private void validate() { if (this.uriConfiguration.isEmpty()) { throw new HttpSecurityConfigurationException("No URI configuration is defined. You must provide at least one URI to protect."); } for (List<PathConfiguration> configurations : this.uriConfiguration.values()) { for (PathConfiguration configuration : configurations) { if (!configuration.isGroup()) { String groupName = configuration.getGroupName(); if (!this.groupConfiguration.containsKey(groupName) && !configuration.isDefaultGroup()) { throw new HttpSecurityConfigurationException("Group [" + groupName + "] for URI [" + configuration .getUri() + "] is not defined."); } } if (configuration.isSecured() && ((configuration == null) || ((configuration != null && configuration.getAuthenticationConfiguration() == null) && (configuration == null && configuration.getAuthorizationConfiguration() == null) && (configuration == null && configuration.getLogoutConfiguration() == null) && (configuration == null && configuration.getMethods() == null || configuration.getMethods().isEmpty()) && (configuration.getRedirects().isEmpty())))) { throw new HttpSecurityConfigurationException("You must provide an authentication, authorization or logout configuration for URI [" + configuration.getUri() + "]."); } } } }
public String getRedirectUrl(Class<? extends Throwable> exceptionType) { String redirectUrl = null; if (hasGroup()) { redirectUrl = getGroupConfiguration().getRedirectUrl(exceptionType); } for (OutboundRedirectConfiguration redirectConfiguration : this.redirects) { if (exceptionType.equals(redirectConfiguration.getExceptionType())) { return redirectConfiguration.getRedirectUrl(); } } return redirectUrl; }
public boolean isSecured() { if (this.secured == null) { if (hasGroup()) { PathConfiguration groupConfiguration = getGroupConfiguration(); return groupConfiguration.isSecured(); } return true; } return this.secured; }
public List<OutboundRedirectConfiguration> getRedirects() { if (hasGroup()) { List<OutboundRedirectConfiguration> redirects = getGroupConfiguration().getRedirects(); if (!redirects.isEmpty()) { return redirects; } } return this.redirects; }
public boolean hasRedirectWhen(OutboundRedirectConfiguration.Condition condition) { boolean hasRedirect = false; if (hasGroup()) { hasRedirect = getGroupConfiguration().hasRedirectWhen(condition); } for (OutboundRedirectConfiguration redirectConfiguration : this.redirects) { if (condition.equals(redirectConfiguration.getCondition())) { return true; } } return hasRedirect; }
PathConfiguration pathConfiguration = new PathConfiguration(this.groupName, this.uri, this.secured, this.methods, redirectConfigurations); pathConfiguration.setAuthenticationConfiguration(authenticationConfiguration); pathConfiguration.setAuthorizationConfiguration(authorizationConfiguration); pathConfiguration.setCORSConfiguration(corsConfiguration); pathConfiguration.setInboundHeaderConfiguration(inboundHeaderConfiguration); pathConfiguration.setLogoutConfiguration(logoutConfiguration);
public AuthenticationConfiguration getAuthenticationConfiguration() { PathConfiguration pathConfiguration = this; if (pathConfiguration.isUri() && pathConfiguration.getGroupName() != null && !pathConfiguration.isDefaultGroup()) { Map<String, PathConfiguration> groups = pathConfiguration.getSecurityConfiguration().getGroups(); PathConfiguration groupConfiguration = groups.get(pathConfiguration.getGroupName()); AuthenticationConfiguration actualConfig = new AuthenticationConfiguration(this); if (this.authenticationConfiguration != null) { if (this.authenticationConfiguration.getAuthenticationSchemeConfiguration() == null) { AuthenticationConfiguration groupAuthcConfig = groupConfiguration.getAuthenticationConfiguration(); actualConfig.setAuthenticationSchemeConfiguration(groupAuthcConfig.getAuthenticationSchemeConfiguration()); return actualConfig; } } else if (groupConfiguration != null) { return groupConfiguration.getAuthenticationConfiguration(); } } return this.authenticationConfiguration; }
public AuthorizationConfiguration getAuthorizationConfiguration() { PathConfiguration pathConfiguration = this; if (pathConfiguration.isUri() && pathConfiguration.getGroupName() != null && !pathConfiguration.isDefaultGroup()) { Map<String, PathConfiguration> groups = pathConfiguration.getSecurityConfiguration().getGroups(); PathConfiguration groupConfiguration = groups.get(pathConfiguration.getGroupName()); AuthorizationConfiguration groupAuthz = groupConfiguration.getAuthorizationConfiguration(); authorizers); } else if (groupAuthz != null) { return groupConfiguration.getAuthorizationConfiguration();
public CORSConfiguration getCORSConfiguration() { PathConfiguration pathConfiguration = this; if (pathConfiguration.isUri() && pathConfiguration.getGroupName() != null && !pathConfiguration.isDefaultGroup()) { Map<String, PathConfiguration> groups = pathConfiguration.getSecurityConfiguration().getGroups(); PathConfiguration groupConfiguration = groups.get(pathConfiguration.getGroupName()); CORSConfiguration groupCORSAuthz = groupConfiguration.getCORSConfiguration(); allowedHeaders, exposedHeaders, allowCredentials, allowAnyOrigin, allowAnyHeader, allowAnyMethod, maxAge); } else if (groupCORSAuthz != null) { return groupConfiguration.getCORSConfiguration();
public HttpSecurityConfiguration(List<PathConfiguration> uriConfigs, FilteringMode filteringMode) { for (PathConfiguration configuration : uriConfigs) { configuration.setSecurityConfiguration(this); if (configuration.isGroup()) { String groupName = configuration.getGroupName(); if (this.groupConfiguration.containsKey(groupName)) { throw new HttpSecurityConfigurationException("Duplicated Group[" + groupName + "] configuration."); } this.groupConfiguration.put(groupName, configuration); } else { String uri = configuration.getUri(); List<PathConfiguration> configurations = this.uriConfiguration.get(uri); if (configurations == null) { configurations = new ArrayList<PathConfiguration>(); this.uriConfiguration.put(uri, configurations); } configurations.add(configuration); } } validate(); if (filteringMode == null) { filteringMode = FilteringMode.PERMISSIVE; } this.filteringMode = filteringMode; }
@Override protected boolean doAuthorize(PathConfiguration pathConfiguration, HttpServletRequest request, HttpServletResponse response) { AuthorizationConfiguration authorizationConfiguration = pathConfiguration.getAuthorizationConfiguration(); String protectedUri = request.getContextPath() + pathConfiguration.getUri(); int startRegex = protectedUri.indexOf("{");
@Override public boolean authorize(PathConfiguration pathConfiguration, HttpServletRequest request, HttpServletResponse response) { AuthorizationConfiguration authorizationConfiguration = pathConfiguration.getAuthorizationConfiguration(); if (authorizationConfiguration == null) { return true; } return doAuthorize(pathConfiguration, request, response); }
private void initializeAuthenticationSchemes() { for (List<PathConfiguration> configurations : this.configuration.getPaths().values()) { for (PathConfiguration pathConfiguration : configurations) { if (pathConfiguration.isSecured()) { HttpAuthenticationScheme authenticationScheme = getAuthenticationScheme(pathConfiguration, null); if (authenticationScheme != null) { AuthenticationConfiguration authcConfig = pathConfiguration.getAuthenticationConfiguration(); AuthenticationSchemeConfiguration authcSchemeConfig = authcConfig .getAuthenticationSchemeConfiguration(); if (!CustomAuthenticationConfiguration.class.isInstance(authcSchemeConfig)) { try { authenticationScheme.initialize(authcSchemeConfig); } catch (Exception e) { throw new HttpSecurityConfigurationException( "Could not initialize Http Authentication Scheme [" + authenticationScheme + "].", e); } } } } } } }
private void initializePathAuthorizers() { for (List<PathConfiguration> configurations : this.configuration.getPaths().values()) { for (PathConfiguration pathConfiguration : configurations) { if (pathConfiguration.isSecured()) { AuthorizationConfiguration authorizationConfiguration = pathConfiguration.getAuthorizationConfiguration(); if (authorizationConfiguration != null) { List<PathAuthorizer> pathAuthorizers = new ArrayList<PathAuthorizer>(); List<Class<? extends PathAuthorizer>> pathAuthorizerTypes = new ArrayList<Class<? extends PathAuthorizer>>( authorizationConfiguration.getAuthorizers()); pathAuthorizerTypes.addAll(getDefaultPathAuthorizers()); for (Class<? extends PathAuthorizer> authorizerType : pathAuthorizerTypes) { try { pathAuthorizers.add(resolveInstance(this.pathAuthorizerInstance, authorizerType)); } catch (Exception e) { throw new HttpSecurityConfigurationException("Could not resolve PathAuthorizer [" + authorizerType + "].", e); } } this.pathAuthorizers.put(pathConfiguration, pathAuthorizers); } } } } }
InboundHeaderConfiguration headerConfiguration = pathConfiguration.getInboundHeaderConfiguration(); Set<HttpMethod> methods = pathConfiguration.getMethods();
private void handleException(PathConfiguration pathConfiguration, HttpServletRequest request, HttpServletResponse response, Throwable exception) throws IOException { String redirectUrl = pathConfiguration.getRedirectUrl(exception.getClass()); Throwable cause = exception.getCause(); redirectUrl = pathConfiguration.getRedirectUrl(cause.getClass()); redirectUrl = pathConfiguration.getRedirectUrl(FORBIDDEN); redirectUrl = pathConfiguration.getRedirectUrl(ERROR);
private boolean isMethodAllowed(PathConfiguration pathConfiguration, HttpServletRequest request) { Set<HttpMethod> methods = pathConfiguration.getMethods(); return methods.contains(HttpMethod.valueOf(request.getMethod().toUpperCase())); }
private boolean isLogoutPath(PathConfiguration pathConfiguration) { return pathConfiguration != null && pathConfiguration.getLogoutConfiguration() != null; }
private boolean isSecured(PathConfiguration pathConfiguration) { return pathConfiguration != null && pathConfiguration.isSecured(); }
private boolean performCORSAuthorizationIfRequired(PathConfiguration pathConfiguration, HttpServletRequest request, HttpServletResponse response) { if (pathConfiguration == null) { return true; } CORSConfiguration corsConfiguration = pathConfiguration.getCORSConfiguration(); if (corsConfiguration == null) { return true; } CORSRequestType type = CORSRequestType.detect(request); if (type.equals(CORSRequestType.ACTUAL)) { // Simple / actual CORS request CORS.handleActualRequest(corsConfiguration, request, response); } else if (type.equals(CORSRequestType.PREFLIGHT)) { // Preflight CORS request CORS.handlePreflightRequest(corsConfiguration, request, response); return false; } return true; }