@Override public void configure(H http) throws Exception { AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint(http); ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter( entryPoint, getRequestCache(http)); AccessDeniedHandler deniedHandler = getAccessDeniedHandler(http); exceptionTranslationFilter.setAccessDeniedHandler(deniedHandler); exceptionTranslationFilter = postProcess(exceptionTranslationFilter); http.addFilter(exceptionTranslationFilter); }
|| !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) { return; .getAuthenticationEntryPoint()).getLoginFormUrl(); logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
ExceptionTranslationFilter filter = new ExceptionTranslationFilter(ep, cache); filter.setAccessDeniedHandler(accessDeniedHandler); filter.afterPropertiesSet(); getNestedFilters().add(filter);
/** * Gets the exception translation filter. * * @return the exception translation filter */ @Bean(name = "etf") public ExceptionTranslationFilter getExceptionTranslationFilter() { return new ExceptionTranslationFilter(getHttp403ForbiddenEntryPoint()); }
public Filter[] getCommonFilters() { AnonymousAuthenticationFilter anonymousProcessingFilter = new AnonymousAuthenticationFilter("anonymous"); UserAttribute userAttribute = new UserAttribute(); userAttribute.setPassword("anonymous"); String authorities = "anonymous, ROLE_ANONYMOUS"; userAttribute.setAuthoritiesAsString(Arrays.asList(authorities)); anonymousProcessingFilter.setUserAttribute(userAttribute); ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter(); AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl(); exceptionTranslationFilter.setAccessDeniedHandler(accessDeniedHandler); HudsonAuthenticationEntryPoint hudsonAuthenticationEntryPoint = new HudsonAuthenticationEntryPoint(); hudsonAuthenticationEntryPoint.setLoginFormUrl('/' + getLoginUrl() + "?from={0}"); exceptionTranslationFilter.setAuthenticationEntryPoint(hudsonAuthenticationEntryPoint); UnwrapSecurityExceptionFilter unwrapSecurityExceptionFilter = new UnwrapSecurityExceptionFilter(); Filter[] filters = { anonymousProcessingFilter, exceptionTranslationFilter, unwrapSecurityExceptionFilter }; return filters; } /**
exceptionTranslationFilter.setAccessDeniedHandler(new AccessDeniedHandlerImpl()); exceptionTranslationFilter.afterPropertiesSet();
@Before public void setUp() throws Exception { AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous"); fsi = new FilterSecurityInterceptor(); fsi.setAccessDecisionManager(accessDecisionManager); fsi.setSecurityMetadataSource(metadataSource); AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint( "/login"); ExceptionTranslationFilter etf = new ExceptionTranslationFilter( authenticationEntryPoint); DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain( AnyRequestMatcher.INSTANCE, aaf, etf, fsi); fcp = new FilterChainProxy(securityChain); validator = new DefaultFilterChainValidator(); ReflectionTestUtils.setField(validator, "logger", logger); }
accessDeniedHandlerImpl.setErrorPage("/exception"); exceptionTranslationFilter .setAccessDeniedHandler(accessDeniedHandlerImpl); exceptionTranslationFilter.afterPropertiesSet(); return exceptionTranslationFilter;
@Override public void configure(H http) throws Exception { AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint(http); ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter( entryPoint, getRequestCache(http)); AccessDeniedHandler deniedHandler = getAccessDeniedHandler(http); exceptionTranslationFilter.setAccessDeniedHandler(deniedHandler); exceptionTranslationFilter = postProcess(exceptionTranslationFilter); http.addFilter(exceptionTranslationFilter); }
private void addExceptionTranslationFilter(List<Filter> filters, RequestCache requestCache, boolean isRest) { ExceptionTranslationFilter exceptionFilter; if (isRest) { exceptionFilter = new ExceptionTranslationFilter(basicAuthenticationEntryPoint, requestCache); } else { exceptionFilter = new ExceptionTranslationFilter(loginAuthenticationEntryPoint, requestCache); } filters.add(exceptionFilter); }
|| !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) { return; .getAuthenticationEntryPoint()).getLoginFormUrl(); logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");
@Override public void configure(H http) throws Exception { AuthenticationEntryPoint entryPoint = getEntryPoint(http); ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter(entryPoint, getRequestCache(http)); if(accessDeniedHandler != null) { exceptionTranslationFilter.setAccessDeniedHandler(accessDeniedHandler); } exceptionTranslationFilter = postProcess(exceptionTranslationFilter); http.addFilter(exceptionTranslationFilter); }
sessionManagement().sessionAuthenticationStrategy(sessionAuthenticationStrategy). and(). addFilter(new ExceptionTranslationFilter(new AuthenticationProcessingFilterEntryPoint()));
private void checkLoginPageIsntProtected(FilterChainProxy fcp, List<Filter> filterStack) { ExceptionTranslationFilter etf = getFilter(ExceptionTranslationFilter.class, filterStack); if(etf == null || !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) { return; String loginPage = ((LoginUrlAuthenticationEntryPoint)etf.getAuthenticationEntryPoint()).getLoginFormUrl(); logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration"); FilterInvocation loginRequest = new FilterInvocation(loginPage, "POST");
@Override public void configure(H http) throws Exception { AuthenticationEntryPoint entryPoint = getAuthenticationEntryPoint(http); ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter( entryPoint, getRequestCache(http)); AccessDeniedHandler deniedHandler = getAccessDeniedHandler(http); exceptionTranslationFilter.setAccessDeniedHandler(deniedHandler); exceptionTranslationFilter = postProcess(exceptionTranslationFilter); http.addFilter(exceptionTranslationFilter); }
@Configuration @EnableWebSecurity @Order(2) public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { ExceptionTranslationFilter = new ExceptionTranslationFilter(new AuthenticationExceptionHandler()); http.addFilterAfter(new StatelessAuthenticationFilter(tokenAuthenticationService), ExceptionTranslationFilter.class); } } public class AuthenticationExceptionHandler implements AuthenticationEntryPoint { public void commence(HttpServletRequest request, HttpServletResponse, AuthenticationException e) throws IOException, ServletException { //Logic on how to handle JWT exception goes here } } public class StatelessAuthenticationFilter extends GenericFilterBean { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { try { //DECRYPT YOUR JWT } catch (Exception e) { throw new AuthenticationException();//If you get an exception wrap it in a AuthenticationException (or a class that extends it) } } }
|| !(etf.getAuthenticationEntryPoint() instanceof LoginUrlAuthenticationEntryPoint)) { return; .getAuthenticationEntryPoint()).getLoginFormUrl(); logger.info("Checking whether login URL '" + loginPage + "' is accessible with your configuration");