org.springframework.security.access.intercept.RunAsManagerImpl java code examples

public Authentication buildRunAs(Authentication authentication, Object object,
    Collection<ConfigAttribute> attributes) {
  List<GrantedAuthority> newAuthorities = new ArrayList<>();
  for (ConfigAttribute attribute : attributes) {
    if (this.supports(attribute)) {
      GrantedAuthority extraAuthority = new SimpleGrantedAuthority(
          getRolePrefix() + attribute.getAttribute());
      newAuthorities.add(extraAuthority);
    }
  }
  if (newAuthorities.size() == 0) {
    return null;
  }
  // Add existing authorities
  newAuthorities.addAll(authentication.getAuthorities());
  return new RunAsUserToken(this.key, authentication.getPrincipal(),
      authentication.getCredentials(), newAuthorities,
      authentication.getClass());
}

@Test
public void testAlwaysSupportsClass() {
  RunAsManagerImpl runAs = new RunAsManagerImpl();
  assertThat(runAs.supports(String.class)).isTrue();
}

@Test
public void testStartupSuccessfulWithKey() throws Exception {
  RunAsManagerImpl runAs = new RunAsManagerImpl();
  runAs.setKey("hello_world");
  runAs.afterPropertiesSet();
  assertThat(runAs.getKey()).isEqualTo("hello_world");
}

  @Override
  protected RunAsManager runAsManager() {
    RunAsManagerImpl runAsManager = new RunAsManagerImpl();
    runAsManager.setKey("some key");
    return runAsManager;
  }
}

@Test
public void testDoesNotReturnAdditionalAuthoritiesIfCalledWithoutARunAsSetting()
    throws Exception {
  UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken(
      "Test", "Password",
      AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
  RunAsManagerImpl runAs = new RunAsManagerImpl();
  runAs.setKey("my_password");
  Authentication resultingToken = runAs.buildRunAs(inputToken, new Object(),
      SecurityConfig.createList("SOMETHING_WE_IGNORE"));
  assertThat(resultingToken).isNull();
}

@Test
public void testRespectsRolePrefix() throws Exception {
  UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken(
      "Test", "Password", AuthorityUtils.createAuthorityList("ONE", "TWO"));
  RunAsManagerImpl runAs = new RunAsManagerImpl();
  runAs.setKey("my_password");
  runAs.setRolePrefix("FOOBAR_");
  Authentication result = runAs.buildRunAs(inputToken, new Object(),
      SecurityConfig.createList("RUN_AS_SOMETHING"));
  assertThat(result instanceof RunAsUserToken).withFailMessage(
      "Should have returned a RunAsUserToken").isTrue();
  assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal());
  assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials());
  Set<String> authorities = AuthorityUtils.authorityListToSet(
      result.getAuthorities());
  assertThat(authorities.contains("FOOBAR_RUN_AS_SOMETHING")).isTrue();
  assertThat(authorities.contains("ONE")).isTrue();
  assertThat(authorities.contains("TWO")).isTrue();
  RunAsUserToken resultCast = (RunAsUserToken) result;
  assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode());
}

@Test
public void testStartupDetectsMissingKey() throws Exception {
  RunAsManagerImpl runAs = new RunAsManagerImpl();
  try {
    runAs.afterPropertiesSet();
    fail("Should have thrown IllegalArgumentException");
  }
  catch (IllegalArgumentException expected) {
  }
}

  @Test
  public void testSupports() throws Exception {
    RunAsManager runAs = new RunAsManagerImpl();
    assertThat(runAs.supports(new SecurityConfig("RUN_AS_SOMETHING"))).isTrue();
    assertThat(!runAs.supports(new SecurityConfig("ROLE_WHICH_IS_IGNORED"))).isTrue();
    assertThat(!runAs.supports(new SecurityConfig("role_LOWER_CASE_FAILS"))).isTrue();
  }
}

@Test
public void testReturnsAdditionalGrantedAuthorities() throws Exception {
  UsernamePasswordAuthenticationToken inputToken = new UsernamePasswordAuthenticationToken(
      "Test", "Password",
      AuthorityUtils.createAuthorityList("ROLE_ONE", "ROLE_TWO"));
  RunAsManagerImpl runAs = new RunAsManagerImpl();
  runAs.setKey("my_password");
  Authentication result = runAs.buildRunAs(inputToken, new Object(),
      SecurityConfig.createList("RUN_AS_SOMETHING"));
  if (!(result instanceof RunAsUserToken)) {
    fail("Should have returned a RunAsUserToken");
  }
  assertThat(result.getPrincipal()).isEqualTo(inputToken.getPrincipal());
  assertThat(result.getCredentials()).isEqualTo(inputToken.getCredentials());
  Set<String> authorities = AuthorityUtils.authorityListToSet(
      result.getAuthorities());
  assertThat(authorities.contains("ROLE_RUN_AS_SOMETHING")).isTrue();
  assertThat(authorities.contains("ROLE_ONE")).isTrue();
  assertThat(authorities.contains("ROLE_TWO")).isTrue();
  RunAsUserToken resultCast = (RunAsUserToken) result;
  assertThat(resultCast.getKeyHash()).isEqualTo("my_password".hashCode());
}

public Authentication buildRunAs(Authentication authentication, Object object,
    Collection<ConfigAttribute> attributes) {
  List<GrantedAuthority> newAuthorities = new ArrayList<>();
  for (ConfigAttribute attribute : attributes) {
    if (this.supports(attribute)) {
      GrantedAuthority extraAuthority = new SimpleGrantedAuthority(
          getRolePrefix() + attribute.getAttribute());
      newAuthorities.add(extraAuthority);
    }
  }
  if (newAuthorities.size() == 0) {
    return null;
  }
  // Add existing authorities
  newAuthorities.addAll(authentication.getAuthorities());
  return new RunAsUserToken(this.key, authentication.getPrincipal(),
      authentication.getCredentials(), newAuthorities,
      authentication.getClass());
}

public Authentication buildRunAs(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
  List<GrantedAuthority> newAuthorities = new ArrayList<GrantedAuthority>();
  for (ConfigAttribute attribute : attributes) {
    if (this.supports(attribute)) {
      GrantedAuthority extraAuthority = new SimpleGrantedAuthority(getRolePrefix() + attribute.getAttribute());
      newAuthorities.add(extraAuthority);
    }
  }
  if (newAuthorities.size() == 0) {
    return null;
  }
  // Add existing authorities
  newAuthorities.addAll(authentication.getAuthorities());
  return new RunAsUserToken(this.key, authentication.getPrincipal(), authentication.getCredentials(),
      newAuthorities, authentication.getClass());
}

public Authentication buildRunAs(Authentication authentication, Object object,
    Collection<ConfigAttribute> attributes) {
  List<GrantedAuthority> newAuthorities = new ArrayList<>();
  for (ConfigAttribute attribute : attributes) {
    if (this.supports(attribute)) {
      GrantedAuthority extraAuthority = new SimpleGrantedAuthority(
          getRolePrefix() + attribute.getAttribute());
      newAuthorities.add(extraAuthority);
    }
  }
  if (newAuthorities.size() == 0) {
    return null;
  }
  // Add existing authorities
  newAuthorities.addAll(authentication.getAuthorities());
  return new RunAsUserToken(this.key, authentication.getPrincipal(),
      authentication.getCredentials(), newAuthorities,
      authentication.getClass());
}

Javadoc

Basic concrete implementation of a RunAsManager.

Is activated if any ConfigAttribute#getAttribute() is prefixed with RUN_AS_. If found, it generates a new RunAsUserToken containing the same principal, credentials and granted authorities as the original Authentication object, along with SimpleGrantedAuthoritys for each RUN_AS_ indicated. The created SimpleGrantedAuthoritys will be prefixed with a special prefix indicating that it is a role (default prefix value is ROLE_), and then the remainder of the RUN_AS_ keyword. For example, RUN_AS_FOO will result in the creation of a granted authority of ROLE_RUN_AS_FOO.

The role prefix may be overridden from the default, to match that used elsewhere, for example when using an existing role database with another prefix. An empty role prefix may also be specified. Note however that there are potential issues with using an empty role prefix since different categories of ConfigAttribute can not be properly discerned based on the prefix, with possible consequences when performing voting and other actions. However, this option may be of some use when using pre-existing role names without a prefix, and no ability exists to prefix them with a role prefix on reading them in, such as provided for example in org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl.

Most used methods

supports
getRolePrefix
<init>
setKey
afterPropertiesSet
buildRunAs
getKey
setRolePrefix
Allows the default role prefix of ROLE_ to be overridden. May be set to an empty value, although thi

Popular in Java

Creating JSON documents from java classes using gson
orElseThrow (Optional)
Return the contained value, if present, otherwise throw an exception to be created by the provided s
putExtra (Intent)
notifyDataSetChanged (ArrayAdapter)
EOFException (java.io)
Thrown when a program encounters the end of a file or stream during an input operation.
URLConnection (java.net)
A connection to a URL for reading or writing. For HTTP connections, see HttpURLConnection for docume
NumberFormat (java.text)
The abstract base class for all number formats. This class provides the interface for formatting and
Date (java.util)
A specific moment in time, with millisecond precision. Values typically come from System#currentTime
Annotation (javassist.bytecode.annotation)
The annotation structure.An instance of this class is returned bygetAnnotations() in AnnotationsAttr
JTable (javax.swing)
14 Best Plugins for Eclipse

How to useRunAsManagerImpl in org.springframework.security.access.intercept

Best Java code snippets using org.springframework.security.access.intercept.RunAsManagerImpl (Showing top 12 results out of 315)

How to use
RunAsManagerImpl
in
org.springframework.security.access.intercept