObjectPostProcessor<Object>() {
        @Override
        public <T> T postProcess(T object) {
            return object;
        }
    }, false);
}
 
Example #3
Source File: CasSecurityConfigurerAdapter.java    From onetwo with Apache License 2.0 5 votes vote down vote up
@Override
    protected void configure(HttpSecurity http) throws Exception {
		//DefaultFilterInvocationSecurityMetadataSource
//		AjaxAuthenticationHandler authHandler = new AjaxAuthenticationHandler("/login", "/plugins/permission/admin");

		casFilter.setAuthenticationManager(authenticationManager());
	    http
	    	.headers()
				.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN))
			.and()
			.exceptionHandling()
				.authenticationEntryPoint(casEntryPoint)
			.and()
//			.authenticationProvider(casAuthenticationProvider)
			.addFilter(casFilter)
	    	.authorizeRequests()
	    		.anyRequest().authenticated()//去掉会启动失败,原因未知
	    		.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {

					@Override
                    public <O extends FilterSecurityInterceptor> O postProcess(O object) {
						if(securityMetadataSourceBuilder!=null){
							securityMetadataSourceBuilder.setFilterSecurityInterceptor(object);
							securityMetadataSourceBuilder.buildSecurityMetadataSource();
						}
	                    return object;
                    }
	    			
				})
			.and()
	    	.sessionManagement()
	    		.maximumSessions(1)
	    		.maxSessionsPreventsLogin(true);
    }
 
Example #4
Source File: DefaultUrlSecurityConfigurer.java    From onetwo with Apache License 2.0 5 votes vote down vote up
protected void configure(HttpSecurity http) throws Exception {
		if(LangUtils.isNotEmpty(authenticationProviders)){
			authenticationProviders.forEach(authProvider->http.authenticationProvider(authProvider));
		}
		http.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
			@Override
			public <O extends FilterSecurityInterceptor> O postProcess(O fsi) {
				if(securityMetadataSourceBuilder!=null){
					securityMetadataSourceBuilder.setFilterSecurityInterceptor(fsi);
					securityMetadataSourceBuilder.buildSecurityMetadataSource();
				}
				return fsi;
			}
		});
		
		/*for(Entry<String[], String> entry : this.securityConfig.getIntercepterUrls().entrySet()){
			http.authorizeRequests().antMatchers(entry.getKey()).access(entry.getValue());
		}
		
		for(InterceptersConfig interConfig : this.securityConfig.getIntercepters()){
			http.authorizeRequests().antMatchers(interConfig.getPathPatterns()).access(interConfig.getAccess());
		}*/
		configIntercepterUrls(http, securityConfig.getIntercepterUrls(), securityConfig.getIntercepters());

//		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
		configureAnyRequest(http);
		
		webConfigure(http);
		defaultConfigure(http);
	}
 
Example #5
Source File: StatelessAuthenticationSecurityConfig.java    From boot-stateless-social with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	// Set a custom successHandler on the SocialAuthenticationFilter
	final SpringSocialConfigurer socialConfigurer = new SpringSocialConfigurer();
	socialConfigurer.addObjectPostProcessor(new ObjectPostProcessor<SocialAuthenticationFilter>() {
		@Override
		public <O extends SocialAuthenticationFilter> O postProcess(O socialAuthenticationFilter) {
			socialAuthenticationFilter.setAuthenticationSuccessHandler(socialAuthenticationSuccessHandler);
			return socialAuthenticationFilter;
		}
	});

	http.exceptionHandling().and().anonymous().and().servletApi().and().headers().cacheControl().and()
			.authorizeRequests()

			//allow anonymous font and template requests
			.antMatchers("/").permitAll()
			.antMatchers("/favicon.ico").permitAll()
			.antMatchers("/resources/**").permitAll()

			//allow anonymous calls to social login
			.antMatchers("/auth/**").permitAll()

			//allow anonymous GETs to API
			.antMatchers(HttpMethod.GET, "/api/**").permitAll()

			//defined Admin only API area
			.antMatchers("/admin/**").hasRole("ADMIN")

			//all other request need to be authenticated
			.antMatchers(HttpMethod.GET, "/api/users/current/details").hasRole("USER")
			.anyRequest().hasRole("USER").and()

			// add custom authentication filter for complete stateless JWT based authentication
			.addFilterBefore(statelessAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class)

			// apply the configuration from the socialConfigurer (adds the SocialAuthenticationFilter)
			.apply(socialConfigurer.userIdSource(userIdSource));
}
 
Example #6
Source File: RbacBaseSecurityConfigurerAdapter.java    From onetwo with Apache License 2.0 4 votes vote down vote up
@Override
    protected void configure(HttpSecurity http) throws Exception {
		//DefaultFilterInvocationSecurityMetadataSource
		AjaxAuthenticationHandler authHandler = new AjaxAuthenticationHandler("/login", "/plugins/permission/admin");
	    http
	    	.headers()
				.addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN))
				.and()
	    	.authorizeRequests()
	    		.anyRequest().authenticated()
	    		.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {

					@Override
                    public <O extends FilterSecurityInterceptor> O postProcess(O object) {
//						object.setRejectPublicInvocations(true);
						/*if(securityMetadataSource!=null){
							object.setSecurityMetadataSource(securityMetadataSource);
						}*/
						if(securityMetadataSourceBuilder!=null){
//							object.setSecurityMetadataSource(databaseSecurityMetadataSource.convertTo(object.getSecurityMetadataSource()));
							securityMetadataSourceBuilder.setFilterSecurityInterceptor(object);
							securityMetadataSourceBuilder.buildSecurityMetadataSource();
						}
	                    return object;
                    }
	    			
				})
				.and()
			.formLogin()
	    		.loginPage("/login")
	    		.loginProcessingUrl("/dologin")
				.successHandler(authHandler)
				.failureHandler(authHandler)
	    		.and()
	    	.logout()
	    		.deleteCookies("JSESSIONID")
	    		.invalidateHttpSession(true)
	    		.and()
	    	.sessionManagement()
	    		.maximumSessions(1)
	    		.maxSessionsPreventsLogin(true);
//	    		.failureUrl("/login?loginError=1")
	    	;
    }
 
Example #7
Source File: LdapAuthenticationProviderConfigurer.java    From gravitee-management-rest-api with Apache License 2.0 2 votes vote down vote up
/**
 * Adds an {@link ObjectPostProcessor} for this class.
 *
 * @param objectPostProcessor
 * @return the {@link ChannelSecurityConfigurer} for further customizations
 */
public LdapAuthenticationProviderConfigurer<B> withObjectPostProcessor(
        ObjectPostProcessor<?> objectPostProcessor) {
    addObjectPostProcessor(objectPostProcessor);
    return this;
}