Josh Cummings
8 years ago
9 changed files with 488 additions and 156 deletions
@ -1,156 +0,0 @@
@@ -1,156 +0,0 @@
|
||||
package org.springframework.security.config.http |
||||
|
||||
import java.text.MessageFormat |
||||
|
||||
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer |
||||
import org.springframework.mock.web.MockFilterChain |
||||
import org.springframework.mock.web.MockHttpServletRequest |
||||
import org.springframework.mock.web.MockHttpServletResponse |
||||
import org.springframework.security.access.SecurityConfig |
||||
import org.springframework.security.config.BeanIds |
||||
import org.springframework.security.util.FieldUtils |
||||
import org.springframework.security.web.PortMapperImpl |
||||
import org.springframework.security.web.access.ExceptionTranslationFilter |
||||
import org.springframework.security.web.access.channel.ChannelProcessingFilter |
||||
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor |
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter |
||||
|
||||
class PlaceHolderAndELConfigTests extends AbstractHttpConfigTests { |
||||
|
||||
def setup() { |
||||
// Add a PropertyPlaceholderConfigurer to the context for all the tests |
||||
bean(PropertyPlaceholderConfigurer.class.name, PropertyPlaceholderConfigurer.class) |
||||
} |
||||
|
||||
def unsecuredPatternSupportsPlaceholderForPattern() { |
||||
System.setProperty("pattern.nofilters", "/unprotected"); |
||||
|
||||
xml.http(pattern: '${pattern.nofilters}', security: 'none') |
||||
httpAutoConfig() { |
||||
interceptUrl('/**', 'ROLE_A') |
||||
} |
||||
createAppContext() |
||||
|
||||
List filters = getFilters("/unprotected"); |
||||
|
||||
expect: |
||||
filters.size() == 0 |
||||
} |
||||
|
||||
// SEC-1201 |
||||
def interceptUrlsAndFormLoginSupportPropertyPlaceholders() { |
||||
System.setProperty("secure.Url", "/secure"); |
||||
System.setProperty("secure.role", "ROLE_A"); |
||||
System.setProperty("login.page", "/loginPage"); |
||||
System.setProperty("default.target", "/defaultTarget"); |
||||
System.setProperty("auth.failure", "/authFailure"); |
||||
|
||||
xml.http(pattern: '${login.page}', security: 'none') |
||||
xml.http('use-expressions':false) { |
||||
interceptUrl('${secure.Url}', '${secure.role}') |
||||
'form-login'('login-page':'${login.page}', 'default-target-url': '${default.target}', |
||||
'authentication-failure-url':'${auth.failure}'); |
||||
} |
||||
createAppContext(); |
||||
|
||||
expect: |
||||
propertyValuesMatchPlaceholders() |
||||
getFilters("/loginPage").size() == 0 |
||||
} |
||||
|
||||
// SEC-1309 |
||||
def interceptUrlsAndFormLoginSupportEL() { |
||||
System.setProperty("secure.url", "/secure"); |
||||
System.setProperty("secure.role", "ROLE_A"); |
||||
System.setProperty("login.page", "/loginPage"); |
||||
System.setProperty("default.target", "/defaultTarget"); |
||||
System.setProperty("auth.failure", "/authFailure"); |
||||
|
||||
xml.http('use-expressions':false) { |
||||
interceptUrl("#{systemProperties['secure.url']}", "#{systemProperties['secure.role']}") |
||||
'form-login'('login-page':"#{systemProperties['login.page']}", 'default-target-url': "#{systemProperties['default.target']}", |
||||
'authentication-failure-url':"#{systemProperties['auth.failure']}"); |
||||
} |
||||
createAppContext() |
||||
|
||||
expect: |
||||
propertyValuesMatchPlaceholders() |
||||
} |
||||
|
||||
private void propertyValuesMatchPlaceholders() { |
||||
// Check the security attribute |
||||
def fis = getFilter(FilterSecurityInterceptor); |
||||
def fids = fis.getSecurityMetadataSource(); |
||||
Collection attrs = fids.getAttributes(createFilterinvocation("/secure", null)); |
||||
assert attrs.size() == 1 |
||||
assert attrs.contains(new SecurityConfig("ROLE_A")) |
||||
|
||||
// Check the form login properties are set |
||||
def apf = getFilter(UsernamePasswordAuthenticationFilter) |
||||
assert FieldUtils.getFieldValue(apf, "successHandler.defaultTargetUrl") == '/defaultTarget' |
||||
assert "/authFailure" == FieldUtils.getFieldValue(apf, "failureHandler.defaultFailureUrl") |
||||
|
||||
def etf = getFilter(ExceptionTranslationFilter) |
||||
assert "/loginPage"== etf.authenticationEntryPoint.loginFormUrl |
||||
} |
||||
|
||||
def portMappingsWorkWithPlaceholdersAndEL() { |
||||
System.setProperty("http", "9080"); |
||||
System.setProperty("https", "9443"); |
||||
|
||||
httpAutoConfig { |
||||
'port-mappings'() { |
||||
'port-mapping'(http: '#{systemProperties.http}', https: '${https}') |
||||
} |
||||
} |
||||
createAppContext(); |
||||
|
||||
def pm = (appContext.getBeansOfType(PortMapperImpl).values() as List)[0]; |
||||
|
||||
expect: |
||||
pm.getTranslatedPortMappings().size() == 1 |
||||
pm.lookupHttpPort(9443) == 9080 |
||||
pm.lookupHttpsPort(9080) == 9443 |
||||
} |
||||
|
||||
def requiresChannelSupportsPlaceholder() { |
||||
System.setProperty("secure.url", "/secure"); |
||||
System.setProperty("required.channel", "https"); |
||||
|
||||
httpAutoConfig { |
||||
'intercept-url'(pattern: '${secure.url}', 'requires-channel': '${required.channel}') |
||||
} |
||||
createAppContext(); |
||||
List filters = getFilters("/secure"); |
||||
|
||||
expect: |
||||
filters.size() == AUTO_CONFIG_FILTERS + 1 |
||||
filters[0] instanceof ChannelProcessingFilter |
||||
MockHttpServletRequest request = new MockHttpServletRequest(); |
||||
request.setServletPath("/secure"); |
||||
MockHttpServletResponse response = new MockHttpServletResponse(); |
||||
filters[0].doFilter(request, response, new MockFilterChain()); |
||||
response.getRedirectedUrl().startsWith("https") |
||||
} |
||||
|
||||
def accessDeniedPageWorksWithPlaceholders() { |
||||
System.setProperty("accessDenied", "/go-away"); |
||||
xml.http('auto-config': 'true') { |
||||
'access-denied-handler'('error-page' : '${accessDenied}') {} |
||||
} |
||||
createAppContext(); |
||||
|
||||
expect: |
||||
FieldUtils.getFieldValue(getFilter(ExceptionTranslationFilter.class), "accessDeniedHandler.errorPage") == '/go-away' |
||||
} |
||||
|
||||
def accessDeniedHandlerPageWorksWithEL() { |
||||
httpAutoConfig { |
||||
'access-denied-handler'('error-page': "#{'/go' + '-away'}") |
||||
} |
||||
createAppContext() |
||||
|
||||
expect: |
||||
getFilter(ExceptionTranslationFilter).accessDeniedHandler.errorPage == '/go-away' |
||||
} |
||||
} |
||||
@ -0,0 +1,212 @@
@@ -0,0 +1,212 @@
|
||||
/* |
||||
* Copyright 2002-2018 the original author or authors. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
||||
* you may not use this file except in compliance with the License. |
||||
* You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software |
||||
* distributed under the License is distributed on an "AS IS" BASIS, |
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
* See the License for the specific language governing permissions and |
||||
* limitations under the License. |
||||
*/ |
||||
package org.springframework.security.config.http; |
||||
|
||||
import org.junit.Rule; |
||||
import org.junit.Test; |
||||
import org.junit.runner.RunWith; |
||||
import org.springframework.beans.factory.annotation.Autowired; |
||||
import org.springframework.security.config.test.SpringTestRule; |
||||
import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners; |
||||
import org.springframework.security.test.context.support.WithMockUser; |
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; |
||||
import org.springframework.test.web.servlet.MockMvc; |
||||
import org.springframework.web.bind.annotation.GetMapping; |
||||
import org.springframework.web.bind.annotation.RestController; |
||||
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; |
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; |
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.forwardedUrl; |
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl; |
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; |
||||
|
||||
/** |
||||
* @author Josh Cummings |
||||
*/ |
||||
@RunWith(SpringJUnit4ClassRunner.class) |
||||
@SecurityTestExecutionListeners |
||||
public class PlaceHolderAndELConfigTests { |
||||
|
||||
private static final String CONFIG_LOCATION_PREFIX = |
||||
"classpath:org/springframework/security/config/http/PlaceHolderAndELConfigTests"; |
||||
|
||||
@Rule |
||||
public final SpringTestRule spring = new SpringTestRule(); |
||||
|
||||
@Autowired |
||||
MockMvc mvc; |
||||
|
||||
@Test |
||||
public void getWhenUsingPlaceholderThenUnsecuredPatternCorrectlyConfigured() |
||||
throws Exception { |
||||
|
||||
System.setProperty("pattern.nofilters", "/unsecured"); |
||||
|
||||
this.spring.configLocations(this.xml("UnsecuredPattern")).autowire(); |
||||
|
||||
this.mvc.perform(get("/unsecured")) |
||||
.andExpect(status().isOk()); |
||||
} |
||||
|
||||
/** |
||||
* SEC-1201 |
||||
*/ |
||||
@Test |
||||
public void loginWhenUsingPlaceholderThenInterceptUrlsAndFormLoginWorks() |
||||
throws Exception { |
||||
|
||||
System.setProperty("secure.Url", "/secured"); |
||||
System.setProperty("secure.role", "ROLE_NUNYA"); |
||||
System.setProperty("login.page", "/loginPage"); |
||||
System.setProperty("default.target", "/defaultTarget"); |
||||
System.setProperty("auth.failure", "/authFailure"); |
||||
|
||||
this.spring.configLocations(this.xml("InterceptUrlAndFormLogin")).autowire(); |
||||
|
||||
// login-page setting
|
||||
|
||||
this.mvc.perform(get("/secured")) |
||||
.andExpect(redirectedUrl("http://localhost/loginPage")); |
||||
|
||||
// login-processing-url setting
|
||||
// default-target-url setting
|
||||
|
||||
this.mvc.perform(post("/loginPage") |
||||
.param("username", "user") |
||||
.param("password", "password")) |
||||
.andExpect(redirectedUrl("/defaultTarget")); |
||||
|
||||
// authentication-failure-url setting
|
||||
|
||||
this.mvc.perform(post("/loginPage") |
||||
.param("username", "user") |
||||
.param("password", "wrong")) |
||||
.andExpect(redirectedUrl("/authFailure")); |
||||
} |
||||
|
||||
/** |
||||
* SEC-1309 |
||||
*/ |
||||
@Test |
||||
public void loginWhenUsingSpELThenInterceptUrlsAndFormLoginWorks() |
||||
throws Exception { |
||||
|
||||
System.setProperty("secure.url", "/secured"); |
||||
System.setProperty("secure.role", "ROLE_NUNYA"); |
||||
System.setProperty("login.page", "/loginPage"); |
||||
System.setProperty("default.target", "/defaultTarget"); |
||||
System.setProperty("auth.failure", "/authFailure"); |
||||
|
||||
this.spring.configLocations( |
||||
this.xml("InterceptUrlAndFormLoginWithSpEL")).autowire(); |
||||
|
||||
// login-page setting
|
||||
|
||||
this.mvc.perform(get("/secured")) |
||||
.andExpect(redirectedUrl("http://localhost/loginPage")); |
||||
|
||||
// login-processing-url setting
|
||||
// default-target-url setting
|
||||
|
||||
this.mvc.perform(post("/loginPage") |
||||
.param("username", "user") |
||||
.param("password", "password")) |
||||
.andExpect(redirectedUrl("/defaultTarget")); |
||||
|
||||
// authentication-failure-url setting
|
||||
|
||||
this.mvc.perform(post("/loginPage") |
||||
.param("username", "user") |
||||
.param("password", "wrong")) |
||||
.andExpect(redirectedUrl("/authFailure")); |
||||
|
||||
} |
||||
|
||||
@Test |
||||
@WithMockUser |
||||
public void requestWhenUsingPlaceholderOrSpELThenPortMapperWorks() |
||||
throws Exception { |
||||
|
||||
System.setProperty("http", "9080"); |
||||
System.setProperty("https", "9443"); |
||||
|
||||
this.spring.configLocations(this.xml("PortMapping")).autowire(); |
||||
|
||||
this.mvc.perform(get("http://localhost:9080/secured")) |
||||
.andExpect(status().isFound()) |
||||
.andExpect(redirectedUrl("https://localhost:9443/secured")); |
||||
|
||||
this.mvc.perform(get("https://localhost:9443/unsecured")) |
||||
.andExpect(status().isFound()) |
||||
.andExpect(redirectedUrl("http://localhost:9080/unsecured")); |
||||
} |
||||
|
||||
@Test |
||||
@WithMockUser |
||||
public void requestWhenUsingPlaceholderThenRequiresChannelWorks() |
||||
throws Exception { |
||||
|
||||
System.setProperty("secure.url", "/secured"); |
||||
System.setProperty("required.channel", "https"); |
||||
|
||||
this.spring.configLocations(this.xml("RequiresChannel")).autowire(); |
||||
|
||||
this.mvc.perform(get("http://localhost/secured")) |
||||
.andExpect(status().isFound()) |
||||
.andExpect(redirectedUrl("https://localhost/secured")); |
||||
} |
||||
|
||||
@Test |
||||
@WithMockUser |
||||
public void requestWhenUsingPlaceholderThenAccessDeniedPageWorks() |
||||
throws Exception { |
||||
|
||||
System.setProperty("accessDenied", "/go-away"); |
||||
|
||||
this.spring.configLocations(this.xml("AccessDeniedPage")).autowire(); |
||||
|
||||
this.mvc.perform(get("/secured")) |
||||
.andExpect(forwardedUrl("/go-away")); |
||||
} |
||||
|
||||
@Test |
||||
@WithMockUser |
||||
public void requestWhenUsingSpELThenAccessDeniedPageWorks() |
||||
throws Exception { |
||||
|
||||
this.spring.configLocations(this.xml("AccessDeniedPageWithSpEL")).autowire(); |
||||
|
||||
this.mvc.perform(get("/secured")) |
||||
.andExpect(forwardedUrl("/go-away")); |
||||
} |
||||
|
||||
@RestController |
||||
static class SimpleController { |
||||
@GetMapping("/unsecured") |
||||
String unsecured() { |
||||
return "unsecured"; |
||||
} |
||||
|
||||
@GetMapping("/secured") |
||||
String secured() { |
||||
return "secured"; |
||||
} |
||||
} |
||||
|
||||
private String xml(String configName) { |
||||
return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml"; |
||||
} |
||||
} |
||||
@ -0,0 +1,37 @@
@@ -0,0 +1,37 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!-- |
||||
~ Copyright 2002-2018 the original author or authors. |
||||
~ |
||||
~ Licensed under the Apache License, Version 2.0 (the "License"); |
||||
~ you may not use this file except in compliance with the License. |
||||
~ You may obtain a copy of the License at |
||||
~ |
||||
~ http://www.apache.org/licenses/LICENSE-2.0 |
||||
~ |
||||
~ Unless required by applicable law or agreed to in writing, software |
||||
~ distributed under the License is distributed on an "AS IS" BASIS, |
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
~ See the License for the specific language governing permissions and |
||||
~ limitations under the License. |
||||
--> |
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xmlns="http://www.springframework.org/schema/security" |
||||
xsi:schemaLocation=" |
||||
http://www.springframework.org/schema/security |
||||
http://www.springframework.org/schema/security/spring-security.xsd |
||||
http://www.springframework.org/schema/beans |
||||
http://www.springframework.org/schema/beans/spring-beans.xsd"> |
||||
|
||||
<http auto-config="true" use-expressions="false"> |
||||
<intercept-url pattern="/secured" access="ROLE_NUNYA"/> |
||||
<access-denied-handler error-page="${accessDenied}"/> |
||||
</http> |
||||
|
||||
<b:bean name="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> |
||||
|
||||
<b:bean name="sc" class="org.springframework.security.config.http.PlaceHolderAndELConfigTests.SimpleController"/> |
||||
|
||||
<b:import resource="userservice.xml"/> |
||||
</b:beans> |
||||
@ -0,0 +1,37 @@
@@ -0,0 +1,37 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!-- |
||||
~ Copyright 2002-2018 the original author or authors. |
||||
~ |
||||
~ Licensed under the Apache License, Version 2.0 (the "License"); |
||||
~ you may not use this file except in compliance with the License. |
||||
~ You may obtain a copy of the License at |
||||
~ |
||||
~ http://www.apache.org/licenses/LICENSE-2.0 |
||||
~ |
||||
~ Unless required by applicable law or agreed to in writing, software |
||||
~ distributed under the License is distributed on an "AS IS" BASIS, |
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
~ See the License for the specific language governing permissions and |
||||
~ limitations under the License. |
||||
--> |
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xmlns="http://www.springframework.org/schema/security" |
||||
xsi:schemaLocation=" |
||||
http://www.springframework.org/schema/security |
||||
http://www.springframework.org/schema/security/spring-security.xsd |
||||
http://www.springframework.org/schema/beans |
||||
http://www.springframework.org/schema/beans/spring-beans.xsd"> |
||||
|
||||
<http auto-config="true" use-expressions="false"> |
||||
<intercept-url pattern="/secured" access="ROLE_NUNYA"/> |
||||
<access-denied-handler error-page="#{'/go' + '-away'}"/> |
||||
</http> |
||||
|
||||
<b:bean name="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> |
||||
|
||||
<b:bean name="sc" class="org.springframework.security.config.http.PlaceHolderAndELConfigTests.SimpleController"/> |
||||
|
||||
<b:import resource="userservice.xml"/> |
||||
</b:beans> |
||||
@ -0,0 +1,42 @@
@@ -0,0 +1,42 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!-- |
||||
~ Copyright 2002-2018 the original author or authors. |
||||
~ |
||||
~ Licensed under the Apache License, Version 2.0 (the "License"); |
||||
~ you may not use this file except in compliance with the License. |
||||
~ You may obtain a copy of the License at |
||||
~ |
||||
~ http://www.apache.org/licenses/LICENSE-2.0 |
||||
~ |
||||
~ Unless required by applicable law or agreed to in writing, software |
||||
~ distributed under the License is distributed on an "AS IS" BASIS, |
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
~ See the License for the specific language governing permissions and |
||||
~ limitations under the License. |
||||
--> |
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xmlns="http://www.springframework.org/schema/security" |
||||
xsi:schemaLocation=" |
||||
http://www.springframework.org/schema/security |
||||
http://www.springframework.org/schema/security/spring-security.xsd |
||||
http://www.springframework.org/schema/beans |
||||
http://www.springframework.org/schema/beans/spring-beans.xsd"> |
||||
|
||||
<http use-expressions="false"> |
||||
<intercept-url pattern="${secure.Url}" access="${secure.role}"/> |
||||
<form-login |
||||
login-page="${login.page}" |
||||
login-processing-url="${login.page}" |
||||
default-target-url="${default.target}" |
||||
authentication-failure-url="${auth.failure}"/> |
||||
<csrf disabled="true"/> |
||||
</http> |
||||
|
||||
<b:bean name="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> |
||||
|
||||
<b:bean name="unsecured" class="org.springframework.security.config.http.PlaceHolderAndELConfigTests.SimpleController"/> |
||||
|
||||
<b:import resource="userservice.xml"/> |
||||
</b:beans> |
||||
@ -0,0 +1,45 @@
@@ -0,0 +1,45 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!-- |
||||
~ Copyright 2002-2018 the original author or authors. |
||||
~ |
||||
~ Licensed under the Apache License, Version 2.0 (the "License"); |
||||
~ you may not use this file except in compliance with the License. |
||||
~ You may obtain a copy of the License at |
||||
~ |
||||
~ http://www.apache.org/licenses/LICENSE-2.0 |
||||
~ |
||||
~ Unless required by applicable law or agreed to in writing, software |
||||
~ distributed under the License is distributed on an "AS IS" BASIS, |
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
~ See the License for the specific language governing permissions and |
||||
~ limitations under the License. |
||||
--> |
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xmlns="http://www.springframework.org/schema/security" |
||||
xsi:schemaLocation=" |
||||
http://www.springframework.org/schema/security |
||||
http://www.springframework.org/schema/security/spring-security.xsd |
||||
http://www.springframework.org/schema/beans |
||||
http://www.springframework.org/schema/beans/spring-beans.xsd"> |
||||
|
||||
<http use-expressions="false"> |
||||
<intercept-url |
||||
pattern="#{systemProperties['secure.url']}" |
||||
access="#{systemProperties['secure.role']}"/> |
||||
|
||||
<form-login |
||||
login-page="#{systemProperties['login.page']}" |
||||
login-processing-url="#{systemProperties['login.page']}" |
||||
default-target-url="#{systemProperties['default.target']}" |
||||
authentication-failure-url="#{systemProperties['auth.failure']}"/> |
||||
<csrf disabled="true"/> |
||||
</http> |
||||
|
||||
<b:bean name="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> |
||||
|
||||
<b:bean name="sc" class="org.springframework.security.config.http.PlaceHolderAndELConfigTests.SimpleController"/> |
||||
|
||||
<b:import resource="userservice.xml"/> |
||||
</b:beans> |
||||
@ -0,0 +1,41 @@
@@ -0,0 +1,41 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!-- |
||||
~ Copyright 2002-2018 the original author or authors. |
||||
~ |
||||
~ Licensed under the Apache License, Version 2.0 (the "License"); |
||||
~ you may not use this file except in compliance with the License. |
||||
~ You may obtain a copy of the License at |
||||
~ |
||||
~ http://www.apache.org/licenses/LICENSE-2.0 |
||||
~ |
||||
~ Unless required by applicable law or agreed to in writing, software |
||||
~ distributed under the License is distributed on an "AS IS" BASIS, |
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
~ See the License for the specific language governing permissions and |
||||
~ limitations under the License. |
||||
--> |
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xmlns="http://www.springframework.org/schema/security" |
||||
xsi:schemaLocation=" |
||||
http://www.springframework.org/schema/security |
||||
http://www.springframework.org/schema/security/spring-security.xsd |
||||
http://www.springframework.org/schema/beans |
||||
http://www.springframework.org/schema/beans/spring-beans.xsd"> |
||||
|
||||
<http auto-config="true" use-expressions="false"> |
||||
<intercept-url pattern="/secured" access="ROLE_USER" requires-channel="https"/> |
||||
<intercept-url pattern="/unsecured" access="ROLE_USER" requires-channel="http"/> |
||||
|
||||
<port-mappings> |
||||
<port-mapping http="#{systemProperties.http}" https="${https}"/> |
||||
</port-mappings> |
||||
</http> |
||||
|
||||
<b:bean name="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> |
||||
|
||||
<b:bean name="sc" class="org.springframework.security.config.http.PlaceHolderAndELConfigTests.SimpleController"/> |
||||
|
||||
<b:import resource="userservice.xml"/> |
||||
</b:beans> |
||||
@ -0,0 +1,36 @@
@@ -0,0 +1,36 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!-- |
||||
~ Copyright 2002-2018 the original author or authors. |
||||
~ |
||||
~ Licensed under the Apache License, Version 2.0 (the "License"); |
||||
~ you may not use this file except in compliance with the License. |
||||
~ You may obtain a copy of the License at |
||||
~ |
||||
~ http://www.apache.org/licenses/LICENSE-2.0 |
||||
~ |
||||
~ Unless required by applicable law or agreed to in writing, software |
||||
~ distributed under the License is distributed on an "AS IS" BASIS, |
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
~ See the License for the specific language governing permissions and |
||||
~ limitations under the License. |
||||
--> |
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xmlns="http://www.springframework.org/schema/security" |
||||
xsi:schemaLocation=" |
||||
http://www.springframework.org/schema/security |
||||
http://www.springframework.org/schema/security/spring-security.xsd |
||||
http://www.springframework.org/schema/beans |
||||
http://www.springframework.org/schema/beans/spring-beans.xsd"> |
||||
|
||||
<http auto-config="true" use-expressions="false"> |
||||
<intercept-url pattern="${secure.url}" access="ROLE_USER" requires-channel="${required.channel}"/> |
||||
</http> |
||||
|
||||
<b:bean name="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> |
||||
|
||||
<b:bean name="sc" class="org.springframework.security.config.http.PlaceHolderAndELConfigTests.SimpleController"/> |
||||
|
||||
<b:import resource="userservice.xml"/> |
||||
</b:beans> |
||||
@ -0,0 +1,38 @@
@@ -0,0 +1,38 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!-- |
||||
~ Copyright 2002-2018 the original author or authors. |
||||
~ |
||||
~ Licensed under the Apache License, Version 2.0 (the "License"); |
||||
~ you may not use this file except in compliance with the License. |
||||
~ You may obtain a copy of the License at |
||||
~ |
||||
~ http://www.apache.org/licenses/LICENSE-2.0 |
||||
~ |
||||
~ Unless required by applicable law or agreed to in writing, software |
||||
~ distributed under the License is distributed on an "AS IS" BASIS, |
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
~ See the License for the specific language governing permissions and |
||||
~ limitations under the License. |
||||
--> |
||||
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans" |
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
||||
xmlns="http://www.springframework.org/schema/security" |
||||
xsi:schemaLocation=" |
||||
http://www.springframework.org/schema/security |
||||
http://www.springframework.org/schema/security/spring-security.xsd |
||||
http://www.springframework.org/schema/beans |
||||
http://www.springframework.org/schema/beans/spring-beans.xsd"> |
||||
|
||||
<http pattern="${pattern.nofilters}" security="none"/> |
||||
|
||||
<http auto-config="true" use-expressions="false"> |
||||
<intercept-url pattern="/**" access="ROLE_NUNYA"/> |
||||
</http> |
||||
|
||||
<b:bean name="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> |
||||
|
||||
<b:bean name="unsecured" class="org.springframework.security.config.http.PlaceHolderAndELConfigTests.SimpleController"/> |
||||
|
||||
<b:import resource="userservice.xml"/> |
||||
</b:beans> |
||||
Loading…
Reference in new issue