org.springframework.security.access.method.MethodSecurityMetadataSource Java Examples

The following examples show how to use org.springframework.security.access.method.MethodSecurityMetadataSource. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: OAuth2AutoConfigurationTests.java    From spring-security-oauth2-boot with Apache License 2.0 5 votes vote down vote up
@Test
public void testDefaultPrePostSecurityAnnotations() {
	this.context = new AnnotationConfigServletWebServerApplicationContext();
	this.context.register(AuthorizationAndResourceServerConfiguration.class, MinimalSecureWebApplication.class);
	this.context.refresh();
	this.context.getBean(OAuth2MethodSecurityConfiguration.class);
	ClientDetails config = this.context.getBean(ClientDetails.class);
	DelegatingMethodSecurityMetadataSource source = this.context
			.getBean(DelegatingMethodSecurityMetadataSource.class);
	List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
	assertThat(sources.size()).isEqualTo(1);
	assertThat(sources.get(0).getClass().getName())
			.isEqualTo(PrePostAnnotationSecurityMetadataSource.class.getName());
	verifyAuthentication(config);
}
 
Example #2
Source File: OAuth2AutoConfigurationTests.java    From spring-security-oauth2-boot with Apache License 2.0 5 votes vote down vote up
@Test
public void testClassicSecurityAnnotationOverride() {
	this.context = new AnnotationConfigServletWebServerApplicationContext();
	this.context.register(SecuredEnabledConfiguration.class, MinimalSecureWebApplication.class);
	this.context.refresh();
	this.context.getBean(OAuth2MethodSecurityConfiguration.class);
	ClientDetails config = this.context.getBean(ClientDetails.class);
	DelegatingMethodSecurityMetadataSource source = this.context
			.getBean(DelegatingMethodSecurityMetadataSource.class);
	List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
	assertThat(sources.size()).isEqualTo(1);
	assertThat(sources.get(0).getClass().getName())
			.isEqualTo(SecuredAnnotationSecurityMetadataSource.class.getName());
	verifyAuthentication(config, HttpStatus.OK);
}
 
Example #3
Source File: OAuth2AutoConfigurationTests.java    From spring-security-oauth2-boot with Apache License 2.0 5 votes vote down vote up
@Test
public void testJsr250SecurityAnnotationOverride() {
	this.context = new AnnotationConfigServletWebServerApplicationContext();
	this.context.register(Jsr250EnabledConfiguration.class, MinimalSecureWebApplication.class);
	this.context.refresh();
	this.context.getBean(OAuth2MethodSecurityConfiguration.class);
	ClientDetails config = this.context.getBean(ClientDetails.class);
	DelegatingMethodSecurityMetadataSource source = this.context
			.getBean(DelegatingMethodSecurityMetadataSource.class);
	List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
	assertThat(sources.size()).isEqualTo(1);
	assertThat(sources.get(0).getClass().getName()).isEqualTo(Jsr250MethodSecurityMetadataSource.class.getName());
	verifyAuthentication(config, HttpStatus.OK);
}
 
Example #4
Source File: OAuth2AutoConfigurationTests.java    From spring-security-oauth2-boot with Apache License 2.0 5 votes vote down vote up
@Test
public void testMethodSecurityBackingOff() {
	this.context = new AnnotationConfigServletWebServerApplicationContext();
	this.context.register(CustomMethodSecurity.class, TestSecurityConfiguration.class,
			MinimalSecureWebApplication.class);
	this.context.refresh();
	DelegatingMethodSecurityMetadataSource source = this.context
			.getBean(DelegatingMethodSecurityMetadataSource.class);
	List<MethodSecurityMetadataSource> sources = source.getMethodSecurityMetadataSources();
	assertThat(sources.size()).isEqualTo(1);
	assertThat(sources.get(0).getClass().getName())
			.isEqualTo(PrePostAnnotationSecurityMetadataSource.class.getName());
}
 
Example #5
Source File: BootMethodBasedSecurityConfig.java    From onetwo with Apache License 2.0 5 votes vote down vote up
@Override
@Bean
public MethodSecurityMetadataSource methodSecurityMetadataSource() {
	if(bootSpringConfig.isDev()){
		return new RelaodableDelegatingMethodSecurityMetadataSource(super.methodSecurityMetadataSource());
	}else{
		return super.methodSecurityMetadataSource();
	}
}
 
Example #6
Source File: MethodResourcePopulator.java    From lemon with Apache License 2.0 5 votes vote down vote up
public void execute(
        DelegatingMethodSecurityMetadataSource delegatingMethodSecurityMetadataSource,
        Map<String, String> resourceMap) {
    Assert.notNull(delegatingMethodSecurityMetadataSource);
    Assert.notNull(resourceMap);

    logger.info("refresh method resource");

    Map<String, List<ConfigAttribute>> methodMap = null;
    methodMap = new LinkedHashMap<String, List<ConfigAttribute>>();

    for (Map.Entry<String, String> entry : resourceMap.entrySet()) {
        methodMap.put(entry.getKey(), SecurityConfig
                .createListFromCommaDelimitedString(entry.getValue()));
    }

    MethodSecurityMetadataSource source = new MapBasedMethodSecurityMetadataSource(
            methodMap);
    List<MethodSecurityMetadataSource> sources = new ArrayList<MethodSecurityMetadataSource>();
    sources.add(source);

    List<MethodSecurityMetadataSource> methodSecurityMetadataSources = delegatingMethodSecurityMetadataSource
            .getMethodSecurityMetadataSources();
    methodSecurityMetadataSources.clear();
    methodSecurityMetadataSources.addAll(sources);

    Map attributeCache = (Map) BeanUtils.safeGetFieldValue(
            delegatingMethodSecurityMetadataSource, "attributeCache");
    attributeCache.clear();
}
 
Example #7
Source File: MethodSourceBuilder.java    From lemon with Apache License 2.0 5 votes vote down vote up
public void refresh() {
    if ((delegatingMethodSecurityMetadataSource == null)
            || (methodSourceFetcher == null)) {
        logger.info(
                "delegatingMethodSecurityMetadataSource : {}, methodSourceFetcher : {}",
                delegatingMethodSecurityMetadataSource, methodSourceFetcher);

        return;
    }

    logger.info("execute refresh");

    Map<String, List<ConfigAttribute>> methodMap = null;
    methodMap = new LinkedHashMap<String, List<ConfigAttribute>>();

    Map<String, String> resourceMap = methodSourceFetcher.getSource(null);

    for (Map.Entry<String, String> entry : resourceMap.entrySet()) {
        methodMap.put(entry.getKey(), SecurityConfig
                .createListFromCommaDelimitedString(entry.getValue()));
    }

    MethodSecurityMetadataSource source = new MapBasedMethodSecurityMetadataSource(
            methodMap);
    List<MethodSecurityMetadataSource> sources = new ArrayList<MethodSecurityMetadataSource>();
    sources.add(source);

    List<MethodSecurityMetadataSource> methodSecurityMetadataSources = delegatingMethodSecurityMetadataSource
            .getMethodSecurityMetadataSources();
    methodSecurityMetadataSources.clear();
    methodSecurityMetadataSources.addAll(sources);

    Map attributeCache = (Map) BeanUtils.safeGetFieldValue(
            delegatingMethodSecurityMetadataSource, "attributeCache");
    attributeCache.clear();
}
 
Example #8
Source File: RelaodableDelegatingMethodSecurityMetadataSource.java    From onetwo with Apache License 2.0 4 votes vote down vote up
public RelaodableDelegatingMethodSecurityMetadataSource(MethodSecurityMetadataSource methodSecurityMetadataSource) {
	super();
	this.delegatingMethodSecurityMetadataSource = methodSecurityMetadataSource;
}
 
Example #9
Source File: MethodBasedSecurityConfig.java    From onetwo with Apache License 2.0 4 votes vote down vote up
@Override
protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
	return jfishMethodSecurityMetadataSource();
}
 
Example #10
Source File: DenyMethodSecurityConfig.java    From tutorials with MIT License 4 votes vote down vote up
@Override
protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
    return new CustomPermissionAllowedMethodSecurityMetadataSource();
}