@Before
  public void setUp() throws Exception {
    FilterChainProxy springSecurityFilterChain =
        (FilterChainProxy)
            getWebApplicationContext().getBean("org.springframework.security.filterChainProxy");
    if (captureSecurityContextFilter == null) {
      captureSecurityContextFilter = new CaptureSecurityContextFilter();

      List<SecurityFilterChain> chains = springSecurityFilterChain.getFilterChains();
      for (SecurityFilterChain chain : chains) {

        if (chain instanceof DefaultSecurityFilterChain) {
          DefaultSecurityFilterChain dfc = (DefaultSecurityFilterChain) chain;
          if (dfc.getRequestMatcher() instanceof UaaRequestMatcher) {
            UaaRequestMatcher matcher = (UaaRequestMatcher) dfc.getRequestMatcher();
            if (matcher.toString().contains("passcodeTokenMatcher")) {
              dfc.getFilters().add(captureSecurityContextFilter);
              break;
            }
          }
        }
      }
      UaaUserDatabase db = getWebApplicationContext().getBean(UaaUserDatabase.class);
      marissa = new UaaPrincipal(db.retrieveUserByName(USERNAME, Origin.UAA));
    }
  }
Example #2
0
 /**
  * Make sure we can get a valid SAML security processing filter chain.
  *
  * @throws Exception on any problem
  */
 @Ignore
 @Test
 public void canGetSAMLFilterChain() throws Exception {
   final FilterChainProxy filterChainProxy = this.config.samlFilter();
   Assert.assertNotNull(filterChainProxy);
   Assert.assertThat(filterChainProxy.getFilterChains().size(), Matchers.is(7));
 }
  @Override
  protected Filter performBuild() throws Exception {
    Assert.state(
        !securityFilterChainBuilders.isEmpty(),
        "At least one SecurityBuilder<? extends SecurityFilterChain> needs to be specified. Typically this done by adding a @Configuration that extends WebSecurityConfigurerAdapter. More advanced users can invoke "
            + WebSecurity.class.getSimpleName()
            + ".addSecurityFilterChainBuilder directly");
    int chainSize = ignoredRequests.size() + securityFilterChainBuilders.size();
    List<SecurityFilterChain> securityFilterChains = new ArrayList<SecurityFilterChain>(chainSize);
    for (RequestMatcher ignoredRequest : ignoredRequests) {
      securityFilterChains.add(new DefaultSecurityFilterChain(ignoredRequest));
    }
    for (SecurityBuilder<? extends SecurityFilterChain> securityFilterChainBuilder :
        securityFilterChainBuilders) {
      securityFilterChains.add(securityFilterChainBuilder.build());
    }
    FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);
    if (httpFirewall != null) {
      filterChainProxy.setFirewall(httpFirewall);
    }
    filterChainProxy.afterPropertiesSet();

    Filter result = filterChainProxy;
    if (debugEnabled) {
      logger.warn(
          "\n\n"
              + "********************************************************************\n"
              + "**********        Security debugging is enabled.       *************\n"
              + "**********    This may include sensitive information.  *************\n"
              + "**********      Do not use in a production system!     *************\n"
              + "********************************************************************\n\n");
      result = new DebugFilter(filterChainProxy);
    }
    postBuildAction.run();
    return result;
  }