下面列出了怎么用org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter的API类实例代码及写法,或者点击链接到github查看源代码。
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
if(bean instanceof Jsr250MethodSecurityMetadataSource) {
((Jsr250MethodSecurityMetadataSource) bean).setDefaultRolePrefix(ROLE_PREFIX);
}
if(bean instanceof DefaultMethodSecurityExpressionHandler) {
((DefaultMethodSecurityExpressionHandler) bean).setDefaultRolePrefix(ROLE_PREFIX);
}
if(bean instanceof DefaultWebSecurityExpressionHandler) {
((DefaultWebSecurityExpressionHandler) bean).setDefaultRolePrefix(ROLE_PREFIX);
}
if(bean instanceof SecurityContextHolderAwareRequestFilter) {
((SecurityContextHolderAwareRequestFilter)bean).setRolePrefix(ROLE_PREFIX);
}
return bean;
}
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
if(bean instanceof Jsr250MethodSecurityMetadataSource) {
((Jsr250MethodSecurityMetadataSource) bean).setDefaultRolePrefix(ROLE_PREFIX);
}
if(bean instanceof DefaultMethodSecurityExpressionHandler) {
((DefaultMethodSecurityExpressionHandler) bean).setDefaultRolePrefix(ROLE_PREFIX);
}
if(bean instanceof DefaultWebSecurityExpressionHandler) {
((DefaultWebSecurityExpressionHandler) bean).setDefaultRolePrefix(ROLE_PREFIX);
}
if(bean instanceof SecurityContextHolderAwareRequestFilter) {
((SecurityContextHolderAwareRequestFilter)bean).setRolePrefix(ROLE_PREFIX);
}
return bean;
}
@Override
public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
// remove this if you are not using JSR-250
if (bean instanceof Jsr250MethodSecurityMetadataSource) {
((Jsr250MethodSecurityMetadataSource) bean).setDefaultRolePrefix(this.rolePrefix);
}
if (bean instanceof DefaultMethodSecurityExpressionHandler) {
((DefaultMethodSecurityExpressionHandler) bean).setDefaultRolePrefix(this.rolePrefix);
}
if (bean instanceof DefaultWebSecurityExpressionHandler) {
((DefaultWebSecurityExpressionHandler) bean).setDefaultRolePrefix(this.rolePrefix);
}
if (bean instanceof SecurityContextHolderAwareRequestFilter) {
((SecurityContextHolderAwareRequestFilter) bean).setRolePrefix(this.rolePrefix);
}
return bean;
}
@Override
public Object postProcessAfterInitialization( Object bean, String beanName )
throws BeansException
{
if ( bean instanceof Jsr250MethodSecurityMetadataSource )
{
((Jsr250MethodSecurityMetadataSource) bean).setDefaultRolePrefix( null );
}
if ( bean instanceof DefaultMethodSecurityExpressionHandler )
{
((DefaultMethodSecurityExpressionHandler) bean).setDefaultRolePrefix( null );
}
if ( bean instanceof DefaultWebSecurityExpressionHandler )
{
((DefaultWebSecurityExpressionHandler) bean).setDefaultRolePrefix( null );
}
if ( bean instanceof SecurityContextHolderAwareRequestFilter )
{
((SecurityContextHolderAwareRequestFilter) bean).setRolePrefix( "" );
}
return bean;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().requireCsrfProtectionMatcher(keycloakCsrfRequestMatcher())
.and()
.sessionManagement()
.sessionAuthenticationStrategy(sessionAuthenticationStrategy())
.and()
.addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
.addFilterBefore(keycloakAuthenticationProcessingFilter(), LogoutFilter.class)
.addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.class)
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
.and()
.logout()
.addLogoutHandler(keycloakLogoutHandler())
.logoutUrl("/sso/logout").permitAll()
.logoutSuccessUrl("/");
}
@BeforeEach
public void before() throws Exception {
Map<String, Object> claims = new HashMap<>();
claims.put("groups", "ROLE_USER");
claims.put("sub", 123);
OidcIdToken idToken = new OidcIdToken(ID_TOKEN, Instant.now(),
Instant.now().plusSeconds(60), claims);
SecurityContextHolder.getContext().setAuthentication(authenticationToken(idToken));
SecurityContextHolderAwareRequestFilter authInjector = new SecurityContextHolderAwareRequestFilter();
authInjector.afterPropertiesSet();
this.restLogoutMockMvc = MockMvcBuilders.webAppContextSetup(this.context).build();
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.addFilterBefore(new HeaderSecurityFilter(), SecurityContextHolderAwareRequestFilter.class)
.cors()
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/health").permitAll()
.antMatchers("/websocket").permitAll()
.antMatchers(HttpMethod.OPTIONS, "**").permitAll()
.antMatchers(HttpMethod.POST, "/api/**")
.hasAuthority(SecurityAuthoritiesEnum.COLLECTOR.toString())
.antMatchers(HttpMethod.DELETE, "/api/**")
.hasAuthority(SecurityAuthoritiesEnum.COLLECTOR.toString())
.antMatchers(HttpMethod.POST, "/reviews/**")
.hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.GET, "/dashboards/**")
.hasAnyAuthority(SecurityAuthoritiesEnum.REGULAR.toString(), SecurityAuthoritiesEnum.SCREEN.toString())
.antMatchers(HttpMethod.GET, "/emitter/**")
.hasAnyAuthority(SecurityAuthoritiesEnum.REGULAR.toString(), SecurityAuthoritiesEnum.SCREEN.toString())
.antMatchers(HttpMethod.POST, "/dashboards/**")
.hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.DELETE, "/dashboards/**")
.hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.PUT, "/dashboards/**")
.hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString());
}
@BeforeEach
public void before() throws Exception {
Map<String, Object> claims = new HashMap<>();
claims.put("groups", "ROLE_USER");
claims.put("sub", 123);
OidcIdToken idToken = new OidcIdToken(ID_TOKEN, Instant.now(),
Instant.now().plusSeconds(60), claims);
SecurityContextHolder.getContext().setAuthentication(authenticationToken(idToken));
SecurityContextHolderAwareRequestFilter authInjector = new SecurityContextHolderAwareRequestFilter();
authInjector.afterPropertiesSet();
this.restLogoutMockMvc = MockMvcBuilders.webAppContextSetup(this.context).build();
}
protected void configure(HttpSecurity httpSecurity) throws Exception {
//@formatter:off
httpSecurity
.authorizeRequests().anyRequest().authenticated()
.and()
.headers()
.addHeaderWriter(new StaticHeadersWriter(HeadersUtil.CONTENT_SEC_POLICY_KEY, HeadersUtil.headerMap.get(HeadersUtil.CONTENT_SEC_POLICY_KEY)))
.addHeaderWriter(new StaticHeadersWriter(SERVER_KEY, HeadersUtil.headerMap.get(SERVER_KEY)))
.and()
.servletApi()
.and()
.csrf().disable()
.sessionManagement()
.enableSessionUrlRewriting(false)
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
.sessionFixation()
.newSession()
.and()
.httpBasic()
.authenticationEntryPoint(getDelegatingAuthenticationEntryPoint())
.and()
.formLogin()
.loginPage("/login.jsp")
.loginProcessingUrl("/j_spring_security_check")
.successHandler(successHandler)
.failureHandler(failureHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.and()
.logout()
.logoutSuccessUrl("/login.jsp")
.deleteCookies("ATLASSESSIONID")
.logoutUrl("/logout.html");
//@formatter:on
boolean configMigrationEnabled = !StringUtils.isEmpty(configuration.getString(ATLAS_MIGRATION_MODE_FILENAME));
if (configuration.getBoolean("atlas.server.ha.enabled", false) ||
configMigrationEnabled) {
if(configMigrationEnabled) {
LOG.info("Atlas is in Migration Mode, enabling ActiveServerFilter");
} else {
LOG.info("Atlas is in HA Mode, enabling ActiveServerFilter");
}
httpSecurity.addFilterAfter(activeServerFilter, BasicAuthenticationFilter.class);
}
httpSecurity
.addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.class)
.addFilterBefore(ssoAuthenticationFilter, BasicAuthenticationFilter.class)
.addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.class);
if (keycloakEnabled) {
httpSecurity
.logout().addLogoutHandler(keycloakLogoutHandler()).and()
.addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
.addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.class);
}
}
protected void configure(HttpSecurity httpSecurity) throws Exception {
//@formatter:off
httpSecurity
.authorizeRequests().anyRequest().authenticated()
.and()
.headers().disable()
.servletApi()
.and()
.csrf().disable()
.sessionManagement()
.enableSessionUrlRewriting(false)
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
.sessionFixation()
.newSession()
.and()
.formLogin()
.loginPage("/login.jsp")
.loginProcessingUrl("/j_spring_security_check")
.successHandler(successHandler)
.failureHandler(failureHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.and()
.logout()
.logoutSuccessUrl("/login.jsp")
.deleteCookies("ATLASSESSIONID")
.logoutUrl("/logout.html")
.and()
.httpBasic()
.authenticationEntryPoint(getDelegatingAuthenticationEntryPoint());
//@formatter:on
if (configuration.getBoolean("atlas.server.ha.enabled", false)) {
LOG.info("Atlas is in HA Mode, enabling ActiveServerFilter");
httpSecurity.addFilterAfter(activeServerFilter, BasicAuthenticationFilter.class);
}
httpSecurity
.addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.class)
.addFilterAfter(ssoAuthenticationFilter, BasicAuthenticationFilter.class)
.addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.class)
.addFilterAfter(atlasAuthorizationFilter, FilterSecurityInterceptor.class);
}