/** * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances that match * on {@code SimpMessageType.MESSAGE}. If no destination is found on the Message, then * the Matcher returns false. * * @param patterns the patterns to create * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher} * from. Uses * {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}. * * @return the {@link Constraint} that is associated to the {@link MessageMatcher} * @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher) */ public Constraint simpMessageDestMatchers(String... patterns) { return simpDestMatchers(SimpMessageType.MESSAGE, patterns); }
/** * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances that match * on {@code SimpMessageType.SUBSCRIBE}. If no destination is found on the Message, * then the Matcher returns false. * * @param patterns the patterns to create * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher} * from. Uses * {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}. * * @return the {@link Constraint} that is associated to the {@link MessageMatcher} * @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher) */ public Constraint simpSubscribeDestMatchers(String... patterns) { return simpDestMatchers(SimpMessageType.SUBSCRIBE, patterns); }
@Test public void simpDestMatchersMulti() { messages.simpDestMatchers("admin/**", "api/**").hasRole("ADMIN") .simpDestMatchers("location").permitAll(); assertThat(getAttribute()).isEqualTo("permitAll"); }
@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages .simpDestMatchers("/permitAll/**").permitAll() .simpDestMatchers("/customExpression/**").access("denyRob") .anyMessage().denyAll(); } // @formatter:on
@Test public void simpDestMatchersExact() { messages.simpDestMatchers("location").permitAll(); assertThat(getAttribute()).isEqualTo("permitAll"); }
@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages .simpDestMatchers("/permitAll/**").permitAll() .simpDestMatchers("/beanResolver/**").access("@security.check()") .anyMessage().denyAll(); } // @formatter:on
@Test public void simpDestMatchersRememberMe() { messages.simpDestMatchers("admin/**", "location/**").rememberMe().anyMessage() .denyAll(); assertThat(getAttribute()).isEqualTo("rememberMe"); }
@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages .simpDestMatchers("/app/a.*").permitAll() .anyMessage().denyAll(); } // @formatter:on
@Test public void simpDestMatchersAnyRole() { messages.simpDestMatchers("admin/**", "location/**").hasAnyRole("ADMIN", "ROOT") .anyMessage().denyAll(); assertThat(getAttribute()).isEqualTo("hasAnyRole('ROLE_ADMIN','ROLE_ROOT')"); }
@Test public void simpDestMatchersAuthority() { messages.simpDestMatchers("admin/**", "location/**").hasAuthority("ROLE_ADMIN") .anyMessage().fullyAuthenticated(); assertThat(getAttribute()).isEqualTo("hasAuthority('ROLE_ADMIN')"); }
@Test public void simpDestMatchersAnyAuthority() { messages.simpDestMatchers("admin/**", "location/**") .hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT").anyMessage().denyAll(); assertThat(getAttribute()).isEqualTo("hasAnyAuthority('ROLE_ADMIN','ROLE_ROOT')"); }
@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages .simpDestMatchers("/app/a/*").permitAll() .anyMessage().denyAll(); } // @formatter:on
@Test public void simpDestMatchersRole() { messages.simpDestMatchers("admin/**", "location/**").hasRole("ADMIN") .anyMessage().denyAll(); assertThat(getAttribute()).isEqualTo("hasRole('ROLE_ADMIN')"); }
@Test public void simpDestMatchersDenyAll() { messages.simpDestMatchers("admin/**", "location/**").denyAll().anyMessage() .permitAll(); assertThat(getAttribute()).isEqualTo("denyAll"); }
@Test public void simpDestMatchersAccess() { String expected = "hasRole('ROLE_ADMIN') and fullyAuthenticated"; messages.simpDestMatchers("admin/**", "location/**").access(expected) .anyMessage().denyAll(); assertThat(getAttribute()).isEqualTo(expected); }
@Test public void simpDestMatchersAnonymous() { messages.simpDestMatchers("admin/**", "location/**").anonymous().anyMessage() .denyAll(); assertThat(getAttribute()).isEqualTo("anonymous"); }
@Test public void simpDestMatchersFullyAuthenticated() { messages.simpDestMatchers("admin/**", "location/**").fullyAuthenticated() .anyMessage().denyAll(); assertThat(getAttribute()).isEqualTo("fullyAuthenticated"); }
@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages .simpDestPathMatcher(new AntPathMatcher()) .simpDestMatchers("/app/a/*").permitAll() .anyMessage().denyAll(); } // @formatter:on
@Test public void simpDestMatchersCustomSetAfterMatchersDoesNotMatter() { message = MessageBuilder .withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); messages.simpDestMatchers("price.stock.*").permitAll() .simpDestPathMatcher(new AntPathMatcher(".")); assertThat(getAttribute()).isNull(); message = MessageBuilder .withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); messages.simpDestMatchers("price.stock.**").permitAll() .simpDestPathMatcher(new AntPathMatcher(".")); assertThat(getAttribute()).isEqualTo("permitAll"); }
@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages.nullDestMatcher().authenticated() // <1> .simpSubscribeDestMatchers("/user/queue/errors").permitAll() // <2> .simpDestMatchers("/app/**").hasRole("USER") // <3> .simpSubscribeDestMatchers("/user/**", "/topic/friends/*") .hasRole("USER") // <4> .simpTypeMatchers(MESSAGE, SUBSCRIBE).denyAll() // <5> .anyMessage().denyAll(); // <6> } }