@Before
public void setUp() throws Exception {
FilterChainProxy springSecurityFilterChain =
(FilterChainProxy)
getWebApplicationContext().getBean("org.springframework.security.filterChainProxy");
if (captureSecurityContextFilter == null) {
captureSecurityContextFilter = new CaptureSecurityContextFilter();
List<SecurityFilterChain> chains = springSecurityFilterChain.getFilterChains();
for (SecurityFilterChain chain : chains) {
if (chain instanceof DefaultSecurityFilterChain) {
DefaultSecurityFilterChain dfc = (DefaultSecurityFilterChain) chain;
if (dfc.getRequestMatcher() instanceof UaaRequestMatcher) {
UaaRequestMatcher matcher = (UaaRequestMatcher) dfc.getRequestMatcher();
if (matcher.toString().contains("passcodeTokenMatcher")) {
dfc.getFilters().add(captureSecurityContextFilter);
break;
}
}
}
}
UaaUserDatabase db = getWebApplicationContext().getBean(UaaUserDatabase.class);
marissa = new UaaPrincipal(db.retrieveUserByName(USERNAME, Origin.UAA));
}
}
/**
* Make sure we can get a valid SAML security processing filter chain.
*
* @throws Exception on any problem
*/
@Ignore
@Test
public void canGetSAMLFilterChain() throws Exception {
final FilterChainProxy filterChainProxy = this.config.samlFilter();
Assert.assertNotNull(filterChainProxy);
Assert.assertThat(filterChainProxy.getFilterChains().size(), Matchers.is(7));
}
@Override
protected Filter performBuild() throws Exception {
Assert.state(
!securityFilterChainBuilders.isEmpty(),
"At least one SecurityBuilder<? extends SecurityFilterChain> needs to be specified. Typically this done by adding a @Configuration that extends WebSecurityConfigurerAdapter. More advanced users can invoke "
+ WebSecurity.class.getSimpleName()
+ ".addSecurityFilterChainBuilder directly");
int chainSize = ignoredRequests.size() + securityFilterChainBuilders.size();
List<SecurityFilterChain> securityFilterChains = new ArrayList<SecurityFilterChain>(chainSize);
for (RequestMatcher ignoredRequest : ignoredRequests) {
securityFilterChains.add(new DefaultSecurityFilterChain(ignoredRequest));
}
for (SecurityBuilder<? extends SecurityFilterChain> securityFilterChainBuilder :
securityFilterChainBuilders) {
securityFilterChains.add(securityFilterChainBuilder.build());
}
FilterChainProxy filterChainProxy = new FilterChainProxy(securityFilterChains);
if (httpFirewall != null) {
filterChainProxy.setFirewall(httpFirewall);
}
filterChainProxy.afterPropertiesSet();
Filter result = filterChainProxy;
if (debugEnabled) {
logger.warn(
"\n\n"
+ "********************************************************************\n"
+ "********** Security debugging is enabled. *************\n"
+ "********** This may include sensitive information. *************\n"
+ "********** Do not use in a production system! *************\n"
+ "********************************************************************\n\n");
result = new DebugFilter(filterChainProxy);
}
postBuildAction.run();
return result;
}