Examples of org.springframework.security.web.FilterInvocation

• org.springframework.security.web.FilterInvocation
  Holds objects associated with a HTTP filter.

  Guarantees the request and response are instances of HttpServletRequest and HttpServletResponse, and that there are no null objects.

  Required so that security system classes can obtain access to the filter environment, as well as the request and response. @author Ben Alex @author colin sampaleanu @author Luke Taylor @author Rob Winch

        request.setScheme("https");
        request.setSecure(true);
        request.setServerPort(8443);

        MockHttpServletResponse response = new MockHttpServletResponse();
        FilterInvocation fi = new FilterInvocation(request, response, mock(FilterChain.class));

        InsecureChannelProcessor processor = new InsecureChannelProcessor();
        processor.decide(fi, SecurityConfig.createList(new String[]{"SOME_IGNORED_ATTRIBUTE", "REQUIRES_INSECURE_CHANNEL"}));

        assertTrue(fi.getResponse().isCommitted());
    }

        this.setFilterProcessesUrl(FILTER_URL);
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        FilterInvocation fi = new FilterInvocation(request, response, chain);
        processLogout(fi.getRequest(), fi.getResponse(), chain);
    }

     */
    public static final String IDP_DISCO_PROTOCOL_SINGLE = "urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol:single";

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {

        FilterInvocation fi = new FilterInvocation(request, response, chain);

        if (!processFilter(fi.getRequest())) {
            chain.doFilter(request, response);
            return;
        }

        processDiscoveryRequest(fi.getRequest(), fi.getResponse());

    }

   * @throws IOException if the filter chain fails
   * @throws ServletException if the filter chain fails
   */
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
      FilterInvocation fi = new FilterInvocation(request, response, chain);
      invoke(fi);
  }

   */
  protected Set<String> getAccessTokenDependencies(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
    Set<String> deps = new TreeSet<String>();

    if (getObjectDefinitionSource() != null) {
      FilterInvocation invocation = new FilterInvocation(request, response, filterChain);
      Collection<ConfigAttribute> attributes = getObjectDefinitionSource().getAttributes(invocation);
      if (attributes != null) {
        for (ConfigAttribute attribute : attributes) {
          deps.add(attribute.getAttribute());
        }

    request.setApproved(true);
    OAuth2Request clientAuthentication = request.createOAuth2Request();
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("user", "pass",
        AuthorityUtils.createAuthorityList("ROLE_USER"));
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    FilterInvocation invocation = new FilterInvocation("/foo", "GET");
    EvaluationContext context = handler.createEvaluationContext(oAuth2Authentication, invocation);
    Expression expression = handler.getExpressionParser().parseExpression(
        "#oauth2.hasAnyScope('write') or #oauth2.isUser()");
    assertTrue((Boolean) expression.getValue(context));
  }

            request.isApproved(), request.getScope(), request.getResourceIds(), request.getRedirectUri(),
            request.getResponseTypes(), request.getExtensions());

    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    FilterInvocation invocation = new FilterInvocation("/foo", "GET");
    Expression expression = handler.getExpressionParser()
        .parseExpression("#oauth2.clientHasAnyRole('ROLE_CLIENT')");
    assertTrue((Boolean) expression.getValue(handler.createEvaluationContext(oAuth2Authentication, invocation)));
  }

  public void testScopes() throws Exception {
    OAuth2Request clientAuthentication = RequestTokenFactory.createOAuth2Request("foo", false,
        Collections.singleton("read"));
    Authentication userAuthentication = null;
    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(clientAuthentication, userAuthentication);
    FilterInvocation invocation = new FilterInvocation("/foo", "GET");
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.hasAnyScope('read')");
    assertTrue((Boolean) expression.getValue(handler.createEvaluationContext(oAuth2Authentication, invocation)));
  }

  }

  @Test
  public void testNonOauthClient() throws Exception {
    Authentication clientAuthentication = new UsernamePasswordAuthenticationToken("foo", "bar");
    FilterInvocation invocation = new FilterInvocation("/foo", "GET");
    Expression expression = handler.getExpressionParser().parseExpression("#oauth2.clientHasAnyRole()");
    assertFalse((Boolean) expression.getValue(handler.createEvaluationContext(clientAuthentication, invocation)));
  }

  @Test
  public void testStandardSecurityRoot() throws Exception {
    Authentication clientAuthentication = new UsernamePasswordAuthenticationToken("foo", "bar", null);
    assertTrue(clientAuthentication.isAuthenticated());
    FilterInvocation invocation = new FilterInvocation("/foo", "GET");
    Expression expression = handler.getExpressionParser().parseExpression("isAuthenticated()");
    assertTrue((Boolean) expression.getValue(handler.createEvaluationContext(clientAuthentication, invocation)));
  }