org.springframework.security.access.AccessDecisionVoter Java Examples

The following examples show how to use org.springframework.security.access.AccessDecisionVoter. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: MyAccessDecisionManager.java    From base-admin with MIT License 6 votes vote down vote up
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
        throws AccessDeniedException, InsufficientAuthenticationException {
    int deny = 0;

    for (AccessDecisionVoter voter : getDecisionVoters()) {
        int result = voter.vote(authentication, object, configAttributes);

        if (logger.isDebugEnabled()) {
            logger.debug("Voter: " + voter + ", returned: " + result);
        }

        switch (result) {
            case AccessDecisionVoter.ACCESS_GRANTED:
                return;

            case AccessDecisionVoter.ACCESS_DENIED:
                deny++;

                break;

            default:
                break;
        }
    }

    if (deny > 0) {
        throw new AccessDeniedException(messages.getMessage(
                "AbstractAccessDecisionManager.accessDenied", "Access is denied"));
    }

    // To get this far, every AccessDecisionVoter abstained
    checkAllowIfAllAbstainDecisions();
}
 
Example #2
Source File: SecurityConfig.java    From base-admin with MIT License 6 votes vote down vote up
@Bean
public DynamicallyUrlInterceptor dynamicallyUrlInterceptor(){
    //首次获取
    List<SysAuthorityVo> authorityVoList = sysAuthorityService.list(new SysAuthorityVo()).getData();
    myFilterInvocationSecurityMetadataSource.setRequestMap(authorityVoList);
    //初始化拦截器并添加数据源(注意:不要手动new对象,把它交给spring管理,spring默认单例)
    DynamicallyUrlInterceptor interceptor = new DynamicallyUrlInterceptor();
    interceptor.setSecurityMetadataSource(myFilterInvocationSecurityMetadataSource);

    //配置RoleVoter决策
    List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>();
    decisionVoters.add(new RoleVoter());

    //设置认证决策管理器
    interceptor.setAccessDecisionManager(new MyAccessDecisionManager(decisionVoters));
    return interceptor;
}
 
Example #3
Source File: CustomAuthorizationConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
public AccessDecisionManager accessDecisionManager2(
        CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) {
    List<AccessDecisionVoter<? extends Object>> decisionVoters
            = Arrays.asList(
            new AuthenticatedVoter(),
            new RoleVoter(),
            new WebExpressionVoter(){{
                setExpressionHandler(customWebSecurityExpressionHandler);
            }}
    );
    return new UnanimousBased(decisionVoters);
}
 
Example #4
Source File: LogAccessConfigAuthorizedVoterTest.java    From lognavigator with Apache License 2.0 5 votes vote down vote up
@Test
public void testPreHandle_UserAuthorized() throws Exception {
	
	FilterInvocation filterInvocation = new FilterInvocation("/logs/log-with-oneuser-authorized/list", "GET");
	TestingAuthenticationToken authenticatedUser = new TestingAuthenticationToken("oneuser", null);
	SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
	
	int resultAccess = logAccessConfigAuthorizedVoter.vote(authenticatedUser, filterInvocation, Arrays.asList(GOOD_ATTRIBUTE));
	
	Assert.assertEquals(AccessDecisionVoter.ACCESS_GRANTED, resultAccess);
}
 
Example #5
Source File: MethodBasedSecurityConfig.java    From onetwo with Apache License 2.0 5 votes vote down vote up
/***
 * 对应的方法决策器
 */
@Override
protected AccessDecisionManager accessDecisionManager() {
	AccessDecisionManager decisionManager = super.accessDecisionManager();
	@SuppressWarnings("unchecked")
	List<AccessDecisionVoter<? extends Object>> decisionVoters = (List<AccessDecisionVoter<? extends Object>>)ReflectUtils.getFieldValue(decisionManager, "decisionVoters");
	decisionVoters.add(new MethodWebExpressionVoter());
	return decisionManager;
}
 
Example #6
Source File: AppSpringModuleConfig.java    From herd with Apache License 2.0 5 votes vote down vote up
/**
 * Overridden to remove role prefix for the role voter. The application does not require any other access decision voters in the default configuration.
 */
/*
 * rawtypes must be suppressed because AffirmativeBased constructor takes in a raw typed list of AccessDecisionVoters
 */
@SuppressWarnings("rawtypes")
@Override
protected AccessDecisionManager accessDecisionManager()
{
    List<AccessDecisionVoter<?>> decisionVoters = new ArrayList<>();
    RoleVoter decisionVoter = new RoleVoter();
    decisionVoter.setRolePrefix("");
    decisionVoters.add(decisionVoter);
    return new AffirmativeBased(decisionVoters);
}
 
Example #7
Source File: LogAccessConfigAuthorizedVoterTest.java    From lognavigator with Apache License 2.0 5 votes vote down vote up
@Test
public void testPreHandle_RoleAuthorized() throws Exception {
	
	// given
	FilterInvocation filterInvocation = new FilterInvocation("/logs/log-with-onerole-authorized/list", "GET");
	TestingAuthenticationToken authenticatedUser = new TestingAuthenticationToken("anyuser", null, "onerole");
	SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
	
	int resultAccess = logAccessConfigAuthorizedVoter.vote(authenticatedUser, filterInvocation, Arrays.asList(GOOD_ATTRIBUTE));
	
	Assert.assertEquals(AccessDecisionVoter.ACCESS_GRANTED, resultAccess);
}
 
Example #8
Source File: LogAccessConfigAuthorizedVoterTest.java    From lognavigator with Apache License 2.0 5 votes vote down vote up
@Test
public void testPreHandle_UserNotAuthorizedButRoleAuthorized() throws Exception {
	
	FilterInvocation filterInvocation = new FilterInvocation("/logs/log-with-onerole-and-oneuser-authorized/list", "GET");
	TestingAuthenticationToken authenticatedUser = new TestingAuthenticationToken("anyuser", null, "onerole");
	SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
	
	int resultAccess = logAccessConfigAuthorizedVoter.vote(authenticatedUser, filterInvocation, Arrays.asList(GOOD_ATTRIBUTE));
	
	Assert.assertEquals(AccessDecisionVoter.ACCESS_GRANTED, resultAccess);
}
 
Example #9
Source File: AccessDecisionManagerImpl.java    From bdf3 with Apache License 2.0 5 votes vote down vote up
public boolean supports(Class<?> clazz) {
	for (AccessDecisionVoter<? extends Object> voter : this.decisionVoters) {
		if (voter.supports(clazz)) {
			return true;
		}
	}

	return false;
}
 
Example #10
Source File: AccessDecisionManagerImpl.java    From bdf3 with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public void decide(Authentication authentication, Object object,
		Collection<ConfigAttribute> configAttributes)
		throws AccessDeniedException, InsufficientAuthenticationException {
	if (userService.isAdministrator()) {
		return;
	}
	int deny = 0;
	for (AccessDecisionVoter voter : getDecisionVoters()) {
		if (voter.supports(object.getClass())) {
			int result = voter.vote(authentication, object, configAttributes);
			if (logger.isDebugEnabled()) {
				logger.debug("Voter: " + voter + ", returned: " + result);
			}
			switch (result) {
			case AccessDecisionVoter.ACCESS_GRANTED:
				return;
			case AccessDecisionVoter.ACCESS_DENIED:
				deny++;
				break;
			default:
				break;
			}
		}
	}

	if (deny > 0) {
		throw new AccessDeniedException(messages.getMessage(
				"AbstractAccessDecisionManager.accessDenied", "Access is denied"));
	}

	setAllowIfAllAbstainDecisions(allowIfAllAbstainDecisions);
	checkAllowIfAllAbstainDecisions();

}
 
Example #11
Source File: CustomAuthorizationConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
public AccessDecisionManager accessDecisionManager2(
        CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) {
    List<AccessDecisionVoter<? extends Object>> decisionVoters
            = Arrays.asList(
            new AuthenticatedVoter(),
            new RoleVoter(),
            new WebExpressionVoter(){{
                setExpressionHandler(customWebSecurityExpressionHandler);
            }}
    );
    return new UnanimousBased(decisionVoters);
}
 
Example #12
Source File: CustomAuthorizationConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Description("ConsensusBased AccessDecisionManager for Authorization voting")
@Bean
public AccessDecisionManager accessDecisionManager(
        CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) {
    List<AccessDecisionVoter<? extends Object>> decisionVoters
            = Arrays.asList(
            new WebExpressionVoter(){{
                setExpressionHandler(customWebSecurityExpressionHandler);
            }}
    );
    return new ConsensusBased(decisionVoters);
}
 
Example #13
Source File: CustomAuthorizationConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Description("AccessDecisionManager for Authorization voting")
@Bean
public AccessDecisionManager accessDecisionManager(
        CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) {
    List<AccessDecisionVoter<? extends Object>> decisionVoters
            = Arrays.asList(
            new WebExpressionVoter(){{
                setExpressionHandler(customWebSecurityExpressionHandler);
            }}
    );
    return new ConsensusBased(decisionVoters);
}
 
Example #14
Source File: CustomAuthorizationConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Description("ConsensusBased AccessDecisionManager for Authorization voting")
    @Bean
    public AccessDecisionManager accessDecisionManager(
            CustomWebSecurityExpressionHandler customWebSecurityExpressionHandler) {
        List<AccessDecisionVoter<? extends Object>> decisionVoters
                = Arrays.asList(
//                new AuthenticatedVoter(),
//                new RoleVoter(),
                new WebExpressionVoter(){{
                    setExpressionHandler(customWebSecurityExpressionHandler);
                }}
        );
        return new ConsensusBased(decisionVoters);
    }
 
Example #15
Source File: OpenApiSecurityConfigurer.java    From spring-backend-boilerplate with Apache License 2.0 5 votes vote down vote up
@Bean
public AccessDecisionManager accessDecisionManager() {
    List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>();
    decisionVoters.add(new RoleVoter());
    decisionVoters.add(new AuthenticatedVoter());
    decisionVoters.add(webExpressionVoter());
    return new AffirmativeBased(decisionVoters);
}
 
Example #16
Source File: WebAppSecurityConfig.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
protected void configureUrlAuthorization(
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry
        expressionInterceptUrlRegistry) {
  List<AccessDecisionVoter<?>> listOfVoters = new ArrayList<>();
  listOfVoters.add(new WebExpressionVoter());
  listOfVoters.add(molgenisAccessDecisionVoter());
  expressionInterceptUrlRegistry.accessDecisionManager(new AffirmativeBased(listOfVoters));

  expressionInterceptUrlRegistry.antMatchers("/").permitAll();
}
 
Example #17
Source File: MyAccessDecisionManager.java    From oauth2-resource with MIT License 5 votes vote down vote up
/**
 * 方法是判定是否拥有权限的决策方法,
 * (1)authentication 是释CustomUserService中循环添加到 GrantedAuthority 对象中的权限信息集合.
 * (2)object 包含客户端发起的请求的request信息,可转换为 HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
 * (3)configAttributes 为FilterInvocationSecurityMetadataSource的getAttributes(Object object)这个方法返回的结果,此方法是为了判定用户请求的url 是否在权限表中,如果在权限表中,则返回给 decide 方法
 */
@SuppressWarnings("unchecked")
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
    throws AccessDeniedException, InsufficientAuthenticationException {
    int deny = 0;
    for (AccessDecisionVoter voter : getDecisionVoters()) {
        int result = voter.vote(authentication, object, configAttributes);

        if (logger.isDebugEnabled()) {
            logger.debug("Voter: " + voter + ", returned: " + result);
        }
        switch (result) {
            case AccessDecisionVoter.ACCESS_GRANTED:
                return;
            case AccessDecisionVoter.ACCESS_DENIED:
                deny++;
                break;
            default:
                break;
        }
    }

    if (deny > 0) {
        throw new AccessDeniedException(messages.getMessage(
            "AbstractAccessDecisionManager.accessDenied", "Access is denied"));
    }

    // To get this far, every AccessDecisionVoter abstained
    checkAllowIfAllAbstainDecisions();
}
 
Example #18
Source File: WebSecurityConfig.java    From tutorials with MIT License 5 votes vote down vote up
@Bean
public AccessDecisionManager accessDecisionManager() {
    // @formatter: off
    List<AccessDecisionVoter<? extends Object>> decisionVoters = Arrays.asList(new WebExpressionVoter(), new RoleVoter(), new AuthenticatedVoter(), new MinuteBasedVoter());
    // @formatter: on
    return new UnanimousBased(decisionVoters);
}
 
Example #19
Source File: SecurityConfig.java    From tutorials with MIT License 5 votes vote down vote up
@Bean
public AccessDecisionManager customAccessDecisionManager() {
    List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>();
    decisionVoters.add(new RoleVoter());
    decisionVoters.add(new UsernameAccessDecisionVoter());
    AccessDecisionManager accessDecisionManager = new AffirmativeBased(decisionVoters);
    return accessDecisionManager;
}
 
Example #20
Source File: SecurityConfig.java    From feast with Apache License 2.0 5 votes vote down vote up
/**
 * Creates an AccessDecisionManager if authorization is enabled. This object determines the policy
 * used to make authorization decisions.
 *
 * @return AccessDecisionManager
 */
@Bean
@ConditionalOnProperty(prefix = "feast.security.authorization", name = "enabled")
AccessDecisionManager accessDecisionManager() {
  final List<AccessDecisionVoter<?>> voters = new ArrayList<>();
  voters.add(new AccessPredicateVoter());
  return new UnanimousBased(voters);
}
 
Example #21
Source File: JvueGlobalMethodSecurityConfiguration.java    From jvue-admin with MIT License 5 votes vote down vote up
@Override
public AccessDecisionManager accessDecisionManager() {

    List<AccessDecisionVoter<? extends Object>> decisionVoters =
            new ArrayList<AccessDecisionVoter<? extends Object>>();

    decisionVoters.add(jvueMethodAclVoter);// 启用自定义投票器
    decisionVoters.add(new RoleVoter());
    decisionVoters.add(new AuthenticatedVoter());

    return new AffirmativeBased(decisionVoters);
}
 
Example #22
Source File: SpringAuthManager.java    From jdal with Apache License 2.0 5 votes vote down vote up
@PostConstruct
public void init() {
	if (this.accessDecisionManager == null) {
		if (log.isDebugEnabled())
			log.debug("Creating default AffirmativeBased AccesDecisionManager with RoleVoter");
		
		List<AccessDecisionVoter<? extends Object>> defaultVoters =
				new ArrayList<AccessDecisionVoter<? extends Object>>();
		defaultVoters.add(new RoleVoter());
		this.accessDecisionManager = new AffirmativeBased(defaultVoters);
	}
}
 
Example #23
Source File: AccessDecisionManagerImpl.java    From bdf3 with Apache License 2.0 4 votes vote down vote up
@Autowired
public AccessDecisionManagerImpl(
		List<AccessDecisionVoter<? extends Object>> decisionVoters) {
	super(decisionVoters);
	this.decisionVoters = decisionVoters;
}
 
Example #24
Source File: LogAccessConfigAuthorizedVoterTest.java    From lognavigator with Apache License 2.0 4 votes vote down vote up
@Test
public void testVote_BadAttribute() throws Exception {
	int resultAccess = logAccessConfigAuthorizedVoter.vote(null, new FilterInvocation(null, null), Arrays.asList(BAD_ATTRIBUTE));
	Assert.assertEquals(AccessDecisionVoter.ACCESS_ABSTAIN, resultAccess);
}
 
Example #25
Source File: SecurityConfiguration.java    From haven-platform with Apache License 2.0 4 votes vote down vote up
@Bean
AccessDecisionManager accessDecisionManager() {
    ImmutableList.Builder<AccessDecisionVoter<?>> lb = ImmutableList.builder();
    lb.add(new AdminRoleVoter());
    return new AffirmativeBased(lb.build());
}
 
Example #26
Source File: ManualSecurityConfiguration.java    From grpc-spring-boot-starter with MIT License 4 votes vote down vote up
@Bean
AccessDecisionManager accessDecisionManager() {
    final List<AccessDecisionVoter<?>> voters = new ArrayList<>();
    voters.add(new AccessPredicateVoter());
    return new UnanimousBased(voters);
}
 
Example #27
Source File: ManualSecurityConfiguration.java    From grpc-spring-boot-starter with MIT License 4 votes vote down vote up
@Bean
AccessDecisionManager accessDecisionManager() {
    final List<AccessDecisionVoter<?>> voters = new ArrayList<>();
    voters.add(new AccessPredicateVoter());
    return new UnanimousBased(voters);
}
 
Example #28
Source File: MyAccessDecisionManager.java    From oauth2-resource with MIT License 4 votes vote down vote up
protected MyAccessDecisionManager(List<AccessDecisionVoter<?>> decisionVoters) {
    super(decisionVoters);
}
 
Example #29
Source File: LDAccessDecisionManager.java    From document-management-software with GNU Lesser General Public License v3.0 4 votes vote down vote up
public LDAccessDecisionManager(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
	super(decisionVoters);
}
 
Example #30
Source File: MyAccessDecisionManager.java    From base-admin with MIT License 4 votes vote down vote up
MyAccessDecisionManager(List<AccessDecisionVoter<?>> decisionVoters) {
    super(decisionVoters);
}