GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add remaining methods from ExpressionUrlAuthorizationConfigurer to MessageMatcherDelegatingAuthorizationManager 

- Added fullyAuthenticated
- Added rememberMe
- Added anonymous

Closes gh-11509
pull/11719/head
Evgeniy Cheban 3 years ago committed by Josh Cummings
parent
00302c80ad
commit
5ecd513a57
2 changed files with 85 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 58
      config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java
  2. 28
      messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java

58
config/src/test/java/org/springframework/security/config/annotation/web/socket/WebSocketMessageBrokerSecurityConfigurationTests.java
Unescape View File

@ -51,6 +51,8 @@ import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletConfig; import org.springframework.mock.web.MockServletConfig;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.authorization.AuthorizationManager;
@ -58,6 +60,7 @@ import org.springframework.security.config.annotation.SecurityContextChangedList
import org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry; import org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolderStrategy; import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor; import org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor;
import org.springframework.security.messaging.access.intercept.MessageAuthorizationContext; import org.springframework.security.messaging.access.intercept.MessageAuthorizationContext;
@ -93,7 +96,7 @@ public class WebSocketMessageBrokerSecurityConfigurationTests {
AnnotationConfigWebApplicationContext context; AnnotationConfigWebApplicationContext context;
TestingAuthenticationToken messageUser; Authentication messageUser;
CsrfToken token; CsrfToken token;
@ -311,6 +314,56 @@ public class WebSocketMessageBrokerSecurityConfigurationTests {
assertThat(interceptors).contains(AuthorizationChannelInterceptor.class); assertThat(interceptors).contains(AuthorizationChannelInterceptor.class);
} }
@Test
public void sendMessageWhenFullyAuthenticatedConfiguredAndRememberMeTokenThenAccessDeniedException() {
loadConfig(WebSocketSecurityConfig.class);
this.messageUser = new RememberMeAuthenticationToken("key", "user",
AuthorityUtils.createAuthorityList("ROLE_USER"));
assertThatExceptionOfType(MessageDeliveryException.class)
.isThrownBy(() -> clientInboundChannel().send(message("/fullyAuthenticated")))
.withCauseInstanceOf(AccessDeniedException.class);
}
@Test
public void sendMessageWhenFullyAuthenticatedConfiguredAndUserThenPasses() {
loadConfig(WebSocketSecurityConfig.class);
clientInboundChannel().send(message("/fullyAuthenticated"));
}
@Test
public void sendMessageWhenRememberMeConfiguredAndNoUserThenAccessDeniedException() {
loadConfig(WebSocketSecurityConfig.class);
this.messageUser = null;
assertThatExceptionOfType(MessageDeliveryException.class)
.isThrownBy(() -> clientInboundChannel().send(message("/rememberMe")))
.withCauseInstanceOf(AccessDeniedException.class);
}
@Test
public void sendMessageWhenRememberMeConfiguredAndRememberMeTokenThenPasses() {
loadConfig(WebSocketSecurityConfig.class);
this.messageUser = new RememberMeAuthenticationToken("key", "user",
AuthorityUtils.createAuthorityList("ROLE_USER"));
clientInboundChannel().send(message("/rememberMe"));
}
@Test
public void sendMessageWhenAnonymousConfiguredAndAnonymousUserThenPasses() {
loadConfig(WebSocketSecurityConfig.class);
this.messageUser = new AnonymousAuthenticationToken("key", "user",
AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
clientInboundChannel().send(message("/anonymous"));
}
@Test
public void sendMessageWhenAnonymousConfiguredAndLoggedInUserThenAccessDeniedException() {
loadConfig(WebSocketSecurityConfig.class);
assertThatExceptionOfType(MessageDeliveryException.class)
.isThrownBy(() -> clientInboundChannel().send(message("/anonymous")))
.withCauseInstanceOf(AccessDeniedException.class);
}
private void assertHandshake(HttpServletRequest request) { private void assertHandshake(HttpServletRequest request) {
TestHandshakeHandler handshakeHandler = this.context.getBean(TestHandshakeHandler.class); TestHandshakeHandler handshakeHandler = this.context.getBean(TestHandshakeHandler.class);
assertThat(handshakeHandler.attributes.get(CsrfToken.class.getName())).isSameAs(this.token); assertThat(handshakeHandler.attributes.get(CsrfToken.class.getName())).isSameAs(this.token);
@ -708,6 +761,9 @@ public class WebSocketMessageBrokerSecurityConfigurationTests {
messages messages
.simpDestMatchers("/permitAll/**").permitAll() .simpDestMatchers("/permitAll/**").permitAll()
.simpDestMatchers("/authenticated/**").authenticated() .simpDestMatchers("/authenticated/**").authenticated()
.simpDestMatchers("/fullyAuthenticated/**").fullyAuthenticated()
.simpDestMatchers("/rememberMe/**").rememberMe()
.simpDestMatchers("/anonymous/**").anonymous()
.anyMessage().denyAll(); .anyMessage().denyAll();
// @formatter:on // @formatter:on
return messages.build(); return messages.build();

28
messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java
Unescape View File

@ -332,6 +332,34 @@ public final class MessageMatcherDelegatingAuthorizationManager implements Autho
return access(AuthenticatedAuthorizationManager.authenticated()); return access(AuthenticatedAuthorizationManager.authenticated());
} }
/**
* Specify that Messages are allowed by users who have authenticated and were
* not "remembered".
* @return the {@link Builder} for further customization
* @since 5.8
*/
public Builder fullyAuthenticated() {
return access(AuthenticatedAuthorizationManager.fullyAuthenticated());
}
/**
* Specify that Messages are allowed by users that have been remembered.
* @return the {@link Builder} for further customization
* @since 5.8
*/
public Builder rememberMe() {
return access(AuthenticatedAuthorizationManager.rememberMe());
}
/**
* Specify that Messages are allowed by anonymous users.
* @return the {@link Builder} for further customization
* @since 5.8
*/
public Builder anonymous() {
return access(AuthenticatedAuthorizationManager.anonymous());
}
/** /**
* Allows specifying that Messages are secured by an arbitrary expression * Allows specifying that Messages are secured by an arbitrary expression
* @param authorizationManager the {@link AuthorizationManager} to secure the * @param authorizationManager the {@link AuthorizationManager} to secure the

Write Preview
Loading…
Cancel
Save